Documentation ¶
Index ¶
Constants ¶
View Source
const ( AuthCookieName = "flicktrack_io_auth_cookie" VIEWER_ROLE = "viewer" USER_ROLE = "user" ADMIN_ROLE = "admin" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthCookieData ¶
type AuthCookieData struct {
Namespaces []*AuthCookieDataNs `json:"namespaces"`
}
func (*AuthCookieData) Decode ¶
func (a *AuthCookieData) Decode(data []byte) error
func (*AuthCookieData) Serialize ¶
func (a *AuthCookieData) Serialize() ([]byte, error)
type AuthCookieDataNs ¶
type Authorizer ¶
type Authorizer interface { // AddRole receives a Role and appends it to an internal list // of Roles. // Returns a boolean (false) if the given Role already exists. AddRole(Role) bool // Bind receives a Role and a set of Subjects and creates // a link between the Subjects and the Role. Bind(Role, ...Subject) bool // Bindings returns the role-bindings aggregated by the Authorizer Bindings() []RoleBinding // Role returns a composed Role by a given name. // Returns a boolean (false) if the role does not exist. Role(string) (Role, bool) // Verify verifies that a given subject has access to the // resources defined by the given Rule. // Returns a boolean (true) if the Rule given is contained // within the role(s) the subject has access to. Verify(Subject, Rule) bool }
Authorizer authorizes a Subject to perform an action based on Rules defined by Roles bound to that Subject
func NewAuthorizer ¶
func NewAuthorizer() Authorizer
type AuthorizerSpec ¶
type AuthorizerSpec struct {
// contains filtered or unexported fields
}
AuthorizerSpec is a RoleHandler that provides several convenience methods for managing and restricting command access based on a given role.
func (*AuthorizerSpec) AddRole ¶
func (a *AuthorizerSpec) AddRole(r Role) bool
func (*AuthorizerSpec) Bindings ¶
func (a *AuthorizerSpec) Bindings() []RoleBinding
type Role ¶
type Role interface { // AddRule composes a new Rule in the Role. // Returns a boolean (false) if the given rule already exists. AddRule(Rule) bool // Name returns the name assigned to the Role Name() string // Rules returns the set of rules composed by the Role Rules() []Rule }
Role is an object that
type RoleBinding ¶
type RoleBinding interface { // AddSubject appends a new Subject to a list of Subjects bound // to the RoleBinding's Role. // Returns a boolean (false) if the given Subject already exists // in the list of bound subjects, or true otherwise. AddSubject(Subject) bool // RemoveSubject removes a given subject from a list of Subjects // bound to the RoleBinding's Role. // Returns true if a Subject exists in the list of bound Subjects, // or false if the user is not found, or cannot be removed. RemoveSubject(Subject) bool // Role returns the role bound by the roleBinding Role() Role // Subjects returns the Subjects bound to the roleBinding Subjects() []Subject }
RoleBinding links an rbac Role to a set of Subjects
func NewRoleBinding ¶
func NewRoleBinding(role Role, subjects []Subject) RoleBinding
NewRoleBinding receives a Role and a slice of Subjects to bind to the given Role.
type RoleBindingSpec ¶
type RoleBindingSpec struct {
// contains filtered or unexported fields
}
RoleBindingSpec implements RoleBinding
func (*RoleBindingSpec) AddSubject ¶
func (b *RoleBindingSpec) AddSubject(s Subject) bool
func (*RoleBindingSpec) RemoveSubject ¶
func (b *RoleBindingSpec) RemoveSubject(s Subject) bool
func (*RoleBindingSpec) Role ¶
func (b *RoleBindingSpec) Role() Role
func (*RoleBindingSpec) Subjects ¶
func (b *RoleBindingSpec) Subjects() []Subject
type Rule ¶
type Rule interface { // Name returns the name associated with the Rule Name() string // Actions returns the specific set of actions for which the Rule allows access Actions() []string }
Rule defines a permission
func RuleByAction ¶
func RuleByAction(bindings []RoleBinding, action string) (Rule, bool)
RuleByAction receives an action and returns the rule corresponding to that action, or false if no rule is found.
Click to show internal directories.
Click to hide internal directories.