Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SelectorData ¶
func SelectorData( am *structs.ACLAuthMethod, idClaims, userClaims map[string]interface{}) (*structs.ACLAuthClaims, error)
SelectorData returns the data for go-bexpr for selector evaluation.
Types ¶
type Binder ¶
type Binder struct {
// contains filtered or unexported fields
}
Binder is responsible for collecting the ACL roles and policies to be assigned to a token generated as a result of "logging in" via an auth method.
It does so by applying the auth method's configured binding rules.
func NewBinder ¶
func NewBinder(store BinderStateStore) *Binder
NewBinder creates a Binder with the given state store.
type BinderStateStore ¶
type BinderStateStore interface {
GetACLBindingRulesByAuthMethod(ws memdb.WatchSet, authMethod string) (memdb.ResultIterator, error)
GetACLRoleByName(ws memdb.WatchSet, roleName string) (*structs.ACLRole, error)
ACLPolicyByName(ws memdb.WatchSet, name string) (*structs.ACLPolicy, error)
}
BinderStateStore is the subset of state store methods used by the binder.
type Bindings ¶
type Bindings struct {
Management bool
Roles []*structs.ACLTokenRoleLink
Policies []string
}
Bindings contains the ACL roles and policies to be assigned to the created token.
type Identity ¶
type Identity struct {
// Claims is the format of this Identity suitable for selection
// with a binding rule.
Claims interface{}
// ClaimMappings is the format of this Identity suitable for interpolation in a
// bind name within a binding rule.
ClaimMappings map[string]string
}
func NewIdentity ¶
func NewIdentity( authMethodConfig *structs.ACLAuthMethodConfig, authClaims *structs.ACLAuthClaims) *Identity
NewIdentity builds a new Identity that can be used to generate bindings via Bind for ACL token creation.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.