doorman

package
v0.0.0-...-2cb5aa6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2019 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package doorman is in charge of answering authorization requests by matching a set of policies loaded in memory.

The default implementation relies on Ladon (https://github.com/ory/ladon).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Condition 

type Condition struct {
	Type    string
	Options map[string]interface{}
}

Condition either do or do not fulfill an access request.

type Conditions 

type Conditions map[string]Condition

Conditions is a collection of conditions.

type Context 

type Context map[string]interface{}

Context is used as request's context.

type Doorman 

type Doorman interface {
	// LoadPolicies is responsible for loading the services configuration into memory.
	LoadPolicies(configs ServicesConfig) error
	// ConfigSources returns the list of configuration sources.
	ConfigSources() []string
	// Authenticator by service
	Authenticator(service string) (authn.Authenticator, error)
	// ExpandPrincipals looks up and add extra principals to the ones specified.
	ExpandPrincipals(service string, principals Principals) Principals
	// IsAllowed is responsible for deciding if the specified authorization is allowed for the specified service.
	IsAllowed(service string, request *Request) bool
}

Doorman is the backend in charge of checking requests against policies.

type LadonDoorman 

type LadonDoorman struct {
	// contains filtered or unexported fields
}

LadonDoorman is the backend in charge of checking requests against policies.

func NewDefaultLadon 

func NewDefaultLadon() *LadonDoorman

NewDefaultLadon instantiates a new doorman.

func (*LadonDoorman) Authenticator 

func (doorman *LadonDoorman) Authenticator(service string) (authn.Authenticator, error)

Authenticator returns the authenticator for the specified service or nil.

func (*LadonDoorman) ConfigSources 

func (doorman *LadonDoorman) ConfigSources() []string

func (*LadonDoorman) ExpandPrincipals 

func (doorman *LadonDoorman) ExpandPrincipals(service string, principals Principals) Principals

ExpandPrincipals will match the tags defined in the configuration for this service against each of the specified principals.

func (*LadonDoorman) IsAllowed 

func (doorman *LadonDoorman) IsAllowed(service string, request *Request) bool

IsAllowed is responsible for deciding if subject can perform action on a resource with a context.

func (*LadonDoorman) LoadPolicies 

func (doorman *LadonDoorman) LoadPolicies(configs ServicesConfig) error

LoadPolicies instantiates Ladon objects from doorman's.

func (*LadonDoorman) SetAuthenticator 

func (doorman *LadonDoorman) SetAuthenticator(service string, a authn.Authenticator)

SetAuthenticator allows to manually set an authenticator instance associated to a domain.

type MatchPrincipalsCondition 

type MatchPrincipalsCondition struct{}

MatchPrincipalsCondition is a condition which is fulfilled if the given value string is among principals.

func (*MatchPrincipalsCondition) Fulfills 

func (c *MatchPrincipalsCondition) Fulfills(value interface{}, r *ladon.Request) bool

Fulfills returns true if the request's subject is equal to the given value string. This makes sense only because we iterate on principals and set the Request subject.

func (*MatchPrincipalsCondition) GetName 

func (c *MatchPrincipalsCondition) GetName() string

GetName returns the condition's name.

type Policies 

type Policies []Policy

Policies is a collection of policies.

type Policy 

type Policy struct {
	ID          string
	Description string
	Principals  []string
	Effect      string
	Resources   []string
	Actions     []string
	Conditions  Conditions
}

Policy represents an access control.

type Principals 

type Principals []string

Principals represent a user (userid, email, tags, ...)

type Request 

type Request struct {
	// Principals are strings that identify the user.
	Principals Principals
	// Resource is the resource that access is requested to.
	Resource string
	// Action is the action that is requested on the resource.
	Action string
	// Context is the request's environmental context.
	Context Context
}

Request is the authorization request.

func (*Request) Roles 

func (r *Request) Roles() Principals

Roles reads the roles from request context and returns the principals.

type ServiceConfig 

type ServiceConfig struct {
	Source           string
	Service          string
	IdentityProvider string `yaml:"identityProvider"`
	Tags             Tags
	Policies         Policies
}

ServiceConfig represents the policies file content.

func (*ServiceConfig) GetTags 

func (c *ServiceConfig) GetTags(principals Principals) Principals

GetTags returns the tags principals for the ones specified.

type ServicesConfig 

type ServicesConfig []ServiceConfig

ServicesConfig is the whole set of policies files.

type Tags 

type Tags map[string]Principals

Tags map tag names to principals.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.