gopherpolicy

package

v0.0.0-...-96ff0a7 Latest Latest Go to latest Published: Jul 19, 2018 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/notque/go-bits

Links

Open Source Insights

Documentation ¶

Overview ¶

Package gopherpolicy provides integration between goslo.policy and Gophercloud for services that need to validate OpenStack tokens and check permissions.

Index ¶

type Enforcer
type Token
type TokenValidator
- func (v *TokenValidator) CheckToken(r *http.Request) *Token
- func (v *TokenValidator) LoadPolicyFile(path string) error
type Validator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Enforcer ¶

type Enforcer interface {
	Enforce(rule string, c policy.Context) bool
}

Enforcer contains the Enforce method that struct Token requires to check access permissions. This interface is satisfied by struct Enforcer from goslo.policy.

type Token ¶

type Token struct {
	//The enforcer that checks access permissions for this client token. Usually
	//an instance of struct Enforcer from goslo.policy. Usually inherited from
	//struct TokenValidator.
	Enforcer Enforcer
	//When AuthN succeeds, contains information about the client token which can
	//be used to check access permissions.
	Context policy.Context
	//When AuthN fails, contains the deferred AuthN error.
	Err error
}

Token represents a validated Keystone v3 token. It is returned from Validator.CheckToken().

func (*Token) Check ¶

func (t *Token) Check(rule string) bool

Check is like Require, but does not write error responses.

func (*Token) Require ¶

func (t *Token) Require(w http.ResponseWriter, rule string) bool

Require checks if the given token has the given permission according to the policy.json that is in effect. If not, an error response is written and false is returned.

func (*Token) UserName ¶

func (t *Token) UserName() string

UserName returns the name of the user for whom this token was issued, or "" if the token was invalid.

func (*Token) UserUUID ¶

func (t *Token) UserUUID() string

UserUUID returns the UUID of the user for whom this token was issued, or "" if the token was invalid.

type TokenValidator ¶

type TokenValidator struct {
	IdentityV3 *gophercloud.ServiceClient
	//Enforcer can also be initialized with the LoadPolicyFile method.
	Enforcer Enforcer
}

TokenValidator combines an Identity v3 client to validate tokens (AuthN), and a policy.Enforcer to check access permissions (AuthZ).

func (*TokenValidator) CheckToken ¶

func (v *TokenValidator) CheckToken(r *http.Request) *Token

CheckToken checks the validity of the request's X-Auth-Token in Keystone, and returns a Token instance for checking authorization. Any errors that occur during this function are deferred until Require() is called.

func (*TokenValidator) LoadPolicyFile ¶

func (v *TokenValidator) LoadPolicyFile(path string) error

LoadPolicyFile creates v.Enforcer from the given policy file.

type Validator ¶

type Validator interface {
	//CheckToken checks the validity of the request's X-Auth-Token in Keystone, and
	//returns a Token instance for checking authorization. Any errors that occur
	//during this function are deferred until Token.Require() is called.
	CheckToken(r *http.Request) *Token
}

Validator is the interface provided by TokenValidator. Application code should prefer to reference this interface to allow for substituation by a test double.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL