authz

package
v0.0.0-...-0f5fd96 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2016 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NoMatch = errors.New("did not match any rule")
View Source 
var ScopeNoMatch = errors.New("did not match the scope")

Functions

func StringSetIntersection 

func StringSetIntersection(a, b []string) []string

Types

type ACL 

type ACL []ACLEntry

type ACLEntry 

type ACLEntry struct {
	Match   *MatchConditions `yaml:"match"`
	Actions *[]string        `yaml:"actions,flow"`
	Comment *string          `yaml:"comment,omitempty"`
}

func (*ACLEntry) Matches 

func (e *ACLEntry) Matches(ai *AuthRequestInfo) bool

func (ACLEntry) String 

func (e ACLEntry) String() string

type ACLMongoConfig 

type ACLMongoConfig struct {
	MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
	Collection  string              `yaml:"collection,omitempty"`
	CacheTTL    time.Duration       `yaml:"cache_ttl,omitempty"`
}

func (*ACLMongoConfig) Validate 

func (c *ACLMongoConfig) Validate(configKey string) error

Validate ensures that any custom config options in a Config are set correctly.

type AuthRequestInfo 

type AuthRequestInfo struct {
	Account string
	Type    string
	Name    string
	Service string
	IP      net.IP
	Actions []string
}

func (AuthRequestInfo) String 

func (ai AuthRequestInfo) String() string

type Authorizer 

type Authorizer interface {
	// Authorize performs authorization given the request information.
	// It returns a set of authorized actions (of the set requested), which can be empty/nil.
	// Error should only be reported if request could not be serviced, not if it should be denied.
	// A special NoMatch error is returned if the authorizer could not reach a decision,
	// e.g. none of the rules matched.
	// Implementations must be goroutine-safe.
	Authorize(ai *AuthRequestInfo) ([]string, error)

	// Finalize resources in preparation for shutdown.
	// When this call is made there are guaranteed to be no Authenticate requests in flight
	// and there will be no more calls made to this instance.
	Stop()

	// Human-readable name of the authenticator.
	Name() string
}

Authorizer interface performs authorization of the request. It is invoked after authentication so it can be assumed that the requestor has presented satisfactory credentials for Account. Principally, it answers the question: is this Account allowed to perform these Actions on this Type.Name subject in the give Service?

func NewACLAuthorizer 

func NewACLAuthorizer(acl ACL) (Authorizer, error)

NewACLAuthorizer Creates a new static authorizer with ACL that have been read from the config file

func NewACLMongoAuthorizer 

func NewACLMongoAuthorizer(c *ACLMongoConfig) (Authorizer, error)

NewACLMongoAuthorizer creates a new ACL Mongo authorizer

type MatchConditions 

type MatchConditions struct {
	Account *string `yaml:"account,omitempty" json:"account,omitempty"`
	Type    *string `yaml:"type,omitempty" json:"type,omitempty"`
	Name    *string `yaml:"name,omitempty" json:"name,omitempty"`
	IP      *string `yaml:"ip,omitempty" json:"ip,omitempty"`
}

func (*MatchConditions) Matches 

func (mc *MatchConditions) Matches(ai *AuthRequestInfo) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.