Documentation ¶
Index ¶
- Variables
- type Function
- func NewBinaryEqualsFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewBoolFunc(key Key, value bool) (Function, error)
- func NewDateEqualsFunc(key Key, value time.Time) (Function, error)
- func NewDateGreaterThanEqualsFunc(key Key, value time.Time) (Function, error)
- func NewDateGreaterThanFunc(key Key, value time.Time) (Function, error)
- func NewDateLessThanEqualsFunc(key Key, value time.Time) (Function, error)
- func NewDateLessThanFunc(key Key, value time.Time) (Function, error)
- func NewDateNotEqualsFunc(key Key, value time.Time) (Function, error)
- func NewIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)
- func NewNotIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)
- func NewNullFunc(key Key, value bool) (Function, error)
- func NewNumericEqualsFunc(key Key, value int) (Function, error)
- func NewNumericGreaterThanEqualsFunc(key Key, value int) (Function, error)
- func NewNumericGreaterThanFunc(key Key, value int) (Function, error)
- func NewNumericLessThanEqualsFunc(key Key, value int) (Function, error)
- func NewNumericLessThanFunc(key Key, value int) (Function, error)
- func NewNumericNotEqualsFunc(key Key, value int) (Function, error)
- func NewStringEqualsFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewStringEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewStringLikeFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewStringNotEqualsFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewStringNotEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)
- func NewStringNotLikeFunc(qualifier string, key Key, values ...string) (Function, error)
- type Functions
- func (functions Functions) Clone() Functions
- func (functions Functions) Equals(funcs Functions) bool
- func (functions Functions) Evaluate(values map[string][]string) bool
- func (functions *Functions) GobDecode(data []byte) error
- func (functions Functions) GobEncode() ([]byte, error)
- func (functions Functions) Keys() KeySet
- func (functions Functions) MarshalJSON() ([]byte, error)
- func (functions Functions) String() string
- func (functions *Functions) UnmarshalJSON(data []byte) error
- type Key
- type KeyName
- type KeySet
- type Value
- func (v Value) GetBool() (bool, error)
- func (v Value) GetInt() (int, error)
- func (v Value) GetString() (string, error)
- func (v Value) GetType() reflect.Kind
- func (v Value) MarshalJSON() ([]byte, error)
- func (v *Value) StoreBool(b bool)
- func (v *Value) StoreInt(i int)
- func (v *Value) StoreString(s string)
- func (v Value) String() string
- func (v *Value) UnmarshalJSON(data []byte) error
- type ValueSet
Constants ¶
This section is empty.
Variables ¶
var AllSupportedAdminKeys = append([]KeyName{ AWSReferer, AWSSourceIP, AWSUserAgent, AWSSecureTransport, AWSCurrentTime, AWSEpochTime, AWSPrincipalType, AWSUserID, AWSUsername, AWSGroups, LDAPUser, LDAPUsername, LDAPGroups, }, JWTKeys...)
AllSupportedAdminKeys - is list of all admin supported keys.
var AllSupportedKeys = append([]KeyName{ S3SignatureVersion, S3AuthType, S3XAmzCopySource, S3XAmzServerSideEncryption, S3XAmzServerSideEncryptionCustomerAlgorithm, S3XAmzMetadataDirective, S3XAmzStorageClass, S3XAmzContentSha256, S3LocationConstraint, S3Prefix, S3Delimiter, S3MaxKeys, S3VersionID, S3ObjectLockRemainingRetentionDays, S3ObjectLockMode, S3ObjectLockLegalHold, S3ObjectLockRetainUntilDate, AWSReferer, AWSSourceIP, AWSUserAgent, AWSSecureTransport, AWSCurrentTime, AWSEpochTime, AWSPrincipalType, AWSUserID, AWSUsername, AWSGroups, LDAPUser, LDAPUsername, LDAPGroups, RequestObjectTag, ExistingObjectTag, RequestObjectTagKeys, }, JWTKeys...)
AllSupportedKeys - is list of all all supported keys.
var CommonKeys = append([]KeyName{ S3SignatureVersion, S3AuthType, S3XAmzContentSha256, S3LocationConstraint, AWSReferer, AWSSourceIP, AWSUserAgent, AWSSecureTransport, AWSCurrentTime, AWSEpochTime, AWSPrincipalType, AWSUserID, AWSUsername, AWSGroups, LDAPUser, LDAPUsername, LDAPGroups, }, JWTKeys...)
CommonKeys - is list of all common condition keys.
var JWTKeys = []KeyName{ JWTSub, JWTIss, JWTAud, JWTJti, JWTName, JWTUpn, JWTGroups, JWTGivenName, JWTFamilyName, JWTMiddleName, JWTNickName, JWTPrefUsername, JWTProfile, JWTPicture, JWTWebsite, JWTEmail, JWTGender, JWTBirthdate, JWTPhoneNumber, JWTAddress, JWTScope, JWTClientID, }
JWTKeys - Supported JWT keys, non-exhaustive list please expand as new claims are standardized.
Functions ¶
This section is empty.
Types ¶
type Function ¶
type Function interface { // String() - returns string representation of function. String() string // contains filtered or unexported methods }
Function - condition function interface.
func NewBinaryEqualsFunc ¶
NewBinaryEqualsFunc - returns new BinaryEquals function.
func NewBoolFunc ¶
NewBoolFunc - returns new Bool function.
func NewDateEqualsFunc ¶
NewDateEqualsFunc - returns new DateEquals function.
func NewDateGreaterThanEqualsFunc ¶
NewDateGreaterThanEqualsFunc - returns new DateGreaterThanEquals function.
func NewDateGreaterThanFunc ¶
NewDateGreaterThanFunc - returns new DateGreaterThan function.
func NewDateLessThanEqualsFunc ¶
NewDateLessThanEqualsFunc - returns new DateLessThanEquals function.
func NewDateLessThanFunc ¶
NewDateLessThanFunc - returns new DateLessThan function.
func NewDateNotEqualsFunc ¶
NewDateNotEqualsFunc - returns new DateNotEquals function.
func NewIPAddressFunc ¶
NewIPAddressFunc - returns new IP address function.
func NewNotIPAddressFunc ¶
NewNotIPAddressFunc - returns new Not IP address function.
func NewNullFunc ¶
NewNullFunc - returns new Null function.
func NewNumericEqualsFunc ¶
NewNumericEqualsFunc - returns new NumericEquals function.
func NewNumericGreaterThanEqualsFunc ¶
NewNumericGreaterThanEqualsFunc - returns new NumericGreaterThanEquals function.
func NewNumericGreaterThanFunc ¶
NewNumericGreaterThanFunc - returns new NumericGreaterThan function.
func NewNumericLessThanEqualsFunc ¶
NewNumericLessThanEqualsFunc - returns new NumericLessThanEquals function.
func NewNumericLessThanFunc ¶
NewNumericLessThanFunc - returns new NumericLessThan function.
func NewNumericNotEqualsFunc ¶
NewNumericNotEqualsFunc - returns new NumericNotEquals function.
func NewStringEqualsFunc ¶
NewStringEqualsFunc - returns new StringEquals function.
func NewStringEqualsIgnoreCaseFunc ¶
NewStringEqualsIgnoreCaseFunc - returns new StringEqualsIgnoreCase function.
func NewStringLikeFunc ¶
NewStringLikeFunc - returns new StringLike function.
func NewStringNotEqualsFunc ¶
NewStringNotEqualsFunc - returns new StringNotEquals function.
type Functions ¶
type Functions []Function
Functions - list of functions.
func NewFunctions ¶
NewFunctions - returns new Functions with given function list.
func (Functions) Evaluate ¶
Evaluate - evaluates all functions with given values map. Each function is evaluated sequencely and next function is called only if current function succeeds.
func (Functions) MarshalJSON ¶
MarshalJSON - encodes Functions to JSON data.
func (*Functions) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Functions.
type Key ¶
type Key struct {
// contains filtered or unexported fields
}
Key - conditional key whose name and it's optional variable.
func (Key) MarshalJSON ¶
MarshalJSON - encodes Key to JSON data.
func (*Key) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Key.
type KeyName ¶ added in v1.0.10
type KeyName string
KeyName - conditional key which is used to fetch values for any condition. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_s3.html for more information about available condition keys.
const ( // S3XAmzCopySource - key representing x-amz-copy-source HTTP header applicable to PutObject API only. S3XAmzCopySource KeyName = "s3:x-amz-copy-source" // S3XAmzServerSideEncryption - key representing x-amz-server-side-encryption HTTP header applicable // to PutObject API only. S3XAmzServerSideEncryption KeyName = "s3:x-amz-server-side-encryption" // S3XAmzServerSideEncryptionCustomerAlgorithm - key representing // x-amz-server-side-encryption-customer-algorithm HTTP header applicable to PutObject API only. S3XAmzServerSideEncryptionCustomerAlgorithm KeyName = "s3:x-amz-server-side-encryption-customer-algorithm" // S3XAmzMetadataDirective - key representing x-amz-metadata-directive HTTP header applicable to // PutObject API only. S3XAmzMetadataDirective KeyName = "s3:x-amz-metadata-directive" // S3XAmzContentSha256 - set a static content-sha256 for all calls for a given action. S3XAmzContentSha256 KeyName = "s3:x-amz-content-sha256" // S3XAmzStorageClass - key representing x-amz-storage-class HTTP header applicable to PutObject API // only. S3XAmzStorageClass KeyName = "s3:x-amz-storage-class" // S3LocationConstraint - key representing LocationConstraint XML tag of CreateBucket API only. S3LocationConstraint KeyName = "s3:LocationConstraint" // S3Prefix - key representing prefix query parameter of ListBucket API only. S3Prefix KeyName = "s3:prefix" // S3Delimiter - key representing delimiter query parameter of ListBucket API only. S3Delimiter KeyName = "s3:delimiter" // S3VersionID - Enables you to limit the permission for the // s3:PutObjectVersionTagging action to a specific object version. S3VersionID KeyName = "s3:versionid" // S3MaxKeys - key representing max-keys query parameter of ListBucket API only. S3MaxKeys KeyName = "s3:max-keys" // S3ObjectLockRemainingRetentionDays - key representing object-lock-remaining-retention-days // Enables enforcement of an object relative to the remaining retention days, you can set // minimum and maximum allowable retention periods for a bucket using a bucket policy. // This key are specific for s3:PutObjectRetention API. S3ObjectLockRemainingRetentionDays KeyName = "s3:object-lock-remaining-retention-days" // S3ObjectLockMode - key representing object-lock-mode // Enables enforcement of the specified object retention mode S3ObjectLockMode KeyName = "s3:object-lock-mode" // S3ObjectLockRetainUntilDate - key representing object-lock-retain-util-date // Enables enforcement of a specific retain-until-date S3ObjectLockRetainUntilDate KeyName = "s3:object-lock-retain-until-date" // S3ObjectLockLegalHold - key representing object-local-legal-hold // Enables enforcement of the specified object legal hold status S3ObjectLockLegalHold KeyName = "s3:object-lock-legal-hold" // AWSReferer - key representing Referer header of any API. AWSReferer KeyName = "aws:Referer" // AWSSourceIP - key representing client's IP address (not intermittent proxies) of any API. AWSSourceIP KeyName = "aws:SourceIp" // AWSUserAgent - key representing UserAgent header for any API. AWSUserAgent KeyName = "aws:UserAgent" // AWSSecureTransport - key representing if the clients request is authenticated or not. AWSSecureTransport KeyName = "aws:SecureTransport" // AWSCurrentTime - key representing the current time. AWSCurrentTime KeyName = "aws:CurrentTime" // AWSEpochTime - key representing the current epoch time. AWSEpochTime KeyName = "aws:EpochTime" // AWSPrincipalType - user principal type currently supported values are "User" and "Anonymous". AWSPrincipalType KeyName = "aws:principaltype" // AWSUserID - user unique ID, in MinIO this value is same as your user Access Key. AWSUserID KeyName = "aws:userid" // AWSUsername - user friendly name, in MinIO this value is same as your user Access Key. AWSUsername KeyName = "aws:username" // AWSGroups - groups for any authenticating Access Key. AWSGroups KeyName = "aws:groups" // S3SignatureVersion - identifies the version of AWS Signature that you want to support for authenticated requests. S3SignatureVersion KeyName = "s3:signatureversion" // S3AuthType - optionally use this condition key to restrict incoming requests to use a specific authentication method. S3AuthType KeyName = "s3:authType" // Refer https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html ExistingObjectTag KeyName = "s3:ExistingObjectTag" RequestObjectTagKeys KeyName = "s3:RequestObjectTagKeys" RequestObjectTag KeyName = "s3:RequestObjectTag" )
Condition key names.
const ( // JWTSub - JWT subject claim substitution. JWTSub KeyName = "jwt:sub" // JWTIss issuer claim substitution. JWTIss KeyName = "jwt:iss" // JWTAud audience claim substitution. JWTAud KeyName = "jwt:aud" // JWTJti JWT unique identifier claim substitution. JWTJti KeyName = "jwt:jti" JWTUpn KeyName = "jwt:upn" JWTName KeyName = "jwt:name" JWTGroups KeyName = "jwt:groups" JWTGivenName KeyName = "jwt:given_name" JWTFamilyName KeyName = "jwt:family_name" JWTMiddleName KeyName = "jwt:middle_name" JWTNickName KeyName = "jwt:nickname" JWTPrefUsername KeyName = "jwt:preferred_username" JWTProfile KeyName = "jwt:profile" JWTPicture KeyName = "jwt:picture" JWTWebsite KeyName = "jwt:website" JWTEmail KeyName = "jwt:email" JWTGender KeyName = "jwt:gender" JWTBirthdate KeyName = "jwt:birthdate" JWTPhoneNumber KeyName = "jwt:phone_number" JWTAddress KeyName = "jwt:address" JWTScope KeyName = "jwt:scope" JWTClientID KeyName = "jwt:client_id" )
JWT claims supported substitutions. https://www.iana.org/assignments/jwt/jwt.xhtml#claims
const ( // LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user DN. LDAPUser KeyName = "ldap:user" // LDAPUsername - LDAP username, in MinIO is the authenticated simple user. LDAPUsername KeyName = "ldap:username" // LDAPGroups - LDAP groups, in MinIO this value is equal LDAP Group DNs for the authenticating user. LDAPGroups KeyName = "ldap:groups" )
func (KeyName) Name ¶ added in v1.0.10
Name - returns key name which is stripped value of prefixes "aws:", "s3:", "jwt:" and "ldap:"
type KeySet ¶
type KeySet map[Key]struct{}
KeySet - set representation of slice of keys.
func (KeySet) Difference ¶
Difference - returns a key set contains difference of two keys. Example:
keySet1 := ["one", "two", "three"] keySet2 := ["two", "four", "three"] keySet1.Difference(keySet2) == ["one"]
type Value ¶
type Value struct {
// contains filtered or unexported fields
}
Value - is enum type of string, int or bool.
func NewStringValue ¶
NewStringValue - returns new string value.
func (Value) MarshalJSON ¶
MarshalJSON - encodes Value to JSON data.
func (*Value) StoreString ¶
StoreString - stores string value.
func (*Value) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data.
type ValueSet ¶
type ValueSet map[Value]struct{}
ValueSet - unique list of values.
func NewValueSet ¶
NewValueSet - returns new value set containing given values.
func (ValueSet) MarshalJSON ¶
MarshalJSON - encodes ValueSet to JSON data.
func (*ValueSet) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data.