permissions

package
v0.11.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 2, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ErrRestrictionsViolation 

type ErrRestrictionsViolation struct {
	Err error
}

ErrRestrictionsViolation represents an error during restrictions computations.

func (ErrRestrictionsViolation) Error 

func (e ErrRestrictionsViolation) Error() string

func (ErrRestrictionsViolation) Unwrap 

func (e ErrRestrictionsViolation) Unwrap() error

Unwrap returns the warped error.

type MockRetriever 

type MockRetriever interface {
	Retriever
	MockPermissions(t *testing.T, impl func(context.Context, []string, string, ...RetrieverOption) (PermissionMap, error))
}

A MockRetriever allows to mock a permissions.Retriever for unit tests.

func NewMockRetriever 

func NewMockRetriever() MockRetriever

NewMockRetriever returns a MockRetriever.

type MockTransformer 

type MockTransformer interface {
	Transformer
	MockTransform(t *testing.T, impl func(PermissionMap) PermissionMap)
}

A MockTransformer allows to mock a transform.Transformer for unit tests.

func NewMockTransformer 

func NewMockTransformer() MockTransformer

NewMockTransformer returns a MockTransformer.

type PermissionMap 

type PermissionMap map[string]Permissions

A PermissionMap represents a map of resource to Permissions

func Parse 

func Parse(authStrings []string, targetID string) PermissionMap

Parse parses the given list of permission strings in the form resource:action1,...,actionN:id1,...,idN and returns the PermissionMap.

func (PermissionMap) Allows 

func (p PermissionMap) Allows(operation string, resource string) bool

Allows returns true if the given operation on the given identity is allowed.

func (PermissionMap) Contains 

func (p PermissionMap) Contains(other PermissionMap) bool

Contains returns true if the receiver inclusively contains the given PermissionsMap.

func (PermissionMap) Copy 

func (p PermissionMap) Copy() PermissionMap

Copy returns a copy of the receiver.

func (PermissionMap) Intersect 

func (p PermissionMap) Intersect(other PermissionMap) PermissionMap

Intersect returns the intersection between the receiver and the given PermissionMap.

type Permissions 

type Permissions map[string]bool

Permissions represents a parsed permission string.

type Restrictions 

type Restrictions struct {
	Namespace   string   `json:"namespace,omitempty"`
	Permissions []string `json:"perms,omitempty"`
	Networks    []string `json:"networks,omitempty"`
}

Restrictions are a collection of restrictions that the policy engine should apply for authz based on the token

func GetRestrictions 

func GetRestrictions(tokenString string) (Restrictions, error)

GetRestrictions returns the eventual Restrictions embedded in the given token.

func (Restrictions) RestrictNamespace 

func (r Restrictions) RestrictNamespace(requested string) (string, error)

RestrictNamespace returns the namespace to use based on the receiver and the new requested one.

func (Restrictions) RestrictNetworks 

func (r Restrictions) RestrictNetworks(requested []string) ([]string, error)

RestrictNetworks returns the networks to use based on the receiver and the new requested ones.

func (Restrictions) RestrictPermissions 

func (r Restrictions) RestrictPermissions(requested []string) ([]string, error)

RestrictPermissions returns the permissions to use based on the receiver and the new requested ones.

func (Restrictions) Zero 

func (r Restrictions) Zero() bool

Zero returns true if the Restrictions is zero value.

type Retriever 

type Retriever interface {

	// Permissions returns the PermissionMap for the given
	// clams on the given namespace for the given id (optional)
	// from the given address with the given restrictions.
	Permissions(ctx context.Context, claims []string, ns string, opts ...RetrieverOption) (PermissionMap, error)
}

A Retriever is an object that can retrieve permissions for the given informations.

func NewRemoteRetriever 

func NewRemoteRetriever(manipulator manipulate.Manipulator) Retriever

NewRemoteRetriever returns a new Retriever backed by remote API calls to an A3S instance, using the /permissions api. This is meant to be used with an authorizer.Authorizer by A3S client wishing to verify permissions for their users.

func NewRemoteRetrieverWithTransformer 

func NewRemoteRetrieverWithTransformer(manipulator manipulate.Manipulator, transformer Transformer) Retriever

NewRemoteRetrieverWithTransformer returns a new RemoteRetriever with the provided transformer.

func NewRetriever 

func NewRetriever(manipulator manipulate.Manipulator) Retriever

NewRetriever returns a new Retriever.

type RetrieverOption 

type RetrieverOption func(*config)

A RetrieverOption represents an option of the retriver.

func OptionOffloadPermissionsRestrictions 

func OptionOffloadPermissionsRestrictions(offload bool) RetrieverOption

OptionOffloadPermissionsRestrictions tells the retriever to skip permissions restrictions computing and offload to the caller.

func OptionRetrieverID 

func OptionRetrieverID(id string) RetrieverOption

OptionRetrieverID sets the ID to use to compute permissions.

func OptionRetrieverRestrictions 

func OptionRetrieverRestrictions(r Restrictions) RetrieverOption

OptionRetrieverRestrictions sets the restrictions to apply on the retrieved permissions.

func OptionRetrieverSourceIP 

func OptionRetrieverSourceIP(ip string) RetrieverOption

OptionRetrieverSourceIP sets the source IP to use to compute permissions.

type Transformer 

type Transformer interface {
	Transform(PermissionMap) PermissionMap
}

A Transformer is an interface that can manipulate a permissions map.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.