clauthz

Documentation

Overview

Package clauthz provides Authorization (AuthZ) functionality.

Index

• func AllowAll() map[string]string
• func BundleProvide(bfs fs.FS) fx.Option
• func Provide() fx.Option
• func TestProvide(policies map[string]string) fx.Option
• type Authz
  • func NewAuthz(cfg Config, logs *zap.Logger, bsrv BundleServer) (a *Authz, err error)
  • func (a *Authz) IsAuthorized(ctx context.Context, inp any) (bool, error)
  • func (a *Authz) Start(ctx context.Context) (err error)
  • func (a *Authz) Stop(ctx context.Context) (err error)
• type BundleFS
• type BundleServer
• type Config
• type FSBundles
  • func NewFSBundles(bfs BundleFS) (*FSBundles, error)
  • func (bs FSBundles) Start(context.Context) error
  • func (bs FSBundles) Stop(ctx context.Context) error
  • func (bs FSBundles) URL() string
• type MockBundle
• type MockBundles
  • func NewMockBundles(mb MockBundle) (bs *MockBundles, err error)
  • func (bs MockBundles) Start(context.Context) error
  • func (bs MockBundles) Stop(context.Context) error

Functions

func AllowAll

func AllowAll() map[string]string

AllowAll policy always returns allow, for testing.

func BundleProvide

func BundleProvide(bfs fs.FS) fx.Option

BundleProvide provides a bundle server.

func Provide

func Provide() fx.Option

Provide the auth components as an fx dependency.

func TestProvide

func TestProvide(policies map[string]string) fx.Option

TestProvide provides authn authz dependencies that are easy to use in tests.

Types

type Authz

type Authz struct {
	// contains filtered or unexported fields
}

Authz provides authn and authz functionality. It includes a simple web server that serves our policy bundle on a random port on localhost.

func NewAuthz

func NewAuthz(cfg Config, logs *zap.Logger, bsrv BundleServer) (a *Authz, err error)

NewAuthz inits the auth service.

func (*Authz) IsAuthorized

func (a *Authz) IsAuthorized(ctx context.Context, inp any) (bool, error)

IsAuthorized the user for a given setup.

func (*Authz) Start

func (a *Authz) Start(ctx context.Context) (err error)

Start the auth service.

func (*Authz) Stop

func (a *Authz) Stop(ctx context.Context) (err error)

Stop the auth service.

type BundleFS

type BundleFS struct{ fs.FS }

BundleFS declares a type to carry the fs.FS that holds the OPA bundle as pre-build tar.gz.

type BundleServer

type BundleServer interface {
	URL() string
}

BundleServer interface defines the server that bundles will be fetched from. In case of a remove bundle server the Start and Stop can do nothing.

type Config

type Config struct {
	// id for the system that is unning OPA.
	OPASystemID string `env:"OPA_SYSTEM_ID" envDefault:"auth"`
}

Config configures the package.

type FSBundles

type FSBundles struct {
	// contains filtered or unexported fields
}

FSBundles implements a bundle server that reads a tar.gz from the filesystem. Possibly through embedding it in the binary.

func NewFSBundles

func NewFSBundles(bfs BundleFS) (*FSBundles, error)

NewFSBundles inits the bundle server.

func (FSBundles) Start

func (bs FSBundles) Start(context.Context) error

Star the bundle server.

func (FSBundles) Stop

func (bs FSBundles) Stop(ctx context.Context) error

Stop the bundle server.

func (FSBundles) URL

func (bs FSBundles) URL() string

URL returns the url at which the bundles are served.

type MockBundle

type MockBundle map[string]string

MockBundle is a type that can be supplied to easily define policies in tests.

type MockBundles

type MockBundles struct{ *test.Server }

MockBundles provides a bundle server that is easy to use for test.

func NewMockBundles

func NewMockBundles(mb MockBundle) (bs *MockBundles, err error)

NewMockBundles inits a bundle server.

func (MockBundles) Start

func (bs MockBundles) Start(context.Context) error

func (MockBundles) Stop

func (bs MockBundles) Stop(context.Context) error