security

type AccessControlEntry struct {
	// The set of permission bits that represent the actions that the associated descriptor is allowed to perform.
	Allow *int `json:"allow,omitempty"`
	// The set of permission bits that represent the actions that the associated descriptor is not allowed to perform.
	Deny *int `json:"deny,omitempty"`
	// The descriptor for the user this AccessControlEntry applies to.
	Descriptor *string `json:"descriptor,omitempty"`
	// This value, when set, reports the inherited and effective information for the associated descriptor. This value is only set on AccessControlEntries returned by the QueryAccessControlList(s) call when its includeExtendedInfo parameter is set to true.
	ExtendedInfo *AceExtendedInformation `json:"extendedInfo,omitempty"`
}

type AccessControlList struct {
	// Storage of permissions keyed on the identity the permission is for.
	AcesDictionary *map[string]AccessControlEntry `json:"acesDictionary,omitempty"`
	// True if this ACL holds ACEs that have extended information.
	IncludeExtendedInfo *bool `json:"includeExtendedInfo,omitempty"`
	// True if the given token inherits permissions from parents.
	InheritPermissions *bool `json:"inheritPermissions,omitempty"`
	// The token that this AccessControlList is for.
	Token *string `json:"token,omitempty"`
}

type AccessControlListsCollection struct {
}

type AceExtendedInformation struct {
	// This is the combination of all of the explicit and inherited permissions for this identity on this token.  These are the permissions used when determining if a given user has permission to perform an action.
	EffectiveAllow *int `json:"effectiveAllow,omitempty"`
	// This is the combination of all of the explicit and inherited permissions for this identity on this token.  These are the permissions used when determining if a given user has permission to perform an action.
	EffectiveDeny *int `json:"effectiveDeny,omitempty"`
	// These are the permissions that are inherited for this identity on this token.  If the token does not inherit permissions this will be 0.  Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here.
	InheritedAllow *int `json:"inheritedAllow,omitempty"`
	// These are the permissions that are inherited for this identity on this token.  If the token does not inherit permissions this will be 0.  Note that any permissions that have been explicitly set on this token for this identity, or any groups that this identity is a part of, are not included here.
	InheritedDeny *int `json:"inheritedDeny,omitempty"`
}

type ActionDefinition struct {
	// The bit mask integer for this action. Must be a power of 2.
	Bit *int `json:"bit,omitempty"`
	// The localized display name for this action.
	DisplayName *string `json:"displayName,omitempty"`
	// The non-localized name for this action.
	Name *string `json:"name,omitempty"`
	// The namespace that this action belongs to.  This will only be used for reading from the database.
	NamespaceId *uuid.UUID `json:"namespaceId,omitempty"`
}

type Client interface {
	// [Preview API] Evaluates whether the caller has the specified permissions on the specified set of security tokens.
	HasPermissions(context.Context, HasPermissionsArgs) (*[]bool, error)
	// [Preview API] Evaluates multiple permissions for the calling user.  Note: This method does not aggregate the results, nor does it short-circuit if one of the permissions evaluates to false.
	HasPermissionsBatch(context.Context, HasPermissionsBatchArgs) (*PermissionEvaluationBatch, error)
	// [Preview API] Return a list of access control lists for the specified security namespace and token. All ACLs in the security namespace will be retrieved if no optional parameters are provided.
	QueryAccessControlLists(context.Context, QueryAccessControlListsArgs) (*[]AccessControlList, error)
	// [Preview API] List all security namespaces or just the specified namespace.
	QuerySecurityNamespaces(context.Context, QuerySecurityNamespacesArgs) (*[]SecurityNamespaceDescription, error)
	// [Preview API] Remove the specified ACEs from the ACL belonging to the specified token.
	RemoveAccessControlEntries(context.Context, RemoveAccessControlEntriesArgs) (*bool, error)
	// [Preview API] Remove access control lists under the specfied security namespace.
	RemoveAccessControlLists(context.Context, RemoveAccessControlListsArgs) (*bool, error)
	// [Preview API] Removes the specified permissions on a security token for a user or group.
	RemovePermission(context.Context, RemovePermissionArgs) (*AccessControlEntry, error)
	// [Preview API] Add or update ACEs in the ACL for the provided token. The request body contains the target token, a list of [ACEs](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/access%20control%20entries/set%20access%20control%20entries?#accesscontrolentry) and a optional merge parameter. In the case of a collision (by identity descriptor) with an existing ACE in the ACL, the "merge" parameter determines the behavior. If set, the existing ACE has its allow and deny merged with the incoming ACE's allow and deny. If unset, the existing ACE is displaced.
	SetAccessControlEntries(context.Context, SetAccessControlEntriesArgs) (*[]AccessControlEntry, error)
	// [Preview API] Create or update one or more access control lists. All data that currently exists for the ACLs supplied will be overwritten.
	SetAccessControlLists(context.Context, SetAccessControlListsArgs) error
}

type ClientImpl struct {
	Client azuredevops.Client
}

type HasPermissionsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) Permissions to evaluate.
	Permissions *int
	// (optional) One or more security tokens to evaluate.
	Tokens *string
	// (optional) If true and if the caller is an administrator, always return true.
	AlwaysAllowAdministrators *bool
	// (optional) Optional security token separator. Defaults to ",".
	Delimiter *string
}

type HasPermissionsBatchArgs struct {
	// (required) The set of evaluation requests.
	EvalBatch *PermissionEvaluationBatch
}

type PermissionEvaluation struct {
	// Permission bit for this evaluated permission.
	Permissions *int `json:"permissions,omitempty"`
	// Security namespace identifier for this evaluated permission.
	SecurityNamespaceId *uuid.UUID `json:"securityNamespaceId,omitempty"`
	// Security namespace-specific token for this evaluated permission.
	Token *string `json:"token,omitempty"`
	// Permission evaluation value.
	Value *bool `json:"value,omitempty"`
}

type PermissionEvaluationBatch struct {
	// True if members of the Administrators group should always pass the security check.
	AlwaysAllowAdministrators *bool `json:"alwaysAllowAdministrators,omitempty"`
	// Array of permission evaluations to evaluate.
	Evaluations *[]PermissionEvaluation `json:"evaluations,omitempty"`
}

type QueryAccessControlListsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) Security token
	Token *string
	// (optional) An optional filter string containing a list of identity descriptors separated by ',' whose ACEs should be retrieved. If this is left null, entire ACLs will be returned.
	Descriptors *string
	// (optional) If true, populate the extended information properties for the access control entries contained in the returned lists.
	IncludeExtendedInfo *bool
	// (optional) If true and this is a hierarchical namespace, return child ACLs of the specified token.
	Recurse *bool
}

type QuerySecurityNamespacesArgs struct {
	// (optional) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) If true, retrieve only local security namespaces.
	LocalOnly *bool
}

type RemoveAccessControlEntriesArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) The token whose ACL should be modified.
	Token *string
	// (optional) String containing a list of identity descriptors separated by ',' whose entries should be removed.
	Descriptors *string
}

type RemoveAccessControlListsArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (optional) One or more comma-separated security tokens
	Tokens *string
	// (optional) If true and this is a hierarchical namespace, also remove child ACLs of the specified tokens.
	Recurse *bool
}

type RemovePermissionArgs struct {
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
	// (required) Identity descriptor of the user to remove permissions for.
	Descriptor *string
	// (optional) Permissions to remove.
	Permissions *int
	// (optional) Security token to remove permissions for.
	Token *string
}

type SecurityNamespaceDescription struct {
	// The list of actions that this Security Namespace is responsible for securing.
	Actions *[]ActionDefinition `json:"actions,omitempty"`
	// This is the dataspace category that describes where the security information for this SecurityNamespace should be stored.
	DataspaceCategory *string `json:"dataspaceCategory,omitempty"`
	// This localized name for this namespace.
	DisplayName *string `json:"displayName,omitempty"`
	// If the security tokens this namespace will be operating on need to be split on certain character lengths to determine its elements, that length should be specified here. If not, this value will be -1.
	ElementLength *int `json:"elementLength,omitempty"`
	// This is the type of the extension that should be loaded from the plugins directory for extending this security namespace.
	ExtensionType *string `json:"extensionType,omitempty"`
	// If true, the security namespace is remotable, allowing another service to proxy the namespace.
	IsRemotable *bool `json:"isRemotable,omitempty"`
	// This non-localized for this namespace.
	Name *string `json:"name,omitempty"`
	// The unique identifier for this namespace.
	NamespaceId *uuid.UUID `json:"namespaceId,omitempty"`
	// The permission bits needed by a user in order to read security data on the Security Namespace.
	ReadPermission *int `json:"readPermission,omitempty"`
	// If the security tokens this namespace will be operating on need to be split on certain characters to determine its elements that character should be specified here. If not, this value will be the null character.
	SeparatorValue *string `json:"separatorValue,omitempty"`
	// Used to send information about the structure of the security namespace over the web service.
	StructureValue *int `json:"structureValue,omitempty"`
	// The bits reserved by system store
	SystemBitMask *int `json:"systemBitMask,omitempty"`
	// If true, the security service will expect an ISecurityDataspaceTokenTranslator plugin to exist for this namespace
	UseTokenTranslator *bool `json:"useTokenTranslator,omitempty"`
	// The permission bits needed by a user in order to modify security data on the Security Namespace.
	WritePermission *int `json:"writePermission,omitempty"`
}

type SetAccessControlEntriesArgs struct {
	// (required)
	Container interface{}
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
}

type SetAccessControlListsArgs struct {
	// (required) A list of ACLs to create or update.
	AccessControlLists *azuredevops.VssJsonCollectionWrapper
	// (required) Security namespace identifier.
	SecurityNamespaceId *uuid.UUID
}