middleware

Documentation

Overview

Package middleware provides components that integrate Aserto authorization to gRPC or HTTP servers.

1. middleware/grpc provides middleware for "google.golang.org/grpc" servers.

2. middleware/http provides middleware for servers based on "net/http".

Index

• type Identity
• type Policy

Types

type Identity

type Identity interface {
	// JWT indicates that ID should be interpreted as a JWT token.
	JWT() Identity

	// Subject indicates that ID should be interpreted as a subject name (e.g. username, account ID, email, etc.).
	Subject() Identity

	// Manual indicates that the identity value is set manually and isn't resolved to a user by the authorizer.
	Manual() Identity

	// None indicates that this Identity represents an unauthenticated caller.
	None() Identity

	// ID sets the identity value - a string that represents a user ID or a JWT token.
	ID(identity string) Identity
}

Identity provides methods to set caller identity parameters.

There are three kinds of identities:

1. None - Anonymous access. No user ID.

2. JWT - The identity string is interpreted as a JWT token.

3. Subject - The identity string represents a user identifier (e.g. account ID, email, etc.).

type Policy

type Policy struct {
	// Name is the Name of the policy being queried for authorization.
	Name string

	// Path is the package name of the rego policy to evaluate.
	// If left empty, a policy mapper must be attached to the middleware to provide
	// the policy path from incoming messages.
	Path string

	// Decision is the authorization rule to use.
	Decision string

	// Root is an optional prefix shared by all policy modules being evaluated.
	Root string

	// Label name of the aserto policy's instance being queried for authorization.
	InstanceLabel string
}

Policy holds authorization options that apply to all requests.