policy

package
v0.52.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ArePoliciesEqal 

func ArePoliciesEqal(a, b *Policy) (equal bool, diff string)

ArePoliciesEqal determines if the two Policy objects can be considered equal.

func ArePolicyDocumentsEqual added in v0.48.0 

func ArePolicyDocumentsEqual(a, b string) bool

ArePolicyDocumentsEqual determines if the two policy documents can be considered equal.

func ConvertResourcePolicyToPolicyBytes added in v0.44.0 

func ConvertResourcePolicyToPolicyBytes(rp *common.ResourcePolicy) ([]byte, error)

ConvertResourcePolicyToPolicyBytes converts a ResourcePolicy to its JSON representation that can be sent to AWS.

func ConvertResourcePolicyToPolicyString added in v0.44.0 

func ConvertResourcePolicyToPolicyString(rp *common.ResourcePolicy) (*string, error)

ConvertResourcePolicyToPolicyString converts a ResourcePolicy to its JSON string representation that can be sent to AWS.

Types

type ConditionMap 

type ConditionMap map[string]ConditionSettings

ConditionMap is map with the operator as key and the setting as values. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html for details.

type ConditionSettings 

type ConditionSettings map[string]ConditionSettingsValue

ConditionSettings is a map of keys and values. Depending on the type of operation, the values can strings, integers, bools or lists of strings.

type ConditionSettingsValue added in v0.44.1 

type ConditionSettingsValue []any

ConditionSettingsValue represents a value for condition mapping. It can be any kind of value but should be one of strings, integers, bools, lists or slices of them.

It contains a custom unmarshaller that is able to parse single items and converts them into slices.

func (*ConditionSettingsValue) UnmarshalJSON added in v0.44.1 

func (m *ConditionSettingsValue) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals data into m.

type Policy 

type Policy struct {
	// Version is the current IAM policy version
	Version string `json:"Version"`

	// ID is the policy's optional identifier
	ID *string `json:"Id,omitempty"`

	// Statements is the list of statement this policy applies.
	Statements StatementList `json:"Statement,omitempty"`
}

Policy represents an AWS IAM policy.

func ConvertResourcePolicyToPolicy added in v0.44.0 

func ConvertResourcePolicyToPolicy(rp *common.ResourcePolicy) *Policy

ConvertResourcePolicyToPolicy converts a ResourcePolicy to a Policy object to be better comparable.

func ParsePolicyBytes 

func ParsePolicyBytes(raw []byte) (Policy, error)

ParsePolicyBytes from a byte array representing a raw JSOn string.

func ParsePolicyObject 

func ParsePolicyObject(obj any) (Policy, error)

ParsePolicyObject parses a policy from an object (i.e. an API struct) which can be marshalled into JSON.

func ParsePolicyString 

func ParsePolicyString(raw string) (Policy, error)

ParsePolicyString from a raw JSON string.

func ParsePolicyStringPtr added in v0.44.1 

func ParsePolicyStringPtr(raw *string) (*Policy, error)

ParsePolicyStringPtr from a raw JSON string pointer.

type Principal 

type Principal struct {
	// This flag indicates if the policy should be made available
	// to all anonymous users. Also known as "*".
	// +optional
	AllowAnon bool `json:"-"`

	// This list contains the all of the AWS IAM users which are affected
	// by the policy statement.
	// +optional
	AWSPrincipals StringOrSet `json:"AWS,omitempty"`

	// This string contains the identifier for any federated web identity
	// provider.
	// +optional
	Federated *string `json:"Federated,omitempty"`

	// Service define the services which can have access to this bucket
	// +optional
	Service StringOrSet `json:"Service,omitempty"`
}

Principal defines the principal users affected by the PolicyStatement Please see the AWS S3 docs for more information https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html

func (*Principal) UnmarshalJSON 

func (p *Principal) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals data into p.

type Statement 

type Statement struct {
	// Optional identifier for this statement, must be unique within the
	// policy if provided.
	SID *string `json:"Sid,omitempty"`

	// The effect is required and specifies whether the statement results
	// in an allow or an explicit deny.
	// Valid values for Effect are "Allow" and "Deny".
	Effect StatementEffect `json:"Effect"`

	// Used with the policy to specify the principal that is allowed
	// or denied access to a resource.
	Principal *Principal `json:"Principal,omitempty"`

	// Used with the S3 policy to specify the users which are not included
	// in this policy
	NotPrincipal *Principal `json:"NotPrincipal,omitempty"`

	// Action specifies the action or actions that will be allowed or denied
	// with this Statement.
	Action StringOrArray `json:"Action,omitempty"`

	// NotAction specifies each element that will allow the property to match
	// all but the listed actions.
	NotAction StringOrArray `json:"NotAction,omitempty"`

	// Resource specifies paths on which this statement will apply.
	Resource StringOrArray `json:"Resource,omitempty"`

	// NotResource explicitly specifies all resource paths that are defined in
	// this array.
	NotResource StringOrArray `json:"NotResource,omitempty"`

	// Condition specifies where conditions for policy are in effect.
	// https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
	Condition ConditionMap `json:"Condition,omitempty"`
}

Statement defines an individual statement within the policy.

type StatementEffect 

type StatementEffect string

StatementEffect specifies the effect of a policy statement. 

const (
	StatementEffectAllow StatementEffect = "Allow"
	StatementEffectDeny  StatementEffect = "Deny"
)

Statement effect values.

type StatementList 

type StatementList []Statement

StatementList is a list of statements. It implements a custom marshaller to support parsing from a single, non-list statement.

func (*StatementList) UnmarshalJSON 

func (s *StatementList) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals data into s.

type StringOrArray 

type StringOrArray []string

StringOrArray is a string array that supports parsing from a single string as a single entry array.

func (*StringOrArray) UnmarshalJSON 

func (s *StringOrArray) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals data into s.

type StringOrSet added in v0.49.0 

type StringOrSet map[string]struct{} //nolint:recvcheck

StringOrSet is a string array that supports parsing from a single string as a single entry array. Order of elements is not respected when comparing two StringOrSet objects.

func NewStringOrSet added in v0.49.0 

func NewStringOrSet(values ...string) StringOrSet

func (StringOrSet) Add added in v0.49.0 

func (s StringOrSet) Add(value string) StringOrSet

Add adds a value to the set.

func (*StringOrSet) MarshalJSON added in v0.49.0 

func (s *StringOrSet) MarshalJSON() ([]byte, error)

MarshalJSON marshals StringOrSet as an array.

func (*StringOrSet) UnmarshalJSON added in v0.49.0 

func (s *StringOrSet) UnmarshalJSON(data []byte) error

UnmarshalJSON unmarshals data into s.

Source Files

View all Source files

Directories

Path Synopsis
Deprecated use the policy package that contains better parser support.
 Deprecated use the policy package that contains better parser support.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.