trustgraph

package

v1.2.0 Latest Latest Go to latest Published: May 25, 2016 License: Apache-2.0, Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github-proxy.voidd.workers.dev/openshift/origin

Links

Open Source Insights

Documentation ¶

Index ¶

type Grant
- func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)
type Statement
- func (s *Statement) Bytes() ([]byte, error)
- func (s *Statement) IsExpired() bool
type TrustGraph
- func NewMemoryGraph(grants []*Grant) TrustGraph

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Grant ¶

type Grant struct {
	// Subject is the namespace being granted
	Subject string

	// Permissions is a bit map of permissions
	Permission uint16

	// Grantee represents the node being granted
	// a permission scope.  The grantee can be
	// either a namespace item or a key id where namespace
	// items will always start with a '/'.
	Grantee string
	// contains filtered or unexported fields
}

Grant represents a transfer of permission from one part of the trust graph to another. This is the only way to delegate permission between two different sub trees in the graph.

func CollapseStatements ¶

func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)

CollapseStatements returns a single list of the valid statements as well as the time when the next grant will expire.

type Statement ¶

type Statement struct {
	// contains filtered or unexported fields
}

Statement represents a set of grants made from a verifiable authority. A statement has an expiration associated with it set by the authority.

func CreateStatement ¶

func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)

CreateStatements creates and signs a statement from a stream of grants and revocations in a JSON array.

func FilterStatements ¶

func FilterStatements(grants []*Grant) ([]*Statement, error)

FilterStatements filters the statements to statements including the given grants.

func LoadStatement ¶

func LoadStatement(r io.Reader, authority *x509.CertPool) (*Statement, error)

LoadStatement loads and verifies a statement from an input stream.

func (*Statement) Bytes ¶

func (s *Statement) Bytes() ([]byte, error)

Bytes returns an indented json representation of the statement in a byte array. This value can be written to a file or stream without alteration.

func (*Statement) IsExpired ¶

func (s *Statement) IsExpired() bool

IsExpired returns whether the statement has expired

type TrustGraph ¶

type TrustGraph interface {
	// Verifies that the given public key is allowed to perform
	// the given action on the given node according to the trust
	// graph.
	Verify(libtrust.PublicKey, string, uint16) (bool, error)

	// GetGrants returns an array of all grant chains which are used to
	// allow the requested permission.
	GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error)
}

TrustGraph represents a graph of authorization mapping public keys to nodes and grants between nodes.

func NewMemoryGraph ¶

func NewMemoryGraph(grants []*Grant) TrustGraph

NewMemoryGraph returns a new in memory trust graph created from a static list of grants. This graph is immutable after creation and any alterations should create a new instance.

Source Files ¶

graph.go
memory_graph.go
statement.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL