policy

package
v0.0.0-...-0fdad32 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2024 License: MIT Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Require 

func Require(policy Policy, requiredPermissions ...Permission) error

Require institutes a policy check. Require will implicitly call policy.Check on the provided policy for each requiredPermission passed. If any of the required permissions fail the Check call, then this function will return an error. A response of (nil) means that all checks passed.

Types

type AdminUsersOnly 

type AdminUsersOnly struct{}

AdminUsersOnly addresses scenarios where the *only* restriction is that the calling user be an admin.

type Authenticated 

type Authenticated struct {
	UserID       int64
	IsSuperAdmin bool
}

Authenticated Policy Grants permissions all authenticated users should have

func NewAuthenticatedPolicy 

func NewAuthenticatedPolicy(userID int64, isSuperAdmin bool) *Authenticated

func (*Authenticated) Check 

func (a *Authenticated) Check(permission Permission) bool

Check reviews the permission type for all authenticated users (true => valid ;; false => invalid)

func (*Authenticated) String 

func (a *Authenticated) String() string

type CanCheckTotp 

type CanCheckTotp struct{ UserID int64 }

type CanCreateOpVars 

type CanCreateOpVars struct{ OperationID int64 }

type CanCreateOperations 

type CanCreateOperations struct{}

type CanDeleteAuthForAllUsers 

type CanDeleteAuthForAllUsers struct{ SchemeCode string }

type CanDeleteAuthScheme 

type CanDeleteAuthScheme struct {
	UserID     int64
	SchemeCode string
}

type CanDeleteOpVars 

type CanDeleteOpVars struct{ OperationID int64 }

type CanDeleteOperation 

type CanDeleteOperation struct{ OperationID int64 }

type CanDeleteTotp 

type CanDeleteTotp struct{ UserID int64 }

type CanExportOperationData 

type CanExportOperationData struct{ OperationID int64 }

type CanListAPIKeys 

type CanListAPIKeys struct{ UserID int64 }

type CanListUserGroupsOfOperation 

type CanListUserGroupsOfOperation struct{ OperationID int64 }

type CanListUsersOfOperation 

type CanListUsersOfOperation struct{ OperationID int64 }

type CanModifyAPIKeys 

type CanModifyAPIKeys struct{ UserID int64 }

type CanModifyEvidenceOfOperation 

type CanModifyEvidenceOfOperation struct{ OperationID int64 }

type CanModifyFindingsOfOperation 

type CanModifyFindingsOfOperation struct{ OperationID int64 }

type CanModifyOpVars 

type CanModifyOpVars struct{ OperationID int64 }

type CanModifyOperation 

type CanModifyOperation struct{ OperationID int64 }

type CanModifyQueriesOfOperation 

type CanModifyQueriesOfOperation struct{ OperationID int64 }

type CanModifyTagsOfOperation 

type CanModifyTagsOfOperation struct{ OperationID int64 }

type CanModifyUser 

type CanModifyUser struct{ UserID int64 }

type CanModifyUserGroupOfOperation 

type CanModifyUserGroupOfOperation struct {
	OperationID int64
	UserGroupID int64
}

type CanModifyUserOfOperation 

type CanModifyUserOfOperation struct {
	OperationID int64
	UserID      int64
}

type CanReadDetailedUser 

type CanReadDetailedUser struct{ UserID int64 }

type CanReadOperation 

type CanReadOperation struct{ OperationID int64 }

type CanReadUser 

type CanReadUser struct{ UserID int64 }

type CanViewOpVars 

type CanViewOpVars struct{ OperationID int64 }

type Deny 

type Deny struct{}

Deny Policy Rejects all permissions

func (*Deny) Check 

func (*Deny) Check(Permission) bool

Check returns false for every input, simulating a Never-Allow scenario

func (*Deny) String 

func (*Deny) String() string

type FullAccess 

type FullAccess struct{}

FullAccess Policy Allows all permissions

func (*FullAccess) Check 

func (*FullAccess) Check(Permission) bool

Check returns true for every input, simulating an Always-Allow scenario

func (*FullAccess) String 

func (*FullAccess) String() string

type Operation 

type Operation struct {
	UserID           int64
	IsHeadless       bool
	OperationRoleMap map[int64]OperationRole
}

Operation Policy Grants permissions based on operation roles

func (*Operation) Check 

func (o *Operation) Check(permission Permission) bool

func (*Operation) String 

func (o *Operation) String() string

type OperationRole 

type OperationRole string
const (
	OperationRoleAdmin OperationRole = "admin"
	OperationRoleWrite OperationRole = "write"
	OperationRoleRead  OperationRole = "read"
)

type Permission 

type Permission interface{}

Permission represents a low level action that a policy can enforce. Permissions may optionally reference resources such as an operation or user

type Policy 

type Policy interface {
	Check(Permission) bool
	String() string
}

Policy is a simple interface into interacting with Permission structs.

Check verifies, given a Permission, whether the requested action is valid/authorized

type Union 

type Union struct {
	P1 Policy
	P2 Policy
}

Union Policy Grants permission if either sub policy grants the permission

func (*Union) Check 

func (u *Union) Check(permission Permission) bool

Check performs the underlying policy check for each policy, returning true if either policy.Check call returns true

func (*Union) String 

func (u *Union) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.