authz

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package authz exposes methods to manage authorization within gRPC.

Experimental

Notice: This package is EXPERIMENTAL and may be changed or removed in a later release.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type FileWatcherInterceptor

type FileWatcherInterceptor struct {
	// contains filtered or unexported fields
}

FileWatcherInterceptor contains details used to make authorization decisions by watching a file path that contains authorization policy in JSON format.

func NewFileWatcher

func NewFileWatcher(file string, duration time.Duration) (*FileWatcherInterceptor, error)

NewFileWatcher returns a new FileWatcherInterceptor from a policy file that contains JSON string of authorization policy and a refresh duration to specify the amount of time between policy refreshes.

func (*FileWatcherInterceptor) Close

func (i *FileWatcherInterceptor) Close()

Close cleans up resources allocated by the interceptor.

func (*FileWatcherInterceptor) StreamInterceptor

func (i *FileWatcherInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

func (*FileWatcherInterceptor) UnaryInterceptor

func (i *FileWatcherInterceptor) UnaryInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

type StaticInterceptor

type StaticInterceptor struct {
	// contains filtered or unexported fields
}

StaticInterceptor contains engines used to make authorization decisions. It either contains two engines deny engine followed by an allow engine or only one allow engine.

func NewStatic

func NewStatic(authzPolicy string) (*StaticInterceptor, error)

NewStatic returns a new StaticInterceptor from a static authorization policy JSON string.

func (*StaticInterceptor) StreamInterceptor

func (i *StaticInterceptor) StreamInterceptor(srv any, ss grpc.ServerStream, _ *grpc.StreamServerInfo, handler grpc.StreamHandler) error

StreamInterceptor intercepts incoming Stream RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

func (*StaticInterceptor) UnaryInterceptor

func (i *StaticInterceptor) UnaryInterceptor(ctx context.Context, req any, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)

UnaryInterceptor intercepts incoming Unary RPC requests. Only authorized requests are allowed to pass. Otherwise, an unauthorized error is returned to the client.

Directories

Path Synopsis
Package audit contains interfaces for audit logging during authorization.
Package audit contains interfaces for audit logging during authorization.
stdout
Package stdout defines an stdout audit logger.
Package stdout defines an stdout audit logger.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL