Documentation
¶
Overview ¶
This package contains logic for multi-tenancy feature. It encapsulates how to isAuthorized a PSI of a tenant and the scope design specification to be used by Operator when setting up access token scope for a client.
Query param `node.eoa` and `self.eoa` can be multiple ¶
Scope examples:
- Wild card `psi://MY_PSI?node.eoa=0x0`: any node-managed EOA `psi://MY_PSI?self.eoa=0x0`: any self-managed EOA `psi://MY_PSI?node.eoa=0x0&self.node=0x0`: any node-managed EOA
- Specific: `psi://MY_PSI?node.eoa=0xdf08aad9d60f2227fdaed44dffd22753faf3d676` `psi://MY_PSI?self.eoa=0x1234aad9d60f2227fdaed44dffd22753faf3d676`
Index ¶
- Constants
- Variables
- func ExtractPSI(authToken *proto.PreAuthenticatedAuthenticationToken) (types.PrivateStateIdentifier, error)
- func IsAuthorized(authToken *proto.PreAuthenticatedAuthenticationToken, ...) (bool, error)
- func IsPSIAuthorized(authToken *proto.PreAuthenticatedAuthenticationToken, ...) (bool, error)
- type PrivateStateSecurityAttribute
- func (pssa *PrivateStateSecurityAttribute) String() string
- func (pssa *PrivateStateSecurityAttribute) WithNodeEOA(eoa common.Address) *PrivateStateSecurityAttribute
- func (pssa *PrivateStateSecurityAttribute) WithPSI(psi types.PrivateStateIdentifier) *PrivateStateSecurityAttribute
- func (pssa *PrivateStateSecurityAttribute) WithSelfEOA(eoa common.Address) *PrivateStateSecurityAttribute
- func (pssa *PrivateStateSecurityAttribute) WithSelfEOAIf(b bool, eoa common.Address) *PrivateStateSecurityAttribute
Constants ¶
const ( // SchemePSI represents an URL scheme for access scope value SchemePSI = "psi" // QueryNodeEOA query parameter captures the node-manged EOA address in the URL-based access scope QueryNodeEOA = "node.eoa" // QuerySelfEOA query parameter captures the self-manged EOA address in the URL-based access scope QuerySelfEOA = "self.eoa" // AnyEOAAddress represents wild card for EOA address AnyEOAAddress = "0x0" )
Variables ¶
Functions ¶
func ExtractPSI ¶
func ExtractPSI(authToken *proto.PreAuthenticatedAuthenticationToken) (types.PrivateStateIdentifier, error)
ExtractPSI returns a single PSI if found in the granted scope. If there is none or multiple, return error
func IsAuthorized ¶
func IsAuthorized(authToken *proto.PreAuthenticatedAuthenticationToken, secAttributes ...*PrivateStateSecurityAttribute) (bool, error)
IsAuthorized performs authorization check for security attributes against the granted access inside the pre-authenticated access token.
func IsPSIAuthorized ¶
func IsPSIAuthorized(authToken *proto.PreAuthenticatedAuthenticationToken, psi types.PrivateStateIdentifier) (bool, error)
IsPSIAuthorized performs only authorization checks for PSI
Types ¶
type PrivateStateSecurityAttribute ¶
type PrivateStateSecurityAttribute struct {
// contains filtered or unexported fields
}
PrivateStateSecurityAttribute contains security configuration ask which are defined for a secure private state
func (*PrivateStateSecurityAttribute) String ¶
func (pssa *PrivateStateSecurityAttribute) String() string
func (*PrivateStateSecurityAttribute) WithNodeEOA ¶
func (pssa *PrivateStateSecurityAttribute) WithNodeEOA(eoa common.Address) *PrivateStateSecurityAttribute
WithNodeEOA set node-mannaged EOA value and unset self-managed EOA value
func (*PrivateStateSecurityAttribute) WithPSI ¶
func (pssa *PrivateStateSecurityAttribute) WithPSI(psi types.PrivateStateIdentifier) *PrivateStateSecurityAttribute
func (*PrivateStateSecurityAttribute) WithSelfEOA ¶
func (pssa *PrivateStateSecurityAttribute) WithSelfEOA(eoa common.Address) *PrivateStateSecurityAttribute
WithSelfEOA set self-mannaged EOA value and unset node-managed EOA value
func (*PrivateStateSecurityAttribute) WithSelfEOAIf ¶
func (pssa *PrivateStateSecurityAttribute) WithSelfEOAIf(b bool, eoa common.Address) *PrivateStateSecurityAttribute
WithSelfEOAIf calls WithSelfEOA if b is true, otherwise calls WithNodeEOA
Source Files