authz

package
v2.0.0-alpha.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 10, 2021 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const RoleAssignmentKind = "RoleAssignment"

RoleAssignmentKind represents the canonical RoleAssignment kind string

View Source
const RoleScopeGlobal = "*"

RoleScopeGlobal represents an unbounded scope.

Variables

This section is empty.

Functions

func AlwaysAuthorize

func AlwaysAuthorize(ctx context.Context, role Role, scope string) error

AlwaysAuthorize is an implementation of the AuthorizeFn function signature that unconditionally passes authorization requests by returning nil. This is used only for testing purposes.

func NeverAuthorize

func NeverAuthorize(ctx context.Context, role Role, scope string) error

NeverAuthorize is an implementation of the AuthorizeFn function signature that unconditionally fails authorization requests by returning a *meta.ErrAuthorization error. This is used only for testing purposes.

Types

type AuthorizeFn

type AuthorizeFn func(ctx context.Context, role Role, scope string) error

AuthorizeFn is the signature for any function that can, presumably, retrieve a principal from the provided Context and make an access control decision based on the principal having (or not having) the specified Role with the specified scope. Implementations MUST return a *meta.ErrAuthorization error if the principal is not authorized.

type PrincipalReference

type PrincipalReference struct {
	// Type qualifies what kind of principal is referenced by the ID field-- for
	// instance, a User or a ServiceAccount.
	Type PrincipalType `json:"type,omitempty"`
	// ID references a principal. The Type qualifies what type of principal that
	// is-- for instance, a User or a ServiceAccount.
	ID string `json:"id,omitempty"`
}

PrincipalReference is a reference to any sort of security principal (human user, service account, etc.)

type PrincipalType

type PrincipalType string

PrincipalType is a type whose values can be used to disambiguate one type of principal from another. For instance, when assigning a Role to a principal via a RoleAssignment, a PrincipalType field is used to indicate whether the value of the PrincipalID field reflects a User ID or a ServiceAccount ID.

type Role

type Role string

Role is a type whose value maps to a well-defined Brigade Role.

type RoleAssignment

type RoleAssignment struct {
	// Role assigns a Role to the specified principal.
	Role Role `json:"role" bson:"role"`
	// Principal specifies the principal to whom the Role is assigned.
	Principal PrincipalReference `json:"principal" bson:"principal"`
	// Scope qualifies the scope of the Role. The value is opaque and has meaning
	// only in relation to a specific Role.
	Scope string `json:"scope,omitempty" bson:"scope,omitempty"`
}

RoleAssignment represents the assignment of a Role to a principal such as a User or ServiceAccount.

func (RoleAssignment) MarshalJSON

func (r RoleAssignment) MarshalJSON() ([]byte, error)

MarshalJSON amends RoleAssignment instances with type metadata.

func (RoleAssignment) Matches

func (r RoleAssignment) Matches(role Role, scope string) bool

Matches determines if this RoleAssignment matches the role and scope arguments.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL