Documentation ¶
Index ¶
- Constants
- Variables
- type Action
- type ActionSet
- func (actionSet ActionSet) Add(action Action)
- func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet
- func (actionSet ActionSet) MarshalJSON() ([]byte, error)
- func (actionSet ActionSet) Match(action Action) bool
- func (actionSet ActionSet) String() string
- func (actionSet ActionSet) ToSlice() []Action
- func (actionSet *ActionSet) UnmarshalJSON(data []byte) error
- type Args
- type Opa
- type OpaArgs
- type Policy
- type Resource
- type ResourceSet
- func (resourceSet ResourceSet) Add(resource Resource)
- func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
- func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
- func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool
- func (resourceSet ResourceSet) String() string
- func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
- func (resourceSet ResourceSet) Validate() error
- type Statement
Constants ¶
const ( // AbortMultipartUploadAction - AbortMultipartUpload Rest API action. AbortMultipartUploadAction Action = "s3:AbortMultipartUpload" // CreateBucketAction - CreateBucket Rest API action. CreateBucketAction = "s3:CreateBucket" // DeleteBucketAction - DeleteBucket Rest API action. DeleteBucketAction = "s3:DeleteBucket" // DeleteBucketPolicyAction - DeleteBucketPolicy Rest API action. DeleteBucketPolicyAction = "s3:DeleteBucketPolicy" // DeleteObjectAction - DeleteObject Rest API action. DeleteObjectAction = "s3:DeleteObject" // GetBucketLocationAction - GetBucketLocation Rest API action. GetBucketLocationAction = "s3:GetBucketLocation" // GetBucketNotificationAction - GetBucketNotification Rest API action. GetBucketNotificationAction = "s3:GetBucketNotification" // GetBucketPolicyAction - GetBucketPolicy Rest API action. GetBucketPolicyAction = "s3:GetBucketPolicy" // GetObjectAction - GetObject Rest API action. GetObjectAction = "s3:GetObject" // HeadBucketAction - HeadBucket Rest API action. This action is unused in minio. HeadBucketAction = "s3:HeadBucket" // ListAllMyBucketsAction - ListAllMyBuckets (List buckets) Rest API action. ListAllMyBucketsAction = "s3:ListAllMyBuckets" // ListBucketAction - ListBucket Rest API action. ListBucketAction = "s3:ListBucket" // ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action. ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads" // ListenBucketNotificationAction - ListenBucketNotification Rest API action. // This is Minio extension. ListenBucketNotificationAction = "s3:ListenBucketNotification" // ListMultipartUploadPartsAction - ListParts Rest API action. ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts" // PutBucketNotificationAction - PutObjectNotification Rest API action. PutBucketNotificationAction = "s3:PutBucketNotification" // PutBucketPolicyAction - PutBucketPolicy Rest API action. PutBucketPolicyAction = "s3:PutBucketPolicy" // PutObjectAction - PutObject Rest API action. PutObjectAction = "s3:PutObject" // AllActions - all API actions AllActions = "s3:*" )
const DefaultVersion = "2012-10-17"
DefaultVersion - default policy version as per AWS S3 specification.
const ResourceARNPrefix = "arn:aws:s3:::"
ResourceARNPrefix - resource ARN prefix as per AWS S3 specification.
Variables ¶
var ReadOnly = Policy{ Version: DefaultVersion, Statements: []Statement{ { SID: policy.ID(""), Effect: policy.Allow, Actions: NewActionSet(GetBucketLocationAction, GetObjectAction), Resources: NewResourceSet(NewResource("*", "")), }, }, }
ReadOnly - read only.
var ReadWrite = Policy{ Version: DefaultVersion, Statements: []Statement{ { SID: policy.ID(""), Effect: policy.Allow, Actions: NewActionSet(AllActions), Resources: NewResourceSet(NewResource("*", "")), }, }, }
ReadWrite - provides full access to all buckets and all objects
var WriteOnly = Policy{ Version: DefaultVersion, Statements: []Statement{ { SID: policy.ID(""), Effect: policy.Allow, Actions: NewActionSet(PutObjectAction), Resources: NewResourceSet(NewResource("*", "")), }, }, }
WriteOnly - provides write access.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action string
Action - policy action. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html for more information about available actions.
func (Action) MarshalJSON ¶
MarshalJSON - encodes Action to JSON data.
func (*Action) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Action.
type ActionSet ¶
type ActionSet map[Action]struct{}
ActionSet - set of actions.
func NewActionSet ¶
NewActionSet - creates new action set.
func (ActionSet) Intersection ¶
Intersection - returns actions available in both ActionSet.
func (ActionSet) MarshalJSON ¶
MarshalJSON - encodes ActionSet to JSON data.
func (*ActionSet) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to ActionSet.
type Args ¶
type Args struct { AccountName string `json:"account"` Action Action `json:"action"` BucketName string `json:"bucket"` ConditionValues map[string][]string `json:"conditions"` IsOwner bool `json:"owner"` ObjectName string `json:"object"` Claims map[string]interface{} `json:"claims"` }
Args - arguments to policy to check whether it is allowed
type Opa ¶
type Opa struct {
// contains filtered or unexported fields
}
Opa - implements opa policy agent calls.
type OpaArgs ¶
type OpaArgs struct { URL *xnet.URL `json:"url"` AuthToken string `json:"authToken"` Transport http.RoundTripper `json:"-"` CloseRespFn func(r io.ReadCloser) `json:"-"` }
OpaArgs opa general purpose policy engine configuration.
func (*OpaArgs) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data.
type Policy ¶
type Policy struct { ID policy.ID `json:"ID,omitempty"` Version string Statements []Statement `json:"Statement"` }
Policy - iam bucket iamp.
func ParseConfig ¶
ParseConfig - parses data in given reader to Iamp.
func (Policy) MarshalJSON ¶
MarshalJSON - encodes Policy to JSON data.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Iamp.
type Resource ¶
Resource - resource in policy statement.
func NewResource ¶
NewResource - creates new resource.
func (Resource) MarshalJSON ¶
MarshalJSON - encodes Resource to JSON data.
func (*Resource) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Resource.
type ResourceSet ¶
type ResourceSet map[Resource]struct{}
ResourceSet - set of resources in policy statement.
func NewResourceSet ¶
func NewResourceSet(resources ...Resource) ResourceSet
NewResourceSet - creates new resource set.
func (ResourceSet) Add ¶
func (resourceSet ResourceSet) Add(resource Resource)
Add - adds resource to resource set.
func (ResourceSet) Intersection ¶
func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet
Intersection - returns resources available in both ResourceSet.
func (ResourceSet) MarshalJSON ¶
func (resourceSet ResourceSet) MarshalJSON() ([]byte, error)
MarshalJSON - encodes ResourceSet to JSON data.
func (ResourceSet) Match ¶
func (resourceSet ResourceSet) Match(resource string, conditionValues map[string][]string) bool
Match - matches object name with anyone of resource pattern in resource set.
func (ResourceSet) String ¶
func (resourceSet ResourceSet) String() string
func (*ResourceSet) UnmarshalJSON ¶
func (resourceSet *ResourceSet) UnmarshalJSON(data []byte) error
UnmarshalJSON - decodes JSON data to ResourceSet.
func (ResourceSet) Validate ¶
func (resourceSet ResourceSet) Validate() error
Validate - validates ResourceSet.
type Statement ¶
type Statement struct { SID policy.ID `json:"Sid,omitempty"` Effect policy.Effect `json:"Effect"` Actions ActionSet `json:"Action"` Resources ResourceSet `json:"Resource"` Conditions condition.Functions `json:"Condition,omitempty"` }
Statement - iam policy statement.
func NewStatement ¶
func NewStatement(effect policy.Effect, actionSet ActionSet, resourceSet ResourceSet, conditions condition.Functions) Statement
NewStatement - creates new statement.
func (Statement) IsAllowed ¶
IsAllowed - checks given policy args is allowed to continue the Rest API.
func (Statement) MarshalJSON ¶
MarshalJSON - encodes JSON data to Statement.
func (*Statement) UnmarshalJSON ¶
UnmarshalJSON - decodes JSON data to Statement.