authorization

package
v4.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsAuthLevelSufficient 

func IsAuthLevelSufficient(authenticationLevel authentication.Level, authorizationLevel Level) bool

IsAuthLevelSufficient returns true if the current authenticationLevel is above the authorizationLevel.

Types

type AccessControlDomain 

type AccessControlDomain struct {
	Name          string
	Wildcard      bool
	UserWildcard  bool
	GroupWildcard bool
}

AccessControlDomain represents an ACL domain.

func (AccessControlDomain) IsMatch 

func (acd AccessControlDomain) IsMatch(subject Subject, object Object) (match bool)

IsMatch returns true if the ACL domain matches the object domain.

type AccessControlGroup 

type AccessControlGroup struct {
	Name string
}

AccessControlGroup represents an ACL subject of type `group:`.

func (AccessControlGroup) IsMatch 

func (acg AccessControlGroup) IsMatch(subject Subject) (match bool)

IsMatch returns true if the AccessControlGroup name matches one of the groups of the Subject.

type AccessControlResource 

type AccessControlResource struct {
	Pattern *regexp.Regexp
}

AccessControlResource represents an ACL resource.

func (AccessControlResource) IsMatch 

func (acr AccessControlResource) IsMatch(object Object) (match bool)

IsMatch returns true if the ACL resource match the object path.

type AccessControlRule 

type AccessControlRule struct {
	Position  int
	Domains   []AccessControlDomain
	Resources []AccessControlResource
	Methods   []string
	Networks  []*net.IPNet
	Subjects  []AccessControlSubjects
	Policy    Level
}

AccessControlRule controls and represents an ACL internally.

func NewAccessControlRule 

func NewAccessControlRule(pos int, rule schema.ACLRule, networksMap map[string][]*net.IPNet, networksCacheMap map[string]*net.IPNet) *AccessControlRule

NewAccessControlRule parses a schema ACL and generates an internal ACL.

func NewAccessControlRules 

func NewAccessControlRules(config schema.AccessControlConfiguration) (rules []*AccessControlRule)

NewAccessControlRules converts a schema.AccessControlConfiguration into an AccessControlRule slice.

func (*AccessControlRule) IsMatch 

func (acr *AccessControlRule) IsMatch(subject Subject, object Object) (match bool)

IsMatch returns true if all elements of an AccessControlRule match the object and subject.

type AccessControlSubject 

type AccessControlSubject interface {
	IsMatch(subject Subject) (match bool)
}

AccessControlSubject abstracts an ACL subject of type `group:` or `user:`.

type AccessControlSubjects 

type AccessControlSubjects struct {
	Subjects []AccessControlSubject
}

AccessControlSubjects represents an ACL subject.

func (*AccessControlSubjects) AddSubject 

func (acs *AccessControlSubjects) AddSubject(subjectRule string)

AddSubject appends to the AccessControlSubjects based on a subject rule string.

func (AccessControlSubjects) IsMatch 

func (acs AccessControlSubjects) IsMatch(subject Subject) (match bool)

IsMatch returns true if the ACL subjects match the subject properties.

type AccessControlUser 

type AccessControlUser struct {
	Name string
}

AccessControlUser represents an ACL subject of type `user:`.

func (AccessControlUser) IsMatch 

func (acu AccessControlUser) IsMatch(subject Subject) (match bool)

IsMatch returns true if the AccessControlUser name matches the Subject username.

type Authorizer 

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer the component in charge of checking whether a user can access a given resource.

func NewAuthorizer 

func NewAuthorizer(configuration *schema.Configuration) *Authorizer

NewAuthorizer create an instance of authorizer with a given access control configuration.

func (Authorizer) GetRequiredLevel 

func (p Authorizer) GetRequiredLevel(subject Subject, object Object) Level

GetRequiredLevel retrieve the required level of authorization to access the object.

func (Authorizer) IsSecondFactorEnabled 

func (p Authorizer) IsSecondFactorEnabled() bool

IsSecondFactorEnabled return true if at least one policy is set to second factor.

type Level 

type Level int

Level is the type representing an authorization level. 

const (
	// Bypass bypass level.
	Bypass Level = iota
	// OneFactor one factor level.
	OneFactor Level = iota
	// TwoFactor two factor level.
	TwoFactor Level = iota
	// Denied denied level.
	Denied Level = iota
)

func PolicyToLevel 

func PolicyToLevel(policy string) Level

PolicyToLevel converts a string policy to int authorization level.

type Object 

type Object struct {
	Scheme string
	Domain string
	Path   string
	Method string
}

Object represents a protected object for the purposes of ACL matching.

func NewObject 

func NewObject(targetURL *url.URL, method string) (object Object)

NewObject creates a new Object type from a URL and a method header.

func NewObjectRaw 

func NewObjectRaw(targetURL *url.URL, method []byte) (object Object)

NewObjectRaw creates a new Object type from a URL and a method header.

func (Object) String 

func (o Object) String() string

String is a string representation of the Object.

type Subject 

type Subject struct {
	Username string
	Groups   []string
	IP       net.IP
}

Subject represents the identity of a user for the purposes of ACL matching.

func (Subject) IsAnonymous 

func (s Subject) IsAnonymous() bool

IsAnonymous returns true if the Subject username and groups are empty.

func (Subject) String 

func (s Subject) String() string

String returns a string representation of the Subject.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.