Documentation ¶
Overview ¶
Package types implements the darc messages.
The messages are implemented in a separate package to prevent cycle imports when importing the serde formats.
Documentation Last Review: 08.10.2020
Index ¶
- func RegisterPermissionFormat(c serde.Format, f serde.FormatEngine)
- type DisjunctivePermission
- func (perm *DisjunctivePermission) Allow(rule string, group ...access.Identity)
- func (perm *DisjunctivePermission) Deny(rule string, group ...access.Identity)
- func (perm *DisjunctivePermission) GetRules() map[string]*Expression
- func (perm *DisjunctivePermission) Match(rule string, group ...access.Identity) error
- func (perm *DisjunctivePermission) Serialize(ctx serde.Context) ([]byte, error)
- type Expression
- type IdentitySet
- type Permission
- type PermissionFactory
- type PermissionOption
- type PublicKeyFac
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterPermissionFormat ¶
func RegisterPermissionFormat(c serde.Format, f serde.FormatEngine)
RegisterPermissionFormat registers the engine for the provided format.
Types ¶
type DisjunctivePermission ¶
type DisjunctivePermission struct {
// contains filtered or unexported fields
}
DisjunctivePermission is a permission implementation that is using the Disjunctive Normal Form to represent the groups of identities allowed for a given rule.
- implements types.Permission
func NewPermission ¶
func NewPermission(opts ...PermissionOption) *DisjunctivePermission
NewPermission returns a new empty instance of an access control.
func (*DisjunctivePermission) Allow ¶
func (perm *DisjunctivePermission) Allow(rule string, group ...access.Identity)
Allow implements types.Permission. It grants the permission to the group of identities as a single entity.
func (*DisjunctivePermission) Deny ¶
func (perm *DisjunctivePermission) Deny(rule string, group ...access.Identity)
Deny implements types.Permission. It denies the permission to the group of identities as a single entity by removing every subset matching this superset.
func (*DisjunctivePermission) GetRules ¶
func (perm *DisjunctivePermission) GetRules() map[string]*Expression
GetRules returns a map of the expressions.
type Expression ¶
type Expression struct {
// contains filtered or unexported fields
}
Expression is the representation of the disjunctive normal form of the allowed groups of identities.
func NewExpression ¶
func NewExpression(sets ...IdentitySet) *Expression
NewExpression creates a new expression from the list of identity sets.
func (*Expression) Allow ¶
func (expr *Expression) Allow(group []access.Identity)
Allow adds the group of identities as long as there is no duplicate.
func (*Expression) Deny ¶
func (expr *Expression) Deny(group []access.Identity)
Deny removes the group of identities from the list of matching subsets.
func (*Expression) GetIdentitySets ¶
func (expr *Expression) GetIdentitySets() []IdentitySet
GetIdentitySets returns the list of identity sets.
type IdentitySet ¶
IdentitySet is a set of identities that belongs to one of the conjunction.
func NewIdentitySet ¶
func NewIdentitySet(idents ...access.Identity) IdentitySet
NewIdentitySet creates a new identity set from the list of identities by removing duplicates.
func (IdentitySet) Contains ¶
func (set IdentitySet) Contains(target access.Identity) bool
Contains returns true if the identity exists in the set.
func (IdentitySet) IsSuperset ¶
func (set IdentitySet) IsSuperset(o IdentitySet) bool
IsSuperset return true if both sets are the same.
type Permission ¶
type Permission interface { serde.Message // Allow grants the permission to the rule to the group of identities as a // single entity so that it will match if and only if the group agrees. Allow(rule string, group ...access.Identity) // Deny denies the permission to the rule to the group of identities as a // single entity. Deny(rule string, group ...access.Identity) // Match returns a nil error if the group, or a subset of the group, is // allowed. Match(rule string, group ...access.Identity) error }
Permission is the interface of the underlying permissions used by the service.
type PermissionFactory ¶
type PermissionFactory interface { serde.Factory PermissionOf(serde.Context, []byte) (Permission, error) }
PermissionFactory is the factory to serialize and deserialize the permissions.
func NewFactory ¶
func NewFactory() PermissionFactory
NewFactory returns a new instance of the factory.
type PermissionOption ¶
type PermissionOption func(*DisjunctivePermission)
PermissionOption is the option type to create an access control.
func WithExpression ¶
func WithExpression(rule string, expr *Expression) PermissionOption
WithExpression is an option to set a rule from its expression.