Documentation
¶
Index ¶
- type Permission
- type PermissionManager
- func (pm *PermissionManager) AddProvider(p PermissionProvider)
- func (pm *PermissionManager) Check(ctx context.Context, subject, resource, action string) (bool, error)
- func (pm *PermissionManager) ListAll(ctx context.Context, subject string) ([]Permission, error)
- func (pm *PermissionManager) Provider(name string) (PermissionProvider, bool)
- func (pm *PermissionManager) Providers() []string
- func (pm *PermissionManager) SetPrimary(name string) error
- type PermissionProvider
- type RoleDefinition
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Permission ¶
type Permission struct {
Resource string `json:"resource"`
Action string `json:"action"`
Effect string `json:"effect"` // "allow" or "deny"
}
Permission represents a single access control entry.
type PermissionManager ¶
type PermissionManager struct {
// contains filtered or unexported fields
}
PermissionManager aggregates one or more PermissionProviders and delegates permission checks to the primary provider.
func NewPermissionManager ¶
func NewPermissionManager() *PermissionManager
NewPermissionManager creates an empty PermissionManager.
func (*PermissionManager) AddProvider ¶
func (pm *PermissionManager) AddProvider(p PermissionProvider)
AddProvider registers a provider. The first provider added automatically becomes the primary if none has been set.
func (*PermissionManager) Check ¶
func (pm *PermissionManager) Check(ctx context.Context, subject, resource, action string) (bool, error)
Check delegates a permission check to the primary provider.
func (*PermissionManager) ListAll ¶
func (pm *PermissionManager) ListAll(ctx context.Context, subject string) ([]Permission, error)
ListAll aggregates permissions from every registered provider.
func (*PermissionManager) Provider ¶
func (pm *PermissionManager) Provider(name string) (PermissionProvider, bool)
Provider returns the named provider, if registered.
func (*PermissionManager) Providers ¶
func (pm *PermissionManager) Providers() []string
Providers returns the names of all registered providers.
func (*PermissionManager) SetPrimary ¶
func (pm *PermissionManager) SetPrimary(name string) error
SetPrimary designates the named provider as the one used for Check calls.
type PermissionProvider ¶
type PermissionProvider interface {
// Name returns the unique identifier for this provider.
Name() string
// CheckPermission evaluates whether subject may perform action on resource.
CheckPermission(ctx context.Context, subject, resource, action string) (bool, error)
// ListPermissions returns all permissions granted to the subject.
ListPermissions(ctx context.Context, subject string) ([]Permission, error)
// SyncRoles pushes role definitions into the provider.
SyncRoles(ctx context.Context, roles []RoleDefinition) error
}
PermissionProvider abstracts permission evaluation so different backends (built-in RBAC, permit.io, AWS IAM, etc.) can be plugged in.
type RoleDefinition ¶
type RoleDefinition struct {
Name string `json:"name"`
Description string `json:"description"`
Permissions []Permission `json:"permissions"`
}
RoleDefinition describes a named role and its permissions.
Source Files
Directories