Documentation
¶
Index ¶
- Variables
- func GetManager(r api.Router) ladon.Manager
- func GetWarden(r api.Router) ladon.Warden
- func IsAllowed(ctx context.Context, req ladon.Request, w ladon.Warden, db users.Database) (bool, error)
- func NewManager(db *bbolt.DB) (ladon.Manager, error)
- type AuditLogger
- type IsSelfCondition
- type Manager
- func (m *Manager) Create(p ladon.Policy) error
- func (m *Manager) Delete(id string) error
- func (m *Manager) FindPoliciesForResource(resource string) (ladon.Policies, error)
- func (m *Manager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
- func (m *Manager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)
- func (m *Manager) Get(id string) (ladon.Policy, error)
- func (m *Manager) GetAll(limit, offset int64) (ladon.Policies, error)
- func (m *Manager) Update(p ladon.Policy) error
Constants ¶
This section is empty.
Variables ¶
var Directive = service.Directive{ Name: "policies", Init: func(s *service.Instance, d config.Dispenser) error { d.Next() var file string if d.NextArg() { file = d.Val() if d.Next() { return d.SyntaxErr("unexpected token after DB path") } } else { for d.NextBlock() { switch d.Val() { case "file", "path": if !d.NextArg() { return d.ArgErr() } file = d.Val() default: return d.SyntaxErr("unexpected configuration key: %s", d.Val()) } } } if file == "" { return d.ArgErr() } db, err := bbolt.Open(file, 0600, nil) if err != nil { return err } mng, err := NewManager(db) if err != nil { return err } warden := &ladon.Ladon{ Manager: mng, AuditLogger: &AuditLogger{l: log.Log}, } s.AddProvider(Key, warden) return nil }, }
Directive provides a policies directive that configures the policy database to use
var (
// Key is used to add a ladon.Manager to context.Context or api.Router
Key = mngKey{}
)
Functions ¶
func GetManager ¶
GetManager returns the ladon.Manager associated with r
Types ¶
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
func (*AuditLogger) LogGrantedAccessRequest ¶
func (*AuditLogger) LogRejectedAccessRequest ¶
type IsSelfCondition ¶
type IsSelfCondition struct{}
IsSelfCondition matches if the requesting subject is also the target resource. This can be used for self-service policies
func (IsSelfCondition) Fulfills ¶
func (IsSelfCondition) Fulfills(value interface{}, req *ladon.Request) bool
func (IsSelfCondition) GetName ¶
func (IsSelfCondition) GetName() string
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles ladon.Policy and implements the ladon.Manager interface
func (*Manager) FindPoliciesForResource ¶
FindPoliciesForResource returns policies that could match the resource. It either returns a set of policies that apply to the resource, or a superset of it. If an error occurs, it returns nil and the error.
func (*Manager) FindPoliciesForSubject ¶
FindPoliciesForSubject returns policies that could match the subject. It either returns a set of policies that applies to the subject, or a superset of it. If an error occurs, it returns nil and the error.
func (*Manager) FindRequestCandidates ¶
FindRequestCandidates returns candidates that could match the request object. It either returns a set that exactly matches the request, or a superset of it. If an error occurs, it returns nil and the error.
Source Files