Documentation
¶
Index ¶
- Variables
- func CreateCommand(name string) error
- func InspectCommand(name string) error
- func PolicyFind(name string) (string, error)
- func PolicyHomeDir(name string) (string, error)
- func PolicyList() ([]string, error)
- func PolicyRealpath(dir string) (string, error)
- func PolicyServer(w http.ResponseWriter, req *http.Request)
- func Print(name string) error
- func PrintList() error
- func RunServer() error
- type AuthorizationList
- type AuthorizationMap
- type MatchBearer
- type MatchContext
- type Matcher
- type Policies
- type Policy
- func (p *Policy) FindAllMatchers(meta map[string]string) []*Matcher
- func (p *Policy) FindMatcher(meta map[string]string) *Matcher
- func (p *Policy) Inspect() (json.RawMessage, error)
- func (p *Policy) Matching(mc *MatchContext, authorization string, res_meta map[string]string) (res bool, err error, matcher *Matcher)
- func (p *Policy) Save() error
- func (p *Policy) WriteToDir(dir string) error
- type PolicyMatcher
- type PolicyNotFoundError
- type PolicyRef
- type PolicyRefImplem
Constants ¶
This section is empty.
Variables ¶
View Source
var ConfigName = "policy.json"
View Source
var PolicyDirs = dirs.MultiJoin("policies", append([]string{dirs.SelfRuntimeDir}, append(dirs.SelfConfigDirs, dirs.SelfDataDirs...)...)...)
View Source
var PolyciesConfigDirs = dirs.MultiJoin("policies", dirs.SelfConfigDirs...)
View Source
var PolyciesConfigHome = dirs.Join(dirs.SelfConfigHome, "policies")
Functions ¶
func CreateCommand ¶ added in v0.0.43
func InspectCommand ¶ added in v0.0.43
func PolicyFind ¶ added in v0.0.43
func PolicyHomeDir ¶ added in v0.0.43
func PolicyList ¶ added in v0.0.43
func PolicyRealpath ¶ added in v0.0.43
func PolicyServer ¶
func PolicyServer(w http.ResponseWriter, req *http.Request)
Types ¶
type AuthorizationList ¶ added in v0.0.43
func (AuthorizationList) Get ¶ added in v0.0.43
func (authz AuthorizationList) Get(name string) bool
type AuthorizationMap ¶ added in v0.0.43
if authorizations is nil, authorizations is reset else, authorization is transformed using the map if the authorization is not found in the map, try with the empty string key if the authorization is not found, forward the authorization as it is
func (AuthorizationMap) MapAuthorization ¶ added in v0.0.43
func (a AuthorizationMap) MapAuthorization(authorization string) string
type MatchBearer ¶
type MatchBearer struct {
Token string `json:"token,omitempty"` // Raw bearer token
JWTAlg string `json:"jwt_alg,omitempty"` // JWT algorithm
JWTSecretBase64 string `json:"jwt_secret_base64,omitempty"` // JWT secret key or shared secret
JWTKeyBase64 string `json:"jwt_key_base64,omitempty"` // JWT public key
Authorizations AuthorizationList `json:"authorizations,omitempty"`
}
func (*MatchBearer) JWTKey ¶ added in v0.0.43
func (m *MatchBearer) JWTKey() ([]byte, error)
func (*MatchBearer) JWTSecret ¶
func (m *MatchBearer) JWTSecret() ([]byte, error)
func (*MatchBearer) Matching ¶
func (m *MatchBearer) Matching(mc *MatchContext, authorization string, default_authz AuthorizationList) (bool, error)
type MatchContext ¶
type Matcher ¶
type Matcher struct {
// A matcher matches if all of its defined matchers succeeds. if nothing
// defined, it does not match
Meta map[string]string `json:"meta,omitempty"` // Metadata
Authorizations AuthorizationMap `json:"authorizations,omitempty"` // Transform authorizations
DefAuthz AuthorizationList `json:"default_authorizations,omitempty"` // Default authorizations
Always bool `json:"always,omitempty"` // Always match (conditioned to other defined matchers)
Never bool `json:"never,omitempty"` // Never match, can be used to disable a matcher
Skip bool `json:"skip,omitempty"` // Skip matches other than always and never
All []*Matcher `json:"all,omitempty"` // All must match
Any []*Matcher `json:"any,omitempty"` // Any must match
None []*Matcher `json:"none,omitempty"` // None must match
Bearer []*MatchBearer `json:"bearer,omitempty"` // A bearer token in the list should match
Origin []string `json:"origin,omitempty"` // One of these origins must match the Origin header
Policy *PolicyRef `json:"policy,omitempty"` // Match policy by name, fail if it does not exist
}
func (*Matcher) FindAllByMeta ¶ added in v0.0.43
func (*Matcher) FindByMeta ¶ added in v0.0.43
type Policies ¶
func LoadPolicies ¶
type Policy ¶
type Policy struct {
Name string `json:"name"` // Must correspond to file name
PolicyDir string `json:"-"`
Match []*Matcher `json:"match,omitempty"` // Policy match if any matcher succeeds
DefaultAuthorization string `json:"default_authorization,omitempty"`
}
func ReadFromName ¶ added in v0.0.43
func (*Policy) FindAllMatchers ¶ added in v0.0.43
func (*Policy) FindMatcher ¶ added in v0.0.43
func (*Policy) WriteToDir ¶ added in v0.0.43
type PolicyMatcher ¶
type PolicyMatcher interface {
Matching(mc *MatchContext) (bool, error)
}
type PolicyNotFoundError ¶ added in v0.0.43
type PolicyNotFoundError struct {
Name string
}
func (*PolicyNotFoundError) Error ¶ added in v0.0.43
func (err *PolicyNotFoundError) Error() string
type PolicyRef ¶ added in v0.0.43
type PolicyRef PolicyRefImplem
func (*PolicyRef) UnmarshalJSON ¶ added in v0.0.43
type PolicyRefImplem ¶ added in v0.0.43
type PolicyRefImplem struct {
Name string `json:"name"`
Authorizations AuthorizationMap `json:"authorizations,omitempty"` // Authorization transformation
}
Source Files
Click to show internal directories.
Click to hide internal directories.