authz

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AuthzAllowRule      = "bacalhau.authz.allow"
	AuthzTokenValidRule = "bacalhau.authz.token_valid"
)

The name of the rule that must be `true` for the authorization provider to permit access. This is typically provided by a policy with package name `bacalhau.authz` and then by defining a rule `allow`. See `policy_test_allow.rego` for a minimal example.

Variables

AlwaysAllow is an authorizer that will always permit access, irrespective of the passed in data, which is useful for testing.

View Source
var AlwaysAllowPolicy = lo.Must(policy.FromFS(policies, "policies/policy_test_allow.rego"))

AlwaysAllowPolicy is a policy that will always permit access, irrespective of the passed in data, which is useful for testing.

Functions

This section is empty.

Types

type Authorization

type Authorization struct {
	Approved   bool   `json:"approved"`
	TokenValid bool   `json:"tokenValid"`
	Reason     string `json:"reason"`
}

type Authorizer

type Authorizer interface {
	Authorize(req *http.Request) (Authorization, error)
}

func NewPolicyAuthorizer

func NewPolicyAuthorizer(authzPolicy *policy.Policy, key *rsa.PublicKey, nodeID string) Authorizer

PolicyAuthorizer can authorize users by calling out to an external Rego policy containing logic to make decisions about who should be authorized.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL