authz

package
v0.0.0-...-3b0a8a5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package authz provides helper APIs to simplify writing authz test cases. It also packs authz rotate and get operations with the corresponding verifications to prevent code duplications and increase the test code readability.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadPolicyFromJSONFile

func LoadPolicyFromJSONFile(t *testing.T, filePath string) map[string]AuthorizationPolicy

LoadPolicyFromJSONFile Loads Policy from a JSON File.

func Verify

func Verify(t testing.TB, dut *ondatra.DUTDevice, spiffe *Spiffe, rpc *gnxi.RPC, opts ...verifyOpt)

Verify uses prob to validate if the user access for a certain rpc is expected. It also execute the rpc when HardVerif is passed and verifies if it matches the expectation.

Types

type AuthorizationPolicy

type AuthorizationPolicy struct {
	// name of policy.
	Name string `json:"name"`
	// rules that specify what are allowed by users.
	AllowRules []Rule `json:"allow_rules,omitempty"`
	// rules that specify what are denied for users.
	DenyRules []Rule `json:"deny_rules,omitempty"`
}

AuthorizationPolicy is an struct to save an authz policy.

func Get

Get read the applied policy from device dut. this is test api and fails the test when it fails.

func NewAuthorizationPolicy

func NewAuthorizationPolicy(name string) *AuthorizationPolicy

NewAuthorizationPolicy creates an empty policy.

func (*AuthorizationPolicy) AddAllowRules

func (p *AuthorizationPolicy) AddAllowRules(name string, users []string, rpcs []*gnxi.RPC)

AddAllowRules adds an allow rule for policy p.

func (*AuthorizationPolicy) AddDenyRules

func (p *AuthorizationPolicy) AddDenyRules(name string, users []string, rpcs []*gnxi.RPC)

AddDenyRules adds an allow rule for policy p.

func (*AuthorizationPolicy) Marshal

func (p *AuthorizationPolicy) Marshal() ([]byte, error)

Marshal marshal a policy from json string.

func (*AuthorizationPolicy) PrettyPrint

func (p *AuthorizationPolicy) PrettyPrint(t *testing.T) string

PrettyPrint prints policy p in a pretty format.

func (*AuthorizationPolicy) Rotate

func (p *AuthorizationPolicy) Rotate(t *testing.T, dut *ondatra.DUTDevice, createdOn uint64, version string, forcOverwrite bool)

Rotate apply policy p on device dut, this is test api for positive testing and it fails the test on failure.

func (*AuthorizationPolicy) Unmarshal

func (p *AuthorizationPolicy) Unmarshal(jsonString string) error

Unmarshal unmarshal policy p to json string.

type ExceptDeny

type ExceptDeny struct {
}

ExceptDeny is passed to verify function when failure is expected.

type HardVerify

type HardVerify struct {
}

HardVerify is passed to verify function when verification is carried out via execution on the RPC using the user svid.

type Rule

type Rule struct {
	// name of the rule.
	Name string `json:"name"`
	// the users that rule defined for.
	Source struct {
		Principals []string `json:"principals"`
	} `json:"source"`
	// rpc for which the rule is specified.
	Request struct {
		Paths []string `json:"paths"`
	} `json:"request"`
}

Rule represent the structure for an authz rule.

type Spiffe

type Spiffe struct {
	// ID store Spiffe id.
	ID string
	// TlsConf stores the svid of Spiffe id.
	TLSConf *tls.Config
}

Spiffe is an struct to save an Spiffe id and its svid.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL