Documentation ¶
Index ¶
- Constants
- type Action
- type ActionSet
- func (actionSet ActionSet) Add(action Action)
- func (actionSet ActionSet) Contains(action Action) bool
- func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet
- func (actionSet ActionSet) MarshalJSON() ([]byte, error)
- func (actionSet ActionSet) String() string
- func (actionSet ActionSet) ToSlice() []Action
- func (actionSet *ActionSet) UnmarshalJSON(data []byte) error
- type Args
- type Effect
- type ID
- type IsPolicyAllowedResult
- type Policy
- type Principal
- type Resource
- type ResourceSet
- func (resourceSet ResourceSet) Add(resource Resource)
- func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
- func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
- func (resourceSet ResourceSet) Match(resource string) bool
- func (resourceSet ResourceSet) String() string
- func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
- func (resourceSet ResourceSet) Validate(bucketName string) error
- type Statement
Constants ¶
const ( // AbortMultipartUploadAction - AbortMultipartUpload Rest API action. AbortMultipartUploadAction Action = "s3:AbortMultipartUpload" // CreateBucketAction - CreateBucket Rest API action. CreateBucketAction = "s3:CreateBucket" // DeleteBucketAction - DeleteBucket Rest API action. DeleteBucketAction = "s3:DeleteBucket" // DeleteBucketPolicyAction - DeleteBucketPolicy Rest API action. DeleteBucketPolicyAction = "s3:DeleteBucketPolicy" // DeleteObjectAction - DeleteObject Rest API action. DeleteObjectAction = "s3:DeleteObject" // GetBucketLocationAction - GetBucketLocation Rest API action. GetBucketLocationAction = "s3:GetBucketLocation" // GetBucketNotificationAction - GetBucketNotification Rest API action. GetBucketNotificationAction = "s3:GetBucketNotification" // GetBucketPolicyAction - GetBucketPolicy Rest API action. GetBucketPolicyAction = "s3:GetBucketPolicy" // GetObjectAction - GetObject Rest API action. GetObjectAction = "s3:GetObject" // HeadBucketAction - HeadBucket Rest API action. This action is unused in minio. HeadBucketAction = "s3:HeadBucket" // ListAllMyBucketsAction - ListAllMyBuckets (List buckets) Rest API action. ListAllMyBucketsAction = "s3:ListAllMyBuckets" // ListBucketAction - ListBucket Rest API action. ListBucketAction = "s3:ListBucket" // ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action. ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads" // ListenBucketNotificationAction - ListenBucketNotification Rest API action. // This is Minio extension. ListenBucketNotificationAction = "s3:ListenBucketNotification" // ListMultipartUploadPartsAction - ListParts Rest API action. ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts" // PutBucketNotificationAction - PutObjectNotification Rest API action. PutBucketNotificationAction = "s3:PutBucketNotification" // PutBucketPolicyAction - PutBucketPolicy Rest API action. PutBucketPolicyAction = "s3:PutBucketPolicy" // PutObjectAction - PutObject Rest API action. PutObjectAction = "s3:PutObject" )
const DefaultVersion = "2012-10-17"
DefaultVersion - default policy version as per AWS S3 specification.
const ResourceARNPrefix = "arn:aws:s3:::"
ResourceARNPrefix - resource ARN prefix as per AWS S3 specification.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action string
Action - policy action. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html for more information about available actions.
func (Action) MarshalJSON ¶
MarshalJSON - encodes Action to JSON data.
func (*Action) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Action.
type ActionSet ¶
type ActionSet map[Action]struct{}
ActionSet - set of actions.
func NewActionSet ¶
NewActionSet - creates new action set.
func (ActionSet) Intersection ¶
Intersection - returns actions available in both ActionSet.
func (ActionSet) MarshalJSON ¶
MarshalJSON - encodes ActionSet to JSON data.
func (*ActionSet) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to ActionSet.
type Args ¶
type Args struct { AccountName string `json:"account"` Action Action `json:"action"` BucketName string `json:"bucket"` ConditionValues map[string][]string `json:"conditions"` IsOwner bool `json:"owner"` ObjectName string `json:"object"` }
Args - arguments to policy to check whether it is allowed
type Effect ¶
type Effect string
Effect - policy statement effect Allow or Deny.
const ( // Allow - allow effect. Allow Effect = "Allow" // Deny - deny effect. Deny = "Deny" )
func (Effect) MarshalJSON ¶
MarshalJSON - encodes Effect to JSON data.
func (*Effect) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Effect.
type ID ¶
type ID string
ID - policy ID.
func (ID) MarshalJSON ¶
MarshalJSON - encodes ID to JSON data.
func (*ID) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to ID.
type IsPolicyAllowedResult ¶
type IsPolicyAllowedResult int
const ( PolicyAllow IsPolicyAllowedResult PolicyDeny NoPolicy )
type Policy ¶
type Policy struct { ID ID `json:"Id,omitempty"` Version string Statements []Statement `json:"Statement"` }
Policy - bucket policy.
func ParseConfig ¶
ParseConfig - parses data in given reader to Policy.
func (Policy) IsAllowed ¶
func (policy Policy) IsAllowed(args Args) IsPolicyAllowedResult
IsAllowed - checks given policy args is allowed to continue the Rest API.
func (Policy) MarshalJSON ¶
MarshalJSON - encodes Policy to JSON data.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Policy.
type Principal ¶
Principal - policy principal.
func NewPrincipal ¶
NewPrincipal - creates new Principal.
func (Principal) Intersection ¶
Intersection - returns principals available in both Principal.
func (Principal) MarshalJSON ¶
MarshalJSON - encodes Principal to JSON data.
func (*Principal) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Principal.
type Resource ¶
Resource - resource in policy statement.
func NewResource ¶
NewResource - creates new resource.
func (Resource) MarshalJSON ¶
MarshalJSON - encodes Resource to JSON data.
func (*Resource) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Resource.
type ResourceSet ¶
type ResourceSet map[Resource]struct{}
ResourceSet - set of resources in policy statement.
func NewResourceSet ¶
func NewResourceSet(resources ...Resource) ResourceSet
NewResourceSet - creates new resource set.
func (ResourceSet) Add ¶
func (resourceSet ResourceSet) Add(resource Resource)
Add - adds resource to resource set.
func (ResourceSet) Intersection ¶
func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
Intersection - returns resouces available in both ResourcsSet.
func (ResourceSet) MarshalJSON ¶
func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
MarshalJSON - encodes ResourceSet to JSON data.
func (ResourceSet) Match ¶
func (resourceSet ResourceSet) Match(resource string) bool
Match - matches object name with anyone of resource pattern in resource set.
func (ResourceSet) String ¶
func (resourceSet ResourceSet) String() string
func (*ResourceSet) UnmarshalJSON ¶
func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
UnmarshalJSON - decodes JSON data to ResourceSet.
func (ResourceSet) Validate ¶
func (resourceSet ResourceSet) Validate(bucketName string) error
Validate - validates ResourceSet is for given bucket or not.
type Statement ¶
type Statement struct { SID ID `json:"Sid,omitempty"` Effect Effect `json:"Effect"` Principal Principal `json:"Principal"` Actions ActionSet `json:"Action"` Resources ResourceSet `json:"Resource"` Conditions condition.Functions `json:"Condition,omitempty"` }
Statement - policy statement.
func NewStatement ¶
func NewStatement(effect Effect, principal Principal, actionSet ActionSet, resourceSet ResourceSet, conditions condition.Functions) Statement
NewStatement - creates new statement.
func (Statement) IsAllowed ¶
IsAllowed - checks given policy args is allowed to continue the Rest API.
func (Statement) MarshalJSON ¶
MarshalJSON - encodes JSON data to Statement.
func (*Statement) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Statement.