aclengine

package

v0.7.3 Latest Latest Go to latest Published: Dec 24, 2025 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

px2.zip/g/corenet

Links

Open Source Insights

Documentation ¶

Index ¶

func HashCanonicalString(s string) []byte
type ByCanonicalSort
type Effect
type Engine
- func NewEngine() *Engine
type Permission
type Result
type Rule
- func (r *Rule) Match(perm Permission, resourcePath string) bool
- func (r *Rule) String() string
type SortableRule

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HashCanonicalString ¶ added in v0.6.7

func HashCanonicalString(s string) []byte

Types ¶

type ByCanonicalSort ¶

type ByCanonicalSort []SortableRule

ByCanonicalSort implements sort.Interface for []SortableRule based on the canonical order.

func (ByCanonicalSort) Len ¶

func (a ByCanonicalSort) Len() int

func (ByCanonicalSort) Less ¶

func (a ByCanonicalSort) Less(i, j int) bool

func (ByCanonicalSort) Swap ¶

func (a ByCanonicalSort) Swap(i, j int)

type Effect ¶

type Effect string

Effect indicates whether a rule grants or denies permission.

const (
	Grant Effect = "grant"
	Deny  Effect = "deny"

	EnvACLPubkey = "YUKINET_ACL_PUBKEY"
)

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

func NewEngine ¶

func NewEngine() *Engine

NewEngine creates a new, empty ACL engine.

func (*Engine) Check ¶

func (e *Engine) Check(principalRef string, permission Permission, accessPath string) bool

Check determines if the principal has the requested permission for the path. principalRef can be an alias or a key ID.

func (*Engine) ExportCanonicalString ¶

func (e *Engine) ExportCanonicalString(stripSignature bool) string

ExportCanonicalString generates a formatted string representation of the loaded ACL policies in a deterministic, canonical order. Suitable for display or signing.

func (*Engine) Hash ¶ added in v0.5.0

func (e *Engine) Hash() []byte

func (*Engine) ListPrincipals ¶

func (e *Engine) ListPrincipals() []string

func (*Engine) MightAllow ¶

func (e *Engine) MightAllow(key string) bool

`key` should start with `@key:`. Returns true if there is at least rule associated with that key. Note that this will not check the policy directly, it is just a precondition check.

func (*Engine) RegisterUpdateCallback ¶

func (e *Engine) RegisterUpdateCallback(fn func()) int64

Must be lightweight because it is single threaded.

func (*Engine) UnregisterUpdateCallback ¶

func (e *Engine) UnregisterUpdateCallback(token int64)

func (*Engine) Update ¶

func (e *Engine) Update(reader io.Reader) error

Update parses rules from the reader and atomically updates the engine. Performs validation (syntax, cycles, alias resolution).

type Permission ¶

type Permission string

Permission represents the capability being checked (e.g., "file:read", "task:*").

type Result ¶ added in v0.6.9

type Result struct {
	Rule   *Rule
	Reason string
}

type Rule ¶

type Rule struct {
	PrincipalRef      string     // Original reference (alias, key ID, or @group:name) used in the rule definition
	PermissionPattern Permission // Permission pattern (e.g., "file:read", "task:*", "*")
	PathPattern       string     // Resource path pattern (e.g., "/data/*", "/home/...")
	Effect            Effect     // Grant or Deny
	SourceLine        int        // Line number in the source file for debugging
}

Rule defines a single policy statement.

func (*Rule) Match ¶ added in v0.6.9

func (r *Rule) Match(perm Permission, resourcePath string) bool

func (*Rule) String ¶

func (r *Rule) String() string

type SortableRule ¶

type SortableRule struct {
	Rule
	ResolvedPrincipalID string // Canonical ID for sorting
}

SortableRule adds sorting info to a Rule.

Source Files ¶

canonical.go
engine.go
parse.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL