Documentation ¶
Index ¶
- func ArePoliciesEqal(a, b *Policy) (equal bool, diff string)
- func ArePolicyDocumentsEqual(a, b string) bool
- func ConvertResourcePolicyToPolicyBytes(rp *common.ResourcePolicy) ([]byte, error)
- func ConvertResourcePolicyToPolicyString(rp *common.ResourcePolicy) (*string, error)
- type ConditionMap
- type ConditionSettings
- type ConditionSettingsValue
- type Policy
- type Principal
- type Statement
- type StatementEffect
- type StatementList
- type StringOrArray
- type StringOrSet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ArePoliciesEqal ¶
ArePoliciesEqal determines if the two Policy objects can be considered equal.
func ArePolicyDocumentsEqual ¶ added in v0.48.0
ArePolicyDocumentsEqual determines if the two policy documents can be considered equal.
func ConvertResourcePolicyToPolicyBytes ¶ added in v0.44.0
func ConvertResourcePolicyToPolicyBytes(rp *common.ResourcePolicy) ([]byte, error)
ConvertResourcePolicyToPolicyBytes converts a ResourcePolicy to its JSON representation that can be sent to AWS.
func ConvertResourcePolicyToPolicyString ¶ added in v0.44.0
func ConvertResourcePolicyToPolicyString(rp *common.ResourcePolicy) (*string, error)
ConvertResourcePolicyToPolicyString converts a ResourcePolicy to its JSON string representation that can be sent to AWS.
Types ¶
type ConditionMap ¶
type ConditionMap map[string]ConditionSettings
ConditionMap is map with the operator as key and the setting as values. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html for details.
type ConditionSettings ¶
type ConditionSettings map[string]ConditionSettingsValue
ConditionSettings is a map of keys and values. Depending on the type of operation, the values can strings, integers, bools or lists of strings.
type ConditionSettingsValue ¶ added in v0.44.1
type ConditionSettingsValue []any
ConditionSettingsValue represents a value for condition mapping. It can be any kind of value but should be one of strings, integers, bools, lists or slices of them.
It contains a custom unmarshaller that is able to parse single items and converts them into slices.
func (*ConditionSettingsValue) UnmarshalJSON ¶ added in v0.44.1
func (m *ConditionSettingsValue) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into m.
type Policy ¶
type Policy struct { // Version is the current IAM policy version Version string `json:"Version"` // ID is the policy's optional identifier ID *string `json:"Id,omitempty"` // Statements is the list of statement this policy applies. Statements StatementList `json:"Statement,omitempty"` }
Policy represents an AWS IAM policy.
func ConvertResourcePolicyToPolicy ¶ added in v0.44.0
func ConvertResourcePolicyToPolicy(rp *common.ResourcePolicy) *Policy
ConvertResourcePolicyToPolicy converts a ResourcePolicy to a Policy object to be better comparable.
func ParsePolicyBytes ¶
ParsePolicyBytes from a byte array representing a raw JSOn string.
func ParsePolicyObject ¶
ParsePolicyObject parses a policy from an object (i.e. an API struct) which can be marshalled into JSON.
func ParsePolicyString ¶
ParsePolicyString from a raw JSON string.
func ParsePolicyStringPtr ¶ added in v0.44.1
ParsePolicyStringPtr from a raw JSON string pointer.
type Principal ¶
type Principal struct { // This flag indicates if the policy should be made available // to all anonymous users. Also known as "*". // +optional AllowAnon bool `json:"-"` // This list contains the all of the AWS IAM users which are affected // by the policy statement. // +optional AWSPrincipals StringOrSet `json:"AWS,omitempty"` // This string contains the identifier for any federated web identity // provider. // +optional Federated *string `json:"Federated,omitempty"` // Service define the services which can have access to this bucket // +optional Service StringOrSet `json:"Service,omitempty"` }
Principal defines the principal users affected by the PolicyStatement Please see the AWS S3 docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
func (*Principal) UnmarshalJSON ¶
UnmarshalJSON unmarshals data into p.
type Statement ¶
type Statement struct { // Optional identifier for this statement, must be unique within the // policy if provided. SID *string `json:"Sid,omitempty"` // The effect is required and specifies whether the statement results // in an allow or an explicit deny. // Valid values for Effect are "Allow" and "Deny". Effect StatementEffect `json:"Effect"` // Used with the policy to specify the principal that is allowed // or denied access to a resource. Principal *Principal `json:"Principal,omitempty"` // Used with the S3 policy to specify the users which are not included // in this policy NotPrincipal *Principal `json:"NotPrincipal,omitempty"` // Action specifies the action or actions that will be allowed or denied // with this Statement. Action StringOrArray `json:"Action,omitempty"` // NotAction specifies each element that will allow the property to match // all but the listed actions. NotAction StringOrArray `json:"NotAction,omitempty"` // Resource specifies paths on which this statement will apply. Resource StringOrArray `json:"Resource,omitempty"` // NotResource explicitly specifies all resource paths that are defined in // this array. NotResource StringOrArray `json:"NotResource,omitempty"` // Condition specifies where conditions for policy are in effect. // https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html Condition ConditionMap `json:"Condition,omitempty"` }
Statement defines an individual statement within the policy.
type StatementEffect ¶
type StatementEffect string
StatementEffect specifies the effect of a policy statement.
const ( StatementEffectAllow StatementEffect = "Allow" StatementEffectDeny StatementEffect = "Deny" )
Statement effect values.
type StatementList ¶
type StatementList []Statement
StatementList is a list of statements. It implements a custom marshaller to support parsing from a single, non-list statement.
func (*StatementList) UnmarshalJSON ¶
func (s *StatementList) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into s.
type StringOrArray ¶
type StringOrArray []string
StringOrArray is a string array that supports parsing from a single string as a single entry array.
func (*StringOrArray) UnmarshalJSON ¶
func (s *StringOrArray) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into s.
type StringOrSet ¶ added in v0.49.0
type StringOrSet map[string]struct{}
StringOrSet is a string array that supports parsing from a single string as a single entry array. Order of elements is not respected when comparing two StringOrSet objects.
func NewStringOrSet ¶ added in v0.49.0
func NewStringOrSet(values ...string) StringOrSet
func (StringOrSet) Add ¶ added in v0.49.0
func (s StringOrSet) Add(value string) StringOrSet
Add adds a value to the set.
func (*StringOrSet) MarshalJSON ¶ added in v0.49.0
func (s *StringOrSet) MarshalJSON() ([]byte, error)
MarshalJSON marshals StringOrSet as an array.
func (*StringOrSet) UnmarshalJSON ¶ added in v0.49.0
func (s *StringOrSet) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals data into s.