Documentation ¶
Index ¶
- Constants
- func RuleID(rules string) string
- type ACL
- type Cache
- type EventPolicy
- type FaultFunc
- type KeyPolicy
- type Policy
- type PolicyACL
- func (p *PolicyACL) ACLList() bool
- func (p *PolicyACL) ACLModify() bool
- func (p *PolicyACL) EventRead(name string) bool
- func (p *PolicyACL) EventWrite(name string) bool
- func (p *PolicyACL) KeyRead(key string) bool
- func (p *PolicyACL) KeyWrite(key string) bool
- func (p *PolicyACL) KeyWritePrefix(prefix string) bool
- func (p *PolicyACL) KeyringRead() bool
- func (p *PolicyACL) KeyringWrite() bool
- func (p *PolicyACL) OperatorRead() bool
- func (p *PolicyACL) OperatorWrite() bool
- func (p *PolicyACL) PreparedQueryRead(prefix string) bool
- func (p *PolicyACL) PreparedQueryWrite(prefix string) bool
- func (p *PolicyACL) ServiceRead(name string) bool
- func (p *PolicyACL) ServiceWrite(name string) bool
- type PreparedQueryPolicy
- type ServicePolicy
- type StaticACL
- func (s *StaticACL) ACLList() bool
- func (s *StaticACL) ACLModify() bool
- func (s *StaticACL) EventRead(string) bool
- func (s *StaticACL) EventWrite(string) bool
- func (s *StaticACL) KeyRead(string) bool
- func (s *StaticACL) KeyWrite(string) bool
- func (s *StaticACL) KeyWritePrefix(string) bool
- func (s *StaticACL) KeyringRead() bool
- func (s *StaticACL) KeyringWrite() bool
- func (s *StaticACL) OperatorRead() bool
- func (s *StaticACL) OperatorWrite() bool
- func (s *StaticACL) PreparedQueryRead(string) bool
- func (s *StaticACL) PreparedQueryWrite(string) bool
- func (s *StaticACL) ServiceRead(string) bool
- func (s *StaticACL) ServiceWrite(string) bool
Constants ¶
const ( PolicyDeny = "deny" PolicyRead = "read" PolicyWrite = "write" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ACL ¶
type ACL interface { // KeyRead checks for permission to read a given key KeyRead(string) bool // KeyWrite checks for permission to write a given key KeyWrite(string) bool // KeyWritePrefix checks for permission to write to an // entire key prefix. This means there must be no sub-policies // that deny a write. KeyWritePrefix(string) bool // ServiceWrite checks for permission to read a given service ServiceWrite(string) bool // ServiceRead checks for permission to read a given service ServiceRead(string) bool // EventRead determines if a specific event can be queried. EventRead(string) bool // EventWrite determines if a specific event may be fired. EventWrite(string) bool // PrepardQueryRead determines if a specific prepared query can be read // to show its contents (this is not used for execution). PreparedQueryRead(string) bool // PreparedQueryWrite determines if a specific prepared query can be // created, modified, or deleted. PreparedQueryWrite(string) bool // KeyringRead determines if the encryption keyring used in // the gossip layer can be read. KeyringRead() bool // KeyringWrite determines if the keyring can be manipulated KeyringWrite() bool // OperatorRead determines if the read-only Consul operator functions // can be used. OperatorRead() bool // OperatorWrite determines if the state-changing Consul operator // functions can be used. OperatorWrite() bool // ACLList checks for permission to list all the ACLs ACLList() bool // ACLModify checks for permission to manipulate ACLs ACLModify() bool }
ACL is the interface for policy enforcement.
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache is used to implement policy and ACL caching
func (*Cache) GetACL ¶
GetACL is used to get a potentially cached ACL policy. If not cached, it will be generated and then cached.
func (*Cache) GetACLPolicy ¶
GetACLPolicy is used to get the potentially cached ACL policy. If not cached, it will be generated and then cached.
type EventPolicy ¶ added in v0.6.0
EventPolicy represents a user event policy.
func (*EventPolicy) GoString ¶ added in v0.6.0
func (e *EventPolicy) GoString() string
type Policy ¶
type Policy struct { ID string `hcl:"-"` Keys []*KeyPolicy `hcl:"key,expand"` Services []*ServicePolicy `hcl:"service,expand"` Events []*EventPolicy `hcl:"event,expand"` PreparedQueries []*PreparedQueryPolicy `hcl:"query,expand"` Keyring string `hcl:"keyring"` Operator string `hcl:"operator"` }
Policy is used to represent the policy specified by an ACL configuration.
type PolicyACL ¶
type PolicyACL struct {
// contains filtered or unexported fields
}
PolicyACL is used to wrap a set of ACL policies to provide the ACL interface.
func New ¶
New is used to construct a policy based ACL from a set of policies and a parent policy to resolve missing cases.
func (*PolicyACL) EventRead ¶ added in v0.6.0
EventRead is used to determine if the policy allows for a specific user event to be read.
func (*PolicyACL) EventWrite ¶ added in v0.6.0
EventWrite is used to determine if new events can be created (fired) by the policy.
func (*PolicyACL) KeyWritePrefix ¶
KeyWritePrefix returns if a prefix is allowed to be written
func (*PolicyACL) KeyringRead ¶ added in v0.6.0
KeyringRead is used to determine if the keyring can be read by the current ACL token.
func (*PolicyACL) KeyringWrite ¶ added in v0.6.0
KeyringWrite determines if the keyring can be manipulated.
func (*PolicyACL) OperatorRead ¶ added in v0.7.0
OperatorRead determines if the read-only operator functions are allowed.
func (*PolicyACL) OperatorWrite ¶ added in v0.7.0
OperatorWrite determines if the state-changing operator functions are allowed.
func (*PolicyACL) PreparedQueryRead ¶ added in v0.6.4
PreparedQueryRead checks if reading (listing) of a prepared query is allowed - this isn't execution, just listing its contents.
func (*PolicyACL) PreparedQueryWrite ¶ added in v0.6.4
PreparedQueryWrite checks if writing (creating, updating, or deleting) of a prepared query is allowed.
func (*PolicyACL) ServiceRead ¶ added in v0.5.0
ServiceRead checks if reading (discovery) of a service is allowed
func (*PolicyACL) ServiceWrite ¶ added in v0.5.0
ServiceWrite checks if writing (registering) a service is allowed
type PreparedQueryPolicy ¶ added in v0.6.4
PreparedQueryPolicy represents a prepared query policy.
func (*PreparedQueryPolicy) GoString ¶ added in v0.6.4
func (e *PreparedQueryPolicy) GoString() string
type ServicePolicy ¶ added in v0.5.0
ServicePolicy represents a policy for a service
func (*ServicePolicy) GoString ¶ added in v0.5.0
func (k *ServicePolicy) GoString() string
type StaticACL ¶
type StaticACL struct {
// contains filtered or unexported fields
}
StaticACL is used to implement a base ACL policy. It either allows or denies all requests. This can be used as a parent ACL to act in a blacklist or whitelist mode.