iam

package

v0.0.0-...-d2c4f05 Latest Latest Go to latest Published: Aug 29, 2018 License: MIT Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zpatrick/rbac

Links

Open Source Insights

README ¶

IAM Example

This examples shows how to use rbac to implement a permissions model similar to AWS IAM policies. The permission model makes use of the following patterns:

Each action is a string with the following format: "action_type:object_type", e.g. "list:users" or "delete:comment".
Each target is a unique identifier for the specified object_type in the action string (where applicable). IAM uses their concept of ARNs, which works well in this model as ARNs typically contain metadata about the object they represent. A typical ARN has the following pattern:

arn:aws:<service_name>:<region>:<account_id>:<object_type>:<object_id>

Roles

This section contains some example rbac.Role objects that can be created by using these patterns.

Administrator

This rbac.Role can do any action on any target.

func NewAdminRole() rbac.Role {
        return rbac.Role{
                RoleID: "Admin",
                Permissions: []rbac.Permission{
                        rbac.NewGlobPermission("*", "*"),
                },
        }
}

ReadOnly

This rbac.Role can do any read action on any target.

func NewReadOnlyRole() rbac.Role {
        return rbac.Role{
                RoleID: "Admin",
                Permissions: []rbac.Permission{
                        rbac.NewGlobPermission("read:*", "*"),
                },
        }
}

EC2Admin

This rbac.Role can do any action as long as the target belongs to the ec2 service.

func NewEC2AdminRole() rbac.Role {
        return rbac.Role{
                RoleID: "EC2Admin",
                Permissions: []rbac.Permission{
                        rbac.NewGlobPermission("*", "arn:aws:ec2:*"),
                },
        }
}

S3BucketReadOnly

This rbac.Role can do any read action as long as the target belongs to the specified S3 bucket.

func NewS3BucketReadOnlyRole(bucket string) rbac.Role {
        return rbac.Role{
                RoleID: "S3BucketReadOnly",
                Permissions: []rbac.Permission{
                        rbac.NewGlobPermission("read:*", fmt.Sprintf("arn:aws:s3:::%s*", bucket)),
                },
        }
}

Documentation ¶

Index ¶

func NewAdminRole() rbac.Role
func NewEC2AdminRole() rbac.Role
func NewReadOnlyRole() rbac.Role
func NewS3BucketReadOnlyRole(bucket string) rbac.Role

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewAdminRole ¶

func NewAdminRole() rbac.Role

NewAdminRole returns a rbac.Role that can do any action on any target.

func NewEC2AdminRole ¶

func NewEC2AdminRole() rbac.Role

NewEC2AdminRole returns a rbac.Role that can do any action as long as the target belongs to the "ec2" service.

func NewReadOnlyRole ¶

func NewReadOnlyRole() rbac.Role

NewReadOnlyRole returns a rbac.Role that can do any "read" action on any target.

func NewS3BucketReadOnlyRole ¶

func NewS3BucketReadOnlyRole(bucket string) rbac.Role

NewS3BucketReadOnlyRole returns a rbac.Role that can do any "read" action as long as the target belongs to the specified S3 bucket.

Types ¶

This section is empty.

Source Files ¶

View all Source files

iam.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL