httpopa

package

v2.1.0 Latest Latest Go to latest Published: Feb 27, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/infobloxopen/atlas-authz-middleware

Links

Open Source Insights

Documentation ¶

Overview ¶

Package httpopa provides an implementation of the az.Authorizer interface for HTTP-based authorization using OPA (Open Policy Agent).

Index ¶

Variables
func NewHttpAuthorizer(application string, opts ...Option) az.Authorizer
func NewServerAuthzMiddleware(application string, opts ...Option) func(http.Handler) http.Handler
type AcctEntitlementsApiInput
type AcctEntitlementsApiResult
type Config
- func NewDefaultConfig(application string, opts ...Option) *Config
- func (c Config) GetAuthorizer() []az.Authorizer
type ContextKey
type CurrentUserCompartmentsResult
type DefaultModifyConfig
type EndpointModifier
type Option

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	EndPointKey = ContextKey("endpoint")
)

View Source

var SERVICENAME = "opa"

SERVICENAME is the name of the OPA service.

Functions ¶

func NewHttpAuthorizer ¶

func NewHttpAuthorizer(application string, opts ...Option) az.Authorizer

NewHttpAuthorizer creates a new instance of httpAuthorizer with the given application name and options.

func NewServerAuthzMiddleware ¶

func NewServerAuthzMiddleware(application string, opts ...Option) func(http.Handler) http.Handler

NewServerAuthzMiddleware evaluate the OPA policy against the requested endpoint, and aborts the request if not authorized.

Types ¶

type AcctEntitlementsApiInput ¶ added in v2.1.0

type AcctEntitlementsApiInput struct {
	AccountIDs   []string `json:"acct_entitlements_acct_ids"`
	ServiceNames []string `json:"acct_entitlements_services"`
}

AcctEntitlementsApiInput is the input payload for acct_entitlements_api

type AcctEntitlementsApiResult ¶ added in v2.1.0

type AcctEntitlementsApiResult struct {
	Result *az.AcctEntitlementsType `json:"result"`
}

AcctEntitlementsApiResult is the data type json.Unmarshaled from OPA RESTAPI query to acct_entitlements_api

type Config ¶

type Config struct {
	// contains filtered or unexported fields
}

func NewDefaultConfig ¶

func NewDefaultConfig(application string, opts ...Option) *Config

NewDefaultConfig returns a new default Config for Http Authorizer.

func (Config) GetAuthorizer ¶

func (c Config) GetAuthorizer() []az.Authorizer

type ContextKey ¶

type ContextKey string

type CurrentUserCompartmentsResult ¶ added in v2.1.0

type CurrentUserCompartmentsResult struct {
	Result []string `json:"result"`
}

CurrentUserCompartmentsResult is the data type json.Unmarshaled from OPA RESTAPI query to current_user_compartments rego rule

type DefaultModifyConfig ¶

type DefaultModifyConfig struct {
	SegmentsNeeded int
	SegmentStart   int
	Prefix         string
}

type EndpointModifier ¶

type EndpointModifier struct {
	DefaultModifyConfig
	Modify func(string) string
}

type Option ¶

type Option func(c *Config)

func WithAcctEntitlementsApiPath ¶

func WithAcctEntitlementsApiPath(acctEntitlementsApi string) Option

WithAcctEntitlementsApiPath overrides default AcctEntitlementsApiPath

func WithAddress ¶

func WithAddress(address string) Option

WithAddress

func WithAuthorizer ¶

func WithAuthorizer(auther ...az.Authorizer) Option

WithAuthorizer overrides the request/response processing of OPA. Multiple authorizers can be passed

func WithClaimsVerifier ¶

func WithClaimsVerifier(claimsVerifier az.ClaimsVerifier) Option

WithClaimsVerifier overrides default ClaimsVerifier

func WithCurrentUserCompartmentsPath ¶ added in v2.1.0

func WithCurrentUserCompartmentsPath(currUserCompartmentsApi string) Option

WithCurrentUserCompartmentsPath overrides default CurrentUserCompartmentsApiPath

func WithDecisionInputHandler ¶

func WithDecisionInputHandler(decisionHandler az.DecisionInputHandler) Option

WithDecisionInputHandler supplies optional DecisionInputHandler for DefaultAuthorizer to obtain additional input for OPA ABAC decision processing.

func WithEndpointModifier ¶

func WithEndpointModifier(modifier *EndpointModifier) Option

WithAcctSegmentsNeeded overrides default 0

func WithEntitledServices ¶

func WithEntitledServices(entitledServices ...string) Option

WithEntitledServices overrides default EntitledServices

func WithHTTPClient ¶

func WithHTTPClient(client *http.Client) Option

WithHTTPClient overrides the http.Client used to call Opa

func WithOpaClienter ¶

func WithOpaClienter(clienter opa_client.Clienter) Option

WithOpaClienter overrides the Clienter used to call Opa. This option takes precedence over WithHTTPClient.

func WithOpaEvaluator ¶

func WithOpaEvaluator(opaEvaluator az.OpaEvaluator) Option

WithOpaEvaluator overrides the OpaEvaluator use to evaluate authorization against OPA.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
exception
util

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL