Documentation
¶
Overview ¶
Package criteria contains all the pre-defined criteria as well as a registry to add new criteria.
Index ¶
- Constants
- func NewCriterionDeviceRule(g *generator.Generator, name string, passReason, failReason Reason, ...) *ast.Rule
- func NewCriterionRule(g *generator.Generator, name string, passReason, failReason Reason, ...) *ast.Rule
- func NewCriterionSessionRule(g *generator.Generator, name string, passReason, failReason Reason, ...) *ast.Rule
- func NewCriterionTerm(value bool, reasons ...Reason) *ast.Term
- func NewCriterionTermWithAdditionalData(value bool, reason Reason, additionalData map[string]interface{}) *ast.Term
- func Register(criterionConstructor CriterionConstructor)
- type Criterion
- func Accept(generator *Generator) Criterion
- func AuthenticatedUser(generator *Generator) Criterion
- func CORSPreflight(generator *Generator) Criterion
- func Claims(generator *Generator) Criterion
- func ClientCertificate(generator *Generator) Criterion
- func Device(generator *Generator) Criterion
- func Domain(generator *Generator) Criterion
- func Email(generator *Generator) Criterion
- func HTTPMethod(generator *Generator) Criterion
- func HTTPPath(generator *Generator) Criterion
- func InvalidClientCertificate(generator *Generator) Criterion
- func Reject(generator *Generator) Criterion
- func UserID(generator *Generator) Criterion
- type CriterionConstructor
- type CriterionDataType
- type Generator
- type Reason
- type Reasons
Constants ¶
const ( ReasonAccept = "accept" ReasonClaimOK = "claim-ok" ReasonClientCertificateOK = "client-certificate-ok" ReasonClientCertificateRequired = "client-certificate-required" ReasonCORSRequest = "cors-request" ReasonDeviceOK = "device-ok" ReasonDeviceUnauthenticated = "device-unauthenticated" ReasonDomainOK = "domain-ok" ReasonEmailOK = "email-ok" ReasonHTTPMethodOK = "http-method-ok" ReasonHTTPPathOK = "http-path-ok" ReasonInvalidClientCertificate = "invalid-client-certificate" ReasonNonCORSRequest = "non-cors-request" ReasonNonPomeriumRoute = "non-pomerium-route" ReasonPomeriumRoute = "pomerium-route" ReasonReject = "reject" ReasonRouteNotFound = "route-not-found" ReasonUserOK = "user-ok" ReasonUserUnauthenticated = "user-unauthenticated" // user needs to log in ReasonValidClientCertificate = "valid-client-certificate" )
Well-known reasons.
Variables ¶
This section is empty.
Functions ¶
func NewCriterionDeviceRule ¶ added in v0.15.6
func NewCriterionDeviceRule( g *generator.Generator, name string, passReason, failReason Reason, body ast.Body, deviceType string, ) *ast.Rule
NewCriterionDeviceRule generates a new rule for a criterion which requires a device and session. If there is no device "device-unauthenticated" is returned. If there is no session "user-unauthenticated" is returned.
func NewCriterionRule ¶ added in v0.15.6
func NewCriterionRule( g *generator.Generator, name string, passReason, failReason Reason, body ast.Body, ) *ast.Rule
NewCriterionRule generates a new rule for a criterion.
func NewCriterionSessionRule ¶ added in v0.15.6
func NewCriterionSessionRule( g *generator.Generator, name string, passReason, failReason Reason, body ast.Body, ) *ast.Rule
NewCriterionSessionRule generates a new rule for a criterion which requires a session. If there is no session "user-unauthenticated" is returned.
func NewCriterionTerm ¶ added in v0.15.6
NewCriterionTerm creates a new rego term for a criterion:
[true, {"reason"}]
func NewCriterionTermWithAdditionalData ¶ added in v0.15.6
func NewCriterionTermWithAdditionalData(value bool, reason Reason, additionalData map[string]interface{}) *ast.Term
NewCriterionTermWithAdditionalData creates a new rego term for a criterion with additional data:
[true, {"reason"}, {"key": "value"}]
func Register ¶
func Register(criterionConstructor CriterionConstructor)
Register registers a criterion.
Types ¶
type Criterion ¶
A Criterion generates rego rules based on data.
func AuthenticatedUser ¶
AuthenticatedUser returns a Criterion which returns true if the current user is logged in.
func CORSPreflight ¶
CORSPreflight returns a Criterion which returns true if the input request is a CORS preflight request.
func ClientCertificate ¶ added in v0.23.0
ClientCertificate returns a Criterion on a client certificate.
func HTTPMethod ¶ added in v0.16.0
HTTPMethod returns a Criterion which matches an HTTP method.
func InvalidClientCertificate ¶
InvalidClientCertificate returns a Criterion which returns true if the client certificate is invalid.
type CriterionConstructor ¶
type CriterionConstructor = generator.CriterionConstructor
A CriterionConstructor is a function which returns a Criterion for a Generator.
type CriterionDataType ¶
type CriterionDataType = generator.CriterionDataType
The CriterionDataType indicates the expected type of data for the criterion.
const ( // CriterionDataTypeCertificateMatcher indicates the expected data type is // a certificate matcher. CriterionDataTypeCertificateMatcher CriterionDataType = "certificate_matcher" // CriterionDataTypeStringListMatcher indicates the expected data type is a string list matcher. CriterionDataTypeStringListMatcher CriterionDataType = "string_list_matcher" // CriterionDataTypeStringMatcher indicates the expected data type is a string matcher. CriterionDataTypeStringMatcher CriterionDataType = "string_matcher" )
type Reason ¶ added in v0.15.6
type Reason string
A Reason is a reason for why a policy criterion passes or fails.
type Reasons ¶ added in v0.15.6
type Reasons map[Reason]struct{}
Reasons is a collection of reasons.
func NewReasons ¶ added in v0.15.6
NewReasons creates a new Reasons collection.
Source Files