Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PermissionChecker ¶
type PermissionChecker struct {
// contains filtered or unexported fields
}
PermissionChecker handles principal-based permission checking
func NewPermissionChecker ¶
func NewPermissionChecker(repository *dsopsdata.Repository, logger *logging.Logger) *PermissionChecker
NewPermissionChecker creates a new permission checker
func (*PermissionChecker) CheckRotationPermission ¶
func (p *PermissionChecker) CheckRotationPermission(ctx context.Context, req RotationRequest) *PermissionResult
CheckRotationPermission checks if a principal can perform a rotation
func (*PermissionChecker) GetPrincipalForRotation ¶
func (p *PermissionChecker) GetPrincipalForRotation(ctx context.Context, secret rotation.SecretInfo) string
GetPrincipalForRotation attempts to determine the principal for a rotation request
type PermissionResult ¶
type PermissionResult struct {
Allowed bool `json:"allowed"`
Reason string `json:"reason"`
Principal *dsopsdata.Principal `json:"principal,omitempty"`
Constraints []string `json:"constraints,omitempty"`
}
PermissionResult represents the result of a permission check
type RotationRequest ¶
type RotationRequest struct {
Principal string // Principal name making the request
ServiceType string // Service type being rotated
CredentialKind string // Credential kind being rotated
RequestedTTL time.Duration // Requested TTL for the credential
Environment string // Environment context
SecretKey string // Secret key for logging
}
RotationRequest represents a rotation permission check request
Source Files
Click to show internal directories.
Click to hide internal directories.