condition

package
v1.7.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2023 License: AGPL-3.0 Imports: 13 Imported by: 13

Documentation

Index

Constants

This section is empty.

Variables

AllSupportedAdminKeys - is list of all admin supported keys.

AllSupportedKeys - is list of all all supported keys.

CommonKeys - is list of all common condition keys.

JWTKeys - Supported JWT keys, non-exhaustive list please expand as new claims are standardized.

Functions

This section is empty.

Types

type Function

type Function interface {

	// String() - returns string representation of function.
	String() string
	// contains filtered or unexported methods
}

Function - condition function interface.

func NewBinaryEqualsFunc

func NewBinaryEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewBinaryEqualsFunc - returns new BinaryEquals function.

func NewBoolFunc

func NewBoolFunc(key Key, value bool) (Function, error)

NewBoolFunc - returns new Bool function.

func NewDateEqualsFunc

func NewDateEqualsFunc(key Key, value time.Time) (Function, error)

NewDateEqualsFunc - returns new DateEquals function.

func NewDateGreaterThanEqualsFunc

func NewDateGreaterThanEqualsFunc(key Key, value time.Time) (Function, error)

NewDateGreaterThanEqualsFunc - returns new DateGreaterThanEquals function.

func NewDateGreaterThanFunc

func NewDateGreaterThanFunc(key Key, value time.Time) (Function, error)

NewDateGreaterThanFunc - returns new DateGreaterThan function.

func NewDateLessThanEqualsFunc

func NewDateLessThanEqualsFunc(key Key, value time.Time) (Function, error)

NewDateLessThanEqualsFunc - returns new DateLessThanEquals function.

func NewDateLessThanFunc

func NewDateLessThanFunc(key Key, value time.Time) (Function, error)

NewDateLessThanFunc - returns new DateLessThan function.

func NewDateNotEqualsFunc

func NewDateNotEqualsFunc(key Key, value time.Time) (Function, error)

NewDateNotEqualsFunc - returns new DateNotEquals function.

func NewIPAddressFunc

func NewIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)

NewIPAddressFunc - returns new IP address function.

func NewNotIPAddressFunc

func NewNotIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)

NewNotIPAddressFunc - returns new Not IP address function.

func NewNullFunc

func NewNullFunc(key Key, value bool) (Function, error)

NewNullFunc - returns new Null function.

func NewNumericEqualsFunc

func NewNumericEqualsFunc(key Key, value int) (Function, error)

NewNumericEqualsFunc - returns new NumericEquals function.

func NewNumericGreaterThanEqualsFunc

func NewNumericGreaterThanEqualsFunc(key Key, value int) (Function, error)

NewNumericGreaterThanEqualsFunc - returns new NumericGreaterThanEquals function.

func NewNumericGreaterThanFunc

func NewNumericGreaterThanFunc(key Key, value int) (Function, error)

NewNumericGreaterThanFunc - returns new NumericGreaterThan function.

func NewNumericLessThanEqualsFunc

func NewNumericLessThanEqualsFunc(key Key, value int) (Function, error)

NewNumericLessThanEqualsFunc - returns new NumericLessThanEquals function.

func NewNumericLessThanFunc

func NewNumericLessThanFunc(key Key, value int) (Function, error)

NewNumericLessThanFunc - returns new NumericLessThan function.

func NewNumericNotEqualsFunc

func NewNumericNotEqualsFunc(key Key, value int) (Function, error)

NewNumericNotEqualsFunc - returns new NumericNotEquals function.

func NewStringEqualsFunc

func NewStringEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringEqualsFunc - returns new StringEquals function.

func NewStringEqualsIgnoreCaseFunc

func NewStringEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringEqualsIgnoreCaseFunc - returns new StringEqualsIgnoreCase function.

func NewStringLikeFunc

func NewStringLikeFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringLikeFunc - returns new StringLike function.

func NewStringNotEqualsFunc

func NewStringNotEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotEqualsFunc - returns new StringNotEquals function.

func NewStringNotEqualsIgnoreCaseFunc

func NewStringNotEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotEqualsIgnoreCaseFunc - returns new StringNotEqualsIgnoreCase function.

func NewStringNotLikeFunc

func NewStringNotLikeFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotLikeFunc - returns new StringNotLike function.

type Functions

type Functions []Function

Functions - list of functions.

func NewFunctions

func NewFunctions(functions ...Function) Functions

NewFunctions - returns new Functions with given function list.

func (Functions) Clone

func (functions Functions) Clone() Functions

Clone clones Functions structure

func (Functions) Equals

func (functions Functions) Equals(funcs Functions) bool

Equals returns true if two Functions structures are equal

func (Functions) Evaluate

func (functions Functions) Evaluate(values map[string][]string) bool

Evaluate - evaluates all functions with given values map. Each function is evaluated sequencely and next function is called only if current function succeeds.

func (*Functions) GobDecode

func (functions *Functions) GobDecode(data []byte) error

GobDecode - decodes gob data to Functions.

func (Functions) GobEncode

func (functions Functions) GobEncode() ([]byte, error)

GobEncode - encodes Functions to gob data.

func (Functions) Keys

func (functions Functions) Keys() KeySet

Keys - returns list of keys used in all functions.

func (Functions) MarshalJSON

func (functions Functions) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Functions to JSON data.

func (Functions) String

func (functions Functions) String() string

func (*Functions) UnmarshalJSON

func (functions *Functions) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Functions.

type Key

type Key struct {
	// contains filtered or unexported fields
}

Key - conditional key whose name and it's optional variable.

func NewKey added in v1.0.10

func NewKey(name KeyName, variable string) Key

NewKey - creates new key

func (Key) Is added in v1.0.10

func (key Key) Is(name KeyName) bool

Is - checks if this key has same key name or not.

func (Key) IsValid

func (key Key) IsValid() bool

IsValid - checks if key is valid or not.

func (Key) MarshalJSON

func (key Key) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Key to JSON data.

func (Key) Name

func (key Key) Name() string

Name - returns key name which is stripped value of prefixes "aws:" and "s3:"

func (Key) String added in v1.0.10

func (key Key) String() string

func (*Key) UnmarshalJSON

func (key *Key) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Key.

func (Key) VarName

func (key Key) VarName() string

VarName - returns variable key name, such as "${aws:username}"

type KeyName added in v1.0.10

type KeyName string

KeyName - conditional key which is used to fetch values for any condition. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_s3.html for more information about available condition keys.

const (
	// S3XAmzCopySource - key representing x-amz-copy-source HTTP header applicable to PutObject API only.
	S3XAmzCopySource KeyName = "s3:x-amz-copy-source"

	// S3XAmzServerSideEncryption - key representing x-amz-server-side-encryption HTTP header applicable
	// to PutObject API only.
	S3XAmzServerSideEncryption KeyName = "s3:x-amz-server-side-encryption"

	// S3XAmzServerSideEncryptionCustomerAlgorithm - key representing
	// x-amz-server-side-encryption-customer-algorithm HTTP header applicable to PutObject API only.
	S3XAmzServerSideEncryptionCustomerAlgorithm KeyName = "s3:x-amz-server-side-encryption-customer-algorithm"

	// S3XAmzMetadataDirective - key representing x-amz-metadata-directive HTTP header applicable to
	// PutObject API only.
	S3XAmzMetadataDirective KeyName = "s3:x-amz-metadata-directive"

	// S3XAmzContentSha256 - set a static content-sha256 for all calls for a given action.
	S3XAmzContentSha256 KeyName = "s3:x-amz-content-sha256"

	// S3XAmzStorageClass - key representing x-amz-storage-class HTTP header applicable to PutObject API
	// only.
	S3XAmzStorageClass KeyName = "s3:x-amz-storage-class"

	// S3LocationConstraint - key representing LocationConstraint XML tag of CreateBucket API only.
	S3LocationConstraint KeyName = "s3:LocationConstraint"

	// S3Prefix - key representing prefix query parameter of ListBucket API only.
	S3Prefix KeyName = "s3:prefix"

	// S3Delimiter - key representing delimiter query parameter of ListBucket API only.
	S3Delimiter KeyName = "s3:delimiter"

	// S3VersionID - Enables you to limit the permission for the
	// s3:PutObjectVersionTagging action to a specific object version.
	S3VersionID KeyName = "s3:versionid"

	// S3MaxKeys - key representing max-keys query parameter of ListBucket API only.
	S3MaxKeys KeyName = "s3:max-keys"

	// S3ObjectLockRemainingRetentionDays - key representing object-lock-remaining-retention-days
	// Enables enforcement of an object relative to the remaining retention days, you can set
	// minimum and maximum allowable retention periods for a bucket using a bucket policy.
	// This key are specific for s3:PutObjectRetention API.
	S3ObjectLockRemainingRetentionDays KeyName = "s3:object-lock-remaining-retention-days"

	// S3ObjectLockMode - key representing object-lock-mode
	// Enables enforcement of the specified object retention mode
	S3ObjectLockMode KeyName = "s3:object-lock-mode"

	// S3ObjectLockRetainUntilDate - key representing object-lock-retain-util-date
	// Enables enforcement of a specific retain-until-date
	S3ObjectLockRetainUntilDate KeyName = "s3:object-lock-retain-until-date"

	// S3ObjectLockLegalHold - key representing object-local-legal-hold
	// Enables enforcement of the specified object legal hold status
	S3ObjectLockLegalHold KeyName = "s3:object-lock-legal-hold"

	// AWSReferer - key representing Referer header of any API.
	AWSReferer KeyName = "aws:Referer"

	// AWSSourceIP - key representing client's IP address (not intermittent proxies) of any API.
	AWSSourceIP KeyName = "aws:SourceIp"

	// AWSUserAgent - key representing UserAgent header for any API.
	AWSUserAgent KeyName = "aws:UserAgent"

	// AWSSecureTransport - key representing if the clients request is authenticated or not.
	AWSSecureTransport KeyName = "aws:SecureTransport"

	// AWSCurrentTime - key representing the current time.
	AWSCurrentTime KeyName = "aws:CurrentTime"

	// AWSEpochTime - key representing the current epoch time.
	AWSEpochTime KeyName = "aws:EpochTime"

	// AWSPrincipalType - user principal type currently supported values are "User" and "Anonymous".
	AWSPrincipalType KeyName = "aws:principaltype"

	// AWSUserID - user unique ID, in MinIO this value is same as your user Access Key.
	AWSUserID KeyName = "aws:userid"

	// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
	AWSUsername KeyName = "aws:username"

	// AWSGroups - groups for any authenticating Access Key.
	AWSGroups KeyName = "aws:groups"

	// S3SignatureVersion - identifies the version of AWS Signature that you want to support for authenticated requests.
	S3SignatureVersion KeyName = "s3:signatureversion"

	// S3AuthType - optionally use this condition key to restrict incoming requests to use a specific authentication method.
	S3AuthType KeyName = "s3:authType"

	// Refer https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
	ExistingObjectTag    KeyName = "s3:ExistingObjectTag"
	RequestObjectTagKeys KeyName = "s3:RequestObjectTagKeys"
	RequestObjectTag     KeyName = "s3:RequestObjectTag"
)

Condition key names.

const (
	// JWTSub - JWT subject claim substitution.
	JWTSub KeyName = "jwt:sub"

	// JWTIss issuer claim substitution.
	JWTIss KeyName = "jwt:iss"

	// JWTAud audience claim substitution.
	JWTAud KeyName = "jwt:aud"

	// JWTJti JWT unique identifier claim substitution.
	JWTJti KeyName = "jwt:jti"

	JWTUpn          KeyName = "jwt:upn"
	JWTName         KeyName = "jwt:name"
	JWTGroups       KeyName = "jwt:groups"
	JWTGivenName    KeyName = "jwt:given_name"
	JWTFamilyName   KeyName = "jwt:family_name"
	JWTMiddleName   KeyName = "jwt:middle_name"
	JWTNickName     KeyName = "jwt:nickname"
	JWTPrefUsername KeyName = "jwt:preferred_username"
	JWTProfile      KeyName = "jwt:profile"
	JWTPicture      KeyName = "jwt:picture"
	JWTWebsite      KeyName = "jwt:website"
	JWTEmail        KeyName = "jwt:email"
	JWTGender       KeyName = "jwt:gender"
	JWTBirthdate    KeyName = "jwt:birthdate"
	JWTPhoneNumber  KeyName = "jwt:phone_number"
	JWTAddress      KeyName = "jwt:address"
	JWTScope        KeyName = "jwt:scope"
	JWTClientID     KeyName = "jwt:client_id"
)

JWT claims supported substitutions. https://www.iana.org/assignments/jwt/jwt.xhtml#claims

const (
	// LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user DN.
	LDAPUser KeyName = "ldap:user"

	// LDAPUsername - LDAP username, in MinIO is the authenticated simple user.
	LDAPUsername KeyName = "ldap:username"

	// LDAPGroups - LDAP groups, in MinIO this value is equal LDAP Group DNs for the authenticating user.
	LDAPGroups KeyName = "ldap:groups"
)

func (KeyName) Name added in v1.0.10

func (key KeyName) Name() string

Name - returns key name which is stripped value of prefixes "aws:", "s3:", "jwt:" and "ldap:"

func (KeyName) ToKey added in v1.0.10

func (key KeyName) ToKey() Key

ToKey - creates key from name.

func (KeyName) VarName added in v1.0.10

func (key KeyName) VarName() string

VarName - returns variable key name, such as "${aws:username}"

type KeySet

type KeySet map[Key]struct{}

KeySet - set representation of slice of keys.

func NewKeySet

func NewKeySet(keys ...Key) KeySet

NewKeySet - returns new KeySet contains given keys.

func (KeySet) Add

func (set KeySet) Add(key Key)

Add - add a key to key set.

func (KeySet) Difference

func (set KeySet) Difference(sset KeySet) KeySet

Difference - returns a key set contains difference of two keys. Example:

keySet1 := ["one", "two", "three"]
keySet2 := ["two", "four", "three"]
keySet1.Difference(keySet2) == ["one"]

func (KeySet) IsEmpty

func (set KeySet) IsEmpty() bool

IsEmpty - returns whether key set is empty or not.

func (KeySet) Match added in v1.4.3

func (set KeySet) Match(key Key) bool

Match matches the input key name with current keySet

func (KeySet) Merge

func (set KeySet) Merge(mset KeySet)

Merge merges two key sets, duplicates are overwritten

func (KeySet) String

func (set KeySet) String() string

func (KeySet) ToSlice

func (set KeySet) ToSlice() []Key

ToSlice - returns slice of keys.

type Value

type Value struct {
	// contains filtered or unexported fields
}

Value - is enum type of string, int or bool.

func NewBoolValue

func NewBoolValue(b bool) Value

NewBoolValue - returns new bool value.

func NewIntValue

func NewIntValue(i int) Value

NewIntValue - returns new int value.

func NewStringValue

func NewStringValue(s string) Value

NewStringValue - returns new string value.

func (Value) GetBool

func (v Value) GetBool() (bool, error)

GetBool - gets stored bool value.

func (Value) GetInt

func (v Value) GetInt() (int, error)

GetInt - gets stored int value.

func (Value) GetString

func (v Value) GetString() (string, error)

GetString - gets stored string value.

func (Value) GetType

func (v Value) GetType() reflect.Kind

GetType - gets enum type.

func (Value) MarshalJSON

func (v Value) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Value to JSON data.

func (*Value) StoreBool

func (v *Value) StoreBool(b bool)

StoreBool - stores bool value.

func (*Value) StoreInt

func (v *Value) StoreInt(i int)

StoreInt - stores int value.

func (*Value) StoreString

func (v *Value) StoreString(s string)

StoreString - stores string value.

func (Value) String

func (v Value) String() string

String - returns string representation of value.

func (*Value) UnmarshalJSON

func (v *Value) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

type ValueSet

type ValueSet map[Value]struct{}

ValueSet - unique list of values.

func NewValueSet

func NewValueSet(values ...Value) ValueSet

NewValueSet - returns new value set containing given values.

func (ValueSet) Add

func (set ValueSet) Add(value Value)

Add - adds given value to value set.

func (ValueSet) Clone

func (set ValueSet) Clone() ValueSet

Clone clones ValueSet structure

func (ValueSet) MarshalJSON

func (set ValueSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ValueSet to JSON data.

func (ValueSet) ToSlice

func (set ValueSet) ToSlice() []Value

ToSlice converts ValueSet to a slice of Value

func (*ValueSet) UnmarshalJSON

func (set *ValueSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL