middleware

Documentation

Overview

Package middleware provides components that integrate Aserto authorization to gRPC or HTTP servers.

1. middleware/grpc provides middleware for "google.golang.org/grpc" servers.

2. middleware/http provides middleware for servers based on "net/http".

Index

• Variables
• type Identity
• type Policy

Variables

var (
	// An authorization request has been denied.
	ErrUnauthorized = status.Error(codes.PermissionDenied, "unauthorized")

	// The authorization policy returned no result for the requested decision.
	ErrNoDecision = errors.New("authorizer returned no results for request decision")

	// Missing required configuration value.
	ErrMissingArgument = errors.New("missing authorization argument")
)

Types

type Identity

type Identity interface {
	// JWT indicates that ID should be interpreted as a JWT token.
	JWT() Identity

	// Subject indicates that ID should be interpreted as a subject name (e.g. username, account ID, email, etc.).
	Subject() Identity

	// None indicates that this Identity represents an unauthenticated caller.
	None() Identity

	// ID sets the identity value - a string that represents a user ID or a JWT token.
	ID(identity string) Identity
}

Identity provides methods to set caller identity parameters.

There are three kinds of identities:

1. None - Anonymous access. No user ID.

2. JWT - The identity string is interpreted as a JWT token.

3. Subject - The identity string represents a user identifier (e.g. account ID, email, etc.).

type Policy

type Policy struct {
	// ID is the ID of the aserto policy being queried for authorization.
	ID string

	// Path is the package name of the rego policy to evaluate.
	// If left empty, a policy mapper must be attached to the middleware to provide
	// the policy path from incoming messages.
	Path string

	// Decision is the authorization rule to use.
	Decision string
}

Policy holds authorization options that apply to all requests.