entitlement

package

v0.0.0-...-80ec3b1 Latest Latest Go to latest Published: Dec 21, 2017 License: Apache-2.0 Imports: 6 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/moby/libentitlement

Links

Open Source Insights

Documentation ¶

Index ¶

type Entitlement
- func NewIntEntitlement(fullName string, callback IntEntitlementEnforceCallback) Entitlement
- func NewStringEntitlement(fullName string, callback StringEntitlementEnforceCallback) Entitlement
type IntEntitlement
type IntEntitlementEnforceCallback
type StringEntitlement
type StringEntitlementEnforceCallback
type VoidEntitlement
- func NewVoidEntitlement(fullName string, callback VoidEntitlementEnforceCallback) *VoidEntitlement
type VoidEntitlementEnforceCallback

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Entitlement ¶

type Entitlement interface {
	// Entitlement's domain name (ex: network, host.devices,
	Domain() (string, error)
	// Entitlement's identifier
	Identifier() (string, error)
	// Entitlement value (eg. resources) - optional
	Value() (string, error)
	// Enforce should return an updated value of the profile according to
	// the entitlement spec (FIXME: write a proper entitlement spec and link it in the proposal)
	Enforce(secprofile.Profile) (secprofile.Profile, error)
}

Entitlement defines an interface for an entitlement, including its ID, Domain, and how its enforced in a Profile

func NewIntEntitlement ¶

func NewIntEntitlement(fullName string, callback IntEntitlementEnforceCallback) Entitlement

NewIntEntitlement instantiates a new integer Entitlement

func NewStringEntitlement ¶

func NewStringEntitlement(fullName string, callback StringEntitlementEnforceCallback) Entitlement

NewStringEntitlement instantiates a new string Entitlement

type IntEntitlement ¶

type IntEntitlement struct {
	EnforceCallback IntEntitlementEnforceCallback
	// contains filtered or unexported fields
}

IntEntitlement is an entitlement with an explicit int value

func (*IntEntitlement) Domain ¶

func (e *IntEntitlement) Domain() (string, error)

Domain returns the entitlement's domain name as a string

func (*IntEntitlement) Enforce ¶

func (e *IntEntitlement) Enforce(profile secprofile.Profile) (secprofile.Profile, error)

Enforce calls the enforcement callback which applies the constraints on the security profile based on the entitlement int value

func (*IntEntitlement) Identifier ¶

func (e *IntEntitlement) Identifier() (string, error)

Identifier returns the entitlement's identifier

func (*IntEntitlement) Value ¶

func (e *IntEntitlement) Value() (string, error)

Value returns the entitlement's value. Note: Int entitlements need an explicit value, it can't be an empty string

type IntEntitlementEnforceCallback ¶

type IntEntitlementEnforceCallback func(secprofile.Profile, int64) (secprofile.Profile, error)

IntEntitlementEnforceCallback should take the security profile to update with the constraints and the entitlement int value as a parameter when being executed

type StringEntitlement ¶

type StringEntitlement struct {
	EnforceCallback StringEntitlementEnforceCallback
	// contains filtered or unexported fields
}

StringEntitlement is an entitlements with an explicit string value

func (*StringEntitlement) Domain ¶

func (e *StringEntitlement) Domain() (string, error)

Domain returns the entitlement's domain name

func (*StringEntitlement) Enforce ¶

func (e *StringEntitlement) Enforce(profile secprofile.Profile) (secprofile.Profile, error)

Enforce calls the enforcement callback which applies the constraints on the security profile based on the entitlement value

func (*StringEntitlement) Identifier ¶

func (e *StringEntitlement) Identifier() (string, error)

Identifier returns the entitlement's identifier

func (*StringEntitlement) SetValue ¶

func (e *StringEntitlement) SetValue(value string) error

SetValue sets the entitlement's value.

func (*StringEntitlement) Value ¶

func (e *StringEntitlement) Value() (string, error)

Value returns the entitlement's value. Note: String entitlements need an explicit value, it can't be an empty string

type StringEntitlementEnforceCallback ¶

type StringEntitlementEnforceCallback func(secprofile.Profile, string) (secprofile.Profile, error)

StringEntitlementEnforceCallback should take the security profile to update with the constraints and the entitlement value as a parameter when being executed

type VoidEntitlement ¶

type VoidEntitlement struct {
	EnforceCallback VoidEntitlementEnforceCallback
	// contains filtered or unexported fields
}

VoidEntitlement is an entitlement without parameters

func NewVoidEntitlement ¶

func NewVoidEntitlement(fullName string, callback VoidEntitlementEnforceCallback) *VoidEntitlement

NewVoidEntitlement instantiates a new VoidEntitlement

func (*VoidEntitlement) Domain ¶

func (e *VoidEntitlement) Domain() (string, error)

Domain returns the entitlement's domain name

func (*VoidEntitlement) Enforce ¶

func (e *VoidEntitlement) Enforce(profile secprofile.Profile) (secprofile.Profile, error)

Enforce calls the enforcement callback which applies the constraints on the security profile based on the entitlement value

func (*VoidEntitlement) Identifier ¶

func (e *VoidEntitlement) Identifier() (string, error)

Identifier returns the entitlement's identifier

func (*VoidEntitlement) Value ¶

func (e *VoidEntitlement) Value() (string, error)

Value should not be called on a void entitlement

type VoidEntitlementEnforceCallback ¶

type VoidEntitlementEnforceCallback func(secprofile.Profile) (secprofile.Profile, error)

VoidEntitlementEnforceCallback should take the security profile to update with the constraints

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL