Documentation
¶
Index ¶
- type Annotation
- type Annotations
- type Authorizer
- type Batch
- type Evaluation
- type Executor
- type MockBatch
- func (a *MockBatch) AddRequest(req authz.Request) error
- func (a *MockBatch) Allow(principal eid.EID, resource eid.EID, actions ...eid.EID) *MockBatch
- func (a *MockBatch) Annotations(key string, values ...string) *MockBatch
- func (a *MockBatch) Authorize(ctx context.Context) error
- func (a *MockBatch) AuthorizeWasCalled() bool
- func (a *MockBatch) IsPermitted(req authz.Request) (Evaluation, error)
- func (a *MockBatch) Mock(req authz.Request, eval Evaluation) *MockBatch
- func (a *MockBatch) Strict() *MockBatch
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Annotation ¶
type Annotations ¶
type Annotations struct {
// contains filtered or unexported fields
}
func NewAnnotations ¶
func NewAnnotations() Annotations
func (*Annotations) All ¶
func (a *Annotations) All() map[string][]Annotation
func (Annotations) GetValues ¶
func (a Annotations) GetValues(key string) []string
func (*Annotations) Set ¶
func (a *Annotations) Set(key string, annotation Annotation)
type Authorizer ¶
type Authorizer interface {
// AddRequest adds a new authorization request to be evaluated.
AddRequest(req authz.Request) error
// Authorization calls the authz service to evaluate all of the authorization requests added.
Authorize(ctx context.Context) error
// IsPermitted returns the evaluation associated with the given request.
// Ensure that you call AddRequest() and Authorize() before calling IsPermitted().
IsPermitted(req authz.Request) (Evaluation, error)
}
type Batch ¶
type Batch struct {
// contains filtered or unexported fields
}
Batch is a batch authorization request. You should construct a Batch when you need to test multiple authorizations at once. Batches should be scoped to a particular API call and should not be shared between API calls.
func (*Batch) IsPermitted ¶
func (a *Batch) IsPermitted(req authz.Request) (Evaluation, error)
type Evaluation ¶
type Evaluation struct {
// The evaluation ID from authz
ID string
// Whether access is permitted
Allowed bool
// Policies which contributed to the authorization decision
Policies []string
// Annotations on the contributing policies
Annotations Annotations
// Errors from evaluating the policies (if any)
Errors []string
}
type Executor ¶
type Executor interface {
BatchAuthorize(context.Context, *connect.Request[authzv1alpha1.BatchAuthorizeRequest]) (*connect.Response[authzv1alpha1.BatchAuthorizeResponse], error)
}
type MockBatch ¶
type MockBatch struct {
// contains filtered or unexported fields
}
MockBatch is a mock batch authorizer which implements the same methods, used for testing
func (*MockBatch) Annotations ¶
Annotations adds annotations to the last Allow() call. Fails the test if called without first calling Allow().
func (*MockBatch) AuthorizeWasCalled ¶
AuthorizeWasCalled returns true if Authorize() was called
func (*MockBatch) IsPermitted ¶
func (a *MockBatch) IsPermitted(req authz.Request) (Evaluation, error)
Source Files
Click to show internal directories.
Click to hide internal directories.