28 lines
1.4 KiB
TypeScript
28 lines
1.4 KiB
TypeScript
|
import { TunnelAccessControlEntry } from './tunnelAccessControlEntry';
|
||
|
|
/**
|
||
|
|
* Data contract for access control on a {@link Tunnel} or {@link TunnelPort}.
|
||
|
|
*
|
||
|
|
* Tunnels and tunnel ports can each optionally have an access-control property set on
|
||
|
|
* them. An access-control object contains a list (ACL) of entries (ACEs) that specify the
|
||
|
|
* access scopes granted or denied to some subjects. Tunnel ports inherit the ACL from the
|
||
|
|
* tunnel, though ports may include ACEs that augment or override the inherited rules.
|
||
|
|
* Currently there is no capability to define "roles" for tunnel access (where a role
|
||
|
|
* specifies a set of related access scopes), and assign roles to users. That feature may
|
||
|
|
* be added in the future. (It should be represented as a separate `RoleAssignments`
|
||
|
|
* property on this class.)
|
||
|
|
*/
|
||
|
|
export interface TunnelAccessControl {
|
||
|
|
/**
|
||
|
|
* Gets or sets the list of access control entries.
|
||
|
|
*
|
||
|
|
* The order of entries is significant: later entries override earlier entries that
|
||
|
|
* apply to the same subject. However, deny rules are always processed after allow
|
||
|
|
* rules, therefore an allow rule cannot override a deny rule for the same subject.
|
||
|
|
*/
|
||
|
|
entries: TunnelAccessControlEntry[];
|
||
|
|
}
|
||
|
|
import { validateScopes } from './tunnelAccessControlStatics';
|
||
|
|
export declare const TunnelAccessControl: {
|
||
|
|
validateScopes: typeof validateScopes;
|
||
|
|
};
|
||
|
|
//# sourceMappingURL=tunnelAccessControl.d.ts.map
|