Versions in this module Expand all Collapse all v5 v5.5.2 Oct 16, 2023 v5.5.1 Nov 14, 2022 Changes in this version + var ErrDenyByPolicy = policy.ErrDenyByPolicy + var ErrDomainExpired = policy.ErrDomainExpired + var ErrDomainMismatch = policy.ErrDomainMismatch + var ErrDomainNotFound = policy.ErrDomainNotFound + var ErrFetchPolicy = policy.ErrFetchPolicy + var ErrInvalidCredentials = errors.New("Access denied due to invalid credentials") + var ErrInvalidParameters = errors.New("Access denied due to invalid/empty action/resource values") + var ErrInvalidPolicyResource = policy.ErrInvalidPolicyResource + var ErrNoMatch = policy.ErrNoMatch + var ErrRoleTokenExpired = role.ErrRoleTokenExpired + var ErrRoleTokenInvalid = role.ErrRoleTokenInvalid + type AccessTokenParam struct + func NewAccessTokenParam(enable bool, verifyCertThumbprint bool, certBackdateDur, certOffsetDur string, ...) AccessTokenParam + type Authorizerd interface + Authorize func(r *http.Request, act, res string) (Principal, error) + AuthorizeAccessToken func(ctx context.Context, tok, act, res string, cert *x509.Certificate) (Principal, error) + AuthorizeRoleCert func(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (Principal, error) + AuthorizeRoleToken func(ctx context.Context, tok, act, res string) (Principal, error) + GetPolicyCache func(ctx context.Context) map[string]interface{} + Init func(ctx context.Context) error + Start func(ctx context.Context) <-chan error + Verify func(r *http.Request, act, res string) error + VerifyAccessToken func(ctx context.Context, tok, act, res string, cert *x509.Certificate) error + VerifyRoleCert func(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error + VerifyRoleToken func(ctx context.Context, tok, act, res string) error + func New(opts ...Option) (Authorizerd, error) + type MappingRules struct + Rules map[string][]Rule + func NewMappingRules(rules map[string][]Rule) (*MappingRules, error) + func (mr *MappingRules) Translate(domain, method, path, query string) (string, string, error) + type OAuthAccessToken interface + ClientID func() string + type Option func(*authority) error + func WithAccessTokenParam(accessTokenParam AccessTokenParam) Option + func WithAthenzDomains(domains ...string) Option + func WithAthenzURL(url string) Option + func WithCacheExp(exp time.Duration) Option + func WithDisableJwkd() Option + func WithDisablePolicyd() Option + func WithDisablePubkeyd() Option + func WithDisableRoleCert() Option + func WithDisableRoleToken() Option + func WithEnableJwkd() Option + func WithEnablePolicyd() Option + func WithEnablePubkeyd() Option + func WithEnableRoleCert() Option + func WithEnableRoleToken() Option + func WithHTTPClient(c *http.Client) Option + func WithJwkRefreshPeriod(t string) Option + func WithJwkRetryDelay(i string) Option + func WithJwkURLs(urls []string) Option + func WithPolicyExpiryMargin(t string) Option + func WithPolicyPurgePeriod(t string) Option + func WithPolicyRefreshPeriod(t string) Option + func WithPolicyRetryAttempts(c int) Option + func WithPolicyRetryDelay(i string) Option + func WithPubkeyETagExpiry(t string) Option + func WithPubkeyETagPurgePeriod(t string) Option + func WithPubkeyRefreshPeriod(t string) Option + func WithPubkeyRetryDelay(i string) Option + func WithPubkeySysAuthDomain(domain string) Option + func WithResourcePrefix(p string) Option + func WithRoleAuthHeader(h string) Option + func WithRoleCertURIPrefix(t string) Option + func WithTranslator(t Translator) Option + type Principal interface + AuthorizedRoles func() []string + Domain func() string + ExpiryTime func() int64 + IssueTime func() int64 + Name func() string + Roles func() []string + type Rule struct + Action string + Method string + Path string + Resource string + type Translator interface + Translate func(domain, method, path, query string) (string, string, error)