policy

package
v0.0.0-...-52d9772 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 29, 2019 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Copyright (C) 2018 Yahoo Japan Corporation Athenz team.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright (C) 2018 Yahoo Japan Corporation Athenz team.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package policy represents the athenz policy updater fetching and verify logic and provide an interface to verify the policy data.

Copyright (C) 2018 Yahoo Japan Corporation Athenz team.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright (C) 2018 Yahoo Japan Corporation Athenz team.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright (C) 2018 Yahoo Japan Corporation Athenz team.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrDomainMismatch "Access denied due to domain mismatch between Resource and RoleToken"
	ErrDomainMismatch = errors.New("Access denied due to domain mismatch between Resource and RoleToken")

	// ErrDomainNotFound "Access denied due to domain not found in library cache"
	ErrDomainNotFound = errors.New("Access denied due to domain not found in library cache")

	// ErrNoMatch "Access denied due to no match to any of the assertions defined in domain policy file"
	ErrNoMatch = errors.New("Access denied due to no match to any of the assertions defined in domain policy file")

	// ErrInvalidPolicyResource "Access denied due to invalid/empty policy resources"
	ErrInvalidPolicyResource = errors.New("Access denied due to invalid/empty policy resources")

	// ErrDenyByPolicy "Access Check was explicitly denied"
	ErrDenyByPolicy = errors.New("Access Check was explicitly denied")

	// ErrDomainExpired "Access denied due to expired domain policy file"
	ErrDomainExpired = errors.New("Access denied due to expired domain policy file")

	// ErrFetchPolicy "Error fetching athenz policy"
	ErrFetchPolicy = errors.New("Error fetching athenz policy")
)

Functions

This section is empty.

Types

type Assertion 

type Assertion struct {
	ResourceDomain string         `json:"resource_domain"`
	Reg            *regexp.Regexp `json:"-"`
	Effect         error          `json:"effect"`

	Action      string `json:"action"`
	Resource    string `json:"resource"`
	RegexString string `json:"regex_string"`
}

Assertion represents the refined assertion data use in policy checking

func NewAssertion 

func NewAssertion(action, resource, effect string) (*Assertion, error)

NewAssertion returns the Assertion object or error

type Daemon 

type Daemon interface {
	Start(context.Context) <-chan error
	Update(context.Context) error
	CheckPolicy(ctx context.Context, domain string, roles []string, action, resource string) error
	GetPolicyCache(context.Context) map[string]interface{}
}

Policyd represent the daemon to retrieve policy data from Athenz.

func New 

func New(opts ...Option) (Daemon, error)

New represent the constructor of Policyd

type Option 

type Option func(*policyd) error

Option represents a functional options pattern interface

func WithAthenzDomains 

func WithAthenzDomains(doms ...string) Option

WithAthenzDomains represents a AthenzDomain functional option

func WithAthenzURL 

func WithAthenzURL(url string) Option

WithAthenzURL represents a AthenzURL functional option

func WithErrRetryInterval 

func WithErrRetryInterval(i string) Option

WithErrRetryInterval represents a ErrRetryInterval functional option

func WithEtagExpTime 

func WithEtagExpTime(t string) Option

WithEtagExpTime represents a EtagExpTime functional option

func WithEtagFlushDuration 

func WithEtagFlushDuration(t string) Option

WithEtagFlushDuration represents a ETagFlushDur functional option

func WithExpireMargin 

func WithExpireMargin(t string) Option

WithExpireMargin represents a ExpiryMargin functional option

func WithHTTPClient 

func WithHTTPClient(c *http.Client) Option

WithHTTPClient represents a HttpClient functional option

func WithPolicyExpiredDuration 

func WithPolicyExpiredDuration(t string) Option

WithPolicyExpiredDuration represents a PolicyExpiredDuration functional option

func WithPubKeyProvider 

func WithPubKeyProvider(pkp pubkey.Provider) Option

WithPubKeyProvider represents a PubKeyProvider functional option

func WithRefreshDuration 

func WithRefreshDuration(t string) Option

WithRefreshDuration represents a RefreshDuration functional option

type SignedPolicy 

type SignedPolicy struct {
	util.DomainSignedPolicyData
}

SignedPolicy represents the signed policy data

func (*SignedPolicy) Verify 

func (s *SignedPolicy) Verify(pkp pubkey.Provider) error

Verify verifies the signed policy and return any errors

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.