policy

package
v0.2201.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GRPCAuthenticationFunction

func GRPCAuthenticationFunction(policy RuntimePolicyChecker) auth.AuthenticationFunction

GRPCAuthenticationFunction returns a gRPC authentication function using the provided policy checker.

Types

type AllowAllRuntimePolicyChecker

type AllowAllRuntimePolicyChecker struct{}

AllowAllRuntimePolicyChecker is a RuntimePolicyChecker that allows all access.

func (*AllowAllRuntimePolicyChecker) CheckAccessAllowed

func (c *AllowAllRuntimePolicyChecker) CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error

type DynamicRuntimePolicyChecker

type DynamicRuntimePolicyChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

DynamicRuntimePolicyChecker is a RuntimePolicyChecker that allows a dynamic policy to be specified and modified.

func NewDynamicRuntimePolicyChecker

func NewDynamicRuntimePolicyChecker(service grpc.ServiceName, watcher api.PolicyWatcher) *DynamicRuntimePolicyChecker

NewDynamicRuntimePolicyChecker creates a new dynamic runtime policy checker instance.

func (*DynamicRuntimePolicyChecker) CheckAccessAllowed

func (c *DynamicRuntimePolicyChecker) CheckAccessAllowed(
	ctx context.Context,
	method accessctl.Action,
	runtimeID common.Namespace,
) error

CheckAccessAllowed checks if the connected peer is allowed access to a server method according to the set access policy.

func (*DynamicRuntimePolicyChecker) SetAccessPolicy

func (c *DynamicRuntimePolicyChecker) SetAccessPolicy(policy accessctl.Policy, runtimeID common.Namespace)

SetAccessPolicy sets the PolicyChecker's access policy.

After this method is called the passed policy must not be used anymore.

type ErrForbiddenByPolicy

type ErrForbiddenByPolicy struct {
	// contains filtered or unexported fields
}

ErrForbiddenByPolicy is the error returned when an action is not allowed by policy.

func (ErrForbiddenByPolicy) Error

func (e ErrForbiddenByPolicy) Error() string

func (ErrForbiddenByPolicy) GRPCStatus

func (e ErrForbiddenByPolicy) GRPCStatus() *status.Status

GRPCStatus retruns appropriate gRPC status permission denied error code.

type RuntimePolicyChecker

type RuntimePolicyChecker interface {
	// CheckAccessAllowed checks if the connected peer is allowed access to a server method according
	// to the set access policy.
	CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error
}

RuntimePolicyChecker is used for setting and checking the gRPC server's access control policy for different runtimes.

Directories

Path Synopsis
Package api defines the common gRPC policy service and data structures.
Package api defines the common gRPC policy service and data structures.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL