engine

package
v0.0.0-...-ec764e8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: Apache-2.0 Imports: 1 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProjectList

func ProjectList(projects ...string) []string

ProjectList is a convenience function, allowing us to pass

engine.ProjectList("project-9")

instead of

engine.Projects([]string{"project-9"})

as argument to `FilterAuthorizedProjects`

Types

type Action

type Action string

Action is how the subject wants to interact with the resource

type Authorizer

type Authorizer interface {
	// ProjectsAuthorized returns a subset of the requested projects (Projects)
	// allowed by the subjects/action/resource tuple.
	ProjectsAuthorized(context.Context, Subjects, Action, Resource, Projects) ([]string, error)

	// FilterAuthorizedProjects returns a sublist of the passed-in pairs
	// allowed by the subjects.
	FilterAuthorizedPairs(context.Context, Subjects, []Pair) ([]Pair, error)

	// FilterAuthorizedProjects returns a list of allowed projects
	// for the given subjects
	FilterAuthorizedProjects(context.Context, Subjects) ([]string, error)
}

type Engine

type Engine interface {
	// Authorizer and Writer are never used together (the authz section of the
	// service needs Authorizer, the policy section cares about Writer), so we
	// collect them here instead of introducing a Engine interface.
	Authorizer
	Writer
}

Engine abstracts different decision engines.

type Pair

type Pair struct {
	Resource Resource `json:"resource"`
	Action   Action   `json:"action"`
}

Pair is a convenience type for filtering a set of pairs according to their authorization

type Project

type Project string

Project is the input query's REQUESTED project i.e. the project selected in the project filter. TODO: make this an array!!

type Projects

type Projects []string

A list of requested projects

type Resource

type Resource string

Resource is what the subject is attempting to interact with

type Subjects

type Subjects []string

Subjects contains the requestor and all the teams they're a member of. The strings are namespaced, so for the requestor, this would be

"user:type:EXTERNALID"

and for their teams

"team:type:TEAMID"

func Subject

func Subject(subs ...string) Subjects

Subject is a convenience function, allowing us to pass

engine.Subject("team:local:admin")

instead of

engine.Subjects([]string{"team:local:admin"})

as argument to `IsAuthorized`

type Writer

type Writer interface {
	SetPolicies(context.Context, map[string]interface{}, map[string]interface{}) error
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL