Documentation
¶
Index ¶
- Constants
- Variables
- func GetBucketAnyResource(bucketName string) string
- func GetBucketResource(bucketName string) string
- func GetPrincipalAccountRoot(accountId string) string
- func GetPrincipalAccountUser(accountId, userName string) string
- func GetSid(s ...string) string
- func MarshalPolicy(policy Policy) (string, error)
- func PolicyValid(policy Policy) error
- type AWSIAMClient
- type Action
- type ActionType
- type ActionTypeConstraint
- type ConditionType
- type IBAPolicy
- type MAMRStatement
- type MASRStatement
- type Policy
- type Principal
- type PrincipalType
- type PrincipalTypeConstraint
- type RBAPolicy
- type Resource
- type ResourceType
- type ResourceTypeConstraint
- type SAMRStatement
- type SASRStatement
- type Statement
- type StatementList
Constants ¶
View Source
const ( // Version // current version of the policy language // always include and set to Version "2012-10-17" Version = "2012-10-17" // EarlierVersion // earlier version of the policy language // for example: earlier version will not identify ${aws:username} as a variable // instead, earlier version identify it is a text-string EarlierVersion = "2008-10-17" )
Version
View Source
const ( Allow = "Allow" Deny = "Deny" )
Effect
View Source
const ( ActionAll = matchAny S3All = "s3:*" )
Action S3:All
View Source
const ( S3CreateBucket = "s3:CreateBucket" S3DeleteBucket = "s3:DeleteBucket" S3ForceDeleteBucket = "s3:ForceDeleteBucket" S3GetBucketLocation = "s3:GetBucketLocation" S3ListAllMyBuckets = "s3:ListAllMyBuckets" S3ListBucket = "s3:ListBucket" )
S3:Bucket
View Source
const ( S3DeleteObject = "s3:DeleteObject" S3GetObject = "s3:GetObject" S3PutObject = "s3:PutObject" S3PutObjectTagging = "s3:PutObjectTagging" S3GetObjectTagging = "s3:GetObjectTagging" S3DeleteObjectTagging = "s3:DeleteObjectTagging" )
S3:Object
View Source
const ( S3GetBucketPolicy = "s3:GetBucketPolicy" S3PutBucketPolicy = "s3:PutBucketPolicy" S3DeleteBucketPolicy = "s3:DeleteBucketPolicy" S3GetBucketTagging = "s3:GetBucketTagging" S3PutBucketTagging = "s3:PutBucketTagging" )
S3:Bucket Configuration
View Source
const ( S3AbortMultipartUpload = "s3:AbortMultipartUpload" S3ListMultipartUploadParts = "s3:ListMultipartUploadParts" S3ListBucketMultipartUploads = "s3:ListBucketMultipartUploads" )
S3:Multipart Upload
View Source
const ( S3PutBucketVersioning = "s3:PutBucketVersioning" S3GetBucketVersioning = "s3:GetBucketVersioning" S3DeleteObjectVersion = "s3:DeleteObjectVersion" S3ListBucketVersions = "s3:ListBucketVersions" S3PutObjectVersionTagging = "s3:PutObjectVersionTagging" S3GetObjectVersionTagging = "s3:GetObjectVersionTagging" S3DeleteObjectVersionTagging = "s3:DeleteObjectVersionTagging" S3GetObjectVersion = "s3:GetObjectVersion" S3BypassGovernanceRetention = "s3:BypassGovernanceRetention" S3PutObjectRetention = "s3:PutObjectRetention" S3GetObjectRetention = "s3:GetObjectRetention" S3GetObjectLegalHold = "s3:GetObjectLegalHold" S3PutObjectLegalHold = "s3:PutObjectLegalHold" S3GetBucketObjectLockConfiguration = "s3:GetBucketObjectLockConfiguration" S3PutBucketObjectLockConfiguration = "s3:PutBucketObjectLockConfiguration" )
S3:Versioning and Retention
View Source
const ( S3GetBucketNotification = "s3:GetBucketNotification" S3PutBucketNotification = "s3:PutBucketNotification" S3ListenNotification = "s3:ListenNotification" S3ListenBucketNotification = "s3:ListenBucketNotification" )
S3:Bucket Notifications
View Source
const ( S3PutLifecycleConfiguration = "s3:PutLifecycleConfiguration" S3GetLifecycleConfiguration = "s3:GetLifecycleConfiguration" )
S3:Object Lifecycle Management
View Source
const ( S3GetEncryptionConfiguration = "s3:GetEncryptionConfiguration" S3PutEncryptionConfiguration = "s3:PutEncryptionConfiguration" )
S3:Object Encryption
View Source
const ( S3GetReplicationConfiguration = "s3:GetReplicationConfiguration" S3PutReplicationConfiguration = "s3:PutReplicationConfiguration" S3ReplicateObject = "s3:ReplicateObject" S3ReplicateDelete = "s3:ReplicateDelete" S3ReplicateTags = "s3:ReplicateTags" S3GetObjectVersionForReplication = "s3:GetObjectVersionForReplication" )
S3:Bucket Replication
View Source
const ( AWSReferer = "aws:Referer" AWSSourceIp = "aws:SourceIp" AWSUserAgent = "aws:UserAgent" AWSSecureTransport = "aws:SecureTransport" AWSCurrentTime = "aws:CurrentTime" AWSEpochTime = "aws:EpochTime" AWSPrincipalType = "aws:PrincipalType" AWSUserid = "aws:userid" AWSUsername = "aws:username" XAmzContentSha256 = "x-amz-content-sha256" S3signatureAge = "s3:signatureAge" )
S3:Condition Keys
View Source
const ( ResourceAll = matchAny ResourceARNS3All = "arn:aws:s3:::*" ResourceARNS3Prefix = "arn:aws:s3:::" )
Resource
View Source
const ( PrincipalAll = matchAny PrincipalARNIAMPrefix = "arn:aws:iam::" )
Principal
Variables ¶
View Source
var ( VersionError = errors.New("Version value is not valid") VersionOutdatedError = errors.New("Version value has outdated") StatementError = errors.New("Statement size can not be zero") SidError = errors.New("Sid are duplicated in full PolicyDocument") EffectError = errors.New("Effect value is not valid") ActionError = errors.New("Action and NotAction cannot be used simultaneously in a same Statement") ResourceError = errors.New("Resource and NotResource cannot be used simultaneously in a same Statement") PrincipalError = errors.New("Principal and NotPrincipal cannot be used simultaneously in a same Statement") PrincipalV2Error = errors.New("Principal can not be used in IBAPolicy Statement") )
Functions ¶
func GetBucketAnyResource ¶
func GetBucketResource ¶
func GetPrincipalAccountRoot ¶
func GetPrincipalAccountUser ¶
func MarshalPolicy ¶
func PolicyValid ¶
Types ¶
type AWSIAMClient ¶
type AWSIAMClient struct {
Policy awssdkiam.CreatePolicyInput
PolicyV2 awssdkv2iam.CreatePolicyInput
}
AWSIAMClient convinced that PolicyDocument describe: - gotype: string and *string - format: JSON encode
type Action ¶
type Action struct {
// more detail referred to local: testdata/Statement/Action
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html
// +optional
Action ActionType `json:"Action,omitempty"`
// more detail referred to local: testdata/Statement/Action
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html
// +optional
NotAction ActionType `json:"NotAction,omitempty"`
}
type ActionTypeConstraint ¶
type ConditionType ¶
ConditionType Extremely Complex, do it when really need it!!!
type IBAPolicy ¶
type IBAPolicy struct {
// always set to "2012-10-17"
// more detail referred to local: testdata/Version
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html
Version string `json:"Version,omitempty"`
// declaration array
// more detail referred to local: testdata/Statement
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html
StatementList StatementList `json:"Statement,omitempty"`
}
IBAPolicy Identity-based access policy
func (*IBAPolicy) StatementLen ¶
func (*IBAPolicy) VersionString ¶
type MAMRStatement ¶
type MAMRStatement struct {
Sid string `json:"Sid,omitempty"`
Effect string `json:"Effect,omitempty"`
Action []string `json:"Action,omitempty"`
Resource []string `json:"Resource,omitempty"`
Condition ConditionType `json:"Condition,omitempty"`
}
MAMRStatement Multiple Action Multiple Resource Statement Deprecated : Use Statement
func (*MAMRStatement) WithName ¶
func (s *MAMRStatement) WithName(name string)
type MASRStatement ¶
type MASRStatement struct {
Sid string `json:"Sid,omitempty"`
Effect string `json:"Effect,omitempty"`
Action []string `json:"Action,omitempty"`
Resource string `json:"Resource,omitempty"`
Condition ConditionType `json:"Condition,omitempty"`
}
MASRStatement Multiple Action Single Resource Statement Deprecated : Use Statement
func (*MASRStatement) WithName ¶
func (s *MASRStatement) WithName(name string)
type Policy ¶
type Policy interface {
// String to get packed json string
String() (string, error)
VersionString() string
StatementLen() int
}
Policy AWS IAM PolicyDocument JSON
type Principal ¶
type Principal struct {
// more detail referred to local: testdata/Statement/Principal
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
// +optional
Principal PrincipalType `json:"Principal,omitempty"`
// more detail referred to local: testdata/Statement/Principal
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html
// +optional
NotPrincipal PrincipalType `json:"NotPrincipal,omitempty"`
}
type PrincipalTypeConstraint ¶
type RBAPolicy ¶
type RBAPolicy struct {
// always set to "2012-10-17"
// more detail referred to local: testdata/Version
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html
Version string `json:"Version,omitempty"`
// can be used in Resource-based access policy
// can not be used in Identity-based access policy
// suggest to use: UUID/GUID or combine of UUID&ID
// more detail referred to local: testdata/Id
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_id.html
// +optional
Id string `json:"Id,omitempty"`
// declaration array
// more detail referred to local: testdata/Statement
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html
StatementList StatementList `json:"Statement,omitempty"`
}
RBAPolicy Resource-based access policy
func (*RBAPolicy) StatementLen ¶
func (*RBAPolicy) VersionString ¶
type Resource ¶
type Resource struct {
// more detail referred to local: testdata/Statement/Resource
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html
// +optional
Resource ResourceType `json:"Resource,omitempty"`
// more detail referred to local: testdata/Statement/Resource
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html
// +optional
NotResource ResourceType `json:"NotResource,omitempty"`
}
type ResourceTypeConstraint ¶
type SAMRStatement ¶
type SAMRStatement struct {
Sid string `json:"Sid,omitempty"`
Effect string `json:"Effect,omitempty"`
Action string `json:"Action,omitempty"`
Resource []string `json:"Resource,omitempty"`
Condition ConditionType `json:"Condition,omitempty"`
}
SAMRStatement Single Action Multiple Resource Statement Deprecated : Use Statement
func (*SAMRStatement) WithName ¶
func (s *SAMRStatement) WithName(name string)
type SASRStatement ¶
type SASRStatement struct {
Sid string `json:"Sid,omitempty"`
Effect string `json:"Effect,omitempty"`
Action string `json:"Action,omitempty"`
Resource string `json:"Resource,omitempty"`
Condition ConditionType `json:"Condition,omitempty"`
}
SASRStatement Single Action Single Resource Statement Deprecated : Use Statement
func (*SASRStatement) WithName ¶
func (s *SASRStatement) WithName(name string)
type Statement ¶
type Statement struct {
// policy optional identifier
// +optional each policy statement with a Sid value
// +optional Sid value as description of its policy statement
// permit to use: SQS or SNS, Sid value is policy file ID's child-ID
// must unique in JSON Policy
// more detail referred to local: testdata/Statement/Sid
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html
// +optional
Sid string `json:"Sid,omitempty"`
// only valid of: "Allow" and "Deny"
// any others are invalid
// more detail referred to local: testdata/Statement/Effect
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html
Effect string `json:"Effect,omitempty"`
// must be used in Resource-based access policy
// RBAPolicy for example: in Amazon S3 Bucket or AWS KMS Key
// can not be used in Identity-based access policy
// IBAPolicy is attached to IAM Identification(Users, Groups or Roles) policy
// more detail referred to local: testdata/Statement/Principal
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
// +optional
Principal
// more detail referred to local: testdata/Statement/Action
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html
Action
// more detail referred to local: testdata/Statement/Resource
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html
Resource
// more detail referred to local: testdata/Statement/Condition
// and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
// +optional
Condition ConditionType `json:"Condition,omitempty"`
}
type StatementList ¶
type StatementList []Statement
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.