Versions in this module Expand all Collapse all v5 v5.5.2 Oct 16, 2023 v5.5.1 Nov 14, 2022 Changes in this version + var ErrDenyByPolicy = errors.New("Access Check was explicitly denied") + var ErrDomainExpired = errors.New("Access denied due to expired domain policy file") + var ErrDomainMismatch = errors.New("Access denied due to domain mismatch between Resource and RoleToken") + var ErrDomainNotFound = errors.New("Access denied due to domain not found in library cache") + var ErrFetchPolicy = errors.New("Error fetching athenz policy") + var ErrInvalidPolicyResource = errors.New("Access denied due to invalid/empty policy resources") + var ErrNoMatch = errors.New(...) + type Assertion struct + Action string + ActionRegexp *regexp.Regexp + ActionRegexpString string + Effect error + Resource string + ResourceDomain string + ResourceRegexp *regexp.Regexp + ResourceRegexpString string + func NewAssertion(action, resource, effect string) (*Assertion, error) + type Daemon interface + CheckPolicy func(ctx context.Context, domain string, roles []string, action, resource string) error + CheckPolicyRoles func(ctx context.Context, domain string, roles []string, action, resource string) ([]string, error) + GetPolicyCache func(context.Context) map[string]interface{} + Start func(context.Context) <-chan error + Update func(context.Context) error + func New(opts ...Option) (Daemon, error) + type Fetcher interface + Domain func() string + Fetch func(context.Context) (*SignedPolicy, error) + FetchWithRetry func(context.Context) (*SignedPolicy, error) + type Option func(*policyd) error + func WithAthenzDomains(doms ...string) Option + func WithAthenzURL(url string) Option + func WithExpiryMargin(d string) Option + func WithHTTPClient(c *http.Client) Option + func WithPubKeyProvider(pkp pubkey.Provider) Option + func WithPurgePeriod(d string) Option + func WithRefreshPeriod(d string) Option + func WithRetryAttempts(c int) Option + func WithRetryDelay(d string) Option + type SignedPolicy struct + func (s *SignedPolicy) Verify(pkp pubkey.Provider) error + type SignedPolicyVerifier func(*SignedPolicy) error