Documentation ¶
Index ¶
- Constants
- type Action
- type ActionPolicy
- type AuthBatch
- type AuthBatchOptions
- type AuthError
- type AuthOptions
- type BaseResp
- type Config
- type Decision
- type GetPolicyOption
- type GetPolicyResp
- type IamConfig
- type ListPolicyOptions
- type ListPolicyResp
- type ListWithAttributes
- type Options
- type Resource
- type ResourceAttributes
- type ResourceType
- type Subject
Constants ¶
const ( RequestIDKey = "rid" RequestIDHeaderKey = "X-Request-Id" )
request id key, travel in context.
const ( // the key to describe the auth path that this resource need to auth. // only if the path is matched one of the use's auth policy, then a use's // have this resource's operate authorize. IamPathKey = "_bk_iam_path_" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Action ¶
type Action struct {
ID string `json:"id"`
}
Action define's the use's action, which is must correspond to the registered action ids in iam.
type ActionPolicy ¶
type AuthBatchOptions ¶
type AuthBatchOptions struct { System string `json:"system"` Subject Subject `json:"subject"` Batch []*AuthBatch `json:"batch"` }
func (AuthBatchOptions) Validate ¶
func (a AuthBatchOptions) Validate() error
type AuthError ¶
type AuthOptions ¶
type AuthOptions struct { System string `json:"system"` Subject Subject `json:"subject"` Action Action `json:"action"` Resources []Resource `json:"resources"` }
AuthOptions describes a item to be authorized
func (AuthOptions) Validate ¶
func (a AuthOptions) Validate() error
type Decision ¶
type Decision struct {
Authorized bool `json:"authorized"`
}
Decision describes the authorize decision, have already been authorized(true) or not(false)
type GetPolicyOption ¶
type GetPolicyOption AuthOptions
type GetPolicyResp ¶
type IamConfig ¶
type ListPolicyOptions ¶
type ListPolicyResp ¶
type ListPolicyResp struct { BaseResp `json:",inline"` Data []*ActionPolicy `json:"data"` }
type ListWithAttributes ¶
type ListWithAttributes struct { Operator operator.OperType `json:"op"` // resource instance id list, this list is not required, it also // one of the query filter with Operator. IDList []string `json:"ids"` Attributes []*operator.FieldValue `json:"attributes"` Type ResourceType `json:"type"` }
type Options ¶
type Options struct {
Metric prometheus.Registerer
}
type Resource ¶
type Resource struct { System string `json:"system"` Type ResourceType `json:"type"` ID string `json:"id"` Attribute ResourceAttributes `json:"attribute"` }
Resource defines all the information used to authorize a resource.
type ResourceAttributes ¶
type ResourceAttributes map[string]interface{}
ResourceAttributes is the attributes of resource. map key: one of the attribute of this resource. map value: the value of this attribute for a resource instance. value can only be one of string, int, boolean. Note: _bk_iam_path_ key is a special key, which represent the resource's depended auth topology path. it's value's protocol should be like this: ["/biz,1/set,2/"].
type ResourceType ¶
type ResourceType string
type Subject ¶
type Subject struct { Type ResourceType `json:"type"` ID string `json:"id"` }