authz

package

v0.0.0-...-f35bcfd Latest Latest Go to latest Published: May 14, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/google/acjs

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authz includes the core implementation of the acjs application: policy evaluation.

Index ¶

func NewServer(c *common.ConfigFile) (common.AuthzServer, error)
type AdmissionControllerServer
- func (pl *AdmissionControllerServer) Serve() error
- func (pl *AdmissionControllerServer) UsePolicies(cp common.CompiledPolicies)
type CompiledPolicies
- func CompilePolicies(config *common.ConfigFile) (*CompiledPolicies, error)
- func (cp *CompiledPolicies) Evaluate(rc *common.AdmissionControllerRequest, areq *k8sac.AdmissionRequest) *k8sac.AdmissionResponse
type LogEntry
type SlsaParams

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewServer ¶

func NewServer(c *common.ConfigFile) (common.AuthzServer, error)

NewServer creates a new acjs server instance based on the configuration provided. It returns a common.AuthzServer interface.

Types ¶

type AdmissionControllerServer ¶

type AdmissionControllerServer struct {
	// contains filtered or unexported fields
}

AdmissionControllerServer is the root type of an acjs server instance

func (*AdmissionControllerServer) Serve ¶

func (pl *AdmissionControllerServer) Serve() error

Serve starts accepting and serving requests. It returns an error immediately if it is unable to.

func (*AdmissionControllerServer) UsePolicies ¶

func (pl *AdmissionControllerServer) UsePolicies(cp common.CompiledPolicies)

UsePolicies can swap the policies on the fly for a running acjs instance. This can be useful e.g. at SIGHUP.

type CompiledPolicies ¶

type CompiledPolicies struct {
	// contains filtered or unexported fields
}

CompiledPolicies is the type the authorization logic operates on.

func CompilePolicies ¶

func CompilePolicies(config *common.ConfigFile) (*CompiledPolicies, error)

CompilePolicies processes the yaml parsed configuration file and does some preparation steps. Most importantly, it compiles the string policies present in the configuration file and turns them into a goja.Program so executing them later on will be faster

func (*CompiledPolicies) Evaluate ¶

func (cp *CompiledPolicies) Evaluate(rc *common.AdmissionControllerRequest, areq *k8sac.AdmissionRequest) *k8sac.AdmissionResponse

Evaluate iterates over the configured policies and evaluates the incoming admission review request.

type LogEntry ¶

type LogEntry struct {
	Ts              string
	UserAuthNMethod string
	User            any
	Request         any
	Response        *k8sac.AdmissionResponse
}

LogEntry is the type that will be turned into a JSON string and will be emitted for each request to the standard output.

type SlsaParams ¶

type SlsaParams struct {
	BuilderID      string
	ProvenancePath string
	SourceURI      string
}

SlsaParams describes the arguments expected by the verifySlsa function in the context of an acjs policy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL