acl

package
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 30, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ACLMaxDepth   = 1<<8 - 1  // keep this in sync with the type ACLDepth
	ACLMaxVersion = 1<<16 - 1 // keep this in sync with the type ACLVersion
)
View Source 
const ACLPathSep = "/"

The ACL system follows the Unix file system hierarchy.

Variables

View Source 
var (
	ErrNoAdminAccess      = errors.New("no admin access")
	ErrNoWriteAccess      = errors.New("no write access")
	ErrNoReadAccess       = errors.New("no read access")
	ErrDirsNotAllowed     = errors.New("directories not allowed")
	ErrSymlinksNotAllowed = errors.New("symlinks not allowed")
	ErrFileSizeExceeded   = errors.New("file size exceeds limits")
	ErrInvalidAccessLevel = errors.New("invalid access level")
)
View Source 
var (
	ErrInvalidRuleset   = errors.New("invalid ruleset")
	ErrMaxDepthExceeded = errors.New("maximum depth exceeded")
	ErrNoRuleSet        = errors.New("no ruleset found")
	ErrNoRule           = errors.New("no rules available")
)

Functions

func ACLJoinPath 

func ACLJoinPath(parts ...string) string

ACLJoinPath joins multiple path segments into a single normalized path string. It uses the ACL path separator and ensures forward slashes are used consistently across different operating systems. Each part can be a sub-path, so the result is normalized using filepath.ToSlash to handle any internal path separators.

func ACLNormPath 

func ACLNormPath(path string) string

ACLNormPath normalizes a file system path for use in ACL operations by: 1. Converting all path separators to forward slashes 2. Cleaning the path (resolving . and ..) 3. Removing leading path separators This ensures consistent path handling across different operating systems and compatibility with glob pattern matching.

func ACLPathSegments 

func ACLPathSegments(path string) []string

ACLPathSegments splits a file system path into its component segments. It first normalizes the path using ACLNormPath to ensure consistent handling across operating systems, then splits it into segments using the ACL path separator.

Types

type ACLCache 

type ACLCache struct {
	// contains filtered or unexported fields
}

ACLCache stores the effective ACL rule for a given path.

func NewACLCache 

func NewACLCache() *ACLCache

NewACLCache creates a new ACLCache.

func (*ACLCache) Count added in v0.7.0 

func (c *ACLCache) Count() int

func (*ACLCache) Delete 

func (c *ACLCache) Delete(path string)

Delete deletes the effective ACL rule for the given path.

func (*ACLCache) DeletePrefix 

func (c *ACLCache) DeletePrefix(path string) int

DeletePrefix deletes the effective ACL rule for all paths that match the given prefix.

func (*ACLCache) Get 

func (c *ACLCache) Get(path string) *ACLRule

Get returns the effective ACL rule for the given path.

func (*ACLCache) Set 

func (c *ACLCache) Set(path string, rule *ACLRule)

Set sets the effective ACL rule for the given path.

type ACLDepth 

type ACLDepth = uint8

ACLDepth is the depth of the node in the tree.

type ACLNode 

type ACLNode struct {
	// contains filtered or unexported fields
}

ACLNode represents a node in the ACL tree. Each node corresponds to a part of the path and contains rules for that part.

func NewACLNode 

func NewACLNode(path string, owner string, terminal bool, depth ACLDepth) *ACLNode

NewACLNode creates a new ACLNode.

func (*ACLNode) ClearRules 

func (n *ACLNode) ClearRules()

ClearRules clears the rules for the node.

func (*ACLNode) DeleteChild 

func (n *ACLNode) DeleteChild(key string)

DeleteChild deletes the child for the node.

func (*ACLNode) Equal 

func (n *ACLNode) Equal(other *ACLNode) bool

Equal checks if the node is equal to another node.

func (*ACLNode) FindBestRule 

func (n *ACLNode) FindBestRule(path string) (*ACLRule, error)

FindBestRule finds the best matching rule for the given path.

func (*ACLNode) GetChild 

func (n *ACLNode) GetChild(key string) (*ACLNode, bool)

GetChild returns the child for the node.

func (*ACLNode) GetChildCount 

func (n *ACLNode) GetChildCount() int

GetChildCount returns the number of children for the node.

func (*ACLNode) GetDepth 

func (n *ACLNode) GetDepth() ACLDepth

GetDepth returns the depth of the node.

func (*ACLNode) GetOwner 

func (n *ACLNode) GetOwner() string

GetOwner returns the owner of the node.

func (*ACLNode) GetRules 

func (n *ACLNode) GetRules() []*ACLRule

GetRules returns the rules for the node.

func (*ACLNode) GetTerminal 

func (n *ACLNode) GetTerminal() bool

GetTerminal returns true if the node is a terminal node.

func (*ACLNode) GetVersion 

func (n *ACLNode) GetVersion() ACLVersion

GetVersion returns the version of the node.

func (*ACLNode) SetChild 

func (n *ACLNode) SetChild(key string, child *ACLNode)

SetChild sets the child for the node.

func (*ACLNode) SetRules 

func (n *ACLNode) SetRules(rules []*aclspec.Rule, terminal bool)

SetRules the rules, terminal flag and depth for the node. Increments the version counter for repeated operation.

type ACLRule 

type ACLRule struct {
	// contains filtered or unexported fields
}

ACLRule represents an access control rule for a file or directory in an ACL Node. It contains the full pattern of the rule, the rule itself, and the node it applies to

func (*ACLRule) CheckAccess 

func (r *ACLRule) CheckAccess(user *User, level AccessLevel) error

CheckAccess checks if the user has permission to perform the specified action on the node.

func (*ACLRule) CheckLimits 

func (r *ACLRule) CheckLimits(info *File) error

CheckLimits checks if the file is within the limits specified by the rule.

func (*ACLRule) Owner 

func (r *ACLRule) Owner() string

Owner returns the owner of the rule (inherited from the node)

func (*ACLRule) Version 

func (r *ACLRule) Version() ACLVersion

Version returns the version of the rule (inherited from the node)s

type ACLService 

type ACLService struct {
	// contains filtered or unexported fields
}

ACLService helps to manage and enforce access control rules for file system operations.

func NewACLService 

func NewACLService(blob blob.Service) *ACLService

NewACLService creates a new ACL service instance

func (*ACLService) AddRuleSet 

func (s *ACLService) AddRuleSet(ruleSet *aclspec.RuleSet) (ACLVersion, error)

AddRuleSet adds or updates a new set of rules to the service.

func (*ACLService) CanAccess 

func (s *ACLService) CanAccess(user *User, file *File, level AccessLevel) error

CanAccess checks if a user has the specified access permission for a file.

func (*ACLService) GetRule 

func (s *ACLService) GetRule(path string) (*ACLRule, error)

GetRule finds the most specific rule applicable to the given path.

func (*ACLService) RemoveRuleSet 

func (s *ACLService) RemoveRuleSet(path string) bool

RemoveRuleSet removes a ruleset at the specified path. Returns true if a ruleset was removed, false otherwise. path must be a dir or dir/syft.pub.yaml

func (*ACLService) Shutdown added in v0.6.1 

func (s *ACLService) Shutdown(ctx context.Context) error

func (*ACLService) Start added in v0.6.1 

func (s *ACLService) Start(ctx context.Context) error

func (*ACLService) String 

func (s *ACLService) String() string

String returns a string representation of the ACL service's rule tree.

type ACLTree 

type ACLTree struct {
	// contains filtered or unexported fields
}

ACLTree stores the ACL rules in a n-ary tree for efficient lookups.

func NewACLTree 

func NewACLTree() *ACLTree

NewACLTree creates a new ACLTree.

func (*ACLTree) AddRuleSet 

func (t *ACLTree) AddRuleSet(ruleset *aclspec.RuleSet) (*ACLNode, error)

Add or update a ruleset in the tree.

func (*ACLTree) GetEffectiveRule 

func (t *ACLTree) GetEffectiveRule(path string) (*ACLRule, error)

GetEffectiveRule returns the most specific rule applicable to the given path.

func (*ACLTree) GetNode 

func (t *ACLTree) GetNode(path string) *ACLNode

GetNode finds the exact node applicable for the given path.

func (*ACLTree) LookupNearestNode 

func (t *ACLTree) LookupNearestNode(normalizedPath string) *ACLNode

LookupNearestNode returns the nearest node in the tree that has associated rules for the given path. It returns nil if no such node is found.

func (*ACLTree) RemoveRuleSet 

func (t *ACLTree) RemoveRuleSet(path string) bool

Removes a ruleset at the specified path

func (*ACLTree) String 

func (t *ACLTree) String() string

String implements the Stringer interface for PTree

type ACLVersion 

type ACLVersion = uint16

ACLVersion is the version of the node. overflow will reset it to 0.

type AccessLevel 

type AccessLevel uint8

AccessLevel represents a permission bit flag for different file operations. 

const (
	AccessRead AccessLevel = 1 << iota
	AccessCreate
	AccessWrite
	AccessAdmin
)

Action constants define different types of file permissions

func (AccessLevel) String 

func (a AccessLevel) String() string

type File 

type File struct {
	Path      string
	IsDir     bool
	IsSymlink bool
	Size      int64
}

type Service added in v0.6.1 

type Service interface {
	AddRuleSet(ruleSet *aclspec.RuleSet) (ACLVersion, error)
	RemoveRuleSet(path string) bool
	GetRule(path string) (*ACLRule, error)
	CanAccess(user *User, file *File, level AccessLevel) error
}

type User 

type User struct {
	ID string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.