authorization

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 2 more Imports: 6 Imported by: 0

Documentation

Overview

Package authorization implement the authorize interface that use local repository to authorize the subject access review.

Package authorization is a generated GoMock package.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewPolicyManager 

func NewPolicyManager(client AuthorizationInterface) ladon.Manager

NewPolicyManager initializes a new PolicyManager for given apimachinery api client.

Types

type AuditLogger 

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger outputs and cache information about granting or rejecting policies.

func NewAuditLogger 

func NewAuditLogger(client AuthorizationInterface) *AuditLogger

NewAuditLogger creates a AuditLogger with default parameters.

func (*AuditLogger) LogGrantedAccessRequest 

func (a *AuditLogger) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogGrantedAccessRequest write granted subject access to log.

func (*AuditLogger) LogRejectedAccessRequest 

func (a *AuditLogger) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogRejectedAccessRequest write rejected subject access to log.

type AuthorizationInterface 

type AuthorizationInterface interface {
	Create(*ladon.DefaultPolicy) error
	Update(*ladon.DefaultPolicy) error
	Delete(id string) error
	DeleteCollection(idList []string) error
	Get(id string) (*ladon.DefaultPolicy, error)
	List(username string) ([]*ladon.DefaultPolicy, error)

	// The following two functions tracks denied and granted authorizations.
	LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
	LogGrantedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
}

AuthorizationInterface defiens the CURD method for lady policy.

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer implement the authorize interface that use local repository to authorize the subject access review.

func NewAuthorizer 

func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer

NewAuthorizer creates a local repository authorizer and returns it.

func (*Authorizer) Authorize 

func (a *Authorizer) Authorize(request *ladon.Request) *authzv1.Response

Authorize to determine the subject access.

type MockAuthorizationInterface 

type MockAuthorizationInterface struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterface is a mock of AuthorizationInterface interface.

func NewMockAuthorizationInterface 

func NewMockAuthorizationInterface(ctrl *gomock.Controller) *MockAuthorizationInterface

NewMockAuthorizationInterface creates a new mock instance.

func (*MockAuthorizationInterface) Create 

func (m *MockAuthorizationInterface) Create(arg0 *ladon.DefaultPolicy) error

Create mocks base method.

func (*MockAuthorizationInterface) Delete 

func (m *MockAuthorizationInterface) Delete(arg0 string) error

Delete mocks base method.

func (*MockAuthorizationInterface) DeleteCollection 

func (m *MockAuthorizationInterface) DeleteCollection(arg0 []string) error

DeleteCollection mocks base method.

func (*MockAuthorizationInterface) EXPECT 

func (m *MockAuthorizationInterface) EXPECT() *MockAuthorizationInterfaceMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockAuthorizationInterface) Get 

func (m *MockAuthorizationInterface) Get(arg0 string) (*ladon.DefaultPolicy, error)

Get mocks base method.

func (*MockAuthorizationInterface) List 

func (m *MockAuthorizationInterface) List(arg0 string) ([]*ladon.DefaultPolicy, error)

List mocks base method.

func (*MockAuthorizationInterface) LogGrantedAccessRequest 

func (m *MockAuthorizationInterface) LogGrantedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogGrantedAccessRequest mocks base method.

func (*MockAuthorizationInterface) LogRejectedAccessRequest 

func (m *MockAuthorizationInterface) LogRejectedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogRejectedAccessRequest mocks base method.

func (*MockAuthorizationInterface) Update 

func (m *MockAuthorizationInterface) Update(arg0 *ladon.DefaultPolicy) error

Update mocks base method.

type MockAuthorizationInterfaceMockRecorder 

type MockAuthorizationInterfaceMockRecorder struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterfaceMockRecorder is the mock recorder for MockAuthorizationInterface.

func (*MockAuthorizationInterfaceMockRecorder) Create 

func (mr *MockAuthorizationInterfaceMockRecorder) Create(arg0 interface{}) *gomock.Call

Create indicates an expected call of Create.

func (*MockAuthorizationInterfaceMockRecorder) Delete 

func (mr *MockAuthorizationInterfaceMockRecorder) Delete(arg0 interface{}) *gomock.Call

Delete indicates an expected call of Delete.

func (*MockAuthorizationInterfaceMockRecorder) DeleteCollection 

func (mr *MockAuthorizationInterfaceMockRecorder) DeleteCollection(arg0 interface{}) *gomock.Call

DeleteCollection indicates an expected call of DeleteCollection.

func (*MockAuthorizationInterfaceMockRecorder) Get 

func (mr *MockAuthorizationInterfaceMockRecorder) Get(arg0 interface{}) *gomock.Call

Get indicates an expected call of Get.

func (*MockAuthorizationInterfaceMockRecorder) List 

func (mr *MockAuthorizationInterfaceMockRecorder) List(arg0 interface{}) *gomock.Call

List indicates an expected call of List.

func (*MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest 

func (mr *MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogGrantedAccessRequest indicates an expected call of LogGrantedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest 

func (mr *MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogRejectedAccessRequest indicates an expected call of LogRejectedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) Update 

func (mr *MockAuthorizationInterfaceMockRecorder) Update(arg0 interface{}) *gomock.Call

Update indicates an expected call of Update.

type PolicyManager 

type PolicyManager struct {
	// contains filtered or unexported fields
}

PolicyManager is a mysql implementation for Manager to store policies persistently.

func (*PolicyManager) Create 

func (*PolicyManager) Create(policy ladon.Policy) error

Create persists the policy.

func (*PolicyManager) Delete 

func (*PolicyManager) Delete(id string) error

Delete removes a policy.

func (*PolicyManager) FindPoliciesForResource 

func (m *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)

FindPoliciesForResource returns policies that could match the resource. It either returns a set of policies that apply to the resource, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindPoliciesForSubject 

func (m *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)

FindPoliciesForSubject returns policies that could match the subject. It either returns a set of policies that applies to the subject, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindRequestCandidates 

func (m *PolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)

FindRequestCandidates returns candidates that could match the request object. It either returns a set that exactly matches the request, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) Get 

func (*PolicyManager) Get(id string) (ladon.Policy, error)

Get retrieves a policy.

func (*PolicyManager) GetAll 

func (*PolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)

GetAll retrieves all policies.

func (*PolicyManager) Update 

func (*PolicyManager) Update(policy ladon.Policy) error

Update updates an existing policy.

Source Files

View all Source files

Directories

Path Synopsis
Package authorizer defines authorization interface.
 Package authorizer defines authorization interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.