Documentation ¶
Overview ¶
Package policy inclues a simple policy document and methods for evaluation.
Index ¶
Constants ¶
const ( Allow = "allow" Deny = "deny" Wildcard = "*" )
Variables ¶
var ( AccessPolicyDefaultAllow = AccessPolicy{ Statements: []AccessStatement{ AccessStatementDefaultAllow, }, } AccessPolicyDefaultDeny = AccessPolicy{ Statements: []AccessStatement{}, } )
var ( TypeCountry = []int{2, 5, 4, 6} TypeOrganization = []int{2, 5, 4, 10} TypeOrganizationalUnit = []int{2, 5, 4, 11} TypeCommonName = []int{2, 5, 4, 3} TypeLocality = []int{2, 5, 4, 7} TypeState = []int{2, 5, 4, 8} TypeEmail = []int{1, 2, 840, 113549, 1, 9, 1} )
var ( AccessStatementDefaultAllow = AccessStatement{ ID: "DefaultAllow", Effect: Allow, Paths: []string{Wildcard}, Users: []string{Wildcard}, NotUsers: []string{}, } )
Functions ¶
func Match ¶
Match checks that the value matches the given pattern with support for wildcard expressions. The wildcard character is "*". The wildcard character can only be used once in a pattern. If the pattern equals the wildcard chracter, then the function always returns true. If the pattern ends with the wild card character, e.g., a/b/*, then it matches the prefix of the value. If the pattern starts with the wild card character, e.g., *.ext, then it matches the suffix of the value. If no wildcard is present, then it checks if the pattern equals the value.
Types ¶
type AccessPolicy ¶
type AccessPolicy struct { ID string `json:"id" yaml:"id"` Statements []AccessStatement `json:"statements" yaml:"statements"` }
func ParseAccessPolicy ¶
func ParseAccessPolicy(path string, format string) (*AccessPolicy, error)
func (AccessPolicy) Clone ¶
func (p AccessPolicy) Clone() AccessPolicy
func (AccessPolicy) Validate ¶
func (p AccessPolicy) Validate() error
type AccessStatement ¶
type AccessStatement struct { ID string `json:"id" yaml:"id"` Effect string `json:"effect" yaml:"effect"` Paths []string `json:"paths" yaml:"paths"` Users []string `json:"users,omitempty" yaml:"users,omitempty"` NotUsers []string `json:"not_users,omitempty" yaml:"not_users,omitempty"` }
func (AccessStatement) Clone ¶
func (s AccessStatement) Clone() AccessStatement
func (AccessStatement) MatchNotUser ¶
func (s AccessStatement) MatchNotUser(user *User) bool
func (AccessStatement) MatchPath ¶
func (s AccessStatement) MatchPath(path string) bool
func (AccessStatement) MatchUser ¶
func (s AccessStatement) MatchUser(user *User) bool
func (AccessStatement) Validate ¶
func (s AccessStatement) Validate() error
type User ¶
func ParseUser ¶ added in v1.1.0
ParseUser parses the the user subject as a DistinguishedName. See https://docs.microsoft.com/en-us/windows/win32/seccrypto/name-properties Todo: (1) fill in the other fields for the user, and (2) parse unknown names.
func (*User) DistinguishedName ¶
DistinguishedName returns the user subject as a DistinguishedName. See https://docs.microsoft.com/en-us/windows/win32/seccrypto/name-properties