Documentation
¶
Overview ¶
Package decisionHandler maps between AuthZen requests and calls opaHandler to process decisions. decisionHandler can be used as an SDK to run an embedded Hexa IDQL PDP.
Index ¶
- Constants
- type DecisionHandler
- func (d *DecisionHandler) HealthCheck() bool
- func (d *DecisionHandler) ProcessDecision(authRequest infoModel.EvaluationItem) (*infoModel.DecisionResponse, error, int)
- func (d *DecisionHandler) ProcessQueryDecision(query infoModel.QueryRequest, _ *http.Request) (*infoModel.EvaluationsResponse, error, int)
- func (d *DecisionHandler) ProcessUploadOpa() error
Constants ¶
const ( ResultBrief = "brief" ResultDetail = "detail" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DecisionHandler ¶
type DecisionHandler struct {
// contains filtered or unexported fields
}
func NewDecisionHandler ¶
func NewDecisionHandler() (*DecisionHandler, error)
NewDecisionHandler is intended for use in a server (e.g. cmd/hexaAuthZen) where an http method handler requests decision handler to process decisions. Configuration and policy are handled through environment variables: AUTHZEN_BUNDLE_DIR, AUTHZEN_RESPONSE_DETAIL. On invocation, this method will attempt to locate and parse IDQL contained in data.json. If the JSON is not parsable or IDQL cannot be parsed an error is returned as the HexaOPA engine will not be able to process decisions. If `data.json` contains no policies, a warning is issued to the server log. This scenario assumes the bundle will be updated later and `ProcessUploadOpa` will be called. If no bundle directory is detected, An initial default bundle will be created (e.g. to support demos) using the bundle embedded in:
func (*DecisionHandler) HealthCheck ¶
func (d *DecisionHandler) HealthCheck() bool
HealthCheck actively calls the HexaOPA engine for a decision based on empty input. As long as an error is not thrown, true is returned. This is intended to check that the OPA instance is running.
func (*DecisionHandler) ProcessDecision ¶
func (d *DecisionHandler) ProcessDecision(authRequest infoModel.EvaluationItem) (*infoModel.DecisionResponse, error, int)
ProcessDecision takes an AuthZen AuthRequest, generates a Hexa OPA input object that combines resource, subject, and request information and calls the HexaOPA decision engine and parses the results.
func (*DecisionHandler) ProcessQueryDecision ¶
func (d *DecisionHandler) ProcessQueryDecision(query infoModel.QueryRequest, _ *http.Request) (*infoModel.EvaluationsResponse, error, int)
ProcessQueryDecision takes an AuthZen Query request processes each query into an HexaOPA decision and returns a response
func (*DecisionHandler) ProcessUploadOpa ¶
func (d *DecisionHandler) ProcessUploadOpa() error
ProcessUploadOpa causes the OPA engine to reload policy and rego instructions from the bundle directory (see config.EnvBundleDir). To update the HexaOPA decision engine, update the bundle directory contents and call this method to reload.
Source Files