pathperms

package

v0.1.21 Latest Latest Go to latest Published: Dec 13, 2022 License: BSD-3-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vanadium/core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pathperms provides a library to assist servers implementing GetPermissions/SetPermissions functions and authorizers where there are path-specific Permissions stored individually in files. TODO(rjkroege): Add unit tests.

Index ¶

func ComputeVersion(perms access.Permissions) (string, error)
func NewHierarchicalAuthorizer(rootDir, childDir string, get PermsGetter) (security.Authorizer, error)
func NilAuthPermissions(ctx *context.T, call security.Call) access.Permissions
func PermissionsForBlessings(blessings []string) access.Permissions
func PrefixPatterns(blessings []string) []security.BlessingPattern
type PathStore
- func NewPathStore(ctx *context.T) *PathStore
type PermsGetter

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ComputeVersion ¶

func ComputeVersion(perms access.Permissions) (string, error)

ComputeVersion produces the tag value returned by access.GetPermissions() (per v23/services/permissions/service.vdl) that GetPermissions/SetPermissions use to determine if the Permissions have been asynchronously modified.

func NewHierarchicalAuthorizer ¶

func NewHierarchicalAuthorizer(rootDir, childDir string, get PermsGetter) (security.Authorizer, error)

NewHierarchicalAuthorizer creates a new hierarchicalAuthorizer: one that implements a "root" like concept: admin rights at the root of a server can invoke RPCs regardless of permissions set on child objects.

If the root permissions are not set, the authorizer behaves like the DefaultAuthorizer.

If the child permissions are not set, the authorizer uses the permissions set on the root to restrict access to the child (including the admin override described above).

func NilAuthPermissions ¶

func NilAuthPermissions(ctx *context.T, call security.Call) access.Permissions

NilAuthPermissions creates Permissions that mimics the default authorization policy (i.e., Permissions is matched by all blessings that are either extensions of one of the local blessings or can be extended to form one of the local blessings.)

func PermissionsForBlessings ¶

func PermissionsForBlessings(blessings []string) access.Permissions

PermissionsForBlessings creates the Permissions list that should be used with a newly created object.

func PrefixPatterns ¶

func PrefixPatterns(blessings []string) []security.BlessingPattern

PrefixPatterns creates a pattern containing all of the prefix patterns of the provided blessings.

Types ¶

type PathStore ¶

type PathStore struct {
	// contains filtered or unexported fields
}

PathStore manages storage of a set of Permissions in the filesystem where each path identifies a specific Permissions in the set. PathStore synchronizes access to its member Permissions.

func NewPathStore ¶

func NewPathStore(ctx *context.T) *PathStore

NewPathStore creates a new instance of the lock map that uses principal to sign stored Permissions files.

func (*PathStore) Delete ¶

func (store *PathStore) Delete(dir string) error

Delete removes the permissions stored in the specified directory.

func (*PathStore) Get ¶

func (store *PathStore) Get(dir string) (access.Permissions, string, error)

Get returns the Permissions from the data file in dir.

func (*PathStore) PermsForPath ¶

func (store *PathStore) PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)

func (*PathStore) Set ¶

func (store *PathStore) Set(dir string, perms access.Permissions, version string) error

Set writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking.

func (*PathStore) SetIfAbsent ¶

func (store *PathStore) SetIfAbsent(dir string, perms access.Permissions) (bool, error)

SetIfAbsent writes the specified Permissions to the provided directory only if they don't already exist. Returns true if the permissions were written, and false otherwise (the error is nil if the permissions already exist).

func (*PathStore) SetShareable ¶

func (store *PathStore) SetShareable(dir string, perms access.Permissions, version string, shareable, overwrite bool) (bool, error)

SetShareable writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking with file modes that will give the application read-only access to the permissions file.

type PermsGetter ¶

type PermsGetter interface {
	// PermsForPath has two successful outcomes: either returning a valid
	// Permissions object or a boolean status true indicating that the
	// Permissions object is intentionally not present. Finally, it returns an
	// error if anything has gone wrong.
	PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)
}

PermsGetter defines an abstract interface that a customer of NewHierarchicalAuthorizer can use to obtain the PermissionsAuthorizer instances that it needs to construct a hierarchicalAuthorizer.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL