README
¶
authz
A lightweight static authorization framework in Go.
Essentially:
- you define
roles andresources in a yaml file - at start-up, the yaml file gets compiled onto a structure that can be queried (i.e.
Authorize(user string, groups []string, resource string, permission string) bool) with O(n) for n group memberships - the structure is cached as json in the file system, S3, or other storage as to avoid re-processing the policy on the next run of the app. The json includes a field for the hash of the original policy to detect whether re-processing is necessary
- the policy need not be processed by the actual application itself -- the json cache can be generated separately and have the application always consume a pre-compiled/cached file.
Usage:
🚧 🚧 🚧 TODO 🚧 🚧 🚧
Meanwhile, see the ./example directory. There you fill find:
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
// hash of the source policy yaml file (to check for diffs)
SourcePolicyHash string `json:"source_policy_hash"`
// role name to the permissions granted by the role
Roles map[string]set `json:"roles,omitempty"`
// user name to resource permissions
Users map[string]resourcePermissions `json:"users,omitempty"`
// group name to resource permissions
Groups map[string]resourcePermissions `json:"groups,omitempty"`
}
Authorizer maintains the compiled authorization data
type Policy ¶
type Policy struct {
Roles map[string]RoleDefinition `yaml:"roles,omitempty"`
Resources map[string]RoleMap `yaml:"resources,omitempty"`
}
Policy represents how policies are defined
type RoleDefinition ¶
type RoleDefinition struct {
Permissions []string `yaml:"permissions,omitempty"`
Extends []string `yaml:"extends,omitempty"`
}
RoleDefinition represents how a role is defined
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.