warden

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package warden implements endpoints capable of making access control decisions based on Access Control Policies

Package warden defines an API for validating access requests.

Index

Constants

View Source 
const (
	AuthenticatorHandlerPath = "/warden/%s/authorize"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessRequest 

type AccessRequest struct {
	// Resource is the resource that access is requested to.
	Resource string `json:"resource"`

	// Action is the action that is requested on the resource.
	Action string `json:"action"`

	// Subejct is the subject that is requesting access.
	Subject string `json:"subject"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context"`
}

AccessRequest is the warden's request object.

swagger:model WardenSubjectAuthorizationRequest

type AuditLoggerLogrus 

type AuditLoggerLogrus struct {
	Logger logrus.FieldLogger
}

AuditLoggerLogrus outputs information about granting or rejecting policies.

func (*AuditLoggerLogrus) LogGrantedAccessRequest 

func (a *AuditLoggerLogrus) LogGrantedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

func (*AuditLoggerLogrus) LogRejectedAccessRequest 

func (a *AuditLoggerLogrus) LogRejectedAccessRequest(r *ladon.Request, p ladon.Policies, d ladon.Policies)

type Firewall 

type Firewall interface {
	// IsAllowed uses policies to return nil if the access request can be fulfilled or an error if not.
	//
	//  ctx, err := firewall.IsAllowed(context.Background(), &AccessRequest{
	//    Subject:  "alice",
	//    Resource: "matrix",
	//    Action:   "create",
	//    Context:  ladon.Context{},
	//  }, "photos", "files")
	//
	//  fmt.Sprintf("%s", ctx.Subject)
	IsAllowed(ctx context.Context, accessRequest *AccessRequest) error
}

Firewall offers various validation strategies for access tokens.

type Handler 

type Handler struct {
	H      herodot.Writer
	Warden Firewall

	ResourcePrefix string
	// contains filtered or unexported fields
}

Handler is capable of handling HTTP request and validating access tokens and access requests.

func NewHandler 

func NewHandler(writer herodot.Writer, warden Firewall, authenticators map[string]authentication.Authenticator) *Handler

func (*Handler) SetRoutes 

func (h *Handler) SetRoutes(r *httprouter.Router)

type Warden 

type Warden struct {
	Warden ladon.Warden
	Roles  role.Manager
	L      logrus.FieldLogger
}

func NewWarden 

func NewWarden(
	warden ladon.Warden,
	roles role.Manager,
	l logrus.FieldLogger) *Warden

func (*Warden) IsAllowed 

func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.