-
Notifications
You must be signed in to change notification settings - Fork 0
/
doc.go
116 lines (101 loc) · 3.75 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
* Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @author Aeneas Rekkas <aeneas+oss@aeneas.io>
* @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
* @license Apache-2.0
*/
// Package policy offers management capabilities for access control policies.
//
// Access Control Policies (ACP) are a concept similar to Role Based Access Control and Access Control Lists. ACPs
// however are more flexible and capable of handling complex and abstract access control scenarios. A ACP answers "**Who**
// is **able** to do **what** on **something** given a **context**."
//
//
// ACPs have five attributes:
//
// - Subject *(who)*: An arbitrary unique subject name, for example "ken" or "printer-service.mydomain.com".
// - Effect *(able)*: The effect which can be either "allow" or "deny".
// - Action *(what)*: An arbitrary action name, for example "delete", "create" or "scoped:action:something".
// - Resource *(something)*: An arbitrary unique resource name, for example "something", "resources.articles.1234" or some uniform resource name like "urn:isbn:3827370191".
// - Condition *(context)*: An optional condition that evaluates the context (e.g. IP Address, request datetime, resource owner name, department, ...). Different strategies are available to evaluate conditions:
// - https://github.com/ory/ladon#cidr-condition
// - https://github.com/ory/ladon#string-equal-condition
// - https://github.com/ory/ladon#string-match-condition
// - https://github.com/ory/ladon#subject-condition
// - https://github.com/ory/ladon#string-pairs-equal-condition
//
//
// You can find more information on ACPs here:
//
// - https://github.com/ory/ladon#usage for more information on policy usage.
//
// - https://github.com/ory/ladon#concepts
package policy
// swagger:parameters listPolicies
type swaggerListPolicyParameters struct {
// The offset from where to start looking.
// in: query
Offset int `json:"offset"`
// The maximum amount of policies returned.
// in: query
Limit int `json:"limit"`
}
// swagger:parameters getPolicy deletePolicy
type swaggerGetPolicyParameters struct {
// The id of the policy.
// in: path
ID string `json:"id"`
}
// swagger:parameters updatePolicy
type swaggerUpdatePolicyParameters struct {
// The id of the policy.
// in: path
ID string `json:"id"`
// in: body
Body swaggerPolicy
}
// swagger:parameters createPolicy
type swaggerCreatePolicyParameters struct {
// in: body
Body swaggerPolicy
}
// A policy
// swagger:response policyList
type swaggerListPolicyResponse struct {
// in: body
// type: array
Body []swaggerPolicy
}
// swagger:model policy
type swaggerPolicy struct {
// ID of the policy.
ID string `json:"id"`
// Description of the policy.
Description string `json:"description"`
// Subjects impacted by the policy.
Subjects []string `json:"subjects"`
// Effect of the policy
Effect string `json:"effect"`
// Resources impacted by the policy.
Resources []string `json:"resources"`
// Actions impacted by the policy.
Actions []string `json:"actions"`
// Conditions under which the policy is active.
Conditions map[string]struct {
Type string `json:"type"`
Options map[string]interface{} `json:"options"`
} `json:"conditions"`
}