acl

package

v0.4.1 Latest Latest Go to latest Published: Oct 20, 2014 License: MPL-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/threadwaste/consul

Documentation ¶

Index ¶

Constants
type ACL
type Cache
- func NewCache(size int, faultfn FaultFunc) (*Cache, error)
type FaultFunc
type KeyPolicy
- func (k *KeyPolicy) GoString() string
type Policy
- func Parse(rules string) (*Policy, error)
type PolicyACL
- func New(parent ACL, policy *Policy) (*PolicyACL, error)
type StaticACL

Constants ¶

View Source

const (
	KeyPolicyDeny  = "deny"
	KeyPolicyRead  = "read"
	KeyPolicyWrite = "write"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ACL ¶

type ACL interface {
	// KeyRead checks for permission to read a given key
	KeyRead(string) bool

	// KeyWrite checks for permission to write a given key
	KeyWrite(string) bool

	// KeyWritePrefix checks for permission to write to an
	// entire key prefix. This means there must be no sub-policies
	// that deny a write.
	KeyWritePrefix(string) bool

	// ACLList checks for permission to list all the ACLs
	ACLList() bool

	// ACLModify checks for permission to manipulate ACLs
	ACLModify() bool
}

ACL is the interface for policy enforcement.

func AllowAll ¶

func AllowAll() ACL

AllowAll returns an ACL rule that allows all operations

func DenyAll ¶

func DenyAll() ACL

DenyAll returns an ACL rule that denies all operations

func ManageAll ¶

func ManageAll() ACL

ManageAll returns an ACL rule that can manage all resources

func RootACL ¶

func RootACL(id string) ACL

RootACL returns a possible ACL if the ID matches a root policy

type Cache ¶

type Cache struct {
	// contains filtered or unexported fields
}

Cache is used to implement policy and ACL caching

func NewCache ¶

func NewCache(size int, faultfn FaultFunc) (*Cache, error)

NewCache contructs a new policy and ACL cache of a given size

func (*Cache) ClearACL ¶

func (c *Cache) ClearACL(id string)

ClearACL is used to clear the ACL cache if any

func (*Cache) GetACL ¶

func (c *Cache) GetACL(id string) (ACL, error)

GetACL is used to get a potentially cached ACL policy. If not cached, it will be generated and then cached.

func (*Cache) GetACLPolicy ¶

func (c *Cache) GetACLPolicy(id string) (string, *Policy, error)

GetACLPolicy is used to get the potentially cached ACL policy. If not cached, it will be generated and then cached.

func (*Cache) GetPolicy ¶

func (c *Cache) GetPolicy(rules string) (*Policy, error)

GetPolicy is used to get a potentially cached policy set. If not cached, it will be parsed, and then cached.

func (*Cache) Purge ¶

func (c *Cache) Purge()

Purge is used to clear all the ACL caches. The rule and policy caches are not purged, since they are content-hashed anyways.

type FaultFunc ¶

type FaultFunc func(id string) (string, string, error)

FaultFunc is a function used to fault in the parent, rules for an ACL given it's ID

type KeyPolicy ¶

type KeyPolicy struct {
	Prefix string `hcl:",key"`
	Policy string
}

KeyPolicy represents a policy for a key

func (*KeyPolicy) GoString ¶

func (k *KeyPolicy) GoString() string

type Policy ¶

type Policy struct {
	ID   string       `hcl:"-"`
	Keys []*KeyPolicy `hcl:"key,expand"`
}

Policy is used to represent the policy specified by an ACL configuration.

func Parse ¶

func Parse(rules string) (*Policy, error)

Parse is used to parse the specified ACL rules into an intermediary set of policies, before being compiled into the ACL

type PolicyACL ¶

type PolicyACL struct {
	// contains filtered or unexported fields
}

PolicyACL is used to wrap a set of ACL policies to provide the ACL interface.

func New ¶

func New(parent ACL, policy *Policy) (*PolicyACL, error)

New is used to construct a policy based ACL from a set of policies and a parent policy to resolve missing cases.

func (*PolicyACL) ACLList ¶

func (p *PolicyACL) ACLList() bool

ACLList checks if listing of ACLs is allowed

func (*PolicyACL) ACLModify ¶

func (p *PolicyACL) ACLModify() bool

ACLModify checks if modification of ACLs is allowed

func (*PolicyACL) KeyRead ¶

func (p *PolicyACL) KeyRead(key string) bool

KeyRead returns if a key is allowed to be read

func (*PolicyACL) KeyWrite ¶

func (p *PolicyACL) KeyWrite(key string) bool

KeyWrite returns if a key is allowed to be written

func (*PolicyACL) KeyWritePrefix ¶

func (p *PolicyACL) KeyWritePrefix(prefix string) bool

KeyWritePrefix returns if a prefix is allowed to be written

type StaticACL ¶

type StaticACL struct {
	// contains filtered or unexported fields
}

StaticACL is used to implement a base ACL policy. It either allows or denies all requests. This can be used as a parent ACL to act in a blacklist or whitelist mode.

func (*StaticACL) ACLList ¶

func (s *StaticACL) ACLList() bool

func (*StaticACL) ACLModify ¶

func (s *StaticACL) ACLModify() bool

func (*StaticACL) KeyRead ¶

func (s *StaticACL) KeyRead(string) bool

func (*StaticACL) KeyWrite ¶

func (s *StaticACL) KeyWrite(string) bool

func (*StaticACL) KeyWritePrefix ¶

func (s *StaticACL) KeyWritePrefix(string) bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL