Documentation ¶
Index ¶
- Constants
- func Errorf(format string, a ...interface{}) error
- type Action
- type ActionSet
- func (actionSet ActionSet) Add(action Action)
- func (actionSet ActionSet) Clone() ActionSet
- func (actionSet ActionSet) Contains(action Action) bool
- func (actionSet ActionSet) Equals(sactionSet ActionSet) bool
- func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet
- func (actionSet ActionSet) MarshalJSON() ([]byte, error)
- func (actionSet ActionSet) String() string
- func (actionSet ActionSet) ToSlice() []Action
- func (actionSet *ActionSet) UnmarshalJSON(data []byte) error
- type Args
- type Effect
- type Error
- type ID
- type Policy
- func (policy *Policy) Equals(p Policy) bool
- func (policy Policy) IsAllowed(args Args) bool
- func (policy Policy) IsEmpty() bool
- func (policy Policy) MarshalJSON() ([]byte, error)
- func (policy Policy) Merge(input Policy) Policy
- func (policy *Policy) UnmarshalJSON(data []byte) error
- func (policy Policy) Validate(bucketName string) error
- type Principal
- func (p Principal) Clone() Principal
- func (p Principal) Equals(pp Principal) bool
- func (p Principal) Intersection(principal Principal) set.StringSet
- func (p Principal) IsValid() bool
- func (p Principal) MarshalJSON() ([]byte, error)
- func (p Principal) Match(principal string) bool
- func (p *Principal) UnmarshalJSON(data []byte) error
- type Resource
- func (r Resource) IsValid() bool
- func (r Resource) MarshalJSON() ([]byte, error)
- func (r Resource) Match(resource string, conditionValues map[string][]string) bool
- func (r Resource) String() string
- func (r *Resource) UnmarshalJSON(data []byte) error
- func (r Resource) Validate(bucketName string) error
- type ResourceSet
- func (resourceSet ResourceSet) Add(resource Resource)
- func (resourceSet ResourceSet) Clone() ResourceSet
- func (resourceSet ResourceSet) Equals(sresourceSet ResourceSet) bool
- func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
- func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
- func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool
- func (resourceSet ResourceSet) String() string
- func (resourceSet ResourceSet) ToSlice() []Resource
- func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
- func (resourceSet ResourceSet) Validate(bucketName string) error
- type Statement
- func (statement Statement) Clone() Statement
- func (statement Statement) Equals(st Statement) bool
- func (statement Statement) IsAllowed(args Args) bool
- func (statement Statement) MarshalJSON() ([]byte, error)
- func (statement *Statement) UnmarshalJSON(data []byte) error
- func (statement Statement) Validate(bucketName string) error
Constants ¶
const ( // AbortMultipartUploadAction - AbortMultipartUpload Rest API action. AbortMultipartUploadAction Action = "s3:AbortMultipartUpload" // CreateBucketAction - CreateBucket Rest API action. CreateBucketAction = "s3:CreateBucket" // DeleteBucketAction - DeleteBucket Rest API action. DeleteBucketAction = "s3:DeleteBucket" // ForceDeleteBucketAction - DeleteBucket Rest API action when x-minio-force-delete flag // is specified. ForceDeleteBucketAction = "s3:ForceDeleteBucket" // DeleteBucketPolicyAction - DeleteBucketPolicy Rest API action. DeleteBucketPolicyAction = "s3:DeleteBucketPolicy" // DeleteObjectAction - DeleteObject Rest API action. DeleteObjectAction = "s3:DeleteObject" // GetBucketLocationAction - GetBucketLocation Rest API action. GetBucketLocationAction = "s3:GetBucketLocation" // GetBucketNotificationAction - GetBucketNotification Rest API action. GetBucketNotificationAction = "s3:GetBucketNotification" // GetBucketPolicyAction - GetBucketPolicy Rest API action. GetBucketPolicyAction = "s3:GetBucketPolicy" // GetObjectAction - GetObject Rest API action. GetObjectAction = "s3:GetObject" // HeadBucketAction - HeadBucket Rest API action. This action is unused in minio. HeadBucketAction = "s3:HeadBucket" // ListAllMyBucketsAction - ListAllMyBuckets (List buckets) Rest API action. ListAllMyBucketsAction = "s3:ListAllMyBuckets" // ListBucketAction - ListBucket Rest API action. ListBucketAction = "s3:ListBucket" // GetBucketPolicyStatusAction - Retrieves the policy status for a bucket. GetBucketPolicyStatusAction = "s3:GetBucketPolicyStatus" // ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action. ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads" // ListBucketVersionsAction - ListBucket versions Rest API action. ListBucketVersionsAction = "s3:ListBucketVersions" // ListenNotificationAction - ListenNotification Rest API action. // This is MinIO extension. ListenNotificationAction = "s3:ListenNotification" // ListenBucketNotificationAction - ListenBucketNotification Rest API action. // This is MinIO extension. ListenBucketNotificationAction = "s3:ListenBucketNotification" // ListMultipartUploadPartsAction - ListParts Rest API action. ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts" // PutBucketNotificationAction - PutObjectNotification Rest API action. PutBucketNotificationAction = "s3:PutBucketNotification" // PutBucketPolicyAction - PutBucketPolicy Rest API action. PutBucketPolicyAction = "s3:PutBucketPolicy" // PutObjectAction - PutObject Rest API action. PutObjectAction = "s3:PutObject" // PutBucketLifecycleAction - PutBucketLifecycle Rest API action. PutBucketLifecycleAction = "s3:PutLifecycleConfiguration" // GetBucketLifecycleAction - GetBucketLifecycle Rest API action. GetBucketLifecycleAction = "s3:GetLifecycleConfiguration" // BypassGovernanceRetentionAction - bypass governance retention for PutObjectRetention, PutObject and DeleteObject Rest API action. BypassGovernanceRetentionAction = "s3:BypassGovernanceRetention" // PutObjectRetentionAction - PutObjectRetention Rest API action. PutObjectRetentionAction = "s3:PutObjectRetention" // GetObjectRetentionAction - GetObjectRetention, GetObject, HeadObject Rest API action. GetObjectRetentionAction = "s3:GetObjectRetention" // GetObjectLegalHoldAction - GetObjectLegalHold, GetObject Rest API action. GetObjectLegalHoldAction = "s3:GetObjectLegalHold" // PutObjectLegalHoldAction - PutObjectLegalHold, PutObject Rest API action. PutObjectLegalHoldAction = "s3:PutObjectLegalHold" // GetBucketObjectLockConfigurationAction - GetObjectLockConfiguration Rest API action GetBucketObjectLockConfigurationAction = "s3:GetBucketObjectLockConfiguration" // PutBucketObjectLockConfigurationAction - PutObjectLockConfiguration Rest API action PutBucketObjectLockConfigurationAction = "s3:PutBucketObjectLockConfiguration" // GetBucketTaggingAction - GetTagging Rest API action GetBucketTaggingAction = "s3:GetBucketTagging" // PutBucketTaggingAction - PutTagging Rest API action PutBucketTaggingAction = "s3:PutBucketTagging" // GetObjectTaggingAction - Get Object Tags API action GetObjectTaggingAction = "s3:GetObjectTagging" // PutObjectTaggingAction - Put Object Tags API action PutObjectTaggingAction = "s3:PutObjectTagging" // DeleteObjectTaggingAction - Delete Object Tags API action DeleteObjectTaggingAction = "s3:DeleteObjectTagging" // PutBucketEncryptionAction - PutBucketEncryption REST API action PutBucketEncryptionAction = "s3:PutEncryptionConfiguration" // GetBucketEncryptionAction - GetBucketEncryption REST API action GetBucketEncryptionAction = "s3:GetEncryptionConfiguration" // PutBucketVersioningAction - PutBucketVersioning REST API action PutBucketVersioningAction = "s3:PutBucketVersioning" // GetBucketVersioningAction - GetBucketVersioning REST API action GetBucketVersioningAction = "s3:GetBucketVersioning" // DeleteObjectVersionAction - DeleteObjectVersion Rest API action. DeleteObjectVersionAction = "s3:DeleteObjectVersion" // DeleteObjectVersionTaggingAction - DeleteObjectVersionTagging Rest API action. DeleteObjectVersionTaggingAction = "s3:DeleteObjectVersionTagging" // GetObjectVersionAction - GetObjectVersionAction Rest API action. GetObjectVersionAction = "s3:GetObjectVersion" // GetObjectVersionTaggingAction - GetObjectVersionTagging Rest API action. GetObjectVersionTaggingAction = "s3:GetObjectVersionTagging" // PutObjectVersionTaggingAction - PutObjectVersionTagging Rest API action. PutObjectVersionTaggingAction = "s3:PutObjectVersionTagging" // GetReplicationConfigurationAction - GetReplicationConfiguration REST API action GetReplicationConfigurationAction = "s3:GetReplicationConfiguration" // PutReplicationConfigurationAction - PutReplicationConfiguration REST API action PutReplicationConfigurationAction = "s3:PutReplicationConfiguration" // ReplicateObjectAction - ReplicateObject REST API action ReplicateObjectAction = "s3:ReplicateObject" // ReplicateDeleteAction - ReplicateDelete REST API action ReplicateDeleteAction = "s3:ReplicateDelete" // ReplicateTagsAction - ReplicateTags REST API action ReplicateTagsAction = "s3:ReplicateTags" // GetObjectVersionForReplicationAction - GetObjectVersionForReplication REST API action GetObjectVersionForReplicationAction = "s3:GetObjectVersionForReplication" // RestoreObjectAction - RestoreObject REST API action RestoreObjectAction = "s3:RestoreObject" // ResetBucketReplicationStateAction - MinIO extension API ResetBucketReplicationState to reset replication state // on a bucket ResetBucketReplicationStateAction = "s3:ResetBucketReplicationState" )
const DefaultVersion = "2012-10-17"
DefaultVersion - default policy version as per AWS S3 specification.
const ResourceARNPrefix = "arn:aws:s3:::"
ResourceARNPrefix - resource ARN prefix as per AWS S3 specification.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Action ¶
type Action string
Action - policy action. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html for more information about available actions.
func (Action) IsObjectAction ¶ added in v1.6.3
IsObjectAction - returns whether action is object type or not.
func (Action) MarshalJSON ¶
MarshalJSON - encodes Action to JSON data.
func (*Action) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Action.
type ActionSet ¶
type ActionSet map[Action]struct{}
ActionSet - set of actions.
func NewActionSet ¶
NewActionSet - creates new action set.
func (ActionSet) Equals ¶
Equals - checks whether given action set is equal to current action set or not.
func (ActionSet) Intersection ¶
Intersection - returns actions available in both ActionSet.
func (ActionSet) MarshalJSON ¶
MarshalJSON - encodes ActionSet to JSON data.
func (*ActionSet) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to ActionSet.
type Args ¶
type Args struct { AccountName string `json:"account"` Groups []string `json:"groups"` Action Action `json:"action"` BucketName string `json:"bucket"` ConditionValues map[string][]string `json:"conditions"` IsOwner bool `json:"owner"` ObjectName string `json:"object"` }
Args - arguments to policy to check whether it is allowed
type Effect ¶
type Effect string
Effect - policy statement effect Allow or Deny.
const ( // Allow - allow effect. Allow Effect = "Allow" // Deny - deny effect. Deny = "Deny" )
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error is the generic type for any error happening during policy parsing.
type Policy ¶
type Policy struct { ID ID `json:"ID,omitempty"` Version string Statements []Statement `json:"Statement"` }
Policy - bucket policy.
func ParseConfig ¶
ParseConfig - parses data in given reader to Policy.
func (Policy) MarshalJSON ¶
MarshalJSON - encodes Policy to JSON data.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Policy.
type Principal ¶
Principal - policy principal.
func NewPrincipal ¶
NewPrincipal - creates new Principal.
func (Principal) Intersection ¶
Intersection - returns principals available in both Principal.
func (Principal) MarshalJSON ¶
MarshalJSON - encodes Principal to JSON data.
func (*Principal) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Principal.
type Resource ¶
Resource - resource in policy statement.
func NewResource ¶
NewResource - creates new resource.
func (Resource) MarshalJSON ¶
MarshalJSON - encodes Resource to JSON data.
func (*Resource) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Resource.
type ResourceSet ¶
type ResourceSet map[Resource]struct{}
ResourceSet - set of resources in policy statement.
func NewResourceSet ¶
func NewResourceSet(resources ...Resource) ResourceSet
NewResourceSet - creates new resource set.
func (ResourceSet) Add ¶
func (resourceSet ResourceSet) Add(resource Resource)
Add - adds resource to resource set.
func (ResourceSet) Clone ¶
func (resourceSet ResourceSet) Clone() ResourceSet
Clone clones ResourceSet structure
func (ResourceSet) Equals ¶
func (resourceSet ResourceSet) Equals(sresourceSet ResourceSet) bool
Equals - checks whether given resource set is equal to current resource set or not.
func (ResourceSet) Intersection ¶
func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
Intersection - returns resouces available in both ResourcsSet.
func (ResourceSet) MarshalJSON ¶
func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
MarshalJSON - encodes ResourceSet to JSON data.
func (ResourceSet) Match ¶
func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool
Match - matches object name with anyone of resource pattern in resource set.
func (ResourceSet) String ¶
func (resourceSet ResourceSet) String() string
func (ResourceSet) ToSlice ¶
func (resourceSet ResourceSet) ToSlice() []Resource
ToSlice - returns slice of resources from the resource set.
func (*ResourceSet) UnmarshalJSON ¶
func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
UnmarshalJSON - decodes JSON data to ResourceSet.
func (ResourceSet) Validate ¶
func (resourceSet ResourceSet) Validate(bucketName string) error
Validate - validates ResourceSet is for given bucket or not.
type Statement ¶
type Statement struct { SID ID `json:"Sid,omitempty"` Effect Effect `json:"Effect"` Principal Principal `json:"Principal"` Actions ActionSet `json:"Action"` Resources ResourceSet `json:"Resource"` Conditions condition.Functions `json:"Condition,omitempty"` }
Statement - policy statement.
func NewStatement ¶
func NewStatement(sid ID, effect Effect, principal Principal, actionSet ActionSet, resourceSet ResourceSet, conditions condition.Functions) Statement
NewStatement - creates new statement.
func (Statement) IsAllowed ¶
IsAllowed - checks given policy args is allowed to continue the Rest API.
func (Statement) MarshalJSON ¶
MarshalJSON - encodes JSON data to Statement.
func (*Statement) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Statement.