Documentation
¶
Index ¶
- func DefaultCmdExecutor(name string, arg ...string) ([]byte, error)
- func PopulatePluginEnvVars(pkt *pktoken.PKToken, userInfoJson string, principal string, sshCert string, ...) (map[string]string, error)
- type Audience
- type CmdExecutor
- type PluginConfig
- type PluginResult
- type PluginResults
- type PolicyPluginEnforcer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type PluginConfig ¶
PluginConfig represents the structure of a policy command configuration.
type PluginResult ¶
type PluginResults ¶
type PluginResults []*PluginResult
func (PluginResults) Allowed ¶
func (r PluginResults) Allowed() bool
func (PluginResults) Errors ¶
func (r PluginResults) Errors() (errs []error)
type PolicyPluginEnforcer ¶
func NewPolicyPluginEnforcer ¶
func NewPolicyPluginEnforcer() *PolicyPluginEnforcer
func (*PolicyPluginEnforcer) CheckPolicies ¶
func (p *PolicyPluginEnforcer) CheckPolicies(dir string, pkt *pktoken.PKToken, userInfoJson string, principal string, sshCert string, keyType string, extraArgs []string) (PluginResults, error)
CheckPolicies loads the policies plugin configs in the directory dir and then runs the policy command specified in which policy plugin config to determine if the user is allowed to assume access as the given principal. It returns PluginResults for each plugin configs found in the policy plugin directory.
Run PluginResults.Allowed() to determine if the user is allowed to assume access.
CheckPolicies does not short circuit if a policy returns allow. This is to enable admins to do a test rollout of a new policy plugin without needing to disable the old policy plugin until they are sure the new policy plugin is working correctly.
Source Files