Documentation
¶
Overview ¶
Package authorizer is a generated GoMock package.
Index ¶
- Constants
- type ABACKey
- type AcctEntitlementsType
- type Authorizer
- type ClaimsVerifier
- type DecisionInput
- type DecisionInputHandler
- type DefaultDecisionInputer
- type FilterCompartmentFeaturesType
- type FilterCompartmentPermissionsType
- type MockAuthorizer
- func (m *MockAuthorizer) AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
- func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
- func (m *MockAuthorizer) Evaluate(ctx context.Context, fullMethod string, req interface{}, ...) (bool, context.Context, error)
- func (m *MockAuthorizer) FilterCompartmentFeatures(ctx context.Context, features FilterCompartmentFeaturesType) (FilterCompartmentFeaturesType, error)
- func (m *MockAuthorizer) FilterCompartmentPermissions(ctx context.Context, permissions FilterCompartmentPermissionsType) (FilterCompartmentPermissionsType, error)
- func (m *MockAuthorizer) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
- func (m *MockAuthorizer) GetCurrentUserCompartments(ctx context.Context) ([]string, error)
- func (m *MockAuthorizer) OpaQuery(ctx context.Context, decisionDocument string, opaReq, opaResp interface{}) error
- func (m *MockAuthorizer) Validate(ctx context.Context, fullMethod string, req interface{}, ...) (interface{}, error)
- type MockAuthorizerMockRecorder
- func (mr *MockAuthorizerMockRecorder) AffirmAuthorization(ctx, fullMethod, eq interface{}) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) Evaluate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) FilterCompartmentFeatures(ctx context.Context, features FilterCompartmentFeaturesType) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) FilterCompartmentPermissions(ctx context.Context, permissions FilterCompartmentPermissionsType) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) GetCurrentUserCompartments(ctx context.Context) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) OpaQuery(ctx, decisionDocument, opaReq, opaResp interface{}) *gomock.Call
- func (mr *MockAuthorizerMockRecorder) Validate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
- type ObligationKey
- type OpaEvaluator
Constants ¶
View Source
const ( // DefaultValidatePath is default OPA path to perform authz validation DefaultValidatePath = "v1/data/authz/rbac/validate_v1" // DefaultAcctEntitlementsApiPath is default OPA path to fetch acct entitlements DefaultAcctEntitlementsApiPath = "v1/data/authz/rbac/acct_entitlements_api" // DefaultCurrentUserCompartmentsPath is default OPA path to fetch current user's compartments DefaultCurrentUserCompartmentsPath = "v1/data/authz/rbac/current_user_compartments" // DefaultFilterCompartmentPermissionsApiPath is default OPA path to filter compartment permissions DefaultFilterCompartmentPermissionsApiPath = "v1/data/authz/rbac/filter_compartment_permissions_api" // DefaultFilterCompartmentFeaturesApiPath is default OPA path to filter compartment features DefaultFilterCompartmentFeaturesApiPath = "v1/data/authz/rbac/filter_compartment_features_api" REDACTED = "redacted" TypeKey = ABACKey("ABACType") VerbKey = ABACKey("ABACVerb") ObKey = ObligationKey("obligations") )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AcctEntitlementsType ¶ added in v2.1.0
AcctEntitlementsType is a convenience data type, returned by GetAcctEntitlements() (map of acct_id to map of service to array of features)
type Authorizer ¶
type Authorizer interface {
// Validate evaluates the authorization policy for the given request.
// It takes the context, full method name, request object, and an OpaEvaluator as input.
// Unlike Evaluate, it only returns the raw Opa response, it does not parse the results.
Validate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (interface{}, error)
// Evaluate evaluates the authorization policy for the given request.
// It takes the context, full method name, request object, and an OpaEvaluator as input.
// It parses the Opa response and returns a boolean indicating whether the request is authorized,
// a modified context, and an error if any. It also parses and adds the entitled_features and obligations
// from Opa response in the modified context returned.
Evaluate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (bool, context.Context, error)
// OpaQuery executes a query against the OPA (Open Policy Agent) with the specified decision document.
// If the decision document is an empty string, the query is executed against the default decision document
// configured in OPA.
// It takes the context, decision document name, OPA request object, and OPA response object as input.
// It returns an error if any.
OpaQuery(ctx context.Context, decisionDocument string, opaReq, opaResp interface{}) error
AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
GetCurrentUserCompartments(ctx context.Context) ([]string, error)
FilterCompartmentPermissions(ctx context.Context, permissions FilterCompartmentPermissionsType) (FilterCompartmentPermissionsType, error)
FilterCompartmentFeatures(ctx context.Context, features FilterCompartmentFeaturesType) (FilterCompartmentFeaturesType, error)
}
Authorizer interface is implemented for making arbitrary requests to Opa.
type DecisionInput ¶
type DecisionInput struct {
Type string `json:"type"` // Object/resource-type to match
Verb string `json:"verb"` // Verb to match
SealCtx []interface{} `json:"ctx"` // Array of app/service-specific context data to match
DecisionDocument string `json:"-"` // OPA decision document to query, by default "",
}
DecisionInput is app/service-specific data supplied by app/service ABAC requests
type DecisionInputHandler ¶
type DecisionInputHandler interface {
// GetDecisionInput returns an app/service-specific DecisionInput.
// A nil DecisionInput should NOT be returned unless error.
GetDecisionInput(ctx context.Context, fullMethod string, req interface{}) (*DecisionInput, error)
}
fullMethod is of the form "Service.FullMethod"
type DefaultDecisionInputer ¶
type DefaultDecisionInputer struct{}
DefaultDecisionInputer is an example DecisionInputHandler that is used as default
func (*DefaultDecisionInputer) GetDecisionInput ¶
func (m *DefaultDecisionInputer) GetDecisionInput(ctx context.Context, fullMethod string, grpcReq interface{}) (*DecisionInput, error)
GetDecisionInput is an example DecisionInputHandler that returns some decision input based on some incoming Context values. App/services will most likely supply their own DecisionInputHandler using WithDecisionInputHandler option.
func (DefaultDecisionInputer) String ¶
func (m DefaultDecisionInputer) String() string
type FilterCompartmentFeaturesType ¶ added in v2.3.0
FilterCompartmentFeaturesType is a convenience data type, returned by FilterCompartmentFeatures() (map of application to array of feature)
type FilterCompartmentPermissionsType ¶ added in v2.3.0
type FilterCompartmentPermissionsType []string
FilterCompartmentPermissionsType is a convenience data type, returned by FilterCompartmentPermissions() (map of application to array of permissions)
type MockAuthorizer ¶
type MockAuthorizer struct {
// contains filtered or unexported fields
}
MockAuthorizer is a mock of Authorizer interface.
func NewMockAuthorizer ¶
func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer
NewMockAuthorizer creates a new mock instance.
func (*MockAuthorizer) AffirmAuthorization ¶
func (m *MockAuthorizer) AffirmAuthorization(ctx context.Context, fullMethod string, eq interface{}) (context.Context, error)
AffirmAuthorization mocks base method.
func (*MockAuthorizer) EXPECT ¶
func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockAuthorizer) Evaluate ¶
func (m *MockAuthorizer) Evaluate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (bool, context.Context, error)
Evaluate mocks base method.
func (*MockAuthorizer) FilterCompartmentFeatures ¶ added in v2.3.0
func (m *MockAuthorizer) FilterCompartmentFeatures(ctx context.Context, features FilterCompartmentFeaturesType) (FilterCompartmentFeaturesType, error)
FilterCompartmentFeatures mocks base method.
func (*MockAuthorizer) FilterCompartmentPermissions ¶ added in v2.3.0
func (m *MockAuthorizer) FilterCompartmentPermissions(ctx context.Context, permissions FilterCompartmentPermissionsType) (FilterCompartmentPermissionsType, error)
FilterCompartmentPermissions mocks base method.
func (*MockAuthorizer) GetAcctEntitlements ¶ added in v2.1.0
func (m *MockAuthorizer) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) (*AcctEntitlementsType, error)
GetAcctEntitlements mocks base method.
func (*MockAuthorizer) GetCurrentUserCompartments ¶ added in v2.1.0
func (m *MockAuthorizer) GetCurrentUserCompartments(ctx context.Context) ([]string, error)
GetCurrentUserCompartments mocks base method.
func (*MockAuthorizer) OpaQuery ¶
func (m *MockAuthorizer) OpaQuery(ctx context.Context, decisionDocument string, opaReq, opaResp interface{}) error
OpaQuery mocks base method.
func (*MockAuthorizer) Validate ¶ added in v2.4.0
func (m *MockAuthorizer) Validate(ctx context.Context, fullMethod string, req interface{}, opaEvaluator OpaEvaluator) (interface{}, error)
Validate mocks base method.
type MockAuthorizerMockRecorder ¶
type MockAuthorizerMockRecorder struct {
// contains filtered or unexported fields
}
MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.
func (*MockAuthorizerMockRecorder) AffirmAuthorization ¶
func (mr *MockAuthorizerMockRecorder) AffirmAuthorization(ctx, fullMethod, eq interface{}) *gomock.Call
AffirmAuthorization indicates an expected call of AffirmAuthorization.
func (*MockAuthorizerMockRecorder) Evaluate ¶
func (mr *MockAuthorizerMockRecorder) Evaluate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
Evaluate indicates an expected call of Evaluate.
func (*MockAuthorizerMockRecorder) FilterCompartmentFeatures ¶ added in v2.3.0
func (mr *MockAuthorizerMockRecorder) FilterCompartmentFeatures(ctx context.Context, features FilterCompartmentFeaturesType) *gomock.Call
FilterCompartmentFeatures indicates an expected call of FilterCompartmentFeatures.
func (*MockAuthorizerMockRecorder) FilterCompartmentPermissions ¶ added in v2.3.0
func (mr *MockAuthorizerMockRecorder) FilterCompartmentPermissions(ctx context.Context, permissions FilterCompartmentPermissionsType) *gomock.Call
FilterCompartmentPermissions indicates an expected call of FilterCompartmentPermissions.
func (*MockAuthorizerMockRecorder) GetAcctEntitlements ¶ added in v2.1.0
func (mr *MockAuthorizerMockRecorder) GetAcctEntitlements(ctx context.Context, accountIDs, serviceNames []string) *gomock.Call
GetAcctEntitlements indicates an expected call of GetAcctEntitlements.
func (*MockAuthorizerMockRecorder) GetCurrentUserCompartments ¶ added in v2.1.0
func (mr *MockAuthorizerMockRecorder) GetCurrentUserCompartments(ctx context.Context) *gomock.Call
GetCurrentUserCompartments indicates an expected call of GetCurrentUserCompartments.
func (*MockAuthorizerMockRecorder) OpaQuery ¶
func (mr *MockAuthorizerMockRecorder) OpaQuery(ctx, decisionDocument, opaReq, opaResp interface{}) *gomock.Call
OpaQuery indicates an expected call of OpaQuery.
func (*MockAuthorizerMockRecorder) Validate ¶ added in v2.4.0
func (mr *MockAuthorizerMockRecorder) Validate(ctx, fullMethod, req, opaEvaluator interface{}) *gomock.Call
Validate indicates an expected call of Validate.
type ObligationKey ¶
type ObligationKey string
Source Files
Click to show internal directories.
Click to hide internal directories.