v1

package
v0.0.0-...-0490640 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2019 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultEffect = "allow"

DefaultEffect is `allow` to ensure user's permissions are the union of their policies

Variables

This section is empty.

Functions

func SystemPolicies 

func SystemPolicies() []*storage.Policy

SystemPolicies returns a list of system policies that should always exist by default. These should not be visible to the enduser and therefore exist outside of the database.

Types

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is an AuthZ server for storing policies that define AuthZ rules and then use those policies to decide if subject is authorized for an action on a resource.

func NewMemstoreServer 

func NewMemstoreServer(
	ctx context.Context,
	l logger.Logger,
	e engine.V1Engine) (*Server, error)

NewMemstoreServer returns an instance of server.Server

func NewPostgresServer 

func NewPostgresServer(
	ctx context.Context,
	l logger.Logger,
	e engine.V1Engine,
	migrationsConfig migration.Config) (*Server, error)

NewPostgresServer instantiates a server.Server that connects to a postgres backend

func NewWithStore 

func NewWithStore(
	ctx context.Context,
	l logger.Logger,
	e engine.V1Engine,
	s storage.Storage,
	initPolicies, skipAuthz bool,
	policyV2 api_v2.PoliciesServer) (*Server, error)

NewWithStore instantiates a new server with a given storage.Storage implementation

func (*Server) CreatePolicy 

func (s *Server) CreatePolicy(
	ctx context.Context,
	req *authz.CreatePolicyReq) (*authz.CreatePolicyResp, error)

CreatePolicy allows the user to persist a policy that informs AuthZ rules.

func (*Server) DeletePolicy 

func (s *Server) DeletePolicy(
	ctx context.Context,
	req *authz.DeletePolicyReq) (*authz.DeletePolicyResp, error)

DeletePolicy removes a policy from storage by id.

func (*Server) FilterAuthorizedPairs 

func (s *Server) FilterAuthorizedPairs(
	ctx context.Context,
	req *authz.FilterAuthorizedPairsReq) (*authz.FilterAuthorizedPairsResp, error)

FilterAuthorizedPairs implements the GRPC method for filtering pairs of resources/actions

func (*Server) FilterAuthorizedProjects 

func (s *Server) FilterAuthorizedProjects(
	ctx context.Context,
	req *authz.FilterAuthorizedPairsReq) (*authz.FilterAuthorizedProjectsResp, error)

FilterAuthorizedProjects just returns empty for V1.

func (*Server) GetVersion 

func (s *Server) GetVersion(
	ctx context.Context,
	req *ver_api.VersionInfoRequest) (*ver_api.VersionInfo, error)

GetVersion returns the version of Authz GRPC API

func (*Server) IsAuthorized 

func (s *Server) IsAuthorized(
	ctx context.Context,
	req *authz.IsAuthorizedReq) (*authz.IsAuthorizedResp, error)

IsAuthorized checks if an API request is authorized

func (*Server) ListPolicies 

func (s *Server) ListPolicies(
	ctx context.Context,
	req *authz.ListPoliciesReq) (*authz.ListPoliciesResp, error)

ListPolicies returns a list of all policies from storage.

func (*Server) PurgeSubjectFromPolicies 

func (s *Server) PurgeSubjectFromPolicies(
	ctx context.Context,
	req *authz.PurgeSubjectFromPoliciesReq) (*authz.PurgeSubjectFromPoliciesResp, error)

func (*Server) Storage 

func (s *Server) Storage() storage.Storage

Storage exposes the (v1) server's storage backend, and is used for migrating v1 policies from there

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.