authorization

package

v0.0.0-...-f14863f Latest Latest Go to latest Published: Dec 15, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gogatekeeper/gatekeeper

Documentation ¶

Index ¶

Constants
func StartOpaServer(ctx context.Context, t *testing.T, authzPolicy string) *opaserver.Server
type AuthzDecision
- func (decision AuthzDecision) String() string
type KeycloakAuthorizationProvider
- func (p *KeycloakAuthorizationProvider) Authorize() (AuthzDecision, error)
- func (p *KeycloakAuthorizationProvider) GenerateUMATicket() (string, error)
type OpaAuthorizationProvider
- func (p *OpaAuthorizationProvider) Authorize() (AuthzDecision, error)
type OpaAuthzRequest
type OpaAuthzResponse
type OpaInput
type Provider
- func NewKeycloakAuthorizationProvider(perms models.Permissions, targetPath string, idpClient *gocloak.GoCloak, ...) Provider
- func NewOpaAuthorizationProvider(timeout time.Duration, authzURL url.URL, req *http.Request) Provider
type Resource
- func NewResource() *Resource

Constants ¶

View Source

const (
	UndefinedAuthz AuthzDecision = iota
	AllowedAuthz   AuthzDecision = iota
	DeniedAuthz    AuthzDecision = iota

	DeniedAuthzString    string = "Denied"
	AllowedAuthzString   string = "Allowed"
	UndefinedAuthzString string = "Undefined"
)

Variables ¶

This section is empty.

Functions ¶

func StartOpaServer ¶

func StartOpaServer(
	ctx context.Context,
	t *testing.T,
	authzPolicy string,
) *opaserver.Server

Types ¶

type AuthzDecision ¶

type AuthzDecision int

func (AuthzDecision) String ¶

func (decision AuthzDecision) String() string

type KeycloakAuthorizationProvider ¶

type KeycloakAuthorizationProvider struct {
	// contains filtered or unexported fields
}

func (*KeycloakAuthorizationProvider) Authorize ¶

func (p *KeycloakAuthorizationProvider) Authorize() (AuthzDecision, error)

func (*KeycloakAuthorizationProvider) GenerateUMATicket ¶

func (p *KeycloakAuthorizationProvider) GenerateUMATicket() (string, error)

type OpaAuthorizationProvider ¶

type OpaAuthorizationProvider struct {
	// contains filtered or unexported fields
}

func (*OpaAuthorizationProvider) Authorize ¶

func (p *OpaAuthorizationProvider) Authorize() (AuthzDecision, error)

type OpaAuthzRequest ¶

type OpaAuthzRequest struct {
	Input *OpaInput `json:"input"`
}

type OpaAuthzResponse ¶

type OpaAuthzResponse struct {
	Result bool `json:"result"`
}

type OpaInput ¶

type OpaInput struct {
	Body       string              `json:"body"`
	Headers    map[string][]string `json:"headers"`
	Host       string              `json:"host"`
	Proto      string              `json:"protocol"`
	Path       string              `json:"path"`
	RemoteAddr string              `json:"remote_addr"`
	Method     string              `json:"method"`
	UserAgent  string              `json:"user_agent"`
}

type Provider ¶

type Provider interface {
	Authorize() (AuthzDecision, error)
}

func NewKeycloakAuthorizationProvider ¶

func NewKeycloakAuthorizationProvider(
	perms models.Permissions,
	targetPath string,
	idpClient *gocloak.GoCloak,
	idpTimeout time.Duration,
	PAT string,
	realm string,
	methodScope *string,
) Provider

func NewOpaAuthorizationProvider ¶

func NewOpaAuthorizationProvider(
	timeout time.Duration,
	authzURL url.URL,
	req *http.Request,
) Provider

type Resource ¶

type Resource struct {
	// URL the url for the resource
	URL string `json:"uri" yaml:"uri"`
	// Methods the method type
	Methods []string `json:"methods" yaml:"methods"`
	// WhiteListed permits the prefix through
	WhiteListed bool `json:"white-listed" yaml:"white-listed"`
	// RequireAnyRole indicates that ANY of the roles are required, the default is all
	RequireAnyRole bool `json:"require-any-role" yaml:"require-any-role"`
	// Headers required to access this url
	Headers []string `json:"headers" yaml:"headers"`
	// Roles the roles required to access this url
	Roles []string `json:"roles" yaml:"roles"`
	// Groups is a list of groups the user is in
	Groups []string `json:"groups" yaml:"groups"`
	// Acr (Authentication Context Class Reference) is a list of allowed levels of authentication for user
	Acr []string `json:"acr" yaml:"acr"`
}

Resource represents a url resource to protect

func NewResource ¶

func NewResource() *Resource

func (Resource) GetAcr ¶

func (r Resource) GetAcr() string

GetAcr returns a list of authentication levels for this resource

func (Resource) GetHeaders ¶

func (r Resource) GetHeaders() string

GetHeaders returns a list of headers for this resource

func (Resource) GetRoles ¶

func (r Resource) GetRoles() string

GetRoles returns a list of roles for this resource

func (*Resource) Parse ¶

func (r *Resource) Parse(resource string) (*Resource, error)

parse decodes a resource definition

func (Resource) String ¶

func (r Resource) String() string

String returns a string representation of the resource

func (*Resource) Valid ¶

func (r *Resource) Valid() error

valid ensure the resource is valid

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL