authorization

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 16, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 2 more Imports: 6 Imported by: 0

Documentation

Overview

Package authorization implement the authorize interface that use local repository to authorize the subject access review.

Package authorization is a generated GoMock package.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewPolicyManager

func NewPolicyManager(client AuthorizationInterface) ladon.Manager

NewPolicyManager initializes a new PolicyManager for given apimachinery api client.

Types

type AuditLogger

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger outputs and cache information about granting or rejecting policies.

func NewAuditLogger

func NewAuditLogger(client AuthorizationInterface) *AuditLogger

NewAuditLogger creates a AuditLogger with default parameters.

func (*AuditLogger) LogGrantedAccessRequest

func (a *AuditLogger) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogGrantedAccessRequest write granted subject access to log.

func (*AuditLogger) LogRejectedAccessRequest

func (a *AuditLogger) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogRejectedAccessRequest write rejected subject access to log.

type AuthorizationInterface

type AuthorizationInterface interface {
	Create(*ladon.DefaultPolicy) error
	Update(*ladon.DefaultPolicy) error
	Delete(id string) error
	DeleteCollection(idList []string) error
	Get(id string) (*ladon.DefaultPolicy, error)
	List(username string) ([]*ladon.DefaultPolicy, error)

	// The following two functions tracks denied and granted authorizations.
	LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
	LogGrantedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
}

AuthorizationInterface defiens the CURD method for lady policy.

type Authorizer

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer implement the authorize interface that use local repository to authorize the subject access review.

func NewAuthorizer

func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer

NewAuthorizer creates a local repository authorizer and returns it.

func (*Authorizer) Authorize

func (a *Authorizer) Authorize(request *ladon.Request) *authzv1.Response

Authorize to determine the subject access.

type MockAuthorizationInterface

type MockAuthorizationInterface struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterface is a mock of AuthorizationInterface interface.

func NewMockAuthorizationInterface

func NewMockAuthorizationInterface(ctrl *gomock.Controller) *MockAuthorizationInterface

NewMockAuthorizationInterface creates a new mock instance.

func (*MockAuthorizationInterface) Create

Create mocks base method.

func (*MockAuthorizationInterface) Delete

func (m *MockAuthorizationInterface) Delete(arg0 string) error

Delete mocks base method.

func (*MockAuthorizationInterface) DeleteCollection

func (m *MockAuthorizationInterface) DeleteCollection(arg0 []string) error

DeleteCollection mocks base method.

func (*MockAuthorizationInterface) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockAuthorizationInterface) Get

Get mocks base method.

func (*MockAuthorizationInterface) List

List mocks base method.

func (*MockAuthorizationInterface) LogGrantedAccessRequest

func (m *MockAuthorizationInterface) LogGrantedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogGrantedAccessRequest mocks base method.

func (*MockAuthorizationInterface) LogRejectedAccessRequest

func (m *MockAuthorizationInterface) LogRejectedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogRejectedAccessRequest mocks base method.

func (*MockAuthorizationInterface) Update

Update mocks base method.

type MockAuthorizationInterfaceMockRecorder

type MockAuthorizationInterfaceMockRecorder struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterfaceMockRecorder is the mock recorder for MockAuthorizationInterface.

func (*MockAuthorizationInterfaceMockRecorder) Create

func (mr *MockAuthorizationInterfaceMockRecorder) Create(arg0 interface{}) *gomock.Call

Create indicates an expected call of Create.

func (*MockAuthorizationInterfaceMockRecorder) Delete

func (mr *MockAuthorizationInterfaceMockRecorder) Delete(arg0 interface{}) *gomock.Call

Delete indicates an expected call of Delete.

func (*MockAuthorizationInterfaceMockRecorder) DeleteCollection

func (mr *MockAuthorizationInterfaceMockRecorder) DeleteCollection(arg0 interface{}) *gomock.Call

DeleteCollection indicates an expected call of DeleteCollection.

func (*MockAuthorizationInterfaceMockRecorder) Get

func (mr *MockAuthorizationInterfaceMockRecorder) Get(arg0 interface{}) *gomock.Call

Get indicates an expected call of Get.

func (*MockAuthorizationInterfaceMockRecorder) List

func (mr *MockAuthorizationInterfaceMockRecorder) List(arg0 interface{}) *gomock.Call

List indicates an expected call of List.

func (*MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest

func (mr *MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogGrantedAccessRequest indicates an expected call of LogGrantedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest

func (mr *MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogRejectedAccessRequest indicates an expected call of LogRejectedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) Update

func (mr *MockAuthorizationInterfaceMockRecorder) Update(arg0 interface{}) *gomock.Call

Update indicates an expected call of Update.

type PolicyManager

type PolicyManager struct {
	// contains filtered or unexported fields
}

PolicyManager is a mysql implementation for Manager to store policies persistently.

func (*PolicyManager) Create

func (*PolicyManager) Create(policy ladon.Policy) error

Create persists the policy.

func (*PolicyManager) Delete

func (*PolicyManager) Delete(id string) error

Delete removes a policy.

func (*PolicyManager) FindPoliciesForResource

func (m *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)

FindPoliciesForResource returns policies that could match the resource. It either returns a set of policies that apply to the resource, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindPoliciesForSubject

func (m *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)

FindPoliciesForSubject returns policies that could match the subject. It either returns a set of policies that applies to the subject, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindRequestCandidates

func (m *PolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)

FindRequestCandidates returns candidates that could match the request object. It either returns a set that exactly matches the request, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) Get

func (*PolicyManager) Get(id string) (ladon.Policy, error)

Get retrieves a policy.

func (*PolicyManager) GetAll

func (*PolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)

GetAll retrieves all policies.

func (*PolicyManager) Update

func (*PolicyManager) Update(policy ladon.Policy) error

Update updates an existing policy.

Directories

Path Synopsis
Package authorizer defines authorization interface.
Package authorizer defines authorization interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL