authorizer

package

v0.9.0 Latest Latest Go to latest Published: Dec 1, 2023 License: Apache-2.0 Imports: 7 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/autom8ter/protoc-gen-authorize

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DefaultUserExtractor(ctx context.Context) (any, error)
func StreamServerInterceptor(authorizer Authorizer, opts ...Opt) grpc.StreamServerInterceptor
func UnaryServerInterceptor(authorizer Authorizer, opts ...Opt) grpc.UnaryServerInterceptor
type AuthorizeMethodFunc
- func (f AuthorizeMethodFunc) AuthorizeMethod(ctx context.Context, method string, params *RuleExecutionParams) (allow bool, err error)
type Authorizer
- func Chain(authz ...Authorizer) Authorizer
type ExpressionVar
type Opt
type RuleExecutionParams
type UserExtractor

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultUserExtractorKey ctxKey = "user"

DefaultUserExtractorKey is the default key used to extract a user from the context

Functions ¶

func DefaultUserExtractor ¶ added in v0.5.0

func DefaultUserExtractor(ctx context.Context) (any, error)

DefaultUserExtractor is the default user extractor function that extracts a user from the context using the DefaultUserExtractorKey

func StreamServerInterceptor ¶

func StreamServerInterceptor(authorizer Authorizer, opts ...Opt) grpc.StreamServerInterceptor

StreamServerInterceptor uses the given authorizer to authorize streaming grpc requests. JavascriptAuthorizer/CELAuthorizer are implementations of Authorizer that use javascript/CEL expressions to authorize requests the request object in the expression evaluation is nil because it is not available in the context for streaming requests

func UnaryServerInterceptor ¶

func UnaryServerInterceptor(authorizer Authorizer, opts ...Opt) grpc.UnaryServerInterceptor

UnaryServerInterceptor uses the given authorizer to authorize unary grpc requests. JavascriptAuthorizer/CELAuthorizer are implementations of Authorizer that use javascript/CEL expressions to authorize requests

Types ¶

type AuthorizeMethodFunc ¶ added in v0.7.0

type AuthorizeMethodFunc func(ctx context.Context, method string, params *RuleExecutionParams) (allow bool, err error)

AuthorizeMethodFunc is a function that authorizes a grpc request

func (AuthorizeMethodFunc) AuthorizeMethod ¶ added in v0.7.0

func (f AuthorizeMethodFunc) AuthorizeMethod(ctx context.Context, method string, params *RuleExecutionParams) (allow bool, err error)

AuthorizeMethod implements the Authorizer interface

type Authorizer ¶

type Authorizer interface {
	// AuthorizeMethod is called by the grpc interceptor to authorize a request
	AuthorizeMethod(ctx context.Context, method string, params *RuleExecutionParams) (allow bool, err error)
}

Authorizer is an interface for authorizing grpc requests

func Chain ¶ added in v0.7.0

func Chain(authz ...Authorizer) Authorizer

Chain chains multiple authorizers together - if any authorizer returns true, the request is authorized

type ExpressionVar ¶

type ExpressionVar string

ExpressionVar is a global variable injected into a Javascript/CEL authorization expression

const (
	// ExpressionVarRequest is the request object
	ExpressionVarRequest ExpressionVar = "request"
	// ExpressionVarMetadata is the metadata object
	ExpressionVarMetadata ExpressionVar = "metadata"
	// ExpressionVarUser is the user object
	ExpressionVarUser ExpressionVar = "user"
	// ExpressionVarIsStream is true if the grpc handler is a streaming handler
	ExpressionVarIsStream ExpressionVar = "is_stream"
	// ExpressionVarMethod is the grpc method
	ExpressionVarMethod ExpressionVar = "method"
)

type Opt ¶

type Opt func(o *options)

Opt is an option for configuring the interceptor

func WithSelectors ¶ added in v0.9.0

func WithSelectors(selectors ...selector.Matcher) Opt

WithSelectors sets the list of selectors that will be used to determine if the interceptor should be applied to a request

func WithUserExtractor ¶

func WithUserExtractor(extractor UserExtractor) Opt

WithUserExtractor sets the user extractor function that will be used by the interceptor to extract a user from the context so it's attributes can be used in rule expression evaluation. It is injected into the expression vm as the "user" variable

func WithWhiteListMethods ¶ added in v0.5.0

func WithWhiteListMethods(methods []string) Opt

WithWhiteListMethods sets the list of methods that will be allowed without authorization

type RuleExecutionParams ¶

type RuleExecutionParams struct {
	// User is the user extracted from the context using the Authorizer.ExtractUser function
	User any
	// Request is the request object passed to the grpc handler
	Request any
	// Metadata is the metadata passed to the grpc handler
	Metadata metadata.MD
	// IsStream is true if the grpc handler is a streaming handler
	IsStream bool
}

RuleExecutionParams is the set of parameters passed to the Authorizer.ExecuteRule function

type UserExtractor ¶

type UserExtractor func(ctx context.Context) (any, error)

UserExtractor is a function that extracts a user from a context so it's attributes can be used in rule expression evaluation

Source Files ¶

View all Source files

authorizer.go

Directories ¶

Path	Synopsis
cel
javascript

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL