warden

package

v0.0.1 Latest Latest Go to latest Published: May 20, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/UrbanCompass/keto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package warden implements endpoints capable of making access control decisions based on Access Control Policies

Package warden defines an API for validating access requests.

Index ¶

Constants
type AccessRequest
type AuditLoggerLogrus
- func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
- func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)
type Firewall
type Handler
- func NewHandler(writer herodot.Writer, warden Firewall, ...) *Handler
- func (h *Handler) SetRoutes(r *httprouter.Router)
type Warden
- func NewWarden(warden ladon.Warden, roles role.Manager, l logrus.FieldLogger) *Warden
- func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error

Constants ¶

View Source

const (
	AuthenticatorHandlerPath = "/warden/%s/authorize"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessRequest ¶

type AccessRequest struct {
	// Resource is the resource that access is requested to.
	Resource string `json:"resource"`

	// Action is the action that is requested on the resource.
	Action string `json:"action"`

	// Subejct is the subject that is requesting access.
	Subject string `json:"subject"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context"`
}

AccessRequest is the warden's request object.

swagger:model WardenSubjectAuthorizationRequest

type AuditLoggerLogrus ¶

type AuditLoggerLogrus struct {
	Logger logrus.FieldLogger
}

AuditLoggerLogrus outputs information about granting or rejecting policies.

func (*AuditLoggerLogrus) LogGrantedAccessRequest ¶

func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

func (*AuditLoggerLogrus) LogRejectedAccessRequest ¶

func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

type Firewall ¶

type Firewall interface {
	// IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not.
	//
	//  ctx, err := firewall.IsAllowed(context.Background(), &AccessRequest{
	//    Subject:  "alice",
	//    Resource: "matrix",
	//    Action:   "create",
	//    Context:  ladon.Context{},
	//  }, "photos", "files")
	//
	//  fmt.Sprintf("%s", ctx.Subject)
	IsAllowed(ctx context.Context, accessRequest *AccessRequest) error
}

Firewall offers various validation strategies for access tokens.

type Handler ¶

type Handler struct {
	H      herodot.Writer
	Warden Firewall

	ResourcePrefix string
	// contains filtered or unexported fields
}

Handler is capable of handling HTTP request and validating access tokens and access requests.

func NewHandler ¶

func NewHandler(writer herodot.Writer, warden Firewall, authenticators map[string]authentication.Authenticator) *Handler

func (*Handler) SetRoutes ¶

func (h *Handler) SetRoutes(r *httprouter.Router)

type Warden ¶

type Warden struct {
	Warden ladon.Warden
	Roles  role.Manager
	L      logrus.FieldLogger
}

func NewWarden ¶

func NewWarden(
	warden ladon.Warden,
	roles role.Manager,
	l logrus.FieldLogger) *Warden

func (*Warden) IsAllowed ¶

func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL