package trustgraph import "github.com/docker/libtrust" // TrustGraph represents a graph of authorization mapping // public keys to nodes and grants between nodes. type TrustGraph interface { // Verifies that the given public key is allowed to perform // the given action on the given node according to the trust // graph. Verify(libtrust.PublicKey, string, uint16) (bool, error) // GetGrants returns an array of all grant chains which are used to // allow the requested permission. GetGrants(libtrust.PublicKey, string, uint16) ([][]*Grant, error) } // Grant represents a transfer of permission from one part of the // trust graph to another. This is the only way to delegate // permission between two different sub trees in the graph. type Grant struct { // Subject is the namespace being granted Subject string // Permissions is a bit map of permissions Permission uint16 // Grantee represents the node being granted // a permission scope. The grantee can be // either a namespace item or a key id where namespace // items will always start with a '/'. Grantee string // statement represents the statement used to create // this object. statement *Statement } // Permissions // Read node 0x01 (can read node, no sub nodes) // Write node 0x02 (can write to node object, cannot create subnodes) // Read subtree 0x04 (delegates read to each sub node) // Write subtree 0x08 (delegates write to each sub node, included create on the subject) // // Permission shortcuts // ReadItem = 0x01 // WriteItem = 0x03 // ReadAccess = 0x07 // WriteAccess = 0x0F // Delegate = 0x0F