policy

package

v0.2103.8 Latest Latest Go to latest Published: Jan 18, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oasisprotocol/oasis-core

Links

Open Source Insights

Documentation ¶

Index ¶

func GRPCAuthenticationFunction(policy RuntimePolicyChecker) auth.AuthenticationFunction
type AllowAllRuntimePolicyChecker
- func (c *AllowAllRuntimePolicyChecker) CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error
type DynamicRuntimePolicyChecker
- func NewDynamicRuntimePolicyChecker(service grpc.ServiceName, watcher api.PolicyWatcher) *DynamicRuntimePolicyChecker
- func (c *DynamicRuntimePolicyChecker) CheckAccessAllowed(ctx context.Context, method accessctl.Action, runtimeID common.Namespace) error
- func (c *DynamicRuntimePolicyChecker) SetAccessPolicy(policy accessctl.Policy, runtimeID common.Namespace)
type ErrForbiddenByPolicy
- func (e ErrForbiddenByPolicy) Error() string
- func (e ErrForbiddenByPolicy) GRPCStatus() *status.Status
type RuntimePolicyChecker

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GRPCAuthenticationFunction ¶

func GRPCAuthenticationFunction(policy RuntimePolicyChecker) auth.AuthenticationFunction

GRPCAuthenticationFunction returns a gRPC authentication function using the provided policy checker.

Types ¶

type AllowAllRuntimePolicyChecker ¶

type AllowAllRuntimePolicyChecker struct{}

AllowAllRuntimePolicyChecker is a RuntimePolicyChecker that allows all access.

func (*AllowAllRuntimePolicyChecker) CheckAccessAllowed ¶

func (c *AllowAllRuntimePolicyChecker) CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error

type DynamicRuntimePolicyChecker ¶

type DynamicRuntimePolicyChecker struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

DynamicRuntimePolicyChecker is a RuntimePolicyChecker that allows a dynamic policy to be specified and modified.

func NewDynamicRuntimePolicyChecker ¶

func NewDynamicRuntimePolicyChecker(service grpc.ServiceName, watcher api.PolicyWatcher) *DynamicRuntimePolicyChecker

NewDynamicRuntimePolicyChecker creates a new dynamic runtime policy checker instance.

func (*DynamicRuntimePolicyChecker) CheckAccessAllowed ¶

func (c *DynamicRuntimePolicyChecker) CheckAccessAllowed(
	ctx context.Context,
	method accessctl.Action,
	runtimeID common.Namespace,
) error

CheckAccessAllowed checks if the connected peer is allowed access to a server method according to the set access policy.

func (*DynamicRuntimePolicyChecker) SetAccessPolicy ¶

func (c *DynamicRuntimePolicyChecker) SetAccessPolicy(policy accessctl.Policy, runtimeID common.Namespace)

SetAccessPolicy sets the PolicyChecker's access policy.

After this method is called the passed policy must not be used anymore.

type ErrForbiddenByPolicy ¶

type ErrForbiddenByPolicy struct {
	// contains filtered or unexported fields
}

ErrForbiddenByPolicy is the error returned when an action is not allowed by policy.

func (ErrForbiddenByPolicy) Error ¶

func (e ErrForbiddenByPolicy) Error() string

func (ErrForbiddenByPolicy) GRPCStatus ¶

func (e ErrForbiddenByPolicy) GRPCStatus() *status.Status

GRPCStatus retruns appropriate gRPC status permission denied error code.

type RuntimePolicyChecker ¶

type RuntimePolicyChecker interface {
	// CheckAccessAllowed checks if the connected peer is allowed access to a server method according
	// to the set access policy.
	CheckAccessAllowed(ctx context.Context, method accessctl.Action, namespace common.Namespace) error
}

RuntimePolicyChecker is used for setting and checking the gRPC server's access control policy for different runtimes.

Source Files ¶

View all Source files

policy.go

Directories ¶

Path	Synopsis
api Package api defines the common gRPC policy service and data structures.	Package api defines the common gRPC policy service and data structures.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL