pathperms

package
v0.0.0-...-ff5f600 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 30, 2016 License: BSD-3-Clause Imports: 13 Imported by: 0

Documentation

Overview

Package pathperms provides a library to assist servers implementing GetPermissions/SetPermissions functions and authorizers where there are path-specific Permissions stored individually in files. TODO(rjkroege): Add unit tests.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrOperationFailed = verror.Register(pkgPath+".OperationFailed", verror.NoRetry, "{1:}{2:} operation failed{:_}")
)

Functions

func ComputeVersion

func ComputeVersion(perms access.Permissions) (string, error)

ComputeVersion produces the tag value returned by access.GetPermissions() (per v23/services/permissions/service.vdl) that GetPermissions/SetPermissions use to determine if the Permissions have been asynchronously modified.

func NewHierarchicalAuthorizer

func NewHierarchicalAuthorizer(rootDir, childDir string, get PermsGetter) (security.Authorizer, error)

NewHierarchicalAuthorizer creates a new hierarchicalAuthorizer: one that implements a "root" like concept: admin rights at the root of a server can invoke RPCs regardless of permissions set on child objects.

If the root permissions are not set, the authorizer behaves like the DefaultAuthorizer.

If the child permissions are not set, the authorizer uses the permissions set on the root to restrict access to the child (including the admin override described above).

func NilAuthPermissions

func NilAuthPermissions(ctx *context.T, call security.Call) access.Permissions

NilAuthPermissions creates Permissions that mimics the default authorization policy (i.e., Permissions is matched by all blessings that are either extensions of one of the local blessings or can be extended to form one of the local blessings.)

func PermissionsForBlessings

func PermissionsForBlessings(blessings []string) access.Permissions

PermissionsForBlessings creates the Permissions list that should be used with a newly created object.

func PrefixPatterns

func PrefixPatterns(blessings []string) []security.BlessingPattern

PrefixPatterns creates a pattern containing all of the prefix patterns of the provided blessings.

Types

type PathStore

type PathStore struct {
	// contains filtered or unexported fields
}

PathStore manages storage of a set of Permissions in the filesystem where each path identifies a specific Permissions in the set. PathStore synchronizes access to its member Permissions.

func NewPathStore

func NewPathStore(ctx *context.T) *PathStore

NewPathStore creates a new instance of the lock map that uses principal to sign stored Permissions files.

func (*PathStore) Delete

func (store *PathStore) Delete(dir string) error

Delete removes the permissions stored in the specified directory.

func (*PathStore) Get

func (store *PathStore) Get(dir string) (access.Permissions, string, error)

Get returns the Permissions from the data file in dir.

func (*PathStore) PermsForPath

func (store *PathStore) PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)

func (*PathStore) Set

func (store *PathStore) Set(dir string, perms access.Permissions, version string) error

Set writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking.

func (*PathStore) SetIfAbsent

func (store *PathStore) SetIfAbsent(dir string, perms access.Permissions) (bool, error)

SetIfAbsent writes the specified Permissions to the provided directory only if they don't already exist. Returns true if the permissions were written, and false otherwise (the error is nil if the permissions already exist).

func (*PathStore) SetShareable

func (store *PathStore) SetShareable(dir string, perms access.Permissions, version string, shareable, overwrite bool) (bool, error)

SetShareable writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking with file modes that will give the application read-only access to the permissions file.

type PermsGetter

type PermsGetter interface {
	// PermsForPath has two successful outcomes: either returning a valid
	// Permissions object or a boolean status true indicating that the
	// Permissions object is intentionally not present. Finally, it returns an
	// error if anything has gone wrong.
	PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)
}

PermsGetter defines an abstract interface that a customer of NewHierarchicalAuthorizer can use to obtain the PermissionsAuthorizer instances that it needs to construct a hierarchicalAuthorizer.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL