Documentation ¶
Index ¶
- Variables
- type Checker
- type ClientOption
- type Config
- type EnforcementClient
- type EnforcementClientImpl
- func (s *EnforcementClientImpl) Compile(ctx context.Context, idToken string, action string, kinds ...string) (Checker, error)
- func (s *EnforcementClientImpl) HasAccess(ctx context.Context, idToken string, action string, resources ...Resource) (bool, error)
- func (s *EnforcementClientImpl) LookupResources(ctx context.Context, idToken string, action string) ([]Resource, error)
- type HTTPRequestDoer
- type Resource
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidQuery = errors.New("invalid query") ErrInvalidIDToken = errors.New("invalid id token: cannot extract namespaced ID") ErrInvalidToken = errors.New("invalid token: cannot query server") ErrInvalidResponse = errors.New("invalid response from server") ErrUnexpectedStatus = errors.New("unexpected response status") )
View Source
var (
ErrTooManyPermissions = errors.New("unexpected number of permissions returned by the server")
)
Functions ¶
This section is empty.
Types ¶
type ClientOption ¶
type ClientOption func(*EnforcementClientImpl) error
ClientOption allows setting custom parameters during construction.
func WithCache ¶
func WithCache(cache cache.Cache) ClientOption
func WithHTTPClient ¶
func WithHTTPClient(doer HTTPRequestDoer) ClientOption
func WithSearchByPrefix ¶
func WithSearchByPrefix(prefix string) ClientOption
WithSearchByPrefix makes the client search for permissions always using the given prefix. This can improve performance when the client is used to check permissions for a single action prefix.
type EnforcementClient ¶
type EnforcementClient interface { // Compile generates a function to check whether the user has access to any scope of a given list of scopes. // This is particularly useful when you want to verify access to a list of resources. Compile(ctx context.Context, idToken string, action string, kinds ...string) (Checker, error) // HasAccess checks whether the user can perform the given action on any of the given resources. // If the scope is empty, it checks whether the user can perform the action. HasAccess(ctx context.Context, idToken string, action string, resources ...Resource) (bool, error) // Experimental: LookupResources returns the resources that the user has access to for the given action. LookupResources(ctx context.Context, idToken string, action string) ([]Resource, error) }
type EnforcementClientImpl ¶
type EnforcementClientImpl struct {
// contains filtered or unexported fields
}
func NewEnforcementClient ¶
func NewEnforcementClient(cfg Config, opt ...ClientOption) (*EnforcementClientImpl, error)
func (*EnforcementClientImpl) LookupResources ¶
func (s *EnforcementClientImpl) LookupResources(ctx context.Context, idToken string, action string) ([]Resource, error)
Experimental: LookupResources returns the resources that the user has access to for the given action. Resource expansion is still not supported in this method.
type HTTPRequestDoer ¶
HTTPRequestDoer performs HTTP requests. The standard http.Client implements this interface.
type Resource ¶
type Resource struct { // Kind is the type of resource. Ex: "teams", "dashboards", "datasources" Kind string // The attribute is required for compatibility with the way scopes are defined in Grafana. Ex: "id", "uid" Attr string // ID is the unique identifier of the resource. Ex: "2", "YYxUSd7ik", "test-datasource" ID string }
Resource represents a resource in Grafana.
Click to show internal directories.
Click to hide internal directories.