Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrTokenNotFound is returned when a token is not found // by the resolver function. ErrTokenNotFound = errors.New(errTokenNotFound) // ErrPolicyNotFound is returned when a policy is not found // by the resolver function. ErrPolicyNotFound = errors.New(errPolicyNotFound) // ErrMissingModel is returned when no Model is set in the Resolver // configuration. ErrMissingModel = errors.New(errMissingModel) // ErrMissingSecretResolver is returned when no SecretResolverFunc // is set in the Resolver configuration. ErrMissingSecretResolver = errors.New(errMissingSecretResolver) // ErrMissingPolicyResolver is returned when no PolicyResolverFunc // is set in the ACL configuration. ErrMissingPolicyResolver = errors.New(errMissingPolicyResolver) // ErrResolvingSecret is returned when an error occurs when resolving // a secret. ErrResolvingSecret = errors.New(errResolvingSecret) // ErrResolvingPolicy is returned when an error occurs when resolving // a policy. ErrResolvingPolicy = errors.New(errResolvingPolicy) // authorization to perform the requested operation on the specified resource. ErrUnauthorized = errors.New(errNotAuthorized) // ErrInvalidResource is returned when the resource being queried // is not properly configured in the ACL system. ErrInvalidResource = errors.New(errInvalidResource) // ErrInvalidOperation is returned when the operation being queried // is not properly configured in the ACL system. ErrInvalidOperation = errors.New(errInvalidOperation) )
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL struct {
// contains filtered or unexported fields
}
ACL is used to convert a set of policies into a structure that can be efficiently evaluated to determine if an action is allowed.
func (*ACL) CheckAuthorized ¶
CheckAuthorized verifies whether the ACL is authorized to perform a specific action. If the ACL is not authorized, an error is returned, which provides more details. If an operation is not explicitly enabled in the ACL, it is forbidden by default.
type PolicyResolverFunc ¶
PolicyResolverFunc returns a policy based on its name, or an error if it does not exist.
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
Resolver resolves ACL secrets and policies.
func (*Resolver) PolicyResolver ¶
func (r *Resolver) PolicyResolver(f PolicyResolverFunc)
PolicyResolver configures how policy names are resolved to ACL policies.
func (*Resolver) ResolveSecret ¶
ResolveSecret creates an ACL from a secret.
func (*Resolver) SecretResolver ¶
func (r *Resolver) SecretResolver(f SecretResolverFunc)
SecretResolver configures how secrets are resolved to ACL tokens.
type ResolverConfig ¶
type ResolverConfig struct { Logger log.Logger Model *Model SecretResolver SecretResolverFunc PolicyResolver PolicyResolverFunc }
ResolverConfig contains configurations for an ACL Resolver.
func DefaultResolverConfig ¶
func DefaultResolverConfig() *ResolverConfig
DefaultResolverConfig returns default configurations for an ACL Resolver.
func (*ResolverConfig) Merge ¶
func (c *ResolverConfig) Merge(in *ResolverConfig) *ResolverConfig
Merge merges two ResolverConfig structs, returning the result.
type Resource ¶
Resource provides functions for the configuration of capabilities and aliases associated to a resource.
type Rule ¶
type Rule interface { // Resource targeted by this rule. Resource() string // Path used to target specific instances // of the target resource, if applicable. Path() string // Capabilities contains the actions allowed on // instances of a resource matching this rule. Capabilities() []string }
Rule is used to allow operations on specific resources. In addition to the name of the target resource type and the allowed operations, a rule also specifies an optional glob pattern for targeting specific instances of the resource.
type SecretResolverFunc ¶
SecretResolverFunc returns the token associated with a secret if it exists, or nil otherwise.