package trustgraph
import "github.com/docker/libtrust/trustgraph"
Index ¶
- type Grant
- type Statement
- func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)
- func FilterStatements(grants []*Grant) ([]*Statement, error)
- func LoadStatement(r io.Reader, authority *x509.CertPool) (*Statement, error)
- func (s *Statement) Bytes() ([]byte, error)
- func (s *Statement) IsExpired() bool
- type TrustGraph
Types ¶
type Grant ¶
type Grant struct { // Subject is the namespace being granted Subject string // Permissions is a bit map of permissions Permission uint16 // Grantee represents the node being granted // a permission scope. The grantee can be // either a namespace item or a key id where namespace // items will always start with a '/'. Grantee string // contains filtered or unexported fields }
Grant represents a transfer of permission from one part of the trust graph to another. This is the only way to delegate permission between two different sub trees in the graph.
func CollapseStatements ¶
CollapseStatements returns a single list of the valid statements as well as the time when the next grant will expire.
type Statement ¶
type Statement struct {
// contains filtered or unexported fields
}
Statement represents a set of grants made from a verifiable authority. A statement has an expiration associated with it set by the authority.
func CreateStatement ¶
func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error)
CreateStatements creates and signs a statement from a stream of grants and revocations in a JSON array.
func FilterStatements ¶
FilterStatements filters the statements to statements including the given grants.
func LoadStatement ¶
LoadStatement loads and verifies a statement from an input stream.
func (*Statement) Bytes ¶
Bytes returns an indented json representation of the statement in a byte array. This value can be written to a file or stream without alteration.
func (*Statement) IsExpired ¶
IsExpired returns whether the statement has expired
type TrustGraph ¶
type TrustGraph interface { // Verifies that the given public key is allowed to perform // the given action on the given node according to the trust // graph. Verify(libtrust.PublicKey, string, uint16) (bool, error) // GetGrants returns an array of all grant chains which are used to // allow the requested permission. GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error) }
TrustGraph represents a graph of authorization mapping public keys to nodes and grants between nodes.
func NewMemoryGraph ¶
func NewMemoryGraph(grants []*Grant) TrustGraph
NewMemoryGraph returns a new in memory trust graph created from a static list of grants. This graph is immutable after creation and any alterations should create a new instance.
Source Files ¶
graph.go memory_graph.go statement.go
- Version
- v0.0.0-20160708172513-aabc10ec26b7 (latest)
- Published
- Jul 8, 2016
- Platform
- linux/amd64
- Imports
- 8 packages
- Last checked
- 1 month ago –
Tools for package owners.