Documentation
¶
Index ¶
Constants ¶
View Source
const ( // GroupSystemAuthenticated is a group all users with a session belong to. // It is a way of identifying "anyone who is authenticated". GroupSystemAuthenticated = "system:authenticated" )
Variables ¶
View Source
var ( ErrAuthenticationMissing = &hz.Error{ Status: http.StatusBadRequest, Message: "missing authentication header", } ErrInvalidCredentials = &hz.Error{ Status: http.StatusUnauthorized, Message: "invalid credentials", } ErrForbidden = &hz.Error{ Status: http.StatusForbidden, Message: "forbidden", } )
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type CheckRequest ¶
type CheckRequest struct {
Session string
Verb Verb
Object hz.ObjectKeyer
}
type Group ¶
type Group struct {
Name string
Namespaces map[string]*Permissions
}
type ListRequest ¶
type ListRequest struct {
Session string
ObjectList *hz.ObjectList
}
Verb is implied (read).
type Permissions ¶
func (*Permissions) AllowRules ¶
func (p *Permissions) AllowRules() []Rule
func (*Permissions) DenyRules ¶
func (p *Permissions) DenyRules() []Rule
type RBAC ¶
type RBAC struct {
Conn *nats.Conn
// TODO: RoleBindings and Roles maps are not thread safe.
// E.g. HandleRoleEvent and refresh both write and read from Roles.
RoleBindings map[string]RoleBinding
Roles map[string]Role
Permissions map[string]*Group
AdminGroup string
// contains filtered or unexported fields
}
func (*RBAC) HandleRoleBindingEvent ¶
type Request ¶
type Request struct {
Subject RequestSubject
Verb Verb
Object hz.ObjectKeyer
}
Request is a request to check if Subject is allowed to perform Verb on Object.
type RequestSubject ¶
type RequestSubject struct {
Groups []string
}
type Role ¶
type Role struct {
hz.ObjectMeta `json:"metadata,omitempty"`
Spec RoleSpec `json:"spec,omitempty" cue:""`
}
func (Role) ObjectGroup ¶
func (Role) ObjectKind ¶
func (Role) ObjectVersion ¶
type RoleBinding ¶
type RoleBinding struct {
hz.ObjectMeta `json:"metadata,omitempty"`
Spec RoleBindingSpec `json:"spec,omitempty" cue:""`
}
func (RoleBinding) ObjectGroup ¶
func (RoleBinding) ObjectGroup() string
func (RoleBinding) ObjectKind ¶
func (RoleBinding) ObjectKind() string
func (RoleBinding) ObjectVersion ¶
func (RoleBinding) ObjectVersion() string
type RoleBindingSpec ¶
type RoleRef ¶
type RoleRef struct {
// Group is the api group of the Role being referenced.
Group string `json:"group" cue:""`
// Kind is the type of the Role being referenced.
Kind string `json:"kind" cue:""`
// Name is the name of the Role to which this RoleBinding refers.
Name string `json:"name" cue:""`
}
func RoleRefFromRole ¶
type Rule ¶
type Rule struct {
// Name of a resource that this rule targets.
Name *string `json:"name,omitempty"`
// Kind of a resource that this rule targets.
Kind *string `json:"kind,omitempty" cue:""`
// Group of a resource that this rule targets.
Group *string `json:"group,omitempty" cue:""`
// Verbs that this rule enforces.
Verbs []Verb `json:"verbs,omitempty" cue:""`
}
type Sessions ¶
type Sessions struct {
Conn *nats.Conn
// contains filtered or unexported fields
}
type Verb ¶
type Verb string
const ( // VerbRead allows/denies a subject to read objects. VerbRead Verb = "read" // VerbUpdate allows/denies a subject to update objects. VerbUpdate Verb = "update" // VerbCreate allows/denies a subject to create objects. VerbCreate Verb = "create" // VerbDelete allows/denies a subject to delete objects. VerbDelete Verb = "delete" // VerbRun allows/denies a subject to run actions for an actor. VerbRun Verb = "run" // VerbAll allows/denies a subject to perform all verbs. VerbAll Verb = "*" )
Source Files
Click to show internal directories.
Click to hide internal directories.