condition

package
v2.0.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2024 License: AGPL-3.0 Imports: 13 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var AllSupportedAdminKeys = append([]KeyName{
	AWSReferer,
	AWSSourceIP,
	AWSUserAgent,
	AWSSecureTransport,
	AWSCurrentTime,
	AWSEpochTime,
	AWSPrincipalType,
	AWSUserID,
	AWSUsername,
	AWSGroups,
	LDAPUser,
	LDAPUsername,
	LDAPGroups,
	SVCDurationSeconds,
}, JWTKeys...)

AllSupportedAdminKeys - is list of all admin supported keys.

View Source 
var AllSupportedKeys = []KeyName{
	S3SignatureVersion,
	S3AuthType,
	S3SignatureAge,
	S3XAmzCopySource,
	S3XAmzServerSideEncryption,
	S3XAmzServerSideEncryptionCustomerAlgorithm,
	S3XAmzMetadataDirective,
	S3XAmzStorageClass,
	S3XAmzServerSideEncryptionAwsKmsKeyID,
	S3XAmzContentSha256,
	S3LocationConstraint,
	S3Prefix,
	S3Delimiter,
	S3MaxKeys,
	S3VersionID,
	S3ObjectLockRemainingRetentionDays,
	S3ObjectLockMode,
	S3ObjectLockLegalHold,
	S3ObjectLockRetainUntilDate,
	AWSReferer,
	AWSSourceIP,
	AWSUserAgent,
	AWSSecureTransport,
	AWSCurrentTime,
	AWSEpochTime,
	AWSPrincipalType,
	AWSUserID,
	AWSUsername,
	AWSGroups,
	LDAPUser,
	LDAPUsername,
	LDAPGroups,
	RequestObjectTag,
	ExistingObjectTag,
	RequestObjectTagKeys,
	JWTSub,
	JWTIss,
	JWTAud,
	JWTJti,
	JWTName,
	JWTUpn,
	JWTGroups,
	JWTGivenName,
	JWTFamilyName,
	JWTMiddleName,
	JWTNickName,
	JWTPrefUsername,
	JWTProfile,
	JWTPicture,
	JWTWebsite,
	JWTEmail,
	JWTGender,
	JWTBirthdate,
	JWTPhoneNumber,
	JWTAddress,
	JWTScope,
	JWTClientID,
	STSDurationSeconds,
	SVCDurationSeconds,
}

AllSupportedKeys - is list of all all supported keys.

View Source 
var AllSupportedSTSKeys = []KeyName{
	STSDurationSeconds,
}

AllSupportedSTSKeys is the all supported conditions for STS policies

View Source 
var CommonKeys = append([]KeyName{
	S3SignatureVersion,
	S3AuthType,
	S3SignatureAge,
	S3XAmzContentSha256,
	S3LocationConstraint,
	AWSReferer,
	AWSSourceIP,
	AWSUserAgent,
	AWSSecureTransport,
	AWSCurrentTime,
	AWSEpochTime,
	AWSPrincipalType,
	AWSUserID,
	AWSUsername,
	AWSGroups,
	LDAPUser,
	LDAPUsername,
	LDAPGroups,
}, JWTKeys...)

CommonKeys - is list of all common condition keys.

View Source 
var JWTKeys = []KeyName{
	JWTSub,
	JWTIss,
	JWTAud,
	JWTJti,
	JWTName,
	JWTUpn,
	JWTGroups,
	JWTGivenName,
	JWTFamilyName,
	JWTMiddleName,
	JWTNickName,
	JWTPrefUsername,
	JWTProfile,
	JWTPicture,
	JWTWebsite,
	JWTEmail,
	JWTGender,
	JWTBirthdate,
	JWTPhoneNumber,
	JWTAddress,
	JWTScope,
	JWTClientID,
}

JWTKeys - Supported JWT keys, non-exhaustive list please expand as new claims are standardized.

Functions

This section is empty.

Types

type Function 

type Function interface {

	// String() - returns string representation of function.
	String() string
	// contains filtered or unexported methods
}

Function - condition function interface.

func NewBinaryEqualsFunc 

func NewBinaryEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewBinaryEqualsFunc - returns new BinaryEquals function.

func NewBoolFunc 

func NewBoolFunc(key Key, value bool) (Function, error)

NewBoolFunc - returns new Bool function.

func NewDateEqualsFunc 

func NewDateEqualsFunc(key Key, value time.Time) (Function, error)

NewDateEqualsFunc - returns new DateEquals function.

func NewDateGreaterThanEqualsFunc 

func NewDateGreaterThanEqualsFunc(key Key, value time.Time) (Function, error)

NewDateGreaterThanEqualsFunc - returns new DateGreaterThanEquals function.

func NewDateGreaterThanFunc 

func NewDateGreaterThanFunc(key Key, value time.Time) (Function, error)

NewDateGreaterThanFunc - returns new DateGreaterThan function.

func NewDateLessThanEqualsFunc 

func NewDateLessThanEqualsFunc(key Key, value time.Time) (Function, error)

NewDateLessThanEqualsFunc - returns new DateLessThanEquals function.

func NewDateLessThanFunc 

func NewDateLessThanFunc(key Key, value time.Time) (Function, error)

NewDateLessThanFunc - returns new DateLessThan function.

func NewDateNotEqualsFunc 

func NewDateNotEqualsFunc(key Key, value time.Time) (Function, error)

NewDateNotEqualsFunc - returns new DateNotEquals function.

func NewIPAddressFunc 

func NewIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)

NewIPAddressFunc - returns new IP address function.

func NewNotIPAddressFunc 

func NewNotIPAddressFunc(key Key, IPNets ...*net.IPNet) (Function, error)

NewNotIPAddressFunc - returns new Not IP address function.

func NewNullFunc 

func NewNullFunc(key Key, value bool) (Function, error)

NewNullFunc - returns new Null function.

func NewNumericEqualsFunc 

func NewNumericEqualsFunc(key Key, value int) (Function, error)

NewNumericEqualsFunc - returns new NumericEquals function.

func NewNumericGreaterThanEqualsFunc 

func NewNumericGreaterThanEqualsFunc(key Key, value int) (Function, error)

NewNumericGreaterThanEqualsFunc - returns new NumericGreaterThanEquals function.

func NewNumericGreaterThanFunc 

func NewNumericGreaterThanFunc(key Key, value int) (Function, error)

NewNumericGreaterThanFunc - returns new NumericGreaterThan function.

func NewNumericGreaterThanIfExistsFunc added in v2.0.18 

func NewNumericGreaterThanIfExistsFunc(key Key, value int) (Function, error)

NewNumericGreaterThanIfExistsFunc - returns new NumericGreaterThanIfExists function.

func NewNumericLessThanEqualsFunc 

func NewNumericLessThanEqualsFunc(key Key, value int) (Function, error)

NewNumericLessThanEqualsFunc - returns new NumericLessThanEquals function.

func NewNumericLessThanFunc 

func NewNumericLessThanFunc(key Key, value int) (Function, error)

NewNumericLessThanFunc - returns new NumericLessThan function.

func NewNumericNotEqualsFunc 

func NewNumericNotEqualsFunc(key Key, value int) (Function, error)

NewNumericNotEqualsFunc - returns new NumericNotEquals function.

func NewStringEqualsFunc 

func NewStringEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringEqualsFunc - returns new StringEquals function.

func NewStringEqualsIgnoreCaseFunc 

func NewStringEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringEqualsIgnoreCaseFunc - returns new StringEqualsIgnoreCase function.

func NewStringLikeFunc 

func NewStringLikeFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringLikeFunc - returns new StringLike function.

func NewStringNotEqualsFunc 

func NewStringNotEqualsFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotEqualsFunc - returns new StringNotEquals function.

func NewStringNotEqualsIgnoreCaseFunc 

func NewStringNotEqualsIgnoreCaseFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotEqualsIgnoreCaseFunc - returns new StringNotEqualsIgnoreCase function.

func NewStringNotLikeFunc 

func NewStringNotLikeFunc(qualifier string, key Key, values ...string) (Function, error)

NewStringNotLikeFunc - returns new StringNotLike function.

type Functions 

type Functions []Function

Functions - list of functions.

func NewFunctions 

func NewFunctions(functions ...Function) Functions

NewFunctions - returns new Functions with given function list.

func (Functions) Clone 

func (functions Functions) Clone() Functions

Clone clones Functions structure

func (Functions) Equals 

func (functions Functions) Equals(funcs Functions) bool

Equals returns true if two Functions structures are equal

func (Functions) Evaluate 

func (functions Functions) Evaluate(values map[string][]string) bool

Evaluate - evaluates all functions with given values map. Each function is evaluated sequencely and next function is called only if current function succeeds.

func (*Functions) GobDecode 

func (functions *Functions) GobDecode(data []byte) error

GobDecode - decodes gob data to Functions.

func (Functions) GobEncode 

func (functions Functions) GobEncode() ([]byte, error)

GobEncode - encodes Functions to gob data.

func (Functions) Keys 

func (functions Functions) Keys() KeySet

Keys - returns list of keys used in all functions.

func (Functions) MarshalJSON 

func (functions Functions) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Functions to JSON data.

func (Functions) String 

func (functions Functions) String() string

func (*Functions) UnmarshalJSON 

func (functions *Functions) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Functions.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key - conditional key whose name and it's optional variable.

func NewKey 

func NewKey(name KeyName, variable string) Key

NewKey - creates new key

func (Key) Is 

func (key Key) Is(name KeyName) bool

Is - checks if this key has same key name or not.

func (Key) IsValid 

func (key Key) IsValid() bool

IsValid - checks if key is valid or not.

func (Key) MarshalJSON 

func (key Key) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Key to JSON data.

func (Key) Name 

func (key Key) Name() string

Name - returns key name which is stripped value of prefixes "aws:" and "s3:"

func (Key) String 

func (key Key) String() string

func (*Key) UnmarshalJSON 

func (key *Key) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data to Key.

func (Key) VarName 

func (key Key) VarName() string

VarName - returns variable key name, such as "${aws:username}"

type KeyName 

type KeyName string

KeyName - conditional key which is used to fetch values for any condition. Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_s3.html for more information about available condition keys. 

const (
	// S3XAmzCopySource - key representing x-amz-copy-source HTTP header applicable to PutObject API only.
	S3XAmzCopySource KeyName = "s3:x-amz-copy-source"

	// S3XAmzServerSideEncryption - key representing x-amz-server-side-encryption HTTP header applicable
	// to PutObject API only.
	S3XAmzServerSideEncryption KeyName = "s3:x-amz-server-side-encryption"

	// S3XAmzServerSideEncryptionCustomerAlgorithm - key representing
	// x-amz-server-side-encryption-customer-algorithm HTTP header applicable to PutObject API only.
	S3XAmzServerSideEncryptionCustomerAlgorithm KeyName = "s3:x-amz-server-side-encryption-customer-algorithm"

	// S3XAmzMetadataDirective - key representing x-amz-metadata-directive HTTP header applicable to
	// PutObject API only.
	S3XAmzMetadataDirective KeyName = "s3:x-amz-metadata-directive"

	// S3XAmzContentSha256 - set a static content-sha256 for all calls for a given action.
	S3XAmzContentSha256 KeyName = "s3:x-amz-content-sha256"

	// S3XAmzStorageClass - key representing x-amz-storage-class HTTP header applicable to PutObject API
	// only.
	S3XAmzStorageClass KeyName = "s3:x-amz-storage-class"

	// S3XAmzServerSideEncryptionAwsKmsKeyID - key representing x-amz-server-side-encryption-aws-kms-key-id
	// HTTP header for S3 API calls
	S3XAmzServerSideEncryptionAwsKmsKeyID KeyName = "s3:x-amz-server-side-encryption-aws-kms-key-id"

	// S3LocationConstraint - key representing LocationConstraint XML tag of CreateBucket API only.
	S3LocationConstraint KeyName = "s3:LocationConstraint"

	// S3Prefix - key representing prefix query parameter of ListBucket API only.
	S3Prefix KeyName = "s3:prefix"

	// S3Delimiter - key representing delimiter query parameter of ListBucket API only.
	S3Delimiter KeyName = "s3:delimiter"

	// S3VersionID - Enables you to limit the permission for the
	// s3:PutObjectVersionTagging action to a specific object version.
	S3VersionID KeyName = "s3:versionid"

	// S3MaxKeys - key representing max-keys query parameter of ListBucket API only.
	S3MaxKeys KeyName = "s3:max-keys"

	// S3ObjectLockRemainingRetentionDays - key representing object-lock-remaining-retention-days
	// Enables enforcement of an object relative to the remaining retention days, you can set
	// minimum and maximum allowable retention periods for a bucket using a bucket policy.
	// This key are specific for s3:PutObjectRetention API.
	S3ObjectLockRemainingRetentionDays KeyName = "s3:object-lock-remaining-retention-days"

	// S3ObjectLockMode - key representing object-lock-mode
	// Enables enforcement of the specified object retention mode
	S3ObjectLockMode KeyName = "s3:object-lock-mode"

	// S3ObjectLockRetainUntilDate - key representing object-lock-retain-util-date
	// Enables enforcement of a specific retain-until-date
	S3ObjectLockRetainUntilDate KeyName = "s3:object-lock-retain-until-date"

	// S3ObjectLockLegalHold - key representing object-local-legal-hold
	// Enables enforcement of the specified object legal hold status
	S3ObjectLockLegalHold KeyName = "s3:object-lock-legal-hold"

	// AWSReferer - key representing Referer header of any API.
	AWSReferer KeyName = "aws:Referer"

	// AWSSourceIP - key representing client's IP address (not intermittent proxies) of any API.
	AWSSourceIP KeyName = "aws:SourceIp"

	// AWSUserAgent - key representing UserAgent header for any API.
	AWSUserAgent KeyName = "aws:UserAgent"

	// AWSSecureTransport - key representing if the clients request is authenticated or not.
	AWSSecureTransport KeyName = "aws:SecureTransport"

	// AWSCurrentTime - key representing the current time.
	AWSCurrentTime KeyName = "aws:CurrentTime"

	// AWSEpochTime - key representing the current epoch time.
	AWSEpochTime KeyName = "aws:EpochTime"

	// AWSPrincipalType - user principal type currently supported values are "User" and "Anonymous".
	AWSPrincipalType KeyName = "aws:principaltype"

	// AWSUserID - user unique ID, in MinIO this value is same as your user Access Key.
	AWSUserID KeyName = "aws:userid"

	// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
	AWSUsername KeyName = "aws:username"

	// AWSGroups - groups for any authenticating Access Key.
	AWSGroups KeyName = "aws:groups"

	// S3SignatureVersion - identifies the version of AWS Signature that you want to support for authenticated requests.
	S3SignatureVersion KeyName = "s3:signatureversion"

	// S3SignatureAge - identifies the maximum age of presgiend URL allowed
	S3SignatureAge KeyName = "s3:signatureAge"

	// S3AuthType - optionally use this condition key to restrict incoming requests to use a specific authentication method.
	S3AuthType KeyName = "s3:authType"

	// Refer https://docs.aws.amazon.com/AmazonS3/latest/userguide/tagging-and-policies.html
	ExistingObjectTag    KeyName = "s3:ExistingObjectTag"
	RequestObjectTagKeys KeyName = "s3:RequestObjectTagKeys"
	RequestObjectTag     KeyName = "s3:RequestObjectTag"
)

Condition key names. 

const (
	// JWTSub - JWT subject claim substitution.
	JWTSub KeyName = "jwt:sub"

	// JWTIss issuer claim substitution.
	JWTIss KeyName = "jwt:iss"

	// JWTAud audience claim substitution.
	JWTAud KeyName = "jwt:aud"

	// JWTJti JWT unique identifier claim substitution.
	JWTJti KeyName = "jwt:jti"

	JWTUpn          KeyName = "jwt:upn"
	JWTName         KeyName = "jwt:name"
	JWTGroups       KeyName = "jwt:groups"
	JWTGivenName    KeyName = "jwt:given_name"
	JWTFamilyName   KeyName = "jwt:family_name"
	JWTMiddleName   KeyName = "jwt:middle_name"
	JWTNickName     KeyName = "jwt:nickname"
	JWTPrefUsername KeyName = "jwt:preferred_username"
	JWTProfile      KeyName = "jwt:profile"
	JWTPicture      KeyName = "jwt:picture"
	JWTWebsite      KeyName = "jwt:website"
	JWTEmail        KeyName = "jwt:email"
	JWTGender       KeyName = "jwt:gender"
	JWTBirthdate    KeyName = "jwt:birthdate"
	JWTPhoneNumber  KeyName = "jwt:phone_number"
	JWTAddress      KeyName = "jwt:address"
	JWTScope        KeyName = "jwt:scope"
	JWTClientID     KeyName = "jwt:client_id"
)

JWT claims supported substitutions. https://www.iana.org/assignments/jwt/jwt.xhtml#claims 

const (
	// LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user DN.
	LDAPUser KeyName = "ldap:user"

	// LDAPUsername - LDAP username, in MinIO is the authenticated simple user.
	LDAPUsername KeyName = "ldap:username"

	// LDAPGroups - LDAP groups, in MinIO this value is equal LDAP Group DNs for the authenticating user.
	LDAPGroups KeyName = "ldap:groups"
)
const (
	// STSDurationSeconds - Duration seconds condition for STS policy
	STSDurationSeconds KeyName = "sts:DurationSeconds"
	// SVCDurationSeconds - Duration seconds condition for Admin policy
	SVCDurationSeconds KeyName = "svc:DurationSeconds"
)

func (KeyName) Name 

func (key KeyName) Name() string

Name - returns key name which is stripped value of prefixes "aws:", "s3:", "jwt:" and "ldap:"

func (KeyName) ToKey 

func (key KeyName) ToKey() Key

ToKey - creates key from name.

func (KeyName) VarName 

func (key KeyName) VarName() string

VarName - returns variable key name, such as "${aws:username}"

type KeySet 

type KeySet map[Key]struct{}

KeySet - set representation of slice of keys.

func NewKeySet 

func NewKeySet(keys ...Key) KeySet

NewKeySet - returns new KeySet contains given keys.

func (KeySet) Add 

func (set KeySet) Add(key Key)

Add - add a key to key set.

func (KeySet) Difference 

func (set KeySet) Difference(sset KeySet) KeySet

Difference - returns a key set contains difference of two keys. Example: 

keySet1 := ["one", "two", "three"]
keySet2 := ["two", "four", "three"]
keySet1.Difference(keySet2) == ["one"]

func (KeySet) IsEmpty 

func (set KeySet) IsEmpty() bool

IsEmpty - returns whether key set is empty or not.

func (KeySet) Match 

func (set KeySet) Match(key Key) bool

Match matches the input key name with current keySet

func (KeySet) Merge 

func (set KeySet) Merge(mset KeySet)

Merge merges two key sets, duplicates are overwritten

func (KeySet) String 

func (set KeySet) String() string

func (KeySet) ToSlice 

func (set KeySet) ToSlice() []Key

ToSlice - returns slice of keys.

type Value 

type Value struct {
	// contains filtered or unexported fields
}

Value - is enum type of string, int or bool.

func NewBoolValue 

func NewBoolValue(b bool) Value

NewBoolValue - returns new bool value.

func NewIntValue 

func NewIntValue(i int) Value

NewIntValue - returns new int value.

func NewStringValue 

func NewStringValue(s string) Value

NewStringValue - returns new string value.

func (Value) GetBool 

func (v Value) GetBool() (bool, error)

GetBool - gets stored bool value.

func (Value) GetInt 

func (v Value) GetInt() (int, error)

GetInt - gets stored int value.

func (Value) GetString 

func (v Value) GetString() (string, error)

GetString - gets stored string value.

func (Value) GetType 

func (v Value) GetType() reflect.Kind

GetType - gets enum type.

func (Value) MarshalJSON 

func (v Value) MarshalJSON() ([]byte, error)

MarshalJSON - encodes Value to JSON data.

func (*Value) StoreBool 

func (v *Value) StoreBool(b bool)

StoreBool - stores bool value.

func (*Value) StoreInt 

func (v *Value) StoreInt(i int)

StoreInt - stores int value.

func (*Value) StoreString 

func (v *Value) StoreString(s string)

StoreString - stores string value.

func (Value) String 

func (v Value) String() string

String - returns string representation of value.

func (*Value) UnmarshalJSON 

func (v *Value) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

type ValueSet 

type ValueSet map[Value]struct{}

ValueSet - unique list of values.

func NewValueSet 

func NewValueSet(values ...Value) ValueSet

NewValueSet - returns new value set containing given values.

func (ValueSet) Add 

func (set ValueSet) Add(value Value)

Add - adds given value to value set.

func (ValueSet) Clone 

func (set ValueSet) Clone() ValueSet

Clone clones ValueSet structure

func (ValueSet) MarshalJSON 

func (set ValueSet) MarshalJSON() ([]byte, error)

MarshalJSON - encodes ValueSet to JSON data.

func (ValueSet) ToSlice 

func (set ValueSet) ToSlice() []Value

ToSlice converts ValueSet to a slice of Value

func (*ValueSet) UnmarshalJSON 

func (set *ValueSet) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.