authz

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthzAllowRule      = "bacalhau.authz.allow"
	AuthzTokenValidRule = "bacalhau.authz.token_valid"
)

The name of the rule that must be `true` for the authorization provider to permit access. This is typically provided by a policy with package name `bacalhau.authz` and then by defining a rule `allow`. See `policy_test_allow.rego` for a minimal example.

Variables

View Source 
var AlwaysAllow = NewPolicyAuthorizer(AlwaysAllowPolicy, nil, "")

AlwaysAllow is an authorizer that will always permit access, irrespective of the passed in data, which is useful for testing.

View Source 
var AlwaysAllowPolicy = lo.Must(policy.FromFS(policies, "policies/policy_test_allow.rego"))

AlwaysAllowPolicy is a policy that will always permit access, irrespective of the passed in data, which is useful for testing.

Functions

This section is empty.

Types

type Authorization 

type Authorization struct {
	Approved   bool   `json:"approved"`
	TokenValid bool   `json:"tokenValid"`
	Reason     string `json:"reason"`
}

type Authorizer 

type Authorizer interface {
	Authorize(req *http.Request) (Authorization, error)
}

func NewPolicyAuthorizer 

func NewPolicyAuthorizer(authzPolicy *policy.Policy, key *rsa.PublicKey, nodeID string) Authorizer

PolicyAuthorizer can authorize users by calling out to an external Rego policy containing logic to make decisions about who should be authorized.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.