policy

package
v0.0.0-...-b4abad3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AbortMultipartUploadAction - AbortMultipartUpload Rest API action.
	AbortMultipartUploadAction Action = "s3:AbortMultipartUpload"

	// CreateBucketAction - CreateBucket Rest API action.
	CreateBucketAction = "s3:CreateBucket"

	// DeleteBucketAction - DeleteBucket Rest API action.
	DeleteBucketAction = "s3:DeleteBucket"

	// DeleteBucketPolicyAction - DeleteBucketPolicy Rest API action.
	DeleteBucketPolicyAction = "s3:DeleteBucketPolicy"

	// DeleteObjectAction - DeleteObject Rest API action.
	DeleteObjectAction = "s3:DeleteObject"

	// GetBucketLocationAction - GetBucketLocation Rest API action.
	GetBucketLocationAction = "s3:GetBucketLocation"

	// GetBucketNotificationAction - GetBucketNotification Rest API action.
	GetBucketNotificationAction = "s3:GetBucketNotification"

	// GetBucketPolicyAction - GetBucketPolicy Rest API action.
	GetBucketPolicyAction = "s3:GetBucketPolicy"

	// GetObjectAction - GetObject Rest API action.
	GetObjectAction = "s3:GetObject"

	// HeadBucketAction - HeadBucket Rest API action. This action is unused in minio.
	HeadBucketAction = "s3:HeadBucket"

	// ListAllMyBucketsAction - ListAllMyBuckets (List buckets) Rest API action.
	ListAllMyBucketsAction = "s3:ListAllMyBuckets"

	// ListBucketAction - ListBucket Rest API action.
	ListBucketAction = "s3:ListBucket"

	// ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action.
	ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads"

	// ListenBucketNotificationAction - ListenBucketNotification Rest API action.
	// This is MinIO extension.
	ListenBucketNotificationAction = "s3:ListenBucketNotification"

	// ListMultipartUploadPartsAction - ListParts Rest API action.
	ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts"

	// PutBucketNotificationAction - PutObjectNotification Rest API action.
	PutBucketNotificationAction = "s3:PutBucketNotification"

	// PutBucketPolicyAction - PutBucketPolicy Rest API action.
	PutBucketPolicyAction = "s3:PutBucketPolicy"

	// PutObjectAction - PutObject Rest API action.
	PutObjectAction = "s3:PutObject"

	// PutBucketLifecycleAction - PutBucketLifecycle Rest API action.
	PutBucketLifecycleAction = "s3:PutBucketLifecycle"

	// GetBucketLifecycleAction - GetBucketLifecycle Rest API action.
	GetBucketLifecycleAction = "s3:GetBucketLifecycle"
)
View Source
const DefaultVersion = "2012-10-17"

DefaultVersion - default policy version as per AWS S3 specification.

View Source
const ResourceARNPrefix = "arn:aws:s3:::"

ResourceARNPrefix - resource ARN prefix as per AWS S3 specification.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action

type Action string

Action - policy action. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html for more information about available actions.

func (Action) IsValid

func (action Action) IsValid() bool

IsValid - checks if action is valid or not.

func (Action) MarshalJSON

func (action Action) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Action to JSON data.

func (*Action) UnmarshalJSON

func (action *Action) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Action.

type ActionSet

type ActionSet map[Action]struct{}

ActionSet - set of actions.

func NewActionSet

func NewActionSet(actions ...Action) ActionSet

NewActionSet - creates new action set.

func (ActionSet) Add

func (actionSet ActionSet) Add(action Action)

Add - add action to the set.

func (ActionSet) Contains

func (actionSet ActionSet) Contains(action Action) bool

Contains - checks given action exists in the action set.

func (ActionSet) Intersection

func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet

Intersection - returns actions available in both ActionSet.

func (ActionSet) MarshalJSON

func (actionSet ActionSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ActionSet to JSON data.

func (ActionSet) String

func (actionSet ActionSet) String() string

func (ActionSet) ToSlice

func (actionSet ActionSet) ToSlice() []Action

ToSlice - returns slice of actions from the action set.

func (*ActionSet) UnmarshalJSON

func (actionSet *ActionSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ActionSet.

type Args

type Args struct {
	AccountName     string              `json:"account"`
	Action          Action              `json:"action"`
	BucketName      string              `json:"bucket"`
	ConditionValues map[string][]string `json:"conditions"`
	IsOwner         bool                `json:"owner"`
	ObjectName      string              `json:"object"`
}

Args - arguments to policy to check whether it is allowed

type Effect

type Effect string

Effect - policy statement effect Allow or Deny.

const (
	// Allow - allow effect.
	Allow Effect = "Allow"

	// Deny - deny effect.
	Deny = "Deny"
)

func (Effect) IsAllowed

func (effect Effect) IsAllowed(b bool) bool

IsAllowed - returns if given check is allowed or not.

func (Effect) IsValid

func (effect Effect) IsValid() bool

IsValid - checks if Effect is valid or not

func (Effect) MarshalJSON

func (effect Effect) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Effect to JSON data.

func (*Effect) UnmarshalJSON

func (effect *Effect) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Effect.

type ID

type ID string

ID - policy ID.

func (ID) IsValid

func (id ID) IsValid() bool

IsValid - checks if ID is valid or not.

func (ID) MarshalJSON

func (id ID) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ID to JSON data.

func (*ID) UnmarshalJSON

func (id *ID) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ID.

type Policy

type Policy struct {
	ID         ID `json:"ID,omitempty"`
	Version    string
	Statements []Statement `json:"Statement"`
}

Policy - bucket policy.

func ParseConfig

func ParseConfig(reader io.Reader, bucketName string) (*Policy, error)

ParseConfig - parses data in given reader to Policy.

func (Policy) IsAllowed

func (policy Policy) IsAllowed(args Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (Policy) IsEmpty

func (policy Policy) IsEmpty() bool

IsEmpty - returns whether policy is empty or not.

func (Policy) MarshalJSON

func (policy Policy) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Policy to JSON data.

func (*Policy) UnmarshalJSON

func (policy *Policy) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Policy.

func (Policy) Validate

func (policy Policy) Validate(bucketName string) error

Validate - validates all statements are for given bucket or not.

type Principal

type Principal struct {
	AWS set.StringSet
}

Principal - policy principal.

func NewPrincipal

func NewPrincipal(principals ...string) Principal

NewPrincipal - creates new Principal.

func (Principal) Intersection

func (p Principal) Intersection(principal Principal) set.StringSet

Intersection - returns principals available in both Principal.

func (Principal) IsValid

func (p Principal) IsValid() bool

IsValid - checks whether Principal is valid or not.

func (Principal) MarshalJSON

func (p Principal) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Principal to JSON data.

func (Principal) Match

func (p Principal) Match(principal string) bool

Match - matches given principal is wildcard matching with Principal.

func (*Principal) UnmarshalJSON

func (p *Principal) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Principal.

type Resource

type Resource struct {
	BucketName string
	Pattern    string
}

Resource - resource in policy statement.

func NewResource

func NewResource(bucketName, keyName string) Resource

NewResource - creates new resource.

func (Resource) IsValid

func (r Resource) IsValid() bool

IsValid - checks whether Resource is valid or not.

func (Resource) MarshalJSON

func (r Resource) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Resource to JSON data.

func (Resource) Match

func (r Resource) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with resource pattern.

func (Resource) String

func (r Resource) String() string

func (*Resource) UnmarshalJSON

func (r *Resource) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Resource.

func (Resource) Validate

func (r Resource) Validate(bucketName string) error

Validate - validates Resource is for given bucket or not.

type ResourceSet

type ResourceSet map[Resource]struct{}

ResourceSet - set of resources in policy statement.

func NewResourceSet

func NewResourceSet(resources ...Resource) ResourceSet

NewResourceSet - creates new resource set.

func (ResourceSet) Add

func (resourceSet ResourceSet) Add(resource Resource)

Add - adds resource to resource set.

func (ResourceSet) Intersection

func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet

Intersection - returns resouces available in both ResourcsSet.

func (ResourceSet) MarshalJSON

func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ResourceSet to JSON data.

func (ResourceSet) Match

func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool

Match - matches object name with anyone of resource pattern in resource set.

func (ResourceSet) String

func (resourceSet ResourceSet) String() string

func (*ResourceSet) UnmarshalJSON

func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to ResourceSet.

func (ResourceSet) Validate

func (resourceSet ResourceSet) Validate(bucketName string) error

Validate - validates ResourceSet is for given bucket or not.

type Statement

type Statement struct {
	SID        ID                  `json:"Sid,omitempty"`
	Effect     Effect              `json:"Effect"`
	Principal  Principal           `json:"Principal"`
	Actions    ActionSet           `json:"Action"`
	Resources  ResourceSet         `json:"Resource"`
	Conditions condition.Functions `json:"Condition,omitempty"`
}

Statement - policy statement.

func NewStatement

func NewStatement(effect Effect, principal Principal, actionSet ActionSet, resourceSet ResourceSet, conditions condition.Functions) Statement

NewStatement - creates new statement.

func (Statement) IsAllowed

func (statement Statement) IsAllowed(args Args) bool

IsAllowed - checks given policy args is allowed to continue the Rest API.

func (Statement) MarshalJSON

func (statement Statement) MarshalJSON() ([]byte, error)

MarshalJSON - encodes JSON data to Statement.

func (*Statement) UnmarshalJSON

func (statement *Statement) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Statement.

func (Statement) Validate

func (statement Statement) Validate(bucketName string) error

Validate - validates Statement is for given bucket or not.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL