policy

package

v0.11.0 Latest Latest Go to latest Published: Sep 30, 2021 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/porter-dev/porter

Documentation ¶

Overview ¶

Package policy provides methods for parsing RBAC policies to determine if a user has access to a given resource.

TODO: more details about policy trees + "MostRestrictiveParent" + "LeastRestrictiveSibling"

Caveats: - one policy document to match the entire action - list/create are not resource-specific actions, so granting list/create permissions for a scope means that a user can list all resources or create a new resource in that scope.

Index ¶

Variables
func HasScopeAccess(policy []*types.PolicyDocument, ...) bool
type BasicPolicyDocumentLoader
- func NewBasicPolicyDocumentLoader(projRepo repository.ProjectRepository) *BasicPolicyDocumentLoader
- func (b *BasicPolicyDocumentLoader) LoadPolicyDocuments(userID, projectID uint) ([]*types.PolicyDocument, apierrors.RequestError)
type PolicyDocumentLoader

Constants ¶

This section is empty.

Variables ¶

View Source

var AdminPolicy = []*types.PolicyDocument{
	{
		Scope: types.ProjectScope,
		Verbs: types.ReadWriteVerbGroup(),
	},
}

View Source

var DeveloperPolicy = []*types.PolicyDocument{
	{
		Scope: types.ProjectScope,
		Verbs: types.ReadWriteVerbGroup(),
		Children: map[types.PermissionScope]*types.PolicyDocument{
			types.SettingsScope: {
				Scope: types.SettingsScope,
				Verbs: types.ReadVerbGroup(),
			},
		},
	},
}

View Source

var ViewerPolicy = []*types.PolicyDocument{
	{
		Scope: types.ProjectScope,
		Verbs: types.ReadVerbGroup(),
		Children: map[types.PermissionScope]*types.PolicyDocument{
			types.SettingsScope: {
				Scope: types.SettingsScope,
				Verbs: []types.APIVerb{},
			},
		},
	},
}

Functions ¶

func HasScopeAccess ¶

func HasScopeAccess(
	policy []*types.PolicyDocument,
	reqScopes map[types.PermissionScope]*types.RequestAction,
) bool

HasScopeAccess checks that a user can perform an action (`verb`) against a specific resource (`resource+scope`) according to a `policy`.

Types ¶

type BasicPolicyDocumentLoader ¶

type BasicPolicyDocumentLoader struct {
	// contains filtered or unexported fields
}

BasicPolicyDocumentLoader loads policy documents simply depending on the

func NewBasicPolicyDocumentLoader ¶

func NewBasicPolicyDocumentLoader(projRepo repository.ProjectRepository) *BasicPolicyDocumentLoader

func (*BasicPolicyDocumentLoader) LoadPolicyDocuments ¶

func (b *BasicPolicyDocumentLoader) LoadPolicyDocuments(
	userID, projectID uint,
) ([]*types.PolicyDocument, apierrors.RequestError)

type PolicyDocumentLoader ¶

type PolicyDocumentLoader interface {
	LoadPolicyDocuments(userID, projectID uint) ([]*types.PolicyDocument, apierrors.RequestError)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL