Documentation ¶
Index ¶
- func NewPolicyManager(client AuthorizationInterface) ladon.Manager
- type AuditLogger
- type AuthorizationInterface
- type Authorizer
- type PolicyManager
- func (*PolicyManager) Create(policy ladon.Policy) error
- func (*PolicyManager) Delete(id string) error
- func (m *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
- func (m *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
- func (m *PolicyManager) FindRequestCandidates(r *ladon.Request) (ladon.Policies, error)
- func (*PolicyManager) Get(id string) (ladon.Policy, error)
- func (*PolicyManager) GetAll(limit, offset int64) (ladon.Policies, error)
- func (*PolicyManager) Update(policy ladon.Policy) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewPolicyManager ¶
func NewPolicyManager(client AuthorizationInterface) ladon.Manager
NewPolicyManager initializes a new PolicyManager for given apimachinery api client.
Types ¶
type AuditLogger ¶
type AuditLogger struct {
// contains filtered or unexported fields
}
AuditLogger outputs and cache information about granting or rejecting policies.
func NewAuditLogger ¶
func NewAuditLogger(client AuthorizationInterface) *AuditLogger
NewAuditLogger creates a AuditLogger with default parameters.
func (*AuditLogger) LogGrantedAccessRequest ¶
LogGrantedAccessRequest write granted subject access to log.
func (*AuditLogger) LogRejectedAccessRequest ¶
func (a *AuditLogger) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
LogRejectedAccessRequest write rejected subject access to log.
type AuthorizationInterface ¶
type AuthorizationInterface interface { Create(*ladon.DefaultPolicy) error Update(*ladon.DefaultPolicy) error Delete(id string) error DeleteCollection(idList []string) error Get(id string) (*ladon.DefaultPolicy, error) List(username string) ([]*ladon.DefaultPolicy, error) // The following two functions tracks denied and granted authorizations. LogRejectedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies) LogGrantedAccessRequest(request *ladon.Request, pool ladon.Policies, deciders ladon.Policies) }
AuthorizationInterface defiens the CURD method for lady policy.
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer implement the authorize interface that use local repository to authorize the subject access review.
func NewAuthorizer ¶
func NewAuthorizer(authorizationClient AuthorizationInterface) *Authorizer
NewAuthorizer creates a local repository authorizer and returns it.
type PolicyManager ¶
type PolicyManager struct {
// contains filtered or unexported fields
}
PolicyManager is a mysql implementation for Manager to store policies persistently.
func (*PolicyManager) Create ¶
func (*PolicyManager) Create(policy ladon.Policy) error
Create persists the policy.
func (*PolicyManager) Delete ¶
func (*PolicyManager) Delete(id string) error
Delete removes a policy.
func (*PolicyManager) FindPoliciesForResource ¶
func (m *PolicyManager) FindPoliciesForResource(resource string) (ladon.Policies, error)
FindPoliciesForResource returns policies that could match the resource. It either returns a set of policies that apply to the resource, or a superset of it. If an error occurs, it returns nil and the error.
func (*PolicyManager) FindPoliciesForSubject ¶
func (m *PolicyManager) FindPoliciesForSubject(subject string) (ladon.Policies, error)
FindPoliciesForSubject returns policies that could match the subject. It either returns a set of policies that applies to the subject, or a superset of it. If an error occurs, it returns nil and the error.
func (*PolicyManager) FindRequestCandidates ¶
FindRequestCandidates returns candidates that could match the request object. It either returns a set that exactly matches the request, or a superset of it. If an error occurs, it returns nil and the error.
func (*PolicyManager) Get ¶
func (*PolicyManager) Get(id string) (ladon.Policy, error)
Get retrieves a policy.