Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Authorize = binding.Bind[*AuthorizeArguments, *AuthorizeOK](command.MustParse("/s3/request/authorize"))
Authorize is the `/s3/request/authorize` command. Ingot invokes it on Hilt (issuer = Ingot, audience = subject = Hilt) to authorize an AWS S3 API request: Hilt verifies the SigV4 signature, looks up the access key's delegations, derives a signing key and re-delegates capabilities to the invocation issuer.
Functions ¶
This section is empty.
Types ¶
type AuthorizeArguments ¶
type AuthorizeArguments struct {
// Request is the AWS S3 API request to authorize.
Request s3.Request `cborgen:"request" dagjsongen:"request"`
}
AuthorizeArguments are the arguments to the `/s3/request/authorize` command.
func (*AuthorizeArguments) MarshalCBOR ¶
func (t *AuthorizeArguments) MarshalCBOR(w io.Writer) error
func (*AuthorizeArguments) MarshalDagJSON ¶
func (t *AuthorizeArguments) MarshalDagJSON(w io.Writer) error
func (*AuthorizeArguments) UnmarshalCBOR ¶
func (t *AuthorizeArguments) UnmarshalCBOR(r io.Reader) (err error)
func (*AuthorizeArguments) UnmarshalDagJSON ¶
func (t *AuthorizeArguments) UnmarshalDagJSON(r io.Reader) (err error)
type AuthorizeOK ¶
type AuthorizeOK struct {
// Bucket is the DID of the bucket addressed by the request.
Bucket did.DID `cborgen:"bucket" dagjsongen:"bucket"`
// Permissions maps the access key DID to its assigned S3 permissions.
Permissions s3.PermissionSet `cborgen:"permissions" dagjsongen:"permissions"`
// Keys maps the access key DID to its derived signing key(s).
Keys s3.KeySet `cborgen:"keys" dagjsongen:"keys"`
// Delegations maps the CID of a delegation whose audience is the invocation
// issuer to its proof chain.
Delegations s3.ProofSet `cborgen:"delegations" dagjsongen:"delegations"`
}
AuthorizeOK is the successful result of `/s3/request/authorize`. It carries the resolved bucket DID, the S3 permission set for the access key, the derived signing key(s) and the (24-hour TTL) delegations re-delegated to the invocation issuer.
Its Permissions, Keys and Delegations fields are slice-valued maps that cbor-gen / dag-json-gen cannot generate inline, but they are wrapped in struct types (s3.PermissionSet etc.) with their own codecs, so this struct is generated normally (the generators delegate to a struct field's codec).
func (*AuthorizeOK) MarshalCBOR ¶
func (t *AuthorizeOK) MarshalCBOR(w io.Writer) error
func (*AuthorizeOK) MarshalDagJSON ¶
func (t *AuthorizeOK) MarshalDagJSON(w io.Writer) error
func (*AuthorizeOK) UnmarshalCBOR ¶
func (t *AuthorizeOK) UnmarshalCBOR(r io.Reader) (err error)
func (*AuthorizeOK) UnmarshalDagJSON ¶
func (t *AuthorizeOK) UnmarshalDagJSON(r io.Reader) (err error)