authz

package
v0.0.0-...-edb06f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 27, 2023 License: Apache-2.0, Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NoMatch = errors.New("did not match any rule")

Functions

func StringSetIntersection 

func StringSetIntersection(a, b []string) []string

Types

type ACL 

type ACL []ACLEntry

type ACLD2hubConfig 

type ACLD2hubConfig struct {
	D2HubURL string `yaml:"d2hub_url"`
}

type ACLEntry 

type ACLEntry struct {
	Match   *MatchConditions `yaml:"match"`
	Actions *[]string        `yaml:"actions,flow"`
	Comment *string          `yaml:"comment,omitempty"`
}

func (*ACLEntry) Matches 

func (e *ACLEntry) Matches(ai *AuthRequestInfo) bool

func (ACLEntry) String 

func (e ACLEntry) String() string

type ACLMongoConfig 

type ACLMongoConfig struct {
	MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
	Collection  string              `yaml:"collection,omitempty"`
	CacheTTL    time.Duration       `yaml:"cache_ttl,omitempty"`
}

func (*ACLMongoConfig) Validate 

func (c *ACLMongoConfig) Validate(configKey string) error

Validate ensures that any custom config options in a Config are set correctly.

type AuthRequestInfo 

type AuthRequestInfo struct {
	Account  string
	Type     string
	Name     string
	Password authn.PasswordString
	Service  string
	IP       net.IP
	Actions  []string
}

func (AuthRequestInfo) String 

func (ai AuthRequestInfo) String() string

type Authorizer 

type Authorizer interface {
	// Authorize performs authorization given the request information.
	// It returns a set of authorized actions (of the set requested), which can be empty/nil.
	// Error should only be reported if request could not be serviced, not if it should be denied.
	// A special NoMatch error is returned if the authorizer could not reach a decision,
	// e.g. none of the rules matched.
	// Implementations must be goroutine-safe.
	Authorize(ai *AuthRequestInfo) ([]string, error)

	// Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()

	// Human-readable name of the authenticator.
	Name() string
}

Authorizer interface performs authorization of the request. It is invoked after authentication so it can be assumed that the requestor has presented satisfactory credentials for Account. Principally, it answers the question: is this Account allowed to perform these Actions on this Type.Name subject in the give Service?

func NewACLAuthorizer 

func NewACLAuthorizer(acl ACL) (Authorizer, error)

NewACLAuthorizer Creates a new static authorizer with ACL that have been read from the config file

func NewACLD2hubAuthorizer 

func NewACLD2hubAuthorizer(c *ACLD2hubConfig) (Authorizer, error)

func NewACLMongoAuthorizer 

func NewACLMongoAuthorizer(c *ACLMongoConfig) (Authorizer, error)

NewACLMongoAuthorizer creates a new ACL MongoDB authorizer

type MatchConditions 

type MatchConditions struct {
	Account *string `yaml:"account,omitempty" json:"account,omitempty"`
	Type    *string `yaml:"type,omitempty" json:"type,omitempty"`
	Name    *string `yaml:"name,omitempty" json:"name,omitempty"`
	IP      *string `yaml:"ip,omitempty" json:"ip,omitempty"`
}

func (*MatchConditions) Matches 

func (mc *MatchConditions) Matches(ai *AuthRequestInfo) bool

type MongoACL 

type MongoACL []MongoACLEntry

type MongoACLEntry 

type MongoACLEntry struct {
	ACLEntry `bson:",inline"`
	Seq      *int
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.