trustgraph

package

v2.0.0+incompatible Latest Latest Go to latest Published: Apr 16, 2015 License: Apache-2.0, Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

git.frostfs.info/TrueCloudLab/distribution

Documentation ¶

Index ¶

type Grant
- func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)
type Statement
- func (s *Statement) Bytes() ([]byte, error)
- func (s *Statement) IsExpired() bool
type TrustGraph
- func NewMemoryGraph(grants []*Grant) TrustGraph

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Grant ¶

type Grant struct {
	// Subject is the namespace being granted
	Subject string

	// Permissions is a bit map of permissions
	Permission uint16

	// Grantee represents the node being granted
	// a permission scope.  The grantee can be
	// either a namespace item or a key id where namespace
	// items will always start with a '/'.
	Grantee string
	// contains filtered or unexported fields
}

Grant represents a transfer of permission from one part of the trust graph to another. This is the only way to delegate permission between two different sub trees in the graph.

func CollapseStatements ¶

func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)

CollapseStatements returns a single list of the valid statements as well as the time when the next grant will expire.

type Statement ¶

type Statement struct {
	// contains filtered or unexported fields
}

Statement represents a set of grants made from a verifiable authority. A statement has an expiration associated with it set by the authority.

func CreateStatement ¶

func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)

CreateStatements creates and signs a statement from a stream of grants and revocations in a JSON array.

func FilterStatements ¶

func FilterStatements(grants []*Grant) ([]*Statement, error)

FilterStatements filters the statements to statements including the given grants.

func LoadStatement ¶

func LoadStatement(r io.Reader, authority *x509.CertPool) (*Statement, error)

LoadStatement loads and verifies a statement from an input stream.

func (*Statement) Bytes ¶

func (s *Statement) Bytes() ([]byte, error)

Bytes returns an indented json representation of the statement in a byte array. This value can be written to a file or stream without alteration.

func (*Statement) IsExpired ¶

func (s *Statement) IsExpired() bool

IsExpired returns whether the statement has expired

type TrustGraph ¶

type TrustGraph interface {
	// Verifies that the given public key is allowed to perform
	// the given action on the given node according to the trust
	// graph.
	Verify(libtrust.PublicKey, string, uint16) (bool, error)

	// GetGrants returns an array of all grant chains which are used to
	// allow the requested permission.
	GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error)
}

TrustGraph represents a graph of authorization mapping public keys to nodes and grants between nodes.

func NewMemoryGraph ¶

func NewMemoryGraph(grants []*Grant) TrustGraph

NewMemoryGraph returns a new in memory trust graph created from a static list of grants. This graph is immutable after creation and any alterations should create a new instance.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL