acl

package
v0.0.0-...-6b75f96 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2024 License: BSD-3-Clause Imports: 3 Imported by: 0

Documentation

Overview

Package acl implements ACL evaluation for access to a secrets database.

ACL policies are provided by tailscale peer capabilities.

Index

Constants

View Source 
const (
	// ActionGet ("get" in the API) denotes permission to fetch the contents of a secret.
	//
	// Note: ActionGet does not imply ActionInfo, or vice versa.
	ActionGet = Action("get")

	// ActionInfo ("info" in the API) denotes permission to read the metadata
	// for a secret, including available and active version numbers, but not the
	// secret values.
	ActionInfo = Action("info")

	// ActionPut ("put" in the API) denotes permission to put a new value of a
	// secret.
	ActionPut = Action("put")

	// ActionActivate ("activate" in the API) denotes permission to set one one
	// of of the available versions of a secret as the active one.
	ActionActivate = Action("activate")

	// ActionDelete ("delete" in the API) denotes permission to delete secret
	// versions, either individually or entirely.
	ActionDelete = Action("delete")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Action 

type Action string

Action is an action on secrets that is subject to access control.

type Rule 

type Rule struct {
	Action []Action `json:"action"`
	Secret []Secret `json:"secret"`
}

Rule is an access control rule that permits some actions on some secrets. Secrets can contain '*' wildcards, which match zero or more characters.

func (*Rule) Allow 

func (r *Rule) Allow(action Action, secret string) bool

Allow reports whether the rule allows action on secret.

type Rules 

type Rules []Rule

Rules is a set of ACLs for access to a secret.

func (Rules) Allow 

func (rr Rules) Allow(action Action, secret string) bool

Allow reports whether the ACLs allow action on secret.

type Secret 

type Secret string

Secret is a secret name pattern that can optionally contain '*' wildcard characters. The wildcard means "zero or more of any character here."

func (Secret) Match 

func (pat Secret) Match(val string) bool

Match reports whether the Secret name pattern matches val.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.