authorize

package

v1.14.1 Latest Latest Go to latest Published: Nov 2, 2024 License: Apache-2.0 Imports: 14 Imported by: 21

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/networkservicemesh/sdk

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authorize provides authz checks for incoming or returning connections.

Package authorize provides authorization checks for incoming or returning requests.

Package authorize provides authz checks for incoming or returning connections.

Index ¶

func NewNetworkServiceEndpointRegistryClient(opts ...Option) registry.NetworkServiceEndpointRegistryClient
func NewNetworkServiceEndpointRegistryServer(opts ...Option) registry.NetworkServiceEndpointRegistryServer
func NewNetworkServiceRegistryClient(opts ...Option) registry.NetworkServiceRegistryClient
func NewNetworkServiceRegistryServer(opts ...Option) registry.NetworkServiceRegistryServer
type Option
type Policy
type RegistryOpaInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewNetworkServiceEndpointRegistryClient ¶ added in v1.7.0

func NewNetworkServiceEndpointRegistryClient(opts ...Option) registry.NetworkServiceEndpointRegistryClient

NewNetworkServiceEndpointRegistryClient - returns a new authorization registry.NetworkServiceEndpointRegistryClient Authorize registry client checks path of NSE.

func NewNetworkServiceEndpointRegistryServer ¶

func NewNetworkServiceEndpointRegistryServer(opts ...Option) registry.NetworkServiceEndpointRegistryServer

NewNetworkServiceEndpointRegistryServer - returns a new authorization registry.NetworkServiceEndpointRegistryServer Authorize registry server checks spiffeID of NSE.

func NewNetworkServiceRegistryClient ¶ added in v1.7.0

func NewNetworkServiceRegistryClient(opts ...Option) registry.NetworkServiceRegistryClient

NewNetworkServiceRegistryClient - returns a new authorization registry.NetworkServiceRegistryClient Authorize registry client checks spiffeID of NS.

func NewNetworkServiceRegistryServer ¶

func NewNetworkServiceRegistryServer(opts ...Option) registry.NetworkServiceRegistryServer

NewNetworkServiceRegistryServer - returns a new authorization registry.NetworkServiceRegistryServer Authorize registry server checks spiffeID of NS.

Types ¶

type Option ¶

type Option func(*options)

Option is authorization option for server

func Any ¶

func Any() Option

Any authorizes any call of request/close

func WithPolicies ¶

func WithPolicies(policyPaths ...string) Option

WithPolicies sets custom policies for registry. policyPaths can be combination of both policy files and dirs with policies

func WithResourcePathIdsMap ¶ added in v1.7.0

func WithResourcePathIdsMap(m *genericsync.Map[string, []string]) Option

WithResourcePathIdsMap sets map to keep resourcePathIdsMap to authorize connections with Registry Authorize Chain Element

type Policy ¶

type Policy interface {
	// Name returns policy name
	Name() string
	// Check checks authorization
	Check(ctx context.Context, input interface{}) error
}

Policy represents authorization policy for network service.

type RegistryOpaInput ¶

type RegistryOpaInput struct {
	ResourceID         string                      `json:"resource_id"`
	ResourceName       string                      `json:"resource_name"`
	ResourcePathIdsMap map[string][]string         `json:"resource_path_ids_map"`
	PathSegments       []*grpcmetadata.PathSegment `json:"path_segments"`
	Index              uint32                      `json:"index"`
}

RegistryOpaInput represents input for policies in authorizNSEServer and authorizeNSServer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL