Documentation ¶
Overview ¶
Package policy represents the athenz policy updater fetching and verify logic and provide an interface to verify the policy data.
Index ¶
- Variables
- type Assertion
- type Daemon
- type Fetcher
- type Option
- func WithAthenzDomains(doms ...string) Option
- func WithAthenzURL(url string) Option
- func WithErrRetryInterval(i string) Option
- func WithExpireMargin(t string) Option
- func WithHTTPClient(c *http.Client) Option
- func WithPolicyExpiredDuration(t string) Option
- func WithPubKeyProvider(pkp pubkey.Provider) Option
- func WithRefreshDuration(t string) Option
- type SignedPolicy
- type SignedPolicyVerifier
Constants ¶
This section is empty.
Variables ¶
var ( // ErrDomainMismatch "Access denied due to domain mismatch between Resource and RoleToken" ErrDomainMismatch = errors.New("Access denied due to domain mismatch between Resource and RoleToken") // ErrDomainNotFound "Access denied due to domain not found in library cache" ErrDomainNotFound = errors.New("Access denied due to domain not found in library cache") // ErrNoMatch "Access denied due to no match to any of the assertions defined in domain policy file" ErrNoMatch = errors.New("Access denied due to no match to any of the assertions defined in domain policy file") // ErrInvalidPolicyResource "Access denied due to invalid/empty policy resources" ErrInvalidPolicyResource = errors.New("Access denied due to invalid/empty policy resources") // ErrDenyByPolicy "Access Check was explicitly denied" ErrDenyByPolicy = errors.New("Access Check was explicitly denied") // ErrDomainExpired "Access denied due to expired domain policy file" ErrDomainExpired = errors.New("Access denied due to expired domain policy file") // ErrFetchPolicy "Error fetching athenz policy" ErrFetchPolicy = errors.New("Error fetching athenz policy") )
Functions ¶
This section is empty.
Types ¶
type Assertion ¶
type Assertion struct { ResourceDomain string `json:"resource_domain"` Reg *regexp.Regexp `json:"-"` Effect error `json:"effect"` Action string `json:"action"` Resource string `json:"resource"` RegexString string `json:"regex_string"` }
Assertion represents the refined assertion data use in policy checking
func NewAssertion ¶
NewAssertion returns the Assertion object or error
type Daemon ¶
type Daemon interface { Start(context.Context) <-chan error Update(context.Context) error CheckPolicy(ctx context.Context, domain string, roles []string, action, resource string) error GetPolicyCache(context.Context) map[string]interface{} }
Daemon represents the daemon to retrieve policy data from Athenz.
type Fetcher ¶ added in v2.1.0
type Fetcher interface { Domain() string Fetch(context.Context) (*SignedPolicy, error) FetchWithRetry(context.Context) (*SignedPolicy, error) }
Fetcher represents fetcher object for fetching signed policy
type Option ¶
type Option func(*policyd) error
Option represents a functional option
func WithAthenzDomains ¶
WithAthenzDomains represents an AthenzDomain functional option
func WithAthenzURL ¶
WithAthenzURL returns an AthenzURL functional option
func WithErrRetryInterval ¶
WithErrRetryInterval returns an ErrRetryInterval functional option
func WithExpireMargin ¶
WithExpireMargin returns an ExpiryMargin functional option
func WithHTTPClient ¶
WithHTTPClient returns a HttpClient functional option
func WithPolicyExpiredDuration ¶
WithPolicyExpiredDuration returns a PolicyExpiredDuration functional option
func WithPubKeyProvider ¶
WithPubKeyProvider returns a PubKeyProvider functional option
func WithRefreshDuration ¶
WithRefreshDuration returns a RefreshDuration functional option
type SignedPolicy ¶
type SignedPolicy struct {
util.DomainSignedPolicyData
}
SignedPolicy represents the signed policy data
type SignedPolicyVerifier ¶ added in v2.1.0
type SignedPolicyVerifier func(*SignedPolicy) error
SignedPolicyVerifier type defines the function signature to verify a signed policy.