Documentation
¶
Index ¶
Constants ¶
View Source
const ( // Write gives access to write data to a tenant. Write Permission = "write" // Read gives access to read data from a tenant. Read Permission = "read" // User represents a subject that is a user. User SubjectKind = "user" // Group represents a subject that is a group. Group SubjectKind = "group" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer interface {
// Authorize answers the question: can subject S in groups G perform permission P on resource R for Tenant T?
Authorize(subject string, groups []string, permission Permission, resource, tenant string) (int, bool)
}
Authorizer can authorize a subject's permission for a tenant's resource.
func NewAuthorizer ¶
func NewAuthorizer(roles []Role, roleBindings []RoleBinding) Authorizer
NewAuthorizer creates a new Authorizer.
type Role ¶
type Role struct {
Name string `json:"name"`
Resources []string `json:"resources"`
Tenants []string `json:"tenants"`
Permissions []Permission `json:"permissions"`
}
Role describes a set of permissions to interact with a tenant.
type RoleBinding ¶
type RoleBinding struct {
Name string `json:"name"`
Subjects []Subject `json:"subjects"`
Roles []string `json:"roles"`
}
RoleBinding binds a set of roles to a set of subjects.
type Subject ¶
type Subject struct {
Name string `json:"name"`
Kind SubjectKind `json:"kind"`
}
Subject represents a subject that has been bound to a role.
Source Files
Click to show internal directories.
Click to hide internal directories.