README
¶
Direct (Non-GRPC-Interceptor) Usage
import opamw "github.com/infobloxopen/atlas-authz-middleware/grpc_opa"
// Create Authorizer with example options
authzer := opamw.NewDefaultAuthorizer(
viper.GetString("app.id"),
opamw.WithAddress(opa_client.DefaultAddress),
opamw.WithDecisionInputHandler(&myDecisionInputer{}),
)
// AffirmAuthorization makes an authz request to sidecar-OPA.
// If authorization is permitted, error returned is nil,
// and a new context is returned, possibly containing obligations.
// Caller must further evaluate obligations if required.
newCtx, err := authzer.AffirmAuthorization(ctx, "MyService.MyMethod", nil)
if err == nil {
// Operation is permitted, fetch and process obligations
if newCtx != nil {
obVal := newCtx.Value(opamw.ObKey)
if obVal != nil {
obTree, ok := obVal.(opamw.ObligationsNode)
if ok && obTree != nil && !obTree.IsShallowEmpty() {
// process any obligations in obTree if required
}
}
}
}
GRPC Unary Interceptor Usage
import opamw "github.com/infobloxopen/atlas-authz-middleware/grpc_opa"
// Create unary-interceptor with example options
authzOpaInterceptor := opamw.UnaryServerInterceptor(
viper.GetString("app.id"),
opamw.WithAddress(opa_client.DefaultAddress),
opamw.WithDecisionInputHandler(&myDecisionInputer{}),
)
interceptors = append(interceptors, authzOpaInterceptor)
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
authorizer
Package authorizer is a generated GoMock package.
|
Package authorizer is a generated GoMock package. |
|
Package httpopa provides an implementation of the az.Authorizer interface for HTTP-based authorization using OPA (Open Policy Agent).
|
Package httpopa provides an implementation of the az.Authorizer interface for HTTP-based authorization using OPA (Open Policy Agent). |
|
pkg
|
|
|
opa_client
package opa_client builds a REST client that opa should already exist
|
package opa_client builds a REST client that opa should already exist |
Click to show internal directories.
Click to hide internal directories.