acl

package
v0.0.0-...-5b5139b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2022 License: BSD-3-Clause Imports: 6 Imported by: 0

Documentation

Overview

Package acl contains functions to enforce access control lists. It allows you to register multiple security policies for enforcing ACLs for users or HTTP requests. The specific policy to use must be specified from a command line argument and cannot be changed on-the-fly.

Index

Constants

View Source
const (
	ADMIN      = "admin"
	DEBUGGING  = "debugging"
	MONITORING = "monitoring"
)

This is a list of predefined roles. Applications are free to invent more roles, as long as the acl policies they use can understand what they mean.

Variables

This section is empty.

Functions

func CheckAccessActor

func CheckAccessActor(actor, role string) error

CheckAccessActor uses the current security policy to verify if an actor has access to the role.

func CheckAccessHTTP

func CheckAccessHTTP(req *http.Request, role string) error

CheckAccessHTTP uses the current security policy to verify if an actor in an http request has access to the role.

func RegisterPolicy

func RegisterPolicy(name string, policy Policy)

RegisterPolicy registers a security policy. This function must be called before the first call to CheckAccess happens, preferably through an init. This will ensure that the requested policy can be found by other acl functions when needed.

func SendError

func SendError(w http.ResponseWriter, err error)

SendError is a convenience function that sends an ACL error as an HTTP response.

Types

type FallbackPolicy

type FallbackPolicy struct{}

FallbackPolicy is the policy that's used if the requested policy cannot be found. It rejects all access.

func (FallbackPolicy) CheckAccessActor

func (fp FallbackPolicy) CheckAccessActor(actor, role string) error

CheckAccessActor disallows all actor access.

func (FallbackPolicy) CheckAccessHTTP

func (fp FallbackPolicy) CheckAccessHTTP(req *http.Request, role string) error

CheckAccessHTTP disallows all HTTP access.

type Policy

type Policy interface {
	// CheckAccessActor can be called to verify if an actor
	// has access to the role.
	CheckAccessActor(actor, role string) error
	// CheckAccessHTTP can be called to verify if an actor in
	// the http request has access to the role.
	CheckAccessHTTP(req *http.Request, role string) error
}

Policy defines the interface that needs to be satisfied by ACL policy implementors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL