authz

package
v0.40.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 29, 2024 License: Apache-2.0 Imports: 22 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAuthorizerNotEnabled = herodot.DefaultError{
	ErrorField:  "authorizer matching this route is misconfigured or disabled",
	CodeField:   http.StatusInternalServerError,
	StatusField: http.StatusText(http.StatusInternalServerError),
}

Functions

func NewErrAuthorizerMisconfigured

func NewErrAuthorizerMisconfigured(a Authorizer, err error) *herodot.DefaultError

func NewErrAuthorizerNotEnabled

func NewErrAuthorizerNotEnabled(a Authorizer) *herodot.DefaultError

Types

type Authorizer

type Authorizer interface {
	Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rule pipeline.Rule) error
	GetID() string
	Validate(config json.RawMessage) error
}

type AuthorizerAllow

type AuthorizerAllow struct {
	// contains filtered or unexported fields
}

func NewAuthorizerAllow

func NewAuthorizerAllow(c configuration.Provider) *AuthorizerAllow

func (*AuthorizerAllow) Authorize

func (a *AuthorizerAllow) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerAllow) GetID

func (a *AuthorizerAllow) GetID() string

func (*AuthorizerAllow) Validate

func (a *AuthorizerAllow) Validate(config json.RawMessage) error

type AuthorizerDeny

type AuthorizerDeny struct {
	// contains filtered or unexported fields
}

func NewAuthorizerDeny

func NewAuthorizerDeny(c configuration.Provider) *AuthorizerDeny

func (*AuthorizerDeny) Authorize

func (a *AuthorizerDeny) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerDeny) GetID

func (a *AuthorizerDeny) GetID() string

func (*AuthorizerDeny) Validate

func (a *AuthorizerDeny) Validate(config json.RawMessage) error

type AuthorizerKetoEngineACPORY

type AuthorizerKetoEngineACPORY struct {
	// contains filtered or unexported fields
}

func NewAuthorizerKetoEngineACPORY

func NewAuthorizerKetoEngineACPORY(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerKetoEngineACPORY

func (*AuthorizerKetoEngineACPORY) Authorize

func (*AuthorizerKetoEngineACPORY) Config

func (*AuthorizerKetoEngineACPORY) GetID

func (*AuthorizerKetoEngineACPORY) Validate

func (a *AuthorizerKetoEngineACPORY) Validate(config json.RawMessage) error

func (*AuthorizerKetoEngineACPORY) WithContextCreator

func (a *AuthorizerKetoEngineACPORY) WithContextCreator(f authorizerKetoWardenContext)

type AuthorizerKetoEngineACPORYConfiguration

type AuthorizerKetoEngineACPORYConfiguration struct {
	RequiredAction   string `json:"required_action"`
	RequiredResource string `json:"required_resource"`
	Subject          string `json:"subject"`
	Flavor           string `json:"flavor"`
	BaseURL          string `json:"base_url"`
}

func (*AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID

func (c *AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID

func (c *AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID

func (c *AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID() string

type AuthorizerKetoEngineACPORYRequestBody

type AuthorizerKetoEngineACPORYRequestBody struct {
	Action   string                 `json:"action"`
	Context  map[string]interface{} `json:"context"`
	Resource string                 `json:"resource"`
	Subject  string                 `json:"subject"`
}

type AuthorizerRemote

type AuthorizerRemote struct {
	// contains filtered or unexported fields
}

AuthorizerRemote implements the Authorizer interface.

func NewAuthorizerRemote

func NewAuthorizerRemote(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemote

NewAuthorizerRemote creates a new AuthorizerRemote.

func (*AuthorizerRemote) Authorize

func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) (err error)

Authorize implements the Authorizer interface.

func (*AuthorizerRemote) Config

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemote) GetID

func (a *AuthorizerRemote) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemote) Validate

func (a *AuthorizerRemote) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteConfiguration

type AuthorizerRemoteConfiguration struct {
	Remote                           string                              `json:"remote"`
	Headers                          map[string]string                   `json:"headers"`
	ForwardResponseHeadersToUpstream []string                            `json:"forward_response_headers_to_upstream"`
	Retry                            *AuthorizerRemoteRetryConfiguration `json:"retry"`
}

AuthorizerRemoteConfiguration represents a configuration for the remote authorizer.

type AuthorizerRemoteJSON

type AuthorizerRemoteJSON struct {
	// contains filtered or unexported fields
}

AuthorizerRemoteJSON implements the Authorizer interface.

func NewAuthorizerRemoteJSON

func NewAuthorizerRemoteJSON(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemoteJSON

NewAuthorizerRemoteJSON creates a new AuthorizerRemoteJSON.

func (*AuthorizerRemoteJSON) Authorize

func (a *AuthorizerRemoteJSON) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) (err error)

Authorize implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Config

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemoteJSON) GetID

func (a *AuthorizerRemoteJSON) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Validate

func (a *AuthorizerRemoteJSON) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteJSONConfiguration

type AuthorizerRemoteJSONConfiguration struct {
	Remote                           string                                  `json:"remote"`
	Headers                          map[string]string                       `json:"headers"`
	Payload                          string                                  `json:"payload"`
	ForwardResponseHeadersToUpstream []string                                `json:"forward_response_headers_to_upstream"`
	Retry                            *AuthorizerRemoteJSONRetryConfiguration `json:"retry"`
}

AuthorizerRemoteJSONConfiguration represents a configuration for the remote_json authorizer.

func (*AuthorizerRemoteJSONConfiguration) PayloadTemplateID

func (c *AuthorizerRemoteJSONConfiguration) PayloadTemplateID() string

PayloadTemplateID returns a string with which to associate the payload template.

type AuthorizerRemoteJSONRetryConfiguration

type AuthorizerRemoteJSONRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type AuthorizerRemoteRetryConfiguration

type AuthorizerRemoteRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type Registry

type Registry interface {
	AvailablePipelineAuthorizers() []string
	PipelineAuthorizer(string) (Authorizer, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL