Documentation
¶
Index ¶
- Constants
- func AddDefaultPolicies(config *state.RepoConfig)
- func CheckPolicy(enforcer EnforcerFunc, reference string, isRefCreator bool, pushKeyID string, ...) error
- func MakePusherPolicyGroups(pushKeyID string, repoState *state.Repository, namespace *state.Namespace) [][]*state.Policy
- type EnforcerFunc
- type PolicyChecker
- type PolicyEnforcer
Constants ¶
const ( PolicyActionWrite = "write" PolicyActionDelete = "delete" PolicyActionUpdate = "update" PolicyActionDenyDelete = "deny-delete" )
Variables ¶
This section is empty.
Functions ¶
func AddDefaultPolicies ¶
func AddDefaultPolicies(config *state.RepoConfig)
AddDefaultPolicies adds default repo-level policies
func CheckPolicy ¶
func CheckPolicy(enforcer EnforcerFunc, reference string, isRefCreator bool, pushKeyID string, isContributor bool, action string) error
CheckPolicy performs ACL checks to determine whether the given push key is permitted to perform the given action on the reference subject.
func MakePusherPolicyGroups ¶
func MakePusherPolicyGroups( pushKeyID string, repoState *state.Repository, namespace *state.Namespace) [][]*state.Policy
MakePusherPolicyGroups creates a policy group contain the different category of policies a pusher can have. Currently, we have 3 policy levels namely, repo default policies, namespace contributor policies and repo contributor policies. Policies of lower slice indices take precedence than those at higher indices.
Policy levels: - 0: Repo's contributor policy collection (highest precedence) - 1: Repo's namespace's contributor policy collection - 2: Repo's config policy collection
Types ¶
type EnforcerFunc ¶
EnforcerFunc describes a function used for checking policies. subject: The policy subject object: The policy object action: The policy action
func GetPolicyEnforcer ¶
func GetPolicyEnforcer(policyGroup [][]*state.Policy) EnforcerFunc
getPolicyEnforcer returns a policy enforcer function used for enforcing policies against a subject.
type PolicyChecker ¶
type PolicyChecker func(enforcer EnforcerFunc, reference string, isRefCreator bool, pushKeyID string, isContributor bool, action string) error
policyChecker describes a function for enforcing repository policy enforce is the enforcer function. reference is the target reference. isRefCreator indicates that the pusher is also the target reference creator. pushKeyID is the push key of the pusher. isContributor indicates that the pusher is a contributor of the requested repository. action is the action requested by the user.
type PolicyEnforcer ¶
type PolicyEnforcer struct {
// contains filtered or unexported fields
}
PolicyEnforcerFunc provides functionality for enforcing access level policies specifically for repositories.
func NewPolicyEnforcer ¶
func NewPolicyEnforcer(orderedPolicies [][]*state.Policy) *PolicyEnforcer
NewPolicyEnforcer creates an instance of PolicyEnforcerFunc; orderedPolicies are a slice of policies representing different groups and the group with the lower index have higher precedence.
func (*PolicyEnforcer) Enforce ¶
func (e *PolicyEnforcer) Enforce(sub, obj, act string) (allowed bool, level int)
Enforce determine whether a request is allowed or disallowed.
func (*PolicyEnforcer) GetPolicies ¶
func (e *PolicyEnforcer) GetPolicies() policyItems
Source Files