Documentation
¶
Overview ¶
Package authorizer is a generated GoMock package.
Index ¶
- Constants
- type ABACKey
- type AcctEntitlementsType
- type Authorizer
- type ClaimsVerifier
- type DecisionInput
- type DecisionInputHandler
- type DefaultDecisionInputer
- type MockAuthorizer
- func (m *MockAuthorizer) AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
- func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
- func (m *MockAuthorizer) Evaluate(ctx context.Context, fullMethod string, req interface{}, ...) (bool, context.Context, error)
- func (m *MockAuthorizer) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
- func (m *MockAuthorizer) GetCurrentUserCompartments(ctx context.Context) ([]string, error)
- func (m *MockAuthorizer) OpaQuery(ctx context.Context, decisionDocument string, opaReq, opaResp interface{}) error
- type MockAuthorizerMockRecorder
- func (mr *MockAuthorizerMockRecorder) AffirmAuthorization(ctx, fullMethod, eq interface{}) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) Evaluate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) GetCurrentUserCompartments(ctx context.Context) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) OpaQuery(ctx, decisionDocument, opaReq, opaResp interface{}) *gomock.Call
- type ObligationKey
- type OpaEvaluator
Constants ¶
View Source
const ( // DefaultValidatePath is default OPA path to perform authz validation DefaultValidatePath = "v1/data/authz/rbac/validate_v1" // DefaultAcctEntitlementsApiPath is default OPA path to fetch acct entitlements DefaultAcctEntitlementsApiPath = "v1/data/authz/rbac/acct_entitlements_api" // DefaultCurrentUserCompartmentsPath is default OPA path to fetch current user's compartments DefaultCurrentUserCompartmentsPath = "v1/data/authz/rbac/current_user_compartments" REDACTED = "redacted" TypeKey = ABACKey("ABACType") VerbKey = ABACKey("ABACVerb") ObKey = ObligationKey("obligations") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AcctEntitlementsType ¶ added in v2.1.0
AcctEntitlementsType is a convenience data type, returned by GetAcctEntitlements() (map of acct_id to map of service to array of features)
type Authorizer ¶
type Authorizer interface {
// Evaluate evaluates the authorization policy for the given request.
// It takes the context, full method name, request object, and an OpaEvaluator as input.
// It returns a boolean indicating whether the request is authorized, a modified context,
// and an error if any.
Evaluate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (bool, context.Context, error)
// OpaQuery executes a query against the OPA (Open Policy Agent) with the specified decision document.
// If the decision document is an empty string, the query is executed against the default decision document
// configured in OPA.
// It takes the context, decision document name, OPA request object, and OPA response object as input.
// It returns an error if any.
OpaQuery(ctx context.Context, decisionDocument string, opaReq, opaResp interface{}) error
AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
GetCurrentUserCompartments(ctx context.Context) ([]string, error)
}
Authorizer interface is implemented for making arbitrary requests to Opa.
type DecisionInput ¶
type DecisionInput struct {
Type string `json:"type"` // Object/resource-type to match
Verb string `json:"verb"` // Verb to match
SealCtx []interface{} `json:"ctx"` // Array of app/service-specific context data to match
DecisionDocument string `json:"-"` // OPA decision document to query, by default "",
}
DecisionInput is app/service-specific data supplied by app/service ABAC requests
type DecisionInputHandler ¶
type DecisionInputHandler interface {
// GetDecisionInput returns an app/service-specific DecisionInput.
// A nil DecisionInput should NOT be returned unless error.
GetDecisionInput(ctx context.Context, fullMethod string, req interface{}) (*DecisionInput, error)
}
fullMethod is of the form "Service.FullMethod"
type DefaultDecisionInputer ¶
type DefaultDecisionInputer struct{}
DefaultDecisionInputer is an example DecisionInputHandler that is used as default
func (*DefaultDecisionInputer) GetDecisionInput ¶
func (m *DefaultDecisionInputer) GetDecisionInput(ctx context.Context, fullMethod string, grpcReq interface{}) (*DecisionInput, error)
GetDecisionInput is an example DecisionInputHandler that returns some decision input based on some incoming Context values. App/services will most likely supply their own DecisionInputHandler using WithDecisionInputHandler option.
func (DefaultDecisionInputer) String ¶
func (m DefaultDecisionInputer) String() string
type MockAuthorizer ¶
type MockAuthorizer struct {
// contains filtered or unexported fields
}
MockAuthorizer is a mock of Authorizer interface.
func NewMockAuthorizer ¶
func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer
NewMockAuthorizer creates a new mock instance.
func (*MockAuthorizer) AffirmAuthorization ¶
func (m *MockAuthorizer) AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
AffirmAuthorization mocks base method.
func (*MockAuthorizer) EXPECT ¶
func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockAuthorizer) Evaluate ¶
func (m *MockAuthorizer) Evaluate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (bool, context.Context, error)
Evaluate mocks base method.
func (*MockAuthorizer) GetAcctEntitlements ¶ added in v2.1.0
func (m *MockAuthorizer) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
GetAcctEntitlements mocks base method.
func (*MockAuthorizer) GetCurrentUserCompartments ¶ added in v2.1.0
func (m *MockAuthorizer) GetCurrentUserCompartments(ctx context.Context) ([]string, error)
GetCurrentUserCompartments mocks base method.
type MockAuthorizerMockRecorder ¶
type MockAuthorizerMockRecorder struct {
// contains filtered or unexported fields
}
MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.
func (*MockAuthorizerMockRecorder) AffirmAuthorization ¶
func (mr *MockAuthorizerMockRecorder) AffirmAuthorization(ctx, fullMethod, eq interface{}) *gomock.Call
AffirmAuthorization indicates an expected call of AffirmAuthorization.
func (*MockAuthorizerMockRecorder) Evaluate ¶
func (mr *MockAuthorizerMockRecorder) Evaluate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
Evaluate indicates an expected call of Evaluate.
func (*MockAuthorizerMockRecorder) GetAcctEntitlements ¶ added in v2.1.0
func (mr *MockAuthorizerMockRecorder) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) *gomock.Call
GetAcctEntitlements indicates an expected call of GetAcctEntitlements.
func (*MockAuthorizerMockRecorder) GetCurrentUserCompartments ¶ added in v2.1.0
func (mr *MockAuthorizerMockRecorder) GetCurrentUserCompartments(ctx context.Context) *gomock.Call
GetCurrentUserCompartments indicates an expected call of GetCurrentUserCompartments.
func (*MockAuthorizerMockRecorder) OpaQuery ¶
func (mr *MockAuthorizerMockRecorder) OpaQuery(ctx, decisionDocument, opaReq, opaResp interface{}) *gomock.Call
OpaQuery indicates an expected call of OpaQuery.
type ObligationKey ¶
type ObligationKey string
Source Files
Click to show internal directories.
Click to hide internal directories.