warden

package

v0.0.1 Latest Latest Go to latest Published: May 20, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/playnet-public/keto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package warden implements endpoints capable of making access control decisions based on Access Control Policies

Package warden defines an API for validating access requests.

Index ¶

Constants
type AccessRequest
type AuditLoggerLogrus
- func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
- func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
type Firewall
type Handler
- func NewHandler(writer herodot.Writer, warden Firewall, ...) *Handler
- func (h *Handler) SetRoutes(r *httprouter.Router)
type Warden
- func NewWarden(warden ladon.Warden, roles role.Manager, l logrus.FieldLogger) *Warden
- func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error

Constants ¶

View Source

const (
	AuthenticatorHandlerPath = "/warden/%s/authorize"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessRequest ¶

type AccessRequest struct {
	// Resource is the resource that access is requested to.
	Resource string `json:"resource"`

	// Action is the action that is requested on the resource.
	Action string `json:"action"`

	// Subejct is the subject that is requesting access.
	Subject string `json:"subject"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context"`
}

AccessRequest is the warden's request object.

swagger:model WardenSubjectAuthorizationRequest

type AuditLoggerLogrus ¶

type AuditLoggerLogrus struct {
	Logger logrus.FieldLogger
}

AuditLoggerLogrus outputs information about granting or rejecting policies.

func (*AuditLoggerLogrus) LogGrantedAccessRequest ¶

func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

func (*AuditLoggerLogrus) LogRejectedAccessRequest ¶

func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

type Firewall ¶

type Firewall interface {
	// IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not.
	//
	//  ctx, err := firewall.IsAllowed(context.Background(), &AccessRequest{
	//    Subject:  "alice",
	//    Resource: "matrix",
	//    Action:   "create",
	//    Context:  ladon.Context{},
	//  }, "photos", "files")
	//
	//  fmt.Sprintf("%s", ctx.Subject)
	IsAllowed(ctx context.Context, accessRequest *AccessRequest) error
}

Firewall offers various validation strategies for access tokens.

type Handler ¶

type Handler struct {
	H      herodot.Writer
	Warden Firewall

	ResourcePrefix string
	// contains filtered or unexported fields
}

Handler is capable of handling HTTP request and validating access tokens and access requests.

func NewHandler ¶

func NewHandler(writer herodot.Writer, warden Firewall, authenticators map[string]authentication.Authenticator) *Handler

func (*Handler) SetRoutes ¶

func (h *Handler) SetRoutes(r *httprouter.Router)

type Warden ¶

type Warden struct {
	Warden ladon.Warden
	Roles  role.Manager
	L      logrus.FieldLogger
}

func NewWarden ¶

func NewWarden(
	warden ladon.Warden,
	roles role.Manager,
	l logrus.FieldLogger) *Warden

func (*Warden) IsAllowed ¶

func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL