Documentation
¶
Index ¶
- Constants
- type ACL
- type Cache
- type EventPolicy
- type FaultFunc
- type KeyPolicy
- type Policy
- type PolicyACL
- func (p *PolicyACL) ACLList() bool
- func (p *PolicyACL) ACLModify() bool
- func (p *PolicyACL) EventRead(name string) bool
- func (p *PolicyACL) EventWrite(name string) bool
- func (p *PolicyACL) KeyRead(key string) bool
- func (p *PolicyACL) KeyWrite(key string) bool
- func (p *PolicyACL) KeyWritePrefix(prefix string) bool
- func (p *PolicyACL) KeyringRead() bool
- func (p *PolicyACL) KeyringWrite() bool
- func (p *PolicyACL) QueryList() bool
- func (p *PolicyACL) QueryModify() bool
- func (p *PolicyACL) ServiceRead(name string) bool
- func (p *PolicyACL) ServiceWrite(name string) bool
- type ServicePolicy
- type StaticACL
- func (s *StaticACL) ACLList() bool
- func (s *StaticACL) ACLModify() bool
- func (s *StaticACL) EventRead(string) bool
- func (s *StaticACL) EventWrite(string) bool
- func (s *StaticACL) KeyRead(string) bool
- func (s *StaticACL) KeyWrite(string) bool
- func (s *StaticACL) KeyWritePrefix(string) bool
- func (s *StaticACL) KeyringRead() bool
- func (s *StaticACL) KeyringWrite() bool
- func (s *StaticACL) QueryList() bool
- func (s *StaticACL) QueryModify() bool
- func (s *StaticACL) ServiceRead(string) bool
- func (s *StaticACL) ServiceWrite(string) bool
Constants ¶
const ( KeyPolicyDeny = "deny" KeyPolicyRead = "read" KeyPolicyWrite = "write" ServicePolicyDeny = "deny" ServicePolicyRead = "read" ServicePolicyWrite = "write" EventPolicyRead = "read" EventPolicyWrite = "write" EventPolicyDeny = "deny" KeyringPolicyWrite = "write" KeyringPolicyRead = "read" KeyringPolicyDeny = "deny" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACL ¶
type ACL interface {
// KeyRead checks for permission to read a given key
KeyRead(string) bool
// KeyWrite checks for permission to write a given key
KeyWrite(string) bool
// KeyWritePrefix checks for permission to write to an
// entire key prefix. This means there must be no sub-policies
// that deny a write.
KeyWritePrefix(string) bool
// ServiceWrite checks for permission to read a given service
ServiceWrite(string) bool
// ServiceRead checks for permission to read a given service
ServiceRead(string) bool
// EventRead determines if a specific event can be queried.
EventRead(string) bool
// EventWrite determines if a specific event may be fired.
EventWrite(string) bool
// KeyringRead determines if the encryption keyring used in
// the gossip layer can be read.
KeyringRead() bool
// KeyringWrite determines if the keyring can be manipulated
KeyringWrite() bool
// ACLList checks for permission to list all the ACLs
ACLList() bool
// ACLModify checks for permission to manipulate ACLs
ACLModify() bool
// QueryList checks for permission to list all the prepared queries.
QueryList() bool
// QueryModify checks for permission to modify any prepared query.
QueryModify() bool
}
ACL is the interface for policy enforcement.
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache is used to implement policy and ACL caching
func (*Cache) GetACL ¶
GetACL is used to get a potentially cached ACL policy. If not cached, it will be generated and then cached.
func (*Cache) GetACLPolicy ¶
GetACLPolicy is used to get the potentially cached ACL policy. If not cached, it will be generated and then cached.
type EventPolicy ¶ added in v0.6.0
EventPolicy represents a user event policy.
func (*EventPolicy) GoString ¶ added in v0.6.0
func (e *EventPolicy) GoString() string
type FaultFunc ¶
FaultFunc is a function used to fault in the parent, rules for an ACL given it's ID
type Policy ¶
type Policy struct {
ID string `hcl:"-"`
Keys []*KeyPolicy `hcl:"key,expand"`
Services []*ServicePolicy `hcl:"service,expand"`
Events []*EventPolicy `hcl:"event,expand"`
Keyring string `hcl:"keyring"`
}
Policy is used to represent the policy specified by an ACL configuration.
type PolicyACL ¶
type PolicyACL struct {
// contains filtered or unexported fields
}
PolicyACL is used to wrap a set of ACL policies to provide the ACL interface.
func New ¶
New is used to construct a policy based ACL from a set of policies and a parent policy to resolve missing cases.
func (*PolicyACL) EventRead ¶ added in v0.6.0
EventRead is used to determine if the policy allows for a specific user event to be read.
func (*PolicyACL) EventWrite ¶ added in v0.6.0
EventWrite is used to determine if new events can be created (fired) by the policy.
func (*PolicyACL) KeyWritePrefix ¶
KeyWritePrefix returns if a prefix is allowed to be written
func (*PolicyACL) KeyringRead ¶ added in v0.6.0
KeyringRead is used to determine if the keyring can be read by the current ACL token.
func (*PolicyACL) KeyringWrite ¶ added in v0.6.0
KeyringWrite determines if the keyring can be manipulated.
func (*PolicyACL) QueryList ¶ added in v0.6.0
QueryList checks if listing of all prepared queries is allowed.
func (*PolicyACL) QueryModify ¶ added in v0.6.0
QueryModify checks if modifying of any prepared query is allowed.
func (*PolicyACL) ServiceRead ¶ added in v0.5.0
ServiceRead checks if reading (discovery) of a service is allowed
func (*PolicyACL) ServiceWrite ¶ added in v0.5.0
ServiceWrite checks if writing (registering) a service is allowed
type ServicePolicy ¶ added in v0.5.0
ServicePolicy represents a policy for a service
func (*ServicePolicy) GoString ¶ added in v0.5.0
func (k *ServicePolicy) GoString() string
type StaticACL ¶
type StaticACL struct {
// contains filtered or unexported fields
}
StaticACL is used to implement a base ACL policy. It either allows or denies all requests. This can be used as a parent ACL to act in a blacklist or whitelist mode.
Source Files