Documentation ¶
Overview ¶
Package policy provides RBAC policy enforcement similar to the OpenStack oslo.policy library.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultCheck ¶
DefaultCheck is used whenever there is no specific check registered for the left hand side. It simply tries to match the right side if the check to the authentication credential given by the left side. E.g. user_id:%(target.user_id)
Types ¶
type Context ¶
type Context struct { //Authentication context information from the keystone token, e.g. user_id, user_domain_id... Auth map[string]string //Roles assigned to the user for the current scope Roles []string //Request variables that are referenced in policy rules Request map[string]string //Logger can be used to enable debug logging for this context. Logger func(msg string, args ...interface{}) // contains filtered or unexported fields }
Context encapsulates the external data required for enforcing a rules. Populating a Context object is left to the application using the policy engine.
type Enforcer ¶
type Enforcer struct {
// contains filtered or unexported fields
}
Enforcer is responsible for loading and enforcing rules.
func NewEnforcer ¶
NewEnforcer parses the provided rule set and returns a policy enforcer By default the Enforcer registers the following checks "rule": RuleCheck "role": RoleCheck "http": HttpCheck "default": DefaultCheck