clcedard

package
v0.31.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package clcedard provides components for the cedard authorization service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Provide

func Provide() fx.Option

Provide dependencies.

Types

type BatchInput added in v0.27.1

type BatchInput struct {
	Policies string         `json:"policies"`
	Entities []any          `json:"entities"`
	Schema   map[string]any `json:"schema"`
	Items    []InputItem    `json:"items"`
}

BatchInput describes a set of inputs to all be checked at the same time.

type BatchOutput added in v0.27.1

type BatchOutput struct {
	Items []Output `json:"items"`
}

BatchOutput describes the output of batching a set of authorization checks.

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client implements a client for the cedard authorization service.

func NewClient

func NewClient(cfg Config, logs *zap.Logger, htcl *http.Client) *Client

NewClient inits the client.

func (*Client) Authorize

func (c *Client) Authorize(ctx context.Context, in *Input) (out *Output, err error)

Authorize asks the cedard service authorizes the given input.

func (*Client) BatchAuthorize added in v0.27.1

func (c *Client) BatchAuthorize(ctx context.Context, in *BatchInput) (out *BatchOutput, err error)

Authorize asks the cedard service authorizes the given input.

func (Client) BatchIsAuthorized added in v0.27.1

func (c Client) BatchIsAuthorized(ctx context.Context, in *BatchInput) (ress []bool, err error)

BatchIsAuthorized returns a list of booleans indicating whether each input is authorized. Any errors are gathered and returned as a single error.

func (*Client) IsAuthorized

func (c *Client) IsAuthorized(ctx context.Context, in *Input) (bool, error)

IsAuthorized returns true the authorization returned an Allow decision without errors. Otherwise, it returns false.

type Config

type Config struct {
	// BaseURL configures the base url of the cedard service.
	BaseURL string `env:"BASE_URL" envDefault:"https://authz.crewlinker.com"`
	// JWTSigningSecret configures the secret for signing JWTs.
	JWTSigningSecret string `env:"JWT_SIGNING_SECRET" envDefault:"some-secret-for-testing"`
	// BackoffMaxElapsedTime configures the max elapsed time for the retry mechanism.
	BackoffMaxElapsedTime time.Duration `env:"BACKOFF_MAX_ELAPSED_TIME" envDefault:"3s"`
}

Config configures the package.

type Input

type Input struct {
	InputItem
	Policies string         `json:"policies"`
	Schema   map[string]any `json:"schema"`
	Entities []any          `json:"entities"`
}

Input for authorzation.

type InputItem added in v0.27.1

type InputItem struct {
	Principal string         `json:"principal"`
	Action    string         `json:"action"`
	Resource  string         `json:"resource"`
	Context   map[string]any `json:"context"`
}

InputItem represents the input for a single authorization check.

type Output

type Output struct {
	Decision      string   `json:"decision"`
	PolicyIDs     []string `json:"policy_ids"`
	ErrorMessages []string `json:"error_messages"`
}

Output from authorization.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL