iamcel

package
v0.56.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 17, 2024 License: MIT Imports: 17 Imported by: 2

Documentation

Overview

Package iamcel provides primitives for using CEL expressions for access management.

Index

Constants

View Source
const AncestorFunction = "ancestor"

AncestorFunction is the name of the CEL ancestor function.

View Source
const JoinFunction = "join"

JoinFunction is the name of the CEL descendant function.

View Source
const MemberFunction = "member"

MemberFunction is the name of the CEL member function.

View Source
const TestAllFunction = "test_all"

TestAllFunction is the name of the function for testing that all resources have a specified permission.

View Source
const TestAnyFunction = "test_any"

TestAnyFunction is the name of the test_any permission function.

View Source
const TestFunction = "test"

TestFunction is the name of the test permission function.

Variables

This section is empty.

Functions

func NewAfterEnv

func NewAfterEnv(method protoreflect.MethodDescriptor) (*cel.Env, error)

NewAfterEnv creates a new CEL environment for authorization checks that run after the request has been handled.

func NewAncestorFunctionDeclaration

func NewAncestorFunctionDeclaration() *expr.Decl

NewAncestorFunctionDeclaration creates a new declaration for the ancestor function.

func NewAncestorFunctionImplementation

func NewAncestorFunctionImplementation() *functions.Overload

NewAncestorFunctionImplementation creates a new implementation for the ancestor function.

func NewBeforeEnv

func NewBeforeEnv(method protoreflect.MethodDescriptor) (*cel.Env, error)

NewBeforeEnv creates a new CEL environment for authorization checks that run before the request has been handled.

func NewJoinFunctionDeclaration added in v0.52.0

func NewJoinFunctionDeclaration() *expr.Decl

NewJoinFunctionDeclaration creates a new declaration for the descendant function.

func NewJoinFunctionImplementation added in v0.52.0

func NewJoinFunctionImplementation() *functions.Overload

NewJoinFunctionImplementation creates a new implementation for the descendant function.

func NewMemberFunctionDeclaration added in v0.51.0

func NewMemberFunctionDeclaration() *expr.Decl

NewMemberFunctionDeclaration creates a new declaration for the member function.

func NewMemberFunctionImplementation added in v0.51.0

func NewMemberFunctionImplementation() *functions.Overload

NewMemberFunctionImplementation creates a new implementation for the member function.

func NewTestAllFunctionDeclaration

func NewTestAllFunctionDeclaration() *expr.Decl

NewTestAllFunctionDeclaration creates a new declaration for the test_all function.

func NewTestAllFunctionImplementation

func NewTestAllFunctionImplementation(
	options *iamv1.MethodAuthorizationOptions,
	tester PermissionTester,
) *functions.Overload

NewTestAllFunctionImplementation creates a new implementation for the test_all function.

func NewTestAnyFunctionDeclaration

func NewTestAnyFunctionDeclaration() *expr.Decl

NewTestAnyFunctionDeclaration creates a new declaration for the test_any function.

func NewTestAnyFunctionImplementation

func NewTestAnyFunctionImplementation(
	options *iamv1.MethodAuthorizationOptions,
	tester PermissionTester,
) *functions.Overload

NewTestAnyFunctionImplementation creates a new implementation for the test_all function.

func NewTestFunctionDeclaration

func NewTestFunctionDeclaration() *expr.Decl

NewTestFunctionDeclaration creates a new declaration for the test permission function.

func NewTestFunctionImplementation

func NewTestFunctionImplementation(
	options *iamv1.MethodAuthorizationOptions,
	tester PermissionTester,
) *functions.Overload

NewTestFunctionImplementation creates a new implementation for the test permission function.

Types

type PermissionTester added in v0.33.0

type PermissionTester interface {
	TestPermissions(
		ctx context.Context,
		caller *iamv1.Caller,
		resourcePermissions map[string]string,
	) (map[string]bool, error)
}

PermissionTester is an interface for testing IAM permissions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL