opa

Documentation

Overview

Package opa provides of utilities for using OPA

Index

• func ParseX509Cert(authInfo credentials.AuthInfo) *x509.Certificate
• func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)
• type AuthorizationPolicy
  • func PoliciesByFileMask(masks ...string) ([]*AuthorizationPolicy, error)
  • func PolicyFromFile(p string) (*AuthorizationPolicy, error)
  • func WithNamedPolicyFromSource(name, source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error
  • func (d *AuthorizationPolicy) Name() string
• type CheckAccessFunc
  • func True(query string) CheckAccessFunc
• type CheckQueryFunc

Functions

func ParseX509Cert

func ParseX509Cert(authInfo credentials.AuthInfo) *x509.Certificate

ParseX509Cert - parses x509 certificate from the passed credentials.AuthInfo

func PreparedOpaInput

func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)

PreparedOpaInput - converts model to map. It also puts auth_info in root of the map if it is presented in context.

Types

type AuthorizationPolicy

type AuthorizationPolicy struct {
	// contains filtered or unexported fields
}

AuthorizationPolicy checks that passed tokens are valid

func PoliciesByFileMask

func PoliciesByFileMask(masks ...string) ([]*AuthorizationPolicy, error)

func PolicyFromFile

func PolicyFromFile(p string) (*AuthorizationPolicy, error)

func WithNamedPolicyFromSource

func WithNamedPolicyFromSource(name, source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithNamedPolicyFromSource creates named custom policy based on rego source code

func WithPolicyFromSource

func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromSource creates custom policy based on rego source code

func (*AuthorizationPolicy) Check

func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error

Check returns nil if passed tokens are valid

func (*AuthorizationPolicy) Name

func (d *AuthorizationPolicy) Name() string

Name returns AuthorizationPolicy name

type CheckAccessFunc

type CheckAccessFunc func(result rego.ResultSet) (bool, error)

CheckAccessFunc checks rego result. Returns bool flag that means access. Returns error if something was wrong

func True

func True(query string) CheckAccessFunc

True is default access checker, returns true if in the result set of rego exist query and it has true value

type CheckQueryFunc

type CheckQueryFunc func(string) CheckAccessFunc

CheckQueryFunc converts query string to CheckAccessFunc function