oathkeeper: github.com/ory/oathkeeper/pipeline/authz Index | Files

package authz

import "github.com/ory/oathkeeper/pipeline/authz"

Index

Package Files

authorizer.go authorizer_allow.go authorizer_deny.go keto_engine_acp_ory.go registry.go remote.go remote_json.go utils.go

Variables

var ErrAuthorizerNotEnabled = herodot.DefaultError{
    ErrorField:  "authorizer matching this route is misconfigured or disabled",
    CodeField:   http.StatusInternalServerError,
    StatusField: http.StatusText(http.StatusInternalServerError),
}

func NewErrAuthorizerMisconfigured Uses

func NewErrAuthorizerMisconfigured(a Authorizer, err error) *herodot.DefaultError

func NewErrAuthorizerNotEnabled Uses

func NewErrAuthorizerNotEnabled(a Authorizer) *herodot.DefaultError

type Authorizer Uses

type Authorizer interface {
    Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rule pipeline.Rule) error
    GetID() string
    Validate(config json.RawMessage) error
}

type AuthorizerAllow Uses

type AuthorizerAllow struct {
    // contains filtered or unexported fields
}

func NewAuthorizerAllow Uses

func NewAuthorizerAllow(c configuration.Provider) *AuthorizerAllow

func (*AuthorizerAllow) Authorize Uses

func (a *AuthorizerAllow) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerAllow) GetID Uses

func (a *AuthorizerAllow) GetID() string

func (*AuthorizerAllow) Validate Uses

func (a *AuthorizerAllow) Validate(config json.RawMessage) error

type AuthorizerDeny Uses

type AuthorizerDeny struct {
    // contains filtered or unexported fields
}

func NewAuthorizerDeny Uses

func NewAuthorizerDeny(c configuration.Provider) *AuthorizerDeny

func (*AuthorizerDeny) Authorize Uses

func (a *AuthorizerDeny) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerDeny) GetID Uses

func (a *AuthorizerDeny) GetID() string

func (*AuthorizerDeny) Validate Uses

func (a *AuthorizerDeny) Validate(config json.RawMessage) error

type AuthorizerKetoEngineACPORY Uses

type AuthorizerKetoEngineACPORY struct {
    // contains filtered or unexported fields
}

func NewAuthorizerKetoEngineACPORY Uses

func NewAuthorizerKetoEngineACPORY(c configuration.Provider) *AuthorizerKetoEngineACPORY

func (*AuthorizerKetoEngineACPORY) Authorize Uses

func (a *AuthorizerKetoEngineACPORY) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rule pipeline.Rule) error

func (*AuthorizerKetoEngineACPORY) Config Uses

func (a *AuthorizerKetoEngineACPORY) Config(config json.RawMessage) (*AuthorizerKetoEngineACPORYConfiguration, error)

func (*AuthorizerKetoEngineACPORY) GetID Uses

func (a *AuthorizerKetoEngineACPORY) GetID() string

func (*AuthorizerKetoEngineACPORY) Validate Uses

func (a *AuthorizerKetoEngineACPORY) Validate(config json.RawMessage) error

func (*AuthorizerKetoEngineACPORY) WithContextCreator Uses

func (a *AuthorizerKetoEngineACPORY) WithContextCreator(f authorizerKetoWardenContext)

type AuthorizerKetoEngineACPORYConfiguration Uses

type AuthorizerKetoEngineACPORYConfiguration struct {
    RequiredAction   string `json:"required_action"`
    RequiredResource string `json:"required_resource"`
    Subject          string `json:"subject"`
    Flavor           string `json:"flavor"`
    BaseURL          string `json:"base_url"`
}

func (*AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID Uses

func (c *AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID Uses

func (c *AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID Uses

func (c *AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID() string

type AuthorizerKetoEngineACPORYRequestBody Uses

type AuthorizerKetoEngineACPORYRequestBody struct {
    Action   string                 `json:"action"`
    Context  map[string]interface{} `json:"context"`
    Resource string                 `json:"resource"`
    Subject  string                 `json:"subject"`
}

type AuthorizerRemote Uses

type AuthorizerRemote struct {
    // contains filtered or unexported fields
}

AuthorizerRemote implements the Authorizer interface.

func NewAuthorizerRemote Uses

func NewAuthorizerRemote(c configuration.Provider) *AuthorizerRemote

NewAuthorizerRemote creates a new AuthorizerRemote.

func (*AuthorizerRemote) Authorize Uses

func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) error

Authorize implements the Authorizer interface.

func (*AuthorizerRemote) Config Uses

func (a *AuthorizerRemote) Config(config json.RawMessage) (*AuthorizerRemoteConfiguration, error)

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemote) GetID Uses

func (a *AuthorizerRemote) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemote) Validate Uses

func (a *AuthorizerRemote) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteConfiguration Uses

type AuthorizerRemoteConfiguration struct {
    Remote  string            `json:"remote"`
    Headers map[string]string `json:"headers"`
}

AuthorizerRemoteConfiguration represents a configuration for the remote authorizer.

type AuthorizerRemoteJSON Uses

type AuthorizerRemoteJSON struct {
    // contains filtered or unexported fields
}

AuthorizerRemoteJSON implements the Authorizer interface.

func NewAuthorizerRemoteJSON Uses

func NewAuthorizerRemoteJSON(c configuration.Provider) *AuthorizerRemoteJSON

NewAuthorizerRemoteJSON creates a new AuthorizerRemoteJSON.

func (*AuthorizerRemoteJSON) Authorize Uses

func (a *AuthorizerRemoteJSON) Authorize(_ *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

Authorize implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Config Uses

func (a *AuthorizerRemoteJSON) Config(config json.RawMessage) (*AuthorizerRemoteJSONConfiguration, error)

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemoteJSON) GetID Uses

func (a *AuthorizerRemoteJSON) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Validate Uses

func (a *AuthorizerRemoteJSON) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteJSONConfiguration Uses

type AuthorizerRemoteJSONConfiguration struct {
    Remote  string `json:"remote"`
    Payload string `json:"payload"`
}

AuthorizerRemoteJSONConfiguration represents a configuration for the remote_json authorizer.

func (*AuthorizerRemoteJSONConfiguration) PayloadTemplateID Uses

func (c *AuthorizerRemoteJSONConfiguration) PayloadTemplateID() string

PayloadTemplateID returns a string with which to associate the payload template.

type Registry Uses

type Registry interface {
    AvailablePipelineAuthorizers() []string
    PipelineAuthorizer(string) (Authorizer, error)
}

Package authz imports 20 packages (graph) and is imported by 3 packages. Updated 2020-07-06. Refresh now. Tools for package owners.