policy

package

v0.10.0-alpha.2 Latest Latest Go to latest Published: Oct 5, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zvelo/hydra

Documentation ¶

Overview ¶

Package policy offers management capabilities for access control policies.

Access Control Policies (ACP) are a concept similar to Role Based Access Control and Access Control Lists. ACPs however are more flexible and capable of handling complex and abstract access control scenarios. A ACP answers "**Who** is **able** to do **what** on **something** given a **context**."

ACPs have five attributes:

- Subject *(who)*: An arbitrary unique subject name, for example "ken" or "printer-service.mydomain.com". - Effect *(able)*: The effect which can be either "allow" or "deny". - Action *(what)*: An arbitrary action name, for example "delete", "create" or "scoped:action:something". - Resource *(something)*: An arbitrary unique resource name, for example "something", "resources.articles.1234" or some uniform resource name like "urn:isbn:3827370191". - Condition *(context)*: An optional condition that evaluates the context (e.g. IP Address, request datetime, resource owner name, department, ...). Different strategies are available to evaluate conditions:

You can find more information on ACPs here:

- https://github.com/ory/ladon#usage for more information on policy usage.

- https://github.com/ory/ladon#concepts

Index ¶

type Handler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Handler ¶

type Handler struct {
	Manager ladon.Manager
	H       herodot.Writer
	W       firewall.Firewall
}

func (*Handler) Create ¶

func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route POST /policies policy createPolicy

Create an Access Control Policy ¶

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["create"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     201: policy
     401: genericError
     403: genericError
     500: genericError

func (*Handler) Delete ¶

func (h *Handler) Delete(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route DELETE /policies/{id} policy deletePolicy

Delete an Access Control Policy ¶

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies:<id>"],
  "actions": ["delete"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     204: emptyResponse
     401: genericError
     403: genericError
     500: genericError

func (*Handler) Get ¶

func (h *Handler) Get(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route GET /policies/{id} policy getPolicy

Get an Access Control Policy ¶

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies:<id>"],
  "actions": ["get"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policy
     401: genericError
     403: genericError
     500: genericError

func (*Handler) List ¶ added in v0.8.0

func (h *Handler) List(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

swagger:route GET /policies policy listPolicies

List Access Control Policies ¶

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["list"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policyList
     401: genericError
     403: genericError
     500: genericError

func (*Handler) SetRoutes ¶

func (h *Handler) SetRoutes(r *httprouter.Router)

func (*Handler) Update ¶ added in v0.7.0

func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.Params)

swagger:route PUT /policies/{id} policy updatePolicy

Update an Access Control Polic ¶

The subject making the request needs to be assigned to a policy containing:

```
{
  "resources": ["rn:hydra:policies"],
  "actions": ["update"],
  "effect": "allow"
}
```

   Consumes:
   - application/json

   Produces:
   - application/json

   Schemes: http, https

   Security:
     oauth2: hydra.policies

   Responses:
     200: policy
     401: genericError
     403: genericError
     500: genericError

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL