Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var NoMatch = errors.New("did not match any rule")
Functions ¶
func StringSetIntersection ¶
Types ¶
type ACLD2hubConfig ¶
type ACLD2hubConfig struct {
D2HubURL string `yaml:"d2hub_url"`
}
type ACLEntry ¶
type ACLEntry struct { Match *MatchConditions `yaml:"match"` Actions *[]string `yaml:"actions,flow"` Comment *string `yaml:"comment,omitempty"` }
func (*ACLEntry) Matches ¶
func (e *ACLEntry) Matches(ai *AuthRequestInfo) bool
type ACLMongoConfig ¶
type ACLMongoConfig struct { MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"` Collection string `yaml:"collection,omitempty"` CacheTTL time.Duration `yaml:"cache_ttl,omitempty"` }
func (*ACLMongoConfig) Validate ¶
func (c *ACLMongoConfig) Validate(configKey string) error
Validate ensures that any custom config options in a Config are set correctly.
type AuthRequestInfo ¶
type AuthRequestInfo struct { Account string Type string Name string Password authn.PasswordString Service string IP net.IP Actions []string }
func (AuthRequestInfo) String ¶
func (ai AuthRequestInfo) String() string
type Authorizer ¶
type Authorizer interface { // Authorize performs authorization given the request information. // It returns a set of authorized actions (of the set requested), which can be empty/nil. // Error should only be reported if request could not be serviced, not if it should be denied. // A special NoMatch error is returned if the authorizer could not reach a decision, // e.g. none of the rules matched. // Implementations must be goroutine-safe. Authorize(ai *AuthRequestInfo) ([]string, error) // Finalize resources in preparation for shutdown. // When this call is made there are guaranteed to be no Authenticate requests in flight // and there will be no more calls made to this instance. Stop() // Human-readable name of the authenticator. Name() string }
Authorizer interface performs authorization of the request. It is invoked after authentication so it can be assumed that the requestor has presented satisfactory credentials for Account. Principally, it answers the question: is this Account allowed to perform these Actions on this Type.Name subject in the give Service?
func NewACLAuthorizer ¶
func NewACLAuthorizer(acl ACL) (Authorizer, error)
NewACLAuthorizer Creates a new static authorizer with ACL that have been read from the config file
func NewACLD2hubAuthorizer ¶
func NewACLD2hubAuthorizer(c *ACLD2hubConfig) (Authorizer, error)
func NewACLMongoAuthorizer ¶
func NewACLMongoAuthorizer(c *ACLMongoConfig) (Authorizer, error)
NewACLMongoAuthorizer creates a new ACL MongoDB authorizer
type MatchConditions ¶
type MatchConditions struct { Account *string `yaml:"account,omitempty" json:"account,omitempty"` Type *string `yaml:"type,omitempty" json:"type,omitempty"` Name *string `yaml:"name,omitempty" json:"name,omitempty"` IP *string `yaml:"ip,omitempty" json:"ip,omitempty"` }
func (*MatchConditions) Matches ¶
func (mc *MatchConditions) Matches(ai *AuthRequestInfo) bool
type MongoACL ¶
type MongoACL []MongoACLEntry
type MongoACLEntry ¶
Click to show internal directories.
Click to hide internal directories.