acl

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 9, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Users     identityType = "users"
	Codebases identityType = "codebases"
	Groups    identityType = "groups"
	ACLs      identityType = "acls"
	Files     identityType = "files"
)

Variables

View Source 
var (
	ErrTestFails               = fmt.Errorf("test fails")
	ErrSubgroupsForbidden      = fmt.Errorf("groups can't have other groups as memebers")
	ErrUnsupportedIdentityType = fmt.Errorf("unsupported identity type")
	ErrTestMustHaveCondition   = fmt.Errorf("test must have either 'allow' or 'deny' condition")
	ErrUnsupportedActionType   = fmt.Errorf("unsupported action type")
	ErrACLTestMissing          = func(id string) error {
		return fmt.Errorf("at least one 'allow write' test must exist for 'acls::%s' resource", id)
	}
)

Functions

This section is empty.

Types

type ACL 

type ACL struct {
	ID         ID        `json:"id" db:"id"`
	CodebaseID string    `json:"codebase_id" db:"codebase_id"`
	CreatedAt  time.Time `json:"created_at" db:"created_at"`
	RawPolicy  string    `json:"policy" db:"policy"`

	// Policy contains a policy parsed from RawPolicy
	// Note that changes from this field won't be persisted in the database
	Policy Policy `json:"-" db:"-"`
}

type Action 

type Action string
const (
	ActionWrite Action = "write"
)

func (Action) IsValid 

func (a Action) IsValid() bool

type Group 

type Group struct {
	ID      string        `json:"id,omitempty"`
	Members []*Identifier `json:"members,omitempty"`
}

type ID 

type ID string

type Identifier 

type Identifier struct {
	Type    identityType `json:"type,omitempty"`
	Pattern string       `json:"pattern,omitempty"`
}

func (*Identifier) MarshalJSON 

func (i *Identifier) MarshalJSON() ([]byte, error)

MarshalJSON implements encoding/json.Marshaller to override resulting format.

func (*Identifier) Matches 

func (i *Identifier) Matches(identity Identity) bool

func (*Identifier) UnmarshalJSON 

func (i *Identifier) UnmarshalJSON(v []byte) error

UnmarshalJSON implements encoding/json.UnmarshalJSON to parse source JSON in a different way.

type Identity 

type Identity struct {
	ID   string       `json:"id,omitempty"`
	Type identityType `json:"type,omitempty"`
}

func (*Identity) MarshalJSON 

func (i *Identity) MarshalJSON() ([]byte, error)

MarshalJSON implements encoding/json.Marshaller to override resulting format.

func (*Identity) ParseString 

func (i *Identity) ParseString(s string)

func (*Identity) UnmarshalJSON 

func (i *Identity) UnmarshalJSON(v []byte) error

UnmarshalJSON implements encoding/json.UnmarshalJSON to parse source JSON in a different way.

type Policy 

type Policy struct {
	Rules  []*Rule  `json:"rules,omitempty"`
	Groups []*Group `json:"groups,omitempty"`
	Tests  []*Test  `json:"tests,omitempty"`
}

func (Policy) Assert 

func (p Policy) Assert(principal Identity, action Action, resource Identity) bool

func (Policy) Errors 

func (p Policy) Errors(aclID string) map[string]error

Errors returns a non-empty list of errors if the policy is not valid.

func (Policy) List 

func (p Policy) List(principal Identity, action Action, typ identityType) []string

List return a list of _typ_ resources that _principal_ can _action_ on.

For example, 

files := List(Identity{Type: Users, ID: "user1"}, ActionWrite, Files)

will return a list of file patterns the user1 can write to.

type Rule 

type Rule struct {
	ID         string        `json:"id,omitempty"`
	Action     Action        `json:"action,omitempty"`
	Principals []*Identifier `json:"principals,omitempty"`
	Resources  []*Identifier `json:"resources,omitempty"`
}

func (*Rule) Assert 

func (a *Rule) Assert(principal Identity, action Action, resource Identity, groups []*Group) bool

type Test 

type Test struct {
	ID        string   `json:"id"`
	Principal Identity `json:"principal"`
	Allow     *Action  `json:"allow,omitempty"`
	Deny      *Action  `json:"deny,omitempty"`
	Resource  Identity `json:"resource"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.