package trustgraph

import "github.com/docker/libtrust/trustgraph"

Index

Types

type Grant 

type Grant struct {
	// Subject is the namespace being granted
	Subject string

	// Permissions is a bit map of permissions
	Permission uint16

	// Grantee represents the node being granted
	// a permission scope.  The grantee can be
	// either a namespace item or a key id where namespace
	// items will always start with a '/'.
	Grantee string
	// contains filtered or unexported fields
}

Grant represents a transfer of permission from one part of the trust graph to another. This is the only way to delegate permission between two different sub trees in the graph.

func CollapseStatements 

func CollapseStatements(statements []*Statement, useExpired bool) ([]*Grant, time.Time, error)

CollapseStatements returns a single list of the valid statements as well as the time when the next grant will expire.

type Statement 

type Statement struct {
	// contains filtered or unexported fields
}

Statement represents a set of grants made from a verifiable authority. A statement has an expiration associated with it set by the authority.

func CreateStatement 

func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)

CreateStatements creates and signs a statement from a stream of grants and revocations in a JSON array.

func FilterStatements 

func FilterStatements(grants []*Grant) ([]*Statement, error)

FilterStatements filters the statements to statements including the given grants.

func LoadStatement 

func LoadStatement(r io.Reader, authority *x509.CertPool) (*Statement, error)

LoadStatement loads and verifies a statement from an input stream.

func (*Statement) Bytes 

func (s *Statement) Bytes() ([]byte, error)

Bytes returns an indented json representation of the statement in a byte array. This value can be written to a file or stream without alteration.

func (*Statement) IsExpired 

func (s *Statement) IsExpired() bool

IsExpired returns whether the statement has expired

type TrustGraph 

type TrustGraph interface {
	// Verifies that the given public key is allowed to perform
	// the given action on the given node according to the trust
	// graph.
	Verify(libtrust.PublicKey, string, uint16) (bool, error)

	// GetGrants returns an array of all grant chains which are used to
	// allow the requested permission.
	GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error)
}

TrustGraph represents a graph of authorization mapping public keys to nodes and grants between nodes.

func NewMemoryGraph 

func NewMemoryGraph(grants []*Grant) TrustGraph

NewMemoryGraph returns a new in memory trust graph created from a static list of grants. This graph is immutable after creation and any alterations should create a new instance.

Source Files

graph.go memory_graph.go statement.go

Version
v0.0.0-20160708172513-aabc10ec26b7 (latest)
Published
Jul 8, 2016
Platform
linux/amd64
Imports
8 packages
Last checked
2 months ago

Tools for package owners.