Documentation ¶
Overview ¶
Package http is used to create an AuthorizerClient that communicates with the authorizer using HTTP.
AuthorizerClient is the low-level interface that exposes the raw authorization API.
Example ¶
package main import ( "context" "fmt" "log" "github.com/aserto-dev/go-aserto/authorizer/http" "github.com/aserto-dev/go-aserto/client" authz "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2" "github.com/aserto-dev/go-authorizer/aserto/authorizer/v2/api" ) func main() { ctx := context.Background() // Create new authorizer client. authorizer, err := http.New( client.WithAPIKeyAuth("<Aserto authorizer API key"), ) if err != nil { log.Fatal("Failed to create authorizer:", err) } // Make an authorization call. result, err := authorizer.Is( ctx, &authz.IsRequest{ PolicyContext: &api.PolicyContext{ Path: "<Policy path (e.g. 'peoplefinder.GET.users')", Decisions: []string{"<authorization decisions (e.g. 'allowed')>"}, }, IdentityContext: &api.IdentityContext{ Type: api.IdentityType_IDENTITY_TYPE_SUB, Identity: "<user id>", }, PolicyInstance: &api.PolicyInstance{ Name: "<Aserto Policy Name>", InstanceLabel: "<Aserto Policy Intance Label>", }, }, ) if err != nil { log.Fatal("Failed to make authorization call:", err) } // Check the authorizer's decision. for _, decision := range result.Decisions { if decision.Decision == "allowed" { // "allowed" is just an example. Your policy may have different rules. if decision.Is { fmt.Println("Access granted") } else { fmt.Println("Access denied") } } } }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrNotSupported = errors.New("unsupported feature")
ErrNotSupported is returned when gRPC options are passed to the HTTP client.
Functions ¶
This section is empty.
Types ¶
type AuthorizerClient ¶
type AuthorizerClient = authz.AuthorizerClient
func New ¶
func New(opts ...client.ConnectionOption) (AuthorizerClient, error)
New returns a new REST authorizer with the specified options.
Click to show internal directories.
Click to hide internal directories.