authorization

package

v1.6.3 Latest Latest Go to latest Published: Jan 1, 2022 License: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + 2 more Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/qa-tools-family/iam

Documentation ¶

Overview ¶

Package authorization implement the authorize interface that use local repository to authorize the subject access review.

Package authorization is a generated GoMock package.

Index ¶

func NewPolicyManager(client AuthorizationInterface) ladon.Manager
type AuditLogger
- func NewAuditLogger(client AuthorizationInterface) *AuditLogger
- func (a *AuditLogger) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
- func (a *AuditLogger) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
type AuthorizationInterface
type Authorizer
- func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer
- func (a *Authorizer) Authorize(request *ladon.Request) *authzv1.Response
type MockAuthorizationInterface
- func NewMockAuthorizationInterface(ctrl *gomock.Controller) *MockAuthorizationInterface
type MockAuthorizationInterfaceMockRecorder
type PolicyManager

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewPolicyManager ¶

func NewPolicyManager(client AuthorizationInterface) ladon.Manager

NewPolicyManager initializes a new PolicyManager for given apimachinery api client.

Types ¶

type AuditLogger ¶

type AuditLogger struct {
	// contains filtered or unexported fields
}

AuditLogger outputs and cache information about granting or rejecting policies.

func NewAuditLogger ¶

func NewAuditLogger(client AuthorizationInterface) *AuditLogger

NewAuditLogger creates a AuditLogger with default parameters.

func (*AuditLogger) LogGrantedAccessRequest ¶

func (a *AuditLogger) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogGrantedAccessRequest write granted subject access to log.

func (*AuditLogger) LogRejectedAccessRequest ¶

func (a *AuditLogger) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

LogRejectedAccessRequest write rejected subject access to log.

type AuthorizationInterface ¶

type AuthorizationInterface interface {
	Create(*ladon.DefaultPolicy) error
	Update(*ladon.DefaultPolicy) error
	Delete(id string) error
	DeleteCollection(idList []string) error
	Get(id string) (*ladon.DefaultPolicy, error)
	List(username string) ([]*ladon.DefaultPolicy, error)

	// The following two functions tracks denied and granted authorizations.
	LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
	LogGrantedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies)
}

AuthorizationInterface defiens the CURD method for lady policy.

type Authorizer ¶

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer implement the authorize interface that use local repository to authorize the subject access review.

func NewAuthorizer ¶

func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer

NewAuthorizer creates a local repository authorizer and returns it.

func (*Authorizer) Authorize ¶

func (a *Authorizer) Authorize(request *ladon.Request) *authzv1.Response

Authorize to determine the subject access.

type MockAuthorizationInterface ¶

type MockAuthorizationInterface struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterface is a mock of AuthorizationInterface interface.

func NewMockAuthorizationInterface ¶

func NewMockAuthorizationInterface(ctrl *gomock.Controller) *MockAuthorizationInterface

NewMockAuthorizationInterface creates a new mock instance.

func (*MockAuthorizationInterface) Create ¶

func (m *MockAuthorizationInterface) Create(arg0 *ladon.DefaultPolicy) error

Create mocks base method.

func (*MockAuthorizationInterface) Delete ¶

func (m *MockAuthorizationInterface) Delete(arg0 string) error

Delete mocks base method.

func (*MockAuthorizationInterface) DeleteCollection ¶

func (m *MockAuthorizationInterface) DeleteCollection(arg0 []string) error

DeleteCollection mocks base method.

func (*MockAuthorizationInterface) EXPECT ¶

func (m *MockAuthorizationInterface) EXPECT() *MockAuthorizationInterfaceMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockAuthorizationInterface) Get ¶

func (m *MockAuthorizationInterface) Get(arg0 string) (*ladon.DefaultPolicy, error)

Get mocks base method.

func (*MockAuthorizationInterface) List ¶

func (m *MockAuthorizationInterface) List(arg0 string) ([]*ladon.DefaultPolicy, error)

List mocks base method.

func (*MockAuthorizationInterface) LogGrantedAccessRequest ¶

func (m *MockAuthorizationInterface) LogGrantedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogGrantedAccessRequest mocks base method.

func (*MockAuthorizationInterface) LogRejectedAccessRequest ¶

func (m *MockAuthorizationInterface) LogRejectedAccessRequest(arg0 *ladon.Request, arg1, arg2 ladon.Policies)

LogRejectedAccessRequest mocks base method.

func (*MockAuthorizationInterface) Update ¶

func (m *MockAuthorizationInterface) Update(arg0 *ladon.DefaultPolicy) error

Update mocks base method.

type MockAuthorizationInterfaceMockRecorder ¶

type MockAuthorizationInterfaceMockRecorder struct {
	// contains filtered or unexported fields
}

MockAuthorizationInterfaceMockRecorder is the mock recorder for MockAuthorizationInterface.

func (*MockAuthorizationInterfaceMockRecorder) Create ¶

func (mr *MockAuthorizationInterfaceMockRecorder) Create(arg0 interface{}) *gomock.Call

Create indicates an expected call of Create.

func (*MockAuthorizationInterfaceMockRecorder) Delete ¶

func (mr *MockAuthorizationInterfaceMockRecorder) Delete(arg0 interface{}) *gomock.Call

Delete indicates an expected call of Delete.

func (*MockAuthorizationInterfaceMockRecorder) DeleteCollection ¶

func (mr *MockAuthorizationInterfaceMockRecorder) DeleteCollection(arg0 interface{}) *gomock.Call

DeleteCollection indicates an expected call of DeleteCollection.

func (*MockAuthorizationInterfaceMockRecorder) Get ¶

func (mr *MockAuthorizationInterfaceMockRecorder) Get(arg0 interface{}) *gomock.Call

Get indicates an expected call of Get.

func (*MockAuthorizationInterfaceMockRecorder) List ¶

func (mr *MockAuthorizationInterfaceMockRecorder) List(arg0 interface{}) *gomock.Call

List indicates an expected call of List.

func (*MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest ¶

func (mr *MockAuthorizationInterfaceMockRecorder) LogGrantedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogGrantedAccessRequest indicates an expected call of LogGrantedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest ¶

func (mr *MockAuthorizationInterfaceMockRecorder) LogRejectedAccessRequest(arg0, arg1, arg2 interface{}) *gomock.Call

LogRejectedAccessRequest indicates an expected call of LogRejectedAccessRequest.

func (*MockAuthorizationInterfaceMockRecorder) Update ¶

func (mr *MockAuthorizationInterfaceMockRecorder) Update(arg0 interface{}) *gomock.Call

Update indicates an expected call of Update.

type PolicyManager ¶

type PolicyManager struct {
	// contains filtered or unexported fields
}

PolicyManager is a mysql implementation for Manager to store policies persistently.

func (*PolicyManager) Create ¶

func (*PolicyManager) Create(policy ladon.Policy) error

Create persists the policy.

func (*PolicyManager) Delete ¶

func (*PolicyManager) Delete(id string) error

Delete removes a policy.

func (*PolicyManager) FindPoliciesForResource ¶

func (m *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)

FindPoliciesForResource returns policies that could match the resource. It either returns a set of policies that apply to the resource, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindPoliciesForSubject ¶

func (m *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)

FindPoliciesForSubject returns policies that could match the subject. It either returns a set of policies that applies to the subject, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) FindRequestCandidates ¶

func (m *PolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)

FindRequestCandidates returns candidates that could match the request object. It either returns a set that exactly matches the request, or a superset of it. If an error occurs, it returns nil and the error.

func (*PolicyManager) Get ¶

func (*PolicyManager) Get(id string) (ladon.Policy, error)

Get retrieves a policy.

func (*PolicyManager) GetAll ¶

func (*PolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)

GetAll retrieves all policies.

func (*PolicyManager) Update ¶

func (*PolicyManager) Update(policy ladon.Policy) error

Update updates an existing policy.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authorizer Package authorizer defines authorization interface.	Package authorizer defines authorization interface.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL