Documentation
¶
Index ¶
- Constants
- type Builder
- func (b *Builder) Build() (Enforcer, error)
- func (b *Builder) Flavor(flavor Flavor) *Builder
- func (b *Builder) Product(product string) *Builder
- func (b *Builder) Timeout(timeout time.Duration) *Builder
- func (b *Builder) URL(url string) *Builder
- func (b *Builder) WithCaching(keyExpirySeconds int, cacheCleanUpIntervalSeconds int) *Builder
- type CacheConfig
- type Enforcer
- type Flavor
- type InMemoryCache
Constants ¶
View Source
const ( // DefaultURL default Keto server URL DefaultURL = "http://localhost:4466" // DefaultFlavor default Keto flavor to be used DefaultFlavor = FlavorGlob // DefaultTimeout maximum call duration to Keto Server before considered as timeout DefaultTimeout = 5 * time.Second )
View Source
const ( // ActionCreate action to create a resource ActionCreate = "actions:create" // ActionRead action to read a resource ActionRead = "actions:read" // ActionUpdate action to update a resource ActionUpdate = "actions:update" // ActionDelete action to delete a resource ActionDelete = "actions:delete" // ActionAll all action ActionAll = "actions:**" )
View Source
const MaxKeyExpirySeconds = 600
MaxKeyExpirySeconds is the max allowed value for the KeyExpirySeconds.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder builder of enforcer.Enforcer
func NewEnforcerBuilder ¶
func NewEnforcerBuilder() *Builder
NewEnforcerBuilder create new enforcer builder with all default parameters
type CacheConfig ¶ added in v1.9.0
CacheConfig holds the configuration for the in-memory cache, if enabled
type Enforcer ¶
type Enforcer interface {
// Enforce check whether user is authorized to do certain action against a resource
Enforce(user string, resource string, action string) (*bool, error)
// FilterAuthorizedResource filter and return list of authorized resource for certain user
FilterAuthorizedResource(user string, resources []string, action string) ([]string, error)
// GetRole get role with name
GetRole(roleName string) (*types.Role, error)
// GetPolicy get policy with name
GetPolicy(policyName string) (*types.Policy, error)
// UpsertRole create or update a role containing member as specified by users argument
UpsertRole(roleName string, users []string) (*types.Role, error)
// UpsertPolicy create or update a policy to allow subjects do actions against the specified resources
UpsertPolicy(
policyName string,
roles []string,
users []string,
resources []string,
actions []string,
) (*types.Policy, error)
}
Enforcer thin client providing interface for authorizing users
type InMemoryCache ¶ added in v1.9.0
type InMemoryCache struct {
// contains filtered or unexported fields
}
func (*InMemoryCache) LookUpPermission ¶ added in v1.9.0
func (c *InMemoryCache) LookUpPermission(input models.OryAccessControlPolicyAllowedInput) (*bool, bool)
func (*InMemoryCache) StorePermission ¶ added in v1.9.0
func (c *InMemoryCache) StorePermission(input models.OryAccessControlPolicyAllowedInput, isAllowed *bool)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.