sdk

package module

v0.8.3 Latest Latest Go to latest Published: May 8, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/eko/authz

Links

Open Source Insights

README ¶

Authz Go SDK

This is the Authz development kit for Go.

Installation

You can install in your projects by importing the following dependency:

$ go get github.com/eko/authz/sdk@latest

Usage

You have to instanciate a new Authz Client in your code by doing:

authzClient, err := sdk.NewClient(&sdk.Config{
    ClientID: "your-client-id",
    ClientSecret: "your-client-secret",
    GrpcAddr: "localhost:8081",
})

Once the client is instanciate, you have access to all the gRPC methods and also some overridden ones.

In order to create a new Principal, you can use

response, err := authzClient.PrincipalCreate(ctx, &authz.PrincipalCreateRequest{
    Id: "user-123",
    Attributes: []*authz.Attribute{
        {Key: "email", Value: "johndoe@acme.tld"},
    },
})

To declare a new resource:

response, err := authzClient.ResourceCreate(ctx, &authz.ResourceCreateRequest{
    Id: "post.456",
    Kind: "post",
    Value: "456",
    Attributes: []*authz.Attribute{
        {Key: "owner_email", Value: "johndoe@acme.tld"},
    },
})

You can also declare a new policy this way:

import (
    "github.com/eko/authz/backend/sdk/rule"
)

response, err := authzClient.PolicyCreate(ctx, &authz.PolicyCreateRequest{
    Id: "post-owners",
    Resources: []string{"post.*"},
    Actions: []string{"edit", "delete"},
    AttributeRules: []string{
        rule.AttributeEqual(
            rule.PrincipalResourceAttribute{
                PrincipalAttribute: "email",
                ResourceAttribute:  "owner_email",
            },
        ),
    },
})

Then, you can perform a check with:

isAllowed, err := authzClient.IsAllowed(&authz.Check{
    Principal: "user-123",
    ResourceKind: "post",
    ResourceValue: "456",
    Action: "edit",
})
if err != nil {
    // Log error
}

if isAllowed {
    // Do something
}

Please note that you have access to all the gRPC methods declared here in the proto file.

Configuration

This SDK connects over gRPC to the backend service. Here are the available configuration options:

Property	Default value	Description
ClientID	None	Your service account client id used to authenticate
ClientSecret	None	Your service account client secret key used to authenticate
GrpcAddr	127.0.0.1:8081	Authz backend to connect to

Test

Unit tests can be run with:

$ go test -v -race -count=1 ./...

Documentation ¶

Index ¶

Variables
type Client
- func NewClient(cfg *Config) (Client, error)
type Config

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultConfig = &Config{
	ExpireDelay: 5 * time.Minute,
	GrpcAddr:    "localhost:8081",
}

DefaultConfig is the default configuration to use.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	authz.ApiClient
	IsAllowed(ctx context.Context, check *authz.Check) (bool, error)
}

func NewClient ¶

func NewClient(cfg *Config) (Client, error)

type Config ¶

type Config struct {
	ExpireDelay time.Duration
	GrpcAddr    string

	ClientID     string
	ClientSecret string
}

Config represents the SDK configuration values.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example
interceptor
rule

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL