batchauthz

package
v1.42.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2024 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Annotation

type Annotation struct {
	Value    string
	PolicyID string
}

type Annotations

type Annotations struct {
	// contains filtered or unexported fields
}

func NewAnnotations

func NewAnnotations() Annotations

func (*Annotations) All

func (a *Annotations) All() map[string][]Annotation

func (Annotations) GetValues

func (a Annotations) GetValues(key string) []string

func (*Annotations) Set

func (a *Annotations) Set(key string, annotation Annotation)

type Authorizer

type Authorizer interface {
	// AddRequest adds a new authorization request to be evaluated.
	AddRequest(req authz.Request) error
	// Authorization calls the authz service to evaluate all of the authorization requests added.
	Authorize(ctx context.Context) error
	// IsPermitted returns the evaluation associated with the given request.
	// Ensure that you call AddRequest() and Authorize() before calling IsPermitted().
	IsPermitted(req authz.Request) (Evaluation, error)
}

type Batch

type Batch struct {
	// contains filtered or unexported fields
}

Batch is a batch authorization request. You should construct a Batch when you need to test multiple authorizations at once. Batches should be scoped to a particular API call and should not be shared between API calls.

func New

func New(executor Executor) *Batch

func (*Batch) AddRequest

func (a *Batch) AddRequest(req authz.Request) error

func (*Batch) Authorize

func (a *Batch) Authorize(ctx context.Context) error

func (*Batch) IsPermitted

func (a *Batch) IsPermitted(req authz.Request) (Evaluation, error)

type Evaluation

type Evaluation struct {
	// The evaluation ID from authz
	ID string
	// Whether access is permitted
	Allowed bool
	// Policies which contributed to the authorization decision
	Policies []string
	// Annotations on the contributing policies
	Annotations Annotations
	// Errors from evaluating the policies (if any)
	Errors []string
}

type MockBatch

type MockBatch struct {
	// contains filtered or unexported fields
}

MockBatch is a mock batch authorizer which implements the same methods, used for testing

func NewMock

func NewMock(t *testing.T) *MockBatch

func (*MockBatch) AddRequest

func (a *MockBatch) AddRequest(req authz.Request) error

func (*MockBatch) Allow

func (a *MockBatch) Allow(principal eid.EID, resource eid.EID, actions ...eid.EID) *MockBatch

func (*MockBatch) Annotations

func (a *MockBatch) Annotations(key string, values ...string) *MockBatch

Annotations adds annotations to the last Allow() call. Fails the test if called without first calling Allow().

func (*MockBatch) Authorize

func (a *MockBatch) Authorize(ctx context.Context) error

func (*MockBatch) AuthorizeWasCalled

func (a *MockBatch) AuthorizeWasCalled() bool

AuthorizeWasCalled returns true if Authorize() was called

func (*MockBatch) IsPermitted

func (a *MockBatch) IsPermitted(req authz.Request) (Evaluation, error)

func (*MockBatch) Mock

func (a *MockBatch) Mock(req authz.Request, eval Evaluation) *MockBatch

Mock a particular request to return the specified evaluation

func (*MockBatch) Strict

func (a *MockBatch) Strict() *MockBatch

Strict enables strict evaluation for the mock authorizer. In strict evaluation mode, any requests that have not been mocked will cause the test to fail

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL