policy

package
v0.10.0-alpha.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package policy offers management capabilities for access control policies.

Access Control Policies (ACP) are a concept similar to Role Based Access Control and Access Control Lists. ACPs however are more flexible and capable of handling complex and abstract access control scenarios. A ACP answers "**Who** is **able** to do **what** on **something** given a **context**."

ACPs have five attributes:

- Subject *(who)*: An arbitrary unique subject name, for example "ken" or "printer-service.mydomain.com". - Effect *(able)*: The effect which can be either "allow" or "deny". - Action *(what)*: An arbitrary action name, for example "delete", "create" or "scoped:action:something". - Resource *(something)*: An arbitrary unique resource name, for example "something", "resources.articles.1234" or some uniform resource name like "urn:isbn:3827370191". - Condition *(context)*: An optional condition that evaluates the context (e.g. IP Address, request datetime, resource owner name, department, ...). Different strategies are available to evaluate conditions:

You can find more information on ACPs here:

- https://github.com/ory/ladon#usage for more information on policy usage.

- https://github.com/ory/ladon#concepts

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Handler

type Handler struct {
	Manager ladon.Manager
	H       herodot.Writer
	W       firewall.Firewall
}

func (*Handler) Create

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route POST /policies policy createPolicy

Create an Access Control Policy

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["create"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     201: policy
     401: genericError
     403: genericError
     500: genericError

func (*Handler) Delete

func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /policies/{id} policy deletePolicy

Delete an Access Control Policy

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies:<id>"],
  "actions": ["delete"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     204: emptyResponse
     401: genericError
     403: genericError
     500: genericError

func (*Handler) Get

swagger:route GET /policies/{id} policy getPolicy

Get an Access Control Policy

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies:<id>"],
  "actions": ["get"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policy
     401: genericError
     403: genericError
     500: genericError

func (*Handler) List added in v0.8.0

swagger:route GET /policies policy listPolicies

List Access Control Policies

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["list"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policyList
     401: genericError
     403: genericError
     500: genericError

func (*Handler) SetRoutes

func (h *Handler) SetRoutes(r *httprouter.Router)

func (*Handler) Update added in v0.7.0

func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /policies/{id} policy updatePolicy

Update an Access Control Polic

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["update"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policy
     401: genericError
     403: genericError
     500: genericError

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL