opa

Documentation

Overview

Package opa provides of utilities for using OPA

Index

• func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)
• type AuthorizationPolicy
  • func WithAllTokensValidPolicy() *AuthorizationPolicy
  • func WithLastTokenSignedPolicy() *AuthorizationPolicy
  • func WithPolicyFromFile(path, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func WithTokenChainPolicy() *AuthorizationPolicy
  • func WithTokensExpiredPolicy() *AuthorizationPolicy
  • func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error
• type CheckAccessFunc
  • func False(query string) CheckAccessFunc
  • func True(query string) CheckAccessFunc
• type CheckQueryFunc

Functions

func PreparedOpaInput

func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)

PreparedOpaInput - converts model to map. It also puts auth_info in root of the map if it is presented in context.

Types

type AuthorizationPolicy

type AuthorizationPolicy struct {
	// contains filtered or unexported fields
}

AuthorizationPolicy checks that passed tokens are valid

func WithAllTokensValidPolicy

func WithAllTokensValidPolicy() *AuthorizationPolicy

WithAllTokensValidPolicy returns default policy for checking that all tokens in the path can be decoded.

func WithLastTokenSignedPolicy

func WithLastTokenSignedPolicy() *AuthorizationPolicy

WithLastTokenSignedPolicy returns default policy for checking that last token in path is signed.

func WithPolicyFromFile

func WithPolicyFromFile(path, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromFile creates custom policy based on rego source file

func WithPolicyFromSource

func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromSource creates custom policy based on rego source code

func WithTokenChainPolicy

func WithTokenChainPolicy() *AuthorizationPolicy

WithTokenChainPolicy returns default policy for checking tokens chain in path

func WithTokensExpiredPolicy

func WithTokensExpiredPolicy() *AuthorizationPolicy

WithTokensExpiredPolicy returns default policy for checking tokens expiration

func (*AuthorizationPolicy) Check

func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error

Check returns nil if passed tokens are valid

type CheckAccessFunc

type CheckAccessFunc func(result rego.ResultSet) (bool, error)

CheckAccessFunc checks rego result. Returns bool flag that means access. Returns error if something was wrong

func False

func False(query string) CheckAccessFunc

False is default access checker, returns true if in the result set of rego exist query and it has false value

func True

func True(query string) CheckAccessFunc

True is default access checker, returns true if in the result set of rego exist query and it has true value

type CheckQueryFunc

type CheckQueryFunc func(string) CheckAccessFunc

CheckQueryFunc converts query string to CheckAccessFunc function