Documentation ¶
Index ¶
- func CertificatePasser(_ context.Context, req *http.Request) metadata.MD
- type AnnotatedAuthorizationResponse
- type AuthContextReader
- type AuthMiddleware
- type AuthorizationHandler
- type AuthorizationInterceptor
- type AuthorizationResponse
- type DeploymentCertAuthOnly
- type FilterPairsResponse
- type FilterProjectsResponse
- type GRPCAuthorizationHandler
- type HTTPAuthorizationHandler
- type IntrospectionHandler
- type SwitchingAuthorizationHandler
- type SwitchingFilterHandler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AnnotatedAuthorizationResponse ¶
type AnnotatedAuthorizationResponse interface {
Err() error
}
type AuthContextReader ¶
type AuthContextReader interface {
AuthContextRead()
}
AuthContextReader is used to signal that a domain-services is interested in the middelware's auth context.
type AuthMiddleware ¶
type AuthMiddleware int
AuthMiddleware is an enum of valid auth middleware values.
const ( // Unknown is the zero value for the AuthMiddleware enum Unknown AuthMiddleware = iota // AuthV1 is the AuthMiddleware enum value representing v1 of the middleware. AuthV1 // AuthV2 is the AuthMiddleware enum value representing v2 of the middleware. AuthV2 )
func ToAuthMiddleware ¶
func ToAuthMiddleware(s string) AuthMiddleware
func (AuthMiddleware) String ¶
func (middleware AuthMiddleware) String() string
type AuthorizationHandler ¶
type AuthorizationHandler interface { HTTPAuthorizationHandler GRPCAuthorizationHandler IntrospectionHandler }
type AuthorizationInterceptor ¶
type AuthorizationInterceptor interface { UnaryServerInterceptor() grpc.UnaryServerInterceptor StreamServerInterceptor() grpc.StreamServerInterceptor }
AuthorizationInterceptor abstracts the common logic that can be used for both interceptor types.
func NewAuthInterceptor ¶
func NewAuthInterceptor( authn authn.AuthenticationClient, authz GRPCAuthorizationHandler, ) AuthorizationInterceptor
NewAuthInterceptor returns an AuthInterceptor that performs authentication and authorization for incoming requests. The return function uses the incoming request metadata (from its context), and constructs an authentication request to authn-service's authentication service that uses this metadata as outgoing metadata. If the inquiry's result is an error, it is returned as-is. If it's not, this function returns only the context, and allows for further request processing.
type AuthorizationResponse ¶
type AuthorizationResponse interface {
GetAuthorized() bool
}
type DeploymentCertAuthOnly ¶
type DeploymentCertAuthOnly interface {
MustUseDeploymentCertAuth()
}
type FilterPairsResponse ¶
type FilterPairsResponse struct { Pairs []*pairs.Pair MethodsInfo map[string]pairs.Info MapByResourceAndAction map[pairs.Pair][]string }
FilterPairsResponse includes the "used" half of the inputs, according to v1/v2
type FilterProjectsResponse ¶
type IntrospectionHandler ¶
type SwitchingAuthorizationHandler ¶
type SwitchingAuthorizationHandler interface { GRPCAuthorizationHandler SwitchingFilterHandler IsAuthorized(ctx context.Context, subjects []string, resourceV1, actionV1, resourceV2, actionV2 string) (AnnotatedAuthorizationResponse, error) }
type SwitchingFilterHandler ¶
type SwitchingFilterHandler interface { FilterAuthorizedPairs(ctx context.Context, subjects []string, mapByResourceAndActionV1, mapByResourceAndActionV2 map[pairs.Pair][]string, methodsInfoV1, methodsInfoV2 map[string]pairs.Info, ) (*FilterPairsResponse, error) FilterAuthorizedProjects(ctx context.Context, subjects []string, mapByResourceAndActionV1, mapByResourceAndActionV2 map[pairs.Pair][]string, methodsInfoV1, methodsInfoV2 map[string]pairs.Info, ) (*FilterProjectsResponse, error) }