engine

package

v0.0.0-...-6794c67 Latest Latest Go to latest Published: Aug 24, 2021 License: Apache-2.0 Imports: 1 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chef/automate

Documentation ¶

Index ¶

func ProjectList(projects ...string) []string
type Action
type Authorizer
type Engine
type Pair
type Project
type Projects
type Resource
type Subjects
- func Subject(subs ...string) Subjects
type Writer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ProjectList ¶

func ProjectList(projects ...string) []string

ProjectList is a convenience function, allowing us to pass

engine.ProjectList("project-9")

instead of

engine.Projects([]string{"project-9"})

as argument to `FilterAuthorizedProjects`

Types ¶

type Action ¶

type Action string

Action is how the subject wants to interact with the resource

type Authorizer ¶

type Authorizer interface {
	// ProjectsAuthorized returns a subset of the requested projects (Projects)
	// allowed by the subjects/action/resource tuple.
	ProjectsAuthorized(context.Context, Subjects, Action, Resource, Projects) ([]string, error)

	// FilterAuthorizedProjects returns a sublist of the passed-in pairs
	// allowed by the subjects.
	FilterAuthorizedPairs(context.Context, Subjects, []Pair) ([]Pair, error)

	// FilterAuthorizedProjects returns a list of allowed projects
	// for the given subjects
	FilterAuthorizedProjects(context.Context, Subjects) ([]string, error)
}

type Engine ¶

type Engine interface {
	// Authorizer and Writer are never used together (the authz section of the
	// service needs Authorizer, the policy section cares about Writer), so we
	// collect them here instead of introducing a Engine interface.
	Authorizer
	Writer
}

Engine abstracts different decision engines.

type Pair ¶

type Pair struct {
	Resource Resource `json:"resource"`
	Action   Action   `json:"action"`
}

Pair is a convenience type for filtering a set of pairs according to their authorization

type Project ¶

type Project string

Project is the input query's REQUESTED project i.e. the project selected in the project filter. TODO: make this an array!!

type Projects ¶

type Projects []string

A list of requested projects

type Resource ¶

type Resource string

Resource is what the subject is attempting to interact with

type Subjects ¶

type Subjects []string

Subjects contains the requestor and all the teams they're a member of. The strings are namespaced, so for the requestor, this would be

"user:type:EXTERNALID"

and for their teams

"team:type:TEAMID"

func Subject ¶

func Subject(subs ...string) Subjects

Subject is a convenience function, allowing us to pass

engine.Subject("team:local:admin")

instead of

engine.Subjects([]string{"team:local:admin"})

as argument to `IsAuthorized`

type Writer ¶

type Writer interface {
	SetPolicies(context.Context, map[string]interface{}, map[string]interface{}) error
}

Source Files ¶

View all Source files

engine.go

Directories ¶

Path	Synopsis
opa

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL