request

package
v0.0.0-...-f0706e1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 1, 2026 License: Apache-2.0, MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Authorize = binding.Bind[*AuthorizeArguments, *AuthorizeOK](command.MustParse("/s3/request/authorize"))

Authorize is the `/s3/request/authorize` command. Ingot invokes it on Hilt (issuer = Ingot, audience = subject = Hilt) to authorize an AWS S3 API request: Hilt verifies the SigV4 signature, looks up the access key's delegations, derives a signing key and re-delegates capabilities to the invocation issuer.

Functions

This section is empty.

Types

type AuthorizeArguments

type AuthorizeArguments struct {
	// Request is the AWS S3 API request to authorize.
	Request s3.Request `cborgen:"request" dagjsongen:"request"`
}

AuthorizeArguments are the arguments to the `/s3/request/authorize` command.

func (*AuthorizeArguments) MarshalCBOR

func (t *AuthorizeArguments) MarshalCBOR(w io.Writer) error

func (*AuthorizeArguments) MarshalDagJSON

func (t *AuthorizeArguments) MarshalDagJSON(w io.Writer) error

func (*AuthorizeArguments) UnmarshalCBOR

func (t *AuthorizeArguments) UnmarshalCBOR(r io.Reader) (err error)

func (*AuthorizeArguments) UnmarshalDagJSON

func (t *AuthorizeArguments) UnmarshalDagJSON(r io.Reader) (err error)

type AuthorizeOK

type AuthorizeOK struct {
	// Bucket is the DID of the bucket addressed by the request.
	Bucket did.DID `cborgen:"bucket" dagjsongen:"bucket"`
	// Permissions maps the access key DID to its assigned S3 permissions.
	Permissions s3.PermissionSet `cborgen:"permissions" dagjsongen:"permissions"`
	// Keys maps the access key DID to its derived signing key(s).
	Keys s3.KeySet `cborgen:"keys" dagjsongen:"keys"`
	// Delegations maps the CID of a delegation whose audience is the invocation
	// issuer to its proof chain.
	Delegations s3.ProofSet `cborgen:"delegations" dagjsongen:"delegations"`
}

AuthorizeOK is the successful result of `/s3/request/authorize`. It carries the resolved bucket DID, the S3 permission set for the access key, the derived signing key(s) and the (24-hour TTL) delegations re-delegated to the invocation issuer.

Its Permissions, Keys and Delegations fields are slice-valued maps that cbor-gen / dag-json-gen cannot generate inline, but they are wrapped in struct types (s3.PermissionSet etc.) with their own codecs, so this struct is generated normally (the generators delegate to a struct field's codec).

func (*AuthorizeOK) MarshalCBOR

func (t *AuthorizeOK) MarshalCBOR(w io.Writer) error

func (*AuthorizeOK) MarshalDagJSON

func (t *AuthorizeOK) MarshalDagJSON(w io.Writer) error

func (*AuthorizeOK) UnmarshalCBOR

func (t *AuthorizeOK) UnmarshalCBOR(r io.Reader) (err error)

func (*AuthorizeOK) UnmarshalDagJSON

func (t *AuthorizeOK) UnmarshalDagJSON(r io.Reader) (err error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL