policy

package
v0.2012.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 4, 2020 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GRPCAuthenticationFunction 

func GRPCAuthenticationFunction(policy RuntimePolicyChecker) auth.AuthenticationFunction

GRPCAuthenticationFunction returns a gRPC authentication function using the provided policy checker.

Types

type AllowAllRuntimePolicyChecker 

type AllowAllRuntimePolicyChecker struct{}

AllowAllRuntimePolicyChecker is a RuntimePolicyChecker that allows all access.

func (*AllowAllRuntimePolicyChecker) CheckAccessAllowed 

func (c *AllowAllRuntimePolicyChecker) CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error

type DynamicRuntimePolicyChecker 

type DynamicRuntimePolicyChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

DynamicRuntimePolicyChecker is a RuntimePolicyChecker that allows a dynamic policy to be specified and modified.

func NewDynamicRuntimePolicyChecker 

func NewDynamicRuntimePolicyChecker(service grpc.ServiceName, watcher api.PolicyWatcher) *DynamicRuntimePolicyChecker

NewDynamicRuntimePolicyChecker creates a new dynamic runtime policy checker instance.

func (*DynamicRuntimePolicyChecker) CheckAccessAllowed 

func (c *DynamicRuntimePolicyChecker) CheckAccessAllowed(
	ctx context.Context,
	method accessctl.Action,
	runtimeID common.Namespace,
) error

CheckAccessAllowed checks if the connected peer is allowed access to a server method according to the set access policy.

func (*DynamicRuntimePolicyChecker) SetAccessPolicy 

func (c *DynamicRuntimePolicyChecker) SetAccessPolicy(policy accessctl.Policy, runtimeID common.Namespace)

SetAccessPolicy sets the PolicyChecker's access policy.

After this method is called the passed policy must not be used anymore.

type ErrForbiddenByPolicy 

type ErrForbiddenByPolicy struct {
	// contains filtered or unexported fields
}

ErrForbiddenByPolicy is the error returned when an action is not allowed by policy.

func (ErrForbiddenByPolicy) Error 

func (e ErrForbiddenByPolicy) Error() string

func (ErrForbiddenByPolicy) GRPCStatus 

func (e ErrForbiddenByPolicy) GRPCStatus() *status.Status

GRPCStatus retruns appropriate gRPC status permission denied error code.

type RuntimePolicyChecker 

type RuntimePolicyChecker interface {
	// CheckAccessAllowed checks if the connected peer is allowed access to a server method according
	// to the set access policy.
	CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error
}

RuntimePolicyChecker is used for setting and checking the gRPC server's access control policy for different runtimes.

Source Files

View all Source files

Directories

Path Synopsis
Package api defines the common gRPC policy service and data structures.
 Package api defines the common gRPC policy service and data structures.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.