criteria

package
v0.22.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 4, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package criteria contains all the pre-defined criteria as well as a registry to add new criteria.

Index

Constants

View Source 
const (
	ReasonAccept                               = "accept"
	ReasonClaimOK                              = "claim-ok"
	ReasonClaimUnauthorized                    = "claim-unauthorized"
	ReasonCORSRequest                          = "cors-request"
	ReasonDeviceOK                             = "device-ok"
	ReasonDeviceUnauthenticated                = "device-unauthenticated"
	ReasonDeviceUnauthorized                   = "device-unauthorized"
	ReasonDomainOK                             = "domain-ok"
	ReasonDomainUnauthorized                   = "domain-unauthorized"
	ReasonEmailOK                              = "email-ok"
	ReasonEmailUnauthorized                    = "email-unauthorized"
	ReasonHTTPMethodOK                         = "http-method-ok"
	ReasonHTTPMethodUnauthorized               = "http-method-unauthorized"
	ReasonHTTPPathOK                           = "http-path-ok"
	ReasonHTTPPathUnauthorized                 = "http-path-unauthorized"
	ReasonInvalidClientCertificate             = "invalid-client-certificate"
	ReasonNonCORSRequest                       = "non-cors-request"
	ReasonNonPomeriumRoute                     = "non-pomerium-route"
	ReasonPomeriumRoute                        = "pomerium-route"
	ReasonReject                               = "reject"
	ReasonRouteNotFound                        = "route-not-found"
	ReasonUserOK                               = "user-ok"
	ReasonUserUnauthenticated                  = "user-unauthenticated" // user needs to log in
	ReasonUserUnauthorized                     = "user-unauthorized"    // user does not have access
	ReasonValidClientCertificateOrNoneRequired = "valid-client-certificate-or-none-required"
)

Well-known reasons.

Variables

This section is empty.

Functions

func NewCriterionDeviceRule added in v0.15.6 

func NewCriterionDeviceRule(
	g *generator.Generator,
	name string,
	passReason, failReason Reason,
	body ast.Body,
	deviceType string,
) *ast.Rule

NewCriterionDeviceRule generates a new rule for a criterion which requires a device and session. If there is no device "device-unauthenticated" is returned. If there is no session "user-unauthenticated" is returned.

func NewCriterionRule added in v0.15.6 

func NewCriterionRule(
	g *generator.Generator,
	name string,
	passReason, failReason Reason,
	body ast.Body,
) *ast.Rule

NewCriterionRule generates a new rule for a criterion.

func NewCriterionSessionRule added in v0.15.6 

func NewCriterionSessionRule(
	g *generator.Generator,
	name string,
	passReason, failReason Reason,
	body ast.Body,
) *ast.Rule

NewCriterionSessionRule generates a new rule for a criterion which requires a session. If there is no session "user-unauthenticated" is returned.

func NewCriterionTerm added in v0.15.6 

func NewCriterionTerm(value bool, reasons ...Reason) *ast.Term

NewCriterionTerm creates a new rego term for a criterion: 

[true, {"reason"}]

func NewCriterionTermWithAdditionalData added in v0.15.6 

func NewCriterionTermWithAdditionalData(value bool, reason Reason, additionalData map[string]interface{}) *ast.Term

NewCriterionTermWithAdditionalData creates a new rego term for a criterion with additional data: 

[true, {"reason"}, {"key": "value"}]

func Register 

func Register(criterionConstructor CriterionConstructor)

Register registers a criterion.

Types

type Criterion 

type Criterion = generator.Criterion

A Criterion generates rego rules based on data.

func Accept 

func Accept(generator *Generator) Criterion

Accept returns a Criterion which always returns true.

func AuthenticatedUser 

func AuthenticatedUser(generator *Generator) Criterion

AuthenticatedUser returns a Criterion which returns true if the current user is logged in.

func CORSPreflight 

func CORSPreflight(generator *Generator) Criterion

CORSPreflight returns a Criterion which returns true if the input request is a CORS preflight request.

func Claims 

func Claims(generator *Generator) Criterion

Claims returns a Criterion on allowed IDP claims.

func Device added in v0.15.6 

func Device(generator *Generator) Criterion

Device returns a Criterion based on the User's device state.

func Domain added in v0.15.6 

func Domain(generator *Generator) Criterion

Domain returns a Criterion on a user's email address domain.

func Email added in v0.15.6 

func Email(generator *Generator) Criterion

Email returns a Criterion on a user's email address.

func HTTPMethod added in v0.16.0 

func HTTPMethod(generator *Generator) Criterion

HTTPMethod returns a Criterion which matches an HTTP method.

func HTTPPath added in v0.16.0 

func HTTPPath(generator *Generator) Criterion

HTTPPath returns a Criterion which matches an HTTP path.

func InvalidClientCertificate 

func InvalidClientCertificate(generator *Generator) Criterion

InvalidClientCertificate returns a Criterion which returns true if the client certificate is valid.

func PomeriumRoutes 

func PomeriumRoutes(generator *Generator) Criterion

PomeriumRoutes returns a Criterion on that allows access to pomerium routes.

func Reject 

func Reject(generator *Generator) Criterion

Reject returns a Criterion which always returns false.

func UserID added in v0.15.6 

func UserID(generator *Generator) Criterion

UserID returns a Criterion on a user's id.

type CriterionConstructor 

type CriterionConstructor = generator.CriterionConstructor

A CriterionConstructor is a function which returns a Criterion for a Generator.

func All 

func All() []CriterionConstructor

All returns all the known criterion constructors.

type CriterionDataType 

type CriterionDataType = generator.CriterionDataType

The CriterionDataType indicates the expected type of data for the criterion. 

const (
	// CriterionDataTypeStringListMatcher indicates the expected data type is a string list matcher.
	CriterionDataTypeStringListMatcher CriterionDataType = "string_list_matcher"
	// CriterionDataTypeStringMatcher indicates the expected data type is a string matcher.
	CriterionDataTypeStringMatcher CriterionDataType = "string_matcher"
)

type Generator 

type Generator = generator.Generator

A Generator generates a rego script from a policy.

type Reason added in v0.15.6 

type Reason string

A Reason is a reason for why a policy criterion passes or fails.

type Reasons added in v0.15.6 

type Reasons map[Reason]struct{}

Reasons is a collection of reasons.

func NewReasons added in v0.15.6 

func NewReasons(reasons ...Reason) Reasons

NewReasons creates a new Reasons collection.

func (Reasons) Add added in v0.15.6 

func (rs Reasons) Add(r Reason)

Add adds a reason to the collection.

func (Reasons) Has added in v0.15.6 

func (rs Reasons) Has(r Reason) bool

Has returns true if the reason is found in the collection.

func (Reasons) Strings added in v0.15.6 

func (rs Reasons) Strings() []string

Strings returns the reason collection as a slice of strings.

func (Reasons) Union added in v0.15.6 

func (rs Reasons) Union(other Reasons) Reasons

Union merges two reason collections together.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.