Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ArePoliciesEqal ¶
ArePoliciesEqal determines if the two Policy objects can be considered equal.
Types ¶
type ConditionMap ¶
type ConditionMap map[string]ConditionSettings
ConditionMap is map with the operator as key and the setting as values. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html for details.
type ConditionSettings ¶
ConditionSettings is a map of keys and values. Depending on the type of operation, the values can strings, integers, bools or lists of strings.
func (*ConditionSettings) UnmarshalJSON ¶
func (m *ConditionSettings) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into m.
type Policy ¶
type Policy struct {
// Version is the current IAM policy version
Version string `json:"Version"`
// ID is the policy's optional identifier
ID string `json:"Id,omitempty"`
// Statements is the list of statement this policy applies.
Statements StatementList `json:"Statement,omitempty"`
}
Policy represents an AWS IAM policy.
func ParsePolicyBytes ¶
ParsePolicyBytes from a byte array representing a raw JSOn string.
func ParsePolicyObject ¶
ParsePolicyObject parses a policy from an object (i.e. an API struct) which can be marshalled into JSON.
func ParsePolicyString ¶
ParsePolicyString from a raw JSON string.
type Principal ¶
type Principal struct {
// This flag indicates if the policy should be made available
// to all anonymous users. Also known as "*".
// +optional
AllowAnon bool `json:"-"`
// This list contains the all of the AWS IAM users which are affected
// by the policy statement.
// +optional
AWSPrincipals StringOrArray `json:"AWS,omitempty"`
// This string contains the identifier for any federated web identity
// provider.
// +optional
Federated string `json:"Federated,omitempty"`
// Service define the services which can have access to this bucket
// +optional
Service StringOrArray `json:"Service,omitempty"`
}
Principal defines the principal users affected by the PolicyStatement Please see the AWS S3 docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
func (*Principal) UnmarshalJSON ¶
UnmarshalJSON unmarshals data into p.
type Statement ¶
type Statement struct {
// Optional identifier for this statement, must be unique within the
// policy if provided.
SID string `json:"Sid,omitempty"`
// The effect is required and specifies whether the statement results
// in an allow or an explicit deny.
// Valid values for Effect are "Allow" and "Deny".
Effect StatementEffect `json:"Effect"`
// Used with the policy to specify the principal that is allowed
// or denied access to a resource.
Principal *Principal `json:"Principal,omitempty"`
// Used with the S3 policy to specify the users which are not included
// in this policy
NotPrincipal *Principal `json:"NotPrincipal,omitempty"`
// Action specifies the action or actions that will be allowed or denied
// with this Statement.
Action StringOrArray `json:"Action,omitempty"`
// NotAction specifies each element that will allow the property to match
// all but the listed actions.
NotAction StringOrArray `json:"NotAction,omitempty"`
// Resource specifies paths on which this statement will apply.
Resource StringOrArray `json:"Resource,omitempty"`
// NotResource explicitly specifies all resource paths that are defined in
// this array.
NotResource StringOrArray `json:"NotResource,omitempty"`
// Condition specifies where conditions for policy are in effect.
// https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
Condition ConditionMap `json:"Condition,omitempty"`
}
Statement defines an individual statement within the policy.
type StatementEffect ¶
type StatementEffect string
StatementEffect specifies the effect of a policy statement.
const ( StatementEffectAllow StatementEffect = "Allow" StatementEffectDeny StatementEffect = "Deny" )
Statement effect values.
type StatementList ¶
type StatementList []Statement
StatementList is a list of statements. It implements a custom marshaller to support parsing from a single, non-list statement.
func (*StatementList) UnmarshalJSON ¶
func (s *StatementList) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into s.
type StringOrArray ¶
type StringOrArray []string
StringOrArray is a string array that supports parsing from a single string as a single entry array.
func (*StringOrArray) UnmarshalJSON ¶
func (s *StringOrArray) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into s.
Source Files