v.io: v.io/x/ref/services/internal/pathperms Index | Files

package pathperms

import "v.io/x/ref/services/internal/pathperms"

Package pathperms provides a library to assist servers implementing GetPermissions/SetPermissions functions and authorizers where there are path-specific Permissions stored individually in files. TODO(rjkroege): Add unit tests.

Index

Package Files

hierarchical_authorizer.go permsaccess.go version.go

func ComputeVersion Uses

func ComputeVersion(perms access.Permissions) (string, error)

ComputeVersion produces the tag value returned by access.GetPermissions() (per v23/services/permissions/service.vdl) that GetPermissions/SetPermissions use to determine if the Permissions have been asynchronously modified.

func NewHierarchicalAuthorizer Uses

func NewHierarchicalAuthorizer(rootDir, childDir string, get PermsGetter) (security.Authorizer, error)

NewHierarchicalAuthorizer creates a new hierarchicalAuthorizer: one that implements a "root" like concept: admin rights at the root of a server can invoke RPCs regardless of permissions set on child objects.

If the root permissions are not set, the authorizer behaves like the DefaultAuthorizer.

If the child permissions are not set, the authorizer uses the permissions set on the root to restrict access to the child (including the admin override described above).

func NilAuthPermissions Uses

func NilAuthPermissions(ctx *context.T, call security.Call) access.Permissions

NilAuthPermissions creates Permissions that mimics the default authorization policy (i.e., Permissions is matched by all blessings that are either extensions of one of the local blessings or can be extended to form one of the local blessings.)

func PermissionsForBlessings Uses

func PermissionsForBlessings(blessings []string) access.Permissions

PermissionsForBlessings creates the Permissions list that should be used with a newly created object.

func PrefixPatterns Uses

func PrefixPatterns(blessings []string) []security.BlessingPattern

PrefixPatterns creates a pattern containing all of the prefix patterns of the provided blessings.

type PathStore Uses

type PathStore struct {
    // contains filtered or unexported fields
}

PathStore manages storage of a set of Permissions in the filesystem where each path identifies a specific Permissions in the set. PathStore synchronizes access to its member Permissions.

func NewPathStore Uses

func NewPathStore(ctx *context.T) *PathStore

NewPathStore creates a new instance of the lock map that uses principal to sign stored Permissions files.

func (*PathStore) Delete Uses

func (store *PathStore) Delete(dir string) error

Delete removes the permissions stored in the specified directory.

func (*PathStore) Get Uses

func (store *PathStore) Get(dir string) (access.Permissions, string, error)

Get returns the Permissions from the data file in dir.

func (*PathStore) PermsForPath Uses

func (store *PathStore) PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)

func (*PathStore) Set Uses

func (store *PathStore) Set(dir string, perms access.Permissions, version string) error

Set writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking.

func (*PathStore) SetIfAbsent Uses

func (store *PathStore) SetIfAbsent(dir string, perms access.Permissions) (bool, error)

SetIfAbsent writes the specified Permissions to the provided directory only if they don't already exist. Returns true if the permissions were written, and false otherwise (the error is nil if the permissions already exist).

func (*PathStore) SetShareable Uses

func (store *PathStore) SetShareable(dir string, perms access.Permissions, version string, shareable, overwrite bool) (bool, error)

SetShareable writes the specified Permissions to the provided directory with enforcement of version synchronization mechanism and locking with file modes that will give the application read-only access to the permissions file.

type PermsGetter Uses

type PermsGetter interface {
    // PermsForPath has two successful outcomes: either returning a valid
    // Permissions object or a boolean status true indicating that the
    // Permissions object is intentionally not present. Finally, it returns an
    // error if anything has gone wrong.
    PermsForPath(ctx *context.T, path string) (access.Permissions, bool, error)
}

PermsGetter defines an abstract interface that a customer of NewHierarchicalAuthorizer can use to obtain the PermissionsAuthorizer instances that it needs to construct a hierarchicalAuthorizer.

Package pathperms imports 14 packages (graph) and is imported by 6 packages. Updated 2020-10-24. Refresh now. Tools for package owners.