Documentation ¶
Index ¶
- func IsAuthLevelSufficient(authenticationLevel authentication.Level, authorizationLevel Level) bool
- type AccessControlDomain
- type AccessControlGroup
- type AccessControlResource
- type AccessControlRule
- type AccessControlSubject
- type AccessControlSubjects
- type AccessControlUser
- type Authorizer
- type Level
- type Object
- type Subject
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAuthLevelSufficient ¶
func IsAuthLevelSufficient(authenticationLevel authentication.Level, authorizationLevel Level) bool
IsAuthLevelSufficient returns true if the current authenticationLevel is above the authorizationLevel.
Types ¶
type AccessControlDomain ¶
AccessControlDomain represents an ACL domain.
type AccessControlGroup ¶
type AccessControlGroup struct {
Name string
}
AccessControlGroup represents an ACL subject of type `group:`.
func (AccessControlGroup) IsMatch ¶
func (acg AccessControlGroup) IsMatch(subject Subject) (match bool)
IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.
type AccessControlResource ¶
AccessControlResource represents an ACL resource.
func (AccessControlResource) IsMatch ¶
func (acr AccessControlResource) IsMatch(object Object) (match bool)
IsMatch returns true if the ACL resource match the object path.
type AccessControlRule ¶
type AccessControlRule struct { Position int Domains []AccessControlDomain Resources []AccessControlResource Methods []string Networks []*net.IPNet Subjects []AccessControlSubjects Policy Level }
AccessControlRule controls and represents an ACL internally.
func NewAccessControlRule ¶
func NewAccessControlRule(pos int, rule schema.ACLRule, networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) *AccessControlRule
NewAccessControlRule parses a schema ACL and generates an internal ACL.
func NewAccessControlRules ¶
func NewAccessControlRules(config schema.AccessControlConfiguration) (rules []*AccessControlRule)
NewAccessControlRules converts a schema.AccessControlConfiguration into an AccessControlRule slice.
type AccessControlSubject ¶
AccessControlSubject abstracts an ACL subject of type `group:` or `user:`.
type AccessControlSubjects ¶
type AccessControlSubjects struct {
Subjects []AccessControlSubject
}
AccessControlSubjects represents an ACL subject.
func (*AccessControlSubjects) AddSubject ¶
func (acs *AccessControlSubjects) AddSubject(subjectRule string)
AddSubject appends to the AccessControlSubjects based on a subject rule string.
func (AccessControlSubjects) IsMatch ¶
func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool)
IsMatch returns true if the ACL subjects match the subject properties.
type AccessControlUser ¶
type AccessControlUser struct {
Name string
}
AccessControlUser represents an ACL subject of type `user:`.
func (AccessControlUser) IsMatch ¶
func (acu AccessControlUser) IsMatch(subject Subject) (match bool)
IsMatch returns true if the AccessControlUser name matches the Subject username.
type Authorizer ¶
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer the component in charge of checking whether a user can access a given resource.
func NewAuthorizer ¶
func NewAuthorizer(configuration *schema.Configuration) *Authorizer
NewAuthorizer create an instance of authorizer with a given access control configuration.
func (Authorizer) GetRequiredLevel ¶
func (p Authorizer) GetRequiredLevel(subject Subject, object Object) Level
GetRequiredLevel retrieve the required level of authorization to access the object.
func (Authorizer) IsSecondFactorEnabled ¶
func (p Authorizer) IsSecondFactorEnabled() bool
IsSecondFactorEnabled return true if at least one policy is set to second factor.
type Level ¶
type Level int
Level is the type representing an authorization level.
func PolicyToLevel ¶
PolicyToLevel converts a string policy to int authorization level.
type Object ¶
Object represents a protected object for the purposes of ACL matching.
func NewObjectRaw ¶
NewObjectRaw creates a new Object type from a URL and a method header.
type Subject ¶
Subject represents the identity of a user for the purposes of ACL matching.
func (Subject) IsAnonymous ¶
IsAnonymous returns true if the Subject username and groups are empty.