Documentation
¶
Index ¶
- Constants
- func AllLevels() sets.String
- func AllStages() sets.String
- func ConvertStagesToStrings(stages []audit.Stage) []string
- func ConvertStringSetToStages(set sets.String) []audit.Stage
- func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
- func InvertStages(stages []audit.Stage) []audit.Stage
- func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
- func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
- type Checker
Constants ¶
View Source
const ( // DefaultAuditLevel is the default level to audit at, if no policy rules are matched. DefaultAuditLevel = audit.LevelNone )
Variables ¶
This section is empty.
Functions ¶
func ConvertStagesToStrings ¶
ConvertStagesToStrings converts an array of stages to a string array
func ConvertStringSetToStages ¶
ConvertStringSetToStages converts a string set to an array of stages
func EnforcePolicy ¶
func EnforcePolicy(event *audit.Event, level audit.Level, omitStages []audit.Stage) (*audit.Event, error)
EnforcePolicy drops any part of the event that doesn't conform to a policy level or omitStages and sets the event level accordingly
func InvertStages ¶
InvertStages subtracts the given array of stages from all stages
func LoadPolicyFromBytes ¶
func LoadPolicyFromBytes(policyDef []byte) (*auditinternal.Policy, error)
func LoadPolicyFromFile ¶
func LoadPolicyFromFile(filePath string) (*auditinternal.Policy, error)
Types ¶
type Checker ¶
type Checker interface {
// Check the audit level for a request with the given authorizer attributes.
LevelAndStages(authorizer.Attributes) (audit.Level, []audit.Stage)
}
Checker exposes methods for checking the policy rules.
func FakeChecker ¶
FakeChecker creates a checker that returns a constant level for all requests (for testing).
func NewChecker ¶
NewChecker creates a new policy checker.
Source Files
Click to show internal directories.
Click to hide internal directories.