policy

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 1, 2024 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Effect 

type Effect string

Effect - policy statement effect Allow or Deny. 

const (
	// Allow - allow effect.
	Allow Effect = "Allow"

	// Deny - deny effect.
	Deny = "Deny"
)

func (Effect) IsAllowed 

func (effect Effect) IsAllowed(b bool) bool

IsAllowed - returns if given check is allowed or not.

func (Effect) IsValid 

func (effect Effect) IsValid() bool

IsValid - checks if Effect is valid or not

type ID 

type ID string

ID - policy ID.

func (ID) IsValid 

func (id ID) IsValid() bool

IsValid - checks if ID is valid or not.

type Policy 

type Policy struct {
	ID         ID `json:"ID"`
	Version    string
	Statements []Statement `json:"Statement"`
}

Policy - iam bucket iamp.

func CreateAnonReadOnlyBucketPolicy 

func CreateAnonReadOnlyBucketPolicy(bucketName string) *Policy

CreateAnonReadOnlyBucketPolicy creates a bucket policy for anonymous read-only access

func CreateAnonReadOnlyObjectPolicy 

func CreateAnonReadOnlyObjectPolicy(bucketName, prefix string) *Policy

CreateAnonReadOnlyObjectPolicy - create a policy for anonymous read only access to an object

func CreateAnonWriteOnlyBucketPolicy 

func CreateAnonWriteOnlyBucketPolicy(bucketName string) *Policy

CreateAnonWriteOnlyBucketPolicy creates a policy that allows anonymous users to write to a bucket

func CreateAnonWriteOnlyObjectPolicy 

func CreateAnonWriteOnlyObjectPolicy(bucketName, prefix string) *Policy

CreateAnonWriteOnlyObjectPolicy creates a policy that allows anonymous users to upload objects to a bucket

func CreateUserBucketPolicy 

func CreateUserBucketPolicy(bucketName, accessKey string) *Policy

CreateUserBucketPolicy create user policy according accessKey and bucket

func CreateUserPolicy 

func CreateUserPolicy(accessKey string, actions []s3action.Action, bucketName string) *Policy

CreateUserPolicy create user policy according action and bucket

func ParseConfig 

func ParseConfig(reader io.Reader, bucketName string) (*Policy, error)

ParseConfig - parses data in given reader to Policy.

func (*Policy) Equals 

func (p *Policy) Equals(policy Policy) bool

Equals returns true if the two policies are identical

func (*Policy) IsAllowed 

func (p *Policy) IsAllowed(args auth.Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (*Policy) IsEmpty 

func (p *Policy) IsEmpty() bool

IsEmpty - returns whether policy is empty or not.

func (*Policy) Merge 

func (p *Policy) Merge(input Policy) Policy

Merge merges two policies documents and drop duplicate statements if any.

func (*Policy) UnmarshalJSON 

func (p *Policy) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Iamp.

func (*Policy) Validate 

func (p *Policy) Validate(bucketName string) error

Validate - validates all statements are for given bucket or not.

type PolicyDocument 

type PolicyDocument struct {
	Version   string      `json:"Version"`
	Statement []Statement `json:"Statement"`
}

PolicyDocument policy document

func (*PolicyDocument) Merge 

func (p *PolicyDocument) Merge(input PolicyDocument) PolicyDocument

Merge merges two policies documents and drop duplicate statements if any.

func (*PolicyDocument) String 

func (p *PolicyDocument) String() string

type Principal 

type Principal struct {
	AWS set.StringSet
}

Principal - policy principal. 

"Principal": {
 "AWS": [
   "arn:aws:iam::123456789012:root",
   "999999999999",
   "CanonicalUser": "79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be"
 ]
}

The user, service, or account that receives permissions that are defined in a policy. The principal is A in the statement "A has permission to do B to C."

func NewPrincipal 

func NewPrincipal(principals ...string) Principal

NewPrincipal - creates new Principal.

func (Principal) Clone 

func (p Principal) Clone() Principal

Clone clones Principal structure

func (Principal) Equals 

func (p Principal) Equals(pp Principal) bool

Equals - returns true if principals are equal.

func (Principal) Intersection 

func (p Principal) Intersection(principal Principal) set.StringSet

Intersection - returns principals available in both Principal.

func (Principal) IsValid 

func (p Principal) IsValid() bool

IsValid - checks whether Principal is valid or not.

func (Principal) MarshalJSON 

func (p Principal) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Principal to JSON data.

func (Principal) MarshalMsgpack 

func (p Principal) MarshalMsgpack() ([]byte, error)

func (Principal) Match 

func (p Principal) Match(principal string) bool

Match - matches given principal is wildcard matching with Principal.

func (*Principal) UnmarshalJSON 

func (p *Principal) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Principal.

func (*Principal) UnmarshalMsgpack 

func (p *Principal) UnmarshalMsgpack(data []byte) error

type Resource 

type Resource struct {
	BucketName string
	Pattern    string
}

The Resource element specifies the object or objects that the statement covers. Statements must include either a Resource or a NotResource element. An entity that users can work with in AWS, such as an EC2 instance, an Amazon DynamoDB table, an Amazon S3 bucket, an IAM user, or an AWS OpsWorks stack. Resource - resource in policy statement. "Resource": "arn:aws:iam::account-ID-without-hyphens:user/accounting/*"

func NewResource 

func NewResource(bucketName, keyName string) Resource

NewResource - creates new resource.

func (Resource) IsValid 

func (r Resource) IsValid() bool

IsValid - checks whether Resource is valid or not.

func (Resource) MarshalJSON 

func (r Resource) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Resource to JSON data.

func (Resource) MarshalMsgpack 

func (r Resource) MarshalMsgpack() ([]byte, error)

func (Resource) Match 

func (r Resource) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with resource pattern, including specific conditionals.

func (Resource) String 

func (r Resource) String() string

func (*Resource) UnmarshalJSON 

func (r *Resource) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Resource.

func (*Resource) UnmarshalMsgpack 

func (r *Resource) UnmarshalMsgpack(data []byte) error

func (Resource) Validate 

func (r Resource) Validate(bucketName string) error

Validate - validates Resource is for given bucket or not.

type ResourceSet 

type ResourceSet map[Resource]struct{}

ResourceSet - set of resources in policy statement.

func NewResourceSet 

func NewResourceSet(resources ...Resource) ResourceSet

NewResourceSet - creates new resource set.

func (ResourceSet) Add 

func (resourceSet ResourceSet) Add(resource Resource)

Add - adds resource to resource set.

func (ResourceSet) BucketResourceExists 

func (resourceSet ResourceSet) BucketResourceExists() bool

BucketResourceExists - checks if at least one bucket resource exists in the set.

func (ResourceSet) Clone 

func (resourceSet ResourceSet) Clone() ResourceSet

Clone clones ResourceSet structure

func (ResourceSet) Contains 

func (resourceSet ResourceSet) Contains(resource Resource) bool

Contains - checks if string is in the set.

func (ResourceSet) Equals 

func (resourceSet ResourceSet) Equals(sresourceSet ResourceSet) bool

Equals - checks whether given resource set is equal to current resource set or not.

func (ResourceSet) IsEmpty 

func (resourceSet ResourceSet) IsEmpty() bool

IsEmpty - returns whether the set is empty or not.

func (ResourceSet) MarshalJSON 

func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ResourceSet to JSON data.

func (ResourceSet) MarshalMsgpack 

func (resourceSet ResourceSet) MarshalMsgpack() ([]byte, error)

func (ResourceSet) Match 

func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with anyone of resource pattern in resource set.

func (ResourceSet) ObjectResourceExists 

func (resourceSet ResourceSet) ObjectResourceExists() bool

ObjectResourceExists - checks if at least one object resource exists in the set.

func (ResourceSet) String 

func (resourceSet ResourceSet) String() string

func (ResourceSet) ToSlice 

func (resourceSet ResourceSet) ToSlice() []Resource

ToSlice - returns slice of resources from the resource set.

func (*ResourceSet) UnmarshalJSON 

func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ResourceSet.

func (*ResourceSet) UnmarshalMsgpack 

func (resourceSet *ResourceSet) UnmarshalMsgpack(data []byte) error

func (ResourceSet) Validate 

func (resourceSet ResourceSet) Validate(bucketName string) error

Validate - validates ResourceSet is for given bucket or not.

type Statement 

type Statement struct {
	SID        ID                   `json:"Sid"`
	Effect     Effect               `json:"Effect"`
	Principal  Principal            `json:"Principal"`
	Actions    s3action.ActionSet   `json:"Action"`
	Resources  ResourceSet          `json:"Resource"`
	Conditions condition.Conditions `json:"Condition,omitempty"`
}
Statement {
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "Only allow writes to my bucket with bucket owner full control",
           "Effect": "Allow",
           "Principal": {
               "AWS": [
                   "arn:aws:iam::111122223333:user/ExampleUser"
               ]
           },
           "Action": [
               "s3:PutObject"
           ],
           "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
           "Conditions": {
               "StringEquals": {
                   "s3:x-amz-acl": "bucket-owner-full-control"
               }
           }
       }
   ]

func NewStatement 

func NewStatement(sid ID, effect Effect, principal Principal, actionSet s3action.ActionSet, resourceSet ResourceSet,
	conditions condition.Conditions) Statement

NewStatement - creates new statement.

func (Statement) Clone 

func (statement Statement) Clone() Statement

Clone clones Statement structure

func (Statement) Equals 

func (statement Statement) Equals(st Statement) bool

Equals checks if two statements are equal

func (Statement) IsAllowed 

func (statement Statement) IsAllowed(args auth.Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (Statement) IsValid 

func (statement Statement) IsValid() error

IsValid - checks whether statement is valid or not.

func (Statement) Validate 

func (statement Statement) Validate(bucketName string) error

Validate - validates Statement is for given bucket or not.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.