acl

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2015 License: MPL-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KeyPolicyDeny      = "deny"
	KeyPolicyRead      = "read"
	KeyPolicyWrite     = "write"
	ServicePolicyDeny  = "deny"
	ServicePolicyRead  = "read"
	ServicePolicyWrite = "write"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ACL 

type ACL interface {
	// KeyRead checks for permission to read a given key
	KeyRead(string) bool

	// KeyWrite checks for permission to write a given key
	KeyWrite(string) bool

	// KeyWritePrefix checks for permission to write to an
	// entire key prefix. This means there must be no sub-policies
	// that deny a write.
	KeyWritePrefix(string) bool

	// ServiceWrite checks for permission to read a given service
	ServiceWrite(string) bool

	// ServiceRead checks for permission to read a given service
	ServiceRead(string) bool

	// ACLList checks for permission to list all the ACLs
	ACLList() bool

	// ACLModify checks for permission to manipulate ACLs
	ACLModify() bool
}

ACL is the interface for policy enforcement.

func AllowAll 

func AllowAll() ACL

AllowAll returns an ACL rule that allows all operations

func DenyAll 

func DenyAll() ACL

DenyAll returns an ACL rule that denies all operations

func ManageAll 

func ManageAll() ACL

ManageAll returns an ACL rule that can manage all resources

func RootACL 

func RootACL(id string) ACL

RootACL returns a possible ACL if the ID matches a root policy

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

Cache is used to implement policy and ACL caching

func NewCache 

func NewCache(size int, faultfn FaultFunc) (*Cache, error)

NewCache constructs a new policy and ACL cache of a given size

func (*Cache) ClearACL 

func (c *Cache) ClearACL(id string)

ClearACL is used to clear the ACL cache if any

func (*Cache) GetACL 

func (c *Cache) GetACL(id string) (ACL, error)

GetACL is used to get a potentially cached ACL policy. If not cached, it will be generated and then cached.

func (*Cache) GetACLPolicy 

func (c *Cache) GetACLPolicy(id string) (string, *Policy, error)

GetACLPolicy is used to get the potentially cached ACL policy. If not cached, it will be generated and then cached.

func (*Cache) GetPolicy 

func (c *Cache) GetPolicy(rules string) (*Policy, error)

GetPolicy is used to get a potentially cached policy set. If not cached, it will be parsed, and then cached.

func (*Cache) Purge 

func (c *Cache) Purge()

Purge is used to clear all the ACL caches. The rule and policy caches are not purged, since they are content-hashed anyways.

type FaultFunc 

type FaultFunc func(id string) (string, string, error)

FaultFunc is a function used to fault in the parent, rules for an ACL given it's ID

type KeyPolicy 

type KeyPolicy struct {
	Prefix string `hcl:",key"`
	Policy string
}

KeyPolicy represents a policy for a key

func (*KeyPolicy) GoString 

func (k *KeyPolicy) GoString() string

type Policy 

type Policy struct {
	ID       string           `hcl:"-"`
	Keys     []*KeyPolicy     `hcl:"key,expand"`
	Services []*ServicePolicy `hcl:"service,expand"`
}

Policy is used to represent the policy specified by an ACL configuration.

func Parse 

func Parse(rules string) (*Policy, error)

Parse is used to parse the specified ACL rules into an intermediary set of policies, before being compiled into the ACL

type PolicyACL 

type PolicyACL struct {
	// contains filtered or unexported fields
}

PolicyACL is used to wrap a set of ACL policies to provide the ACL interface.

func New 

func New(parent ACL, policy *Policy) (*PolicyACL, error)

New is used to construct a policy based ACL from a set of policies and a parent policy to resolve missing cases.

func (*PolicyACL) ACLList 

func (p *PolicyACL) ACLList() bool

ACLList checks if listing of ACLs is allowed

func (*PolicyACL) ACLModify 

func (p *PolicyACL) ACLModify() bool

ACLModify checks if modification of ACLs is allowed

func (*PolicyACL) KeyRead 

func (p *PolicyACL) KeyRead(key string) bool

KeyRead returns if a key is allowed to be read

func (*PolicyACL) KeyWrite 

func (p *PolicyACL) KeyWrite(key string) bool

KeyWrite returns if a key is allowed to be written

func (*PolicyACL) KeyWritePrefix 

func (p *PolicyACL) KeyWritePrefix(prefix string) bool

KeyWritePrefix returns if a prefix is allowed to be written

func (*PolicyACL) ServiceRead added in v0.5.0 

func (p *PolicyACL) ServiceRead(name string) bool

ServiceRead checks if reading (discovery) of a service is allowed

func (*PolicyACL) ServiceWrite added in v0.5.0 

func (p *PolicyACL) ServiceWrite(name string) bool

ServiceWrite checks if writing (registering) a service is allowed

type ServicePolicy added in v0.5.0 

type ServicePolicy struct {
	Name   string `hcl:",key"`
	Policy string
}

ServicePolicy represents a policy for a service

func (*ServicePolicy) GoString added in v0.5.0 

func (k *ServicePolicy) GoString() string

type StaticACL 

type StaticACL struct {
	// contains filtered or unexported fields
}

StaticACL is used to implement a base ACL policy. It either allows or denies all requests. This can be used as a parent ACL to act in a blacklist or whitelist mode.

func (*StaticACL) ACLList 

func (s *StaticACL) ACLList() bool

func (*StaticACL) ACLModify 

func (s *StaticACL) ACLModify() bool

func (*StaticACL) KeyRead 

func (s *StaticACL) KeyRead(string) bool

func (*StaticACL) KeyWrite 

func (s *StaticACL) KeyWrite(string) bool

func (*StaticACL) KeyWritePrefix 

func (s *StaticACL) KeyWritePrefix(string) bool

func (*StaticACL) ServiceRead added in v0.5.0 

func (s *StaticACL) ServiceRead(string) bool

func (*StaticACL) ServiceWrite added in v0.5.0 

func (s *StaticACL) ServiceWrite(string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.