Documentation ¶
Index ¶
- Constants
- Variables
- func GetBucketAnyResource(bucketName string) string
- func GetBucketResource(bucketName string) string
- func GetPrincipalAccountRoot(accountId string) string
- func GetPrincipalAccountUser(accountId, userName string) string
- func GetSid(policyName ...string) string
- func MarshalPolicy(policy Policy) (string, error)
- func PolicyValid(policy Policy) error
- type AWSIAMClient
- type Action
- type ActionType
- type ActionTypeConstraint
- type ConditionType
- type IBAPolicy
- type MAMRStatement
- type MASRStatement
- type Policy
- type Principal
- type PrincipalType
- type PrincipalTypeConstraint
- type RBAPolicy
- type Resource
- type ResourceType
- type ResourceTypeConstraint
- type SAMRStatement
- type SASRStatement
- type Statement
- type StatementList
Constants ¶
const ( // Version // current version of the policy language // always include and set to Version "2012-10-17" Version = "2012-10-17" // EarlierVersion // earlier version of the policy language // for example: earlier version will not identify ${aws:username} as a variable // instead, earlier version identify it is a text-string EarlierVersion = "2008-10-17" )
Version
const ( Allow = "Allow" Deny = "Deny" )
Effect
const ( ActionAll = matchAny S3All = "s3:*" )
Action S3:All
const ( S3CreateBucket = "s3:CreateBucket" S3DeleteBucket = "s3:DeleteBucket" S3ForceDeleteBucket = "s3:ForceDeleteBucket" S3GetBucketLocation = "s3:GetBucketLocation" S3ListAllMyBuckets = "s3:ListAllMyBuckets" S3ListBucket = "s3:ListBucket" )
S3:Bucket
const ( S3DeleteObject = "s3:DeleteObject" S3GetObject = "s3:GetObject" S3PutObject = "s3:PutObject" S3PutObjectTagging = "s3:PutObjectTagging" S3GetObjectTagging = "s3:GetObjectTagging" S3DeleteObjectTagging = "s3:DeleteObjectTagging" )
S3:Object
const ( S3GetBucketPolicy = "s3:GetBucketPolicy" S3PutBucketPolicy = "s3:PutBucketPolicy" S3DeleteBucketPolicy = "s3:DeleteBucketPolicy" S3GetBucketTagging = "s3:GetBucketTagging" S3PutBucketTagging = "s3:PutBucketTagging" )
S3:Bucket Configuration
const ( S3AbortMultipartUpload = "s3:AbortMultipartUpload" S3ListMultipartUploadParts = "s3:ListMultipartUploadParts" S3ListBucketMultipartUploads = "s3:ListBucketMultipartUploads" )
S3:Multipart Upload
const ( S3PutBucketVersioning = "s3:PutBucketVersioning" S3GetBucketVersioning = "s3:GetBucketVersioning" S3DeleteObjectVersion = "s3:DeleteObjectVersion" S3ListBucketVersions = "s3:ListBucketVersions" S3PutObjectVersionTagging = "s3:PutObjectVersionTagging" S3GetObjectVersionTagging = "s3:GetObjectVersionTagging" S3DeleteObjectVersionTagging = "s3:DeleteObjectVersionTagging" S3GetObjectVersion = "s3:GetObjectVersion" S3BypassGovernanceRetention = "s3:BypassGovernanceRetention" S3PutObjectRetention = "s3:PutObjectRetention" S3GetObjectRetention = "s3:GetObjectRetention" S3GetObjectLegalHold = "s3:GetObjectLegalHold" S3PutObjectLegalHold = "s3:PutObjectLegalHold" S3GetBucketObjectLockConfiguration = "s3:GetBucketObjectLockConfiguration" S3PutBucketObjectLockConfiguration = "s3:PutBucketObjectLockConfiguration" )
S3:Versioning and Retention
const ( S3GetBucketNotification = "s3:GetBucketNotification" S3PutBucketNotification = "s3:PutBucketNotification" S3ListenNotification = "s3:ListenNotification" S3ListenBucketNotification = "s3:ListenBucketNotification" )
S3:Bucket Notifications
const ( S3PutLifecycleConfiguration = "s3:PutLifecycleConfiguration" S3GetLifecycleConfiguration = "s3:GetLifecycleConfiguration" )
S3:Object Lifecycle Management
const ( S3GetEncryptionConfiguration = "s3:GetEncryptionConfiguration" S3PutEncryptionConfiguration = "s3:PutEncryptionConfiguration" )
S3:Object Encryption
const ( S3GetReplicationConfiguration = "s3:GetReplicationConfiguration" S3PutReplicationConfiguration = "s3:PutReplicationConfiguration" S3ReplicateObject = "s3:ReplicateObject" S3ReplicateDelete = "s3:ReplicateDelete" S3ReplicateTags = "s3:ReplicateTags" S3GetObjectVersionForReplication = "s3:GetObjectVersionForReplication" )
S3:Bucket Replication
const ( AWSReferer = "aws:Referer" AWSSourceIp = "aws:SourceIp" AWSUserAgent = "aws:UserAgent" AWSSecureTransport = "aws:SecureTransport" AWSCurrentTime = "aws:CurrentTime" AWSEpochTime = "aws:EpochTime" AWSPrincipalType = "aws:PrincipalType" AWSUserid = "aws:userid" AWSUsername = "aws:username" XAmzContentSha256 = "x-amz-content-sha256" S3signatureAge = "s3:signatureAge" )
S3:Condition Keys
const ( ResourceAll = matchAny ResourceARNS3All = "arn:aws:s3:::*" ResourceARNS3Prefix = "arn:aws:s3:::" )
Resource
const ( PrincipalAll = matchAny PrincipalARNIAMPrefix = "arn:aws:iam::" )
Principal
Variables ¶
var ( VersionError = errors.New("Version value is not valid") VersionOutdatedError = errors.New("Version value has outdated") StatementError = errors.New("Statement size can not be zero") SidError = errors.New("Sid are duplicated in full PolicyDocument") EffectError = errors.New("Effect value is not valid") ActionError = errors.New("Action and NotAction cannot be used simultaneously in a same Statement") ResourceError = errors.New("Resource and NotResource cannot be used simultaneously in a same Statement") PrincipalError = errors.New("Principal and NotPrincipal cannot be used simultaneously in a same Statement") PrincipalV2Error = errors.New("Principal can not be used in IBAPolicy Statement") )
Functions ¶
func GetBucketAnyResource ¶
func GetBucketResource ¶
func GetPrincipalAccountRoot ¶
func GetPrincipalAccountUser ¶
func MarshalPolicy ¶
func PolicyValid ¶
Types ¶
type AWSIAMClient ¶
type AWSIAMClient struct { Policy awssdkiam.CreatePolicyInput PolicyV2 awssdkv2iam.CreatePolicyInput }
AWSIAMClient convinced that PolicyDocument describe: - gotype: string and *string - format: JSON encode
type Action ¶
type Action struct { // more detail referred to local: testdata/Statement/Action // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html // +optional Action ActionType `json:"Action,omitempty"` // more detail referred to local: testdata/Statement/Action // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html // +optional NotAction ActionType `json:"NotAction,omitempty"` }
type ActionTypeConstraint ¶
type ConditionType ¶
ConditionType Extremely Complex, do it when really need it!!!
type IBAPolicy ¶
type IBAPolicy struct { // always set to "2012-10-17" // more detail referred to local: testdata/Version // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html Version string `json:"Version,omitempty"` // declaration array // more detail referred to local: testdata/Statement // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html StatementList StatementList `json:"Statement,omitempty"` }
IBAPolicy Identity-based access policy
func (*IBAPolicy) StatementLen ¶
func (*IBAPolicy) VersionString ¶
type MAMRStatement ¶
type MAMRStatement struct { Sid string `json:"Sid,omitempty"` Effect string `json:"Effect,omitempty"` Action []string `json:"Action,omitempty"` Resource []string `json:"Resource,omitempty"` Condition ConditionType `json:"Condition,omitempty"` }
MAMRStatement Multiple Action Multiple Resource Statement Deprecated : Use Statement
func (*MAMRStatement) WithName ¶
func (s *MAMRStatement) WithName(name string)
type MASRStatement ¶
type MASRStatement struct { Sid string `json:"Sid,omitempty"` Effect string `json:"Effect,omitempty"` Action []string `json:"Action,omitempty"` Resource string `json:"Resource,omitempty"` Condition ConditionType `json:"Condition,omitempty"` }
MASRStatement Multiple Action Single Resource Statement Deprecated : Use Statement
func (*MASRStatement) WithName ¶
func (s *MASRStatement) WithName(name string)
type Policy ¶
type Policy interface { // String to get packed json string String() (string, error) VersionString() string StatementLen() int }
AWS IAM PolicyDocument JSON
type Principal ¶
type Principal struct { // more detail referred to local: testdata/Statement/Principal // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html // +optional Principal PrincipalType `json:"Principal,omitempty"` // more detail referred to local: testdata/Statement/Principal // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html // +optional NotPrincipal PrincipalType `json:"NotPrincipal,omitempty"` }
type PrincipalTypeConstraint ¶
type RBAPolicy ¶
type RBAPolicy struct { // always set to "2012-10-17" // more detail referred to local: testdata/Version // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html Version string `json:"Version,omitempty"` // can be used in Resource-based access policy // can not be used in Identity-based access policy // suggest to use: UUID/GUID or combine of UUID&ID // more detail referred to local: testdata/Id // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_id.html // +optional Id string `json:"Id,omitempty"` // declaration array // more detail referred to local: testdata/Statement // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_statement.html StatementList StatementList `json:"Statement,omitempty"` }
RBAPolicy Resource-based access policy
func (*RBAPolicy) StatementLen ¶
func (*RBAPolicy) VersionString ¶
type Resource ¶
type Resource struct { // more detail referred to local: testdata/Statement/Resource // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html // +optional Resource ResourceType `json:"Resource,omitempty"` // more detail referred to local: testdata/Statement/Resource // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html // +optional NotResource ResourceType `json:"NotResource,omitempty"` }
type ResourceTypeConstraint ¶
type SAMRStatement ¶
type SAMRStatement struct { Sid string `json:"Sid,omitempty"` Effect string `json:"Effect,omitempty"` Action string `json:"Action,omitempty"` Resource []string `json:"Resource,omitempty"` Condition ConditionType `json:"Condition,omitempty"` }
SAMRStatement Single Action Multiple Resource Statement Deprecated : Use Statement
func (*SAMRStatement) WithName ¶
func (s *SAMRStatement) WithName(name string)
type SASRStatement ¶
type SASRStatement struct { Sid string `json:"Sid,omitempty"` Effect string `json:"Effect,omitempty"` Action string `json:"Action,omitempty"` Resource string `json:"Resource,omitempty"` Condition ConditionType `json:"Condition,omitempty"` }
SASRStatement Single Action Single Resource Statement Deprecated : Use Statement
func (*SASRStatement) WithName ¶
func (s *SASRStatement) WithName(name string)
type Statement ¶
type Statement struct { // policy optional identifier // +optional each policy statement with a Sid value // +optional Sid value as description of its policy statement // permit to use: SQS or SNS, Sid value is policy file ID's child-ID // must unique in JSON Policy // more detail referred to local: testdata/Statement/Sid // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_sid.html // +optional Sid string `json:"Sid,omitempty"` // only valid of: "Allow" and "Deny" // any others are invalid // more detail referred to local: testdata/Statement/Effect // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_effect.html Effect string `json:"Effect,omitempty"` // must be used in Resource-based access policy // RBAPolicy for example: in Amazon S3 Bucket or AWS KMS Key // can not be used in Identity-based access policy // IBAPolicy is attached to IAM Identification(Users, Groups or Roles) policy // more detail referred to local: testdata/Statement/Principal // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html // +optional Principal // more detail referred to local: testdata/Statement/Action // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html Action // more detail referred to local: testdata/Statement/Resource // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html Resource // more detail referred to local: testdata/Statement/Condition // and more detail referred to web: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html // +optional Condition ConditionType `json:"Condition,omitempty"` }
type StatementList ¶
type StatementList []Statement