opa

Documentation

Overview

Package opa provides of utilities for using OPA

Index

• func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)
• type AuthorizationPolicy
  • func WithNextTokenSignedPolicy() *AuthorizationPolicy
  • func WithPolicyFromFile(path, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func WithPrevTokenSignedPolicy() *AuthorizationPolicy
  • func WithTokenChainPolicy() *AuthorizationPolicy
  • func WithTokensExpiredPolicy() *AuthorizationPolicy
  • func WithTokensValidPolicy() *AuthorizationPolicy
  • func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error
• type CheckAccessFunc
  • func False(query string) CheckAccessFunc
  • func True(query string) CheckAccessFunc
• type CheckQueryFunc

Functions

func PreparedOpaInput

func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)

PreparedOpaInput - converts model to map. It also puts auth_info in root of the map if it is presented in context.

Types

type AuthorizationPolicy

type AuthorizationPolicy struct {
	// contains filtered or unexported fields
}

AuthorizationPolicy checks that passed tokens are valid

func WithNextTokenSignedPolicy

func WithNextTokenSignedPolicy() *AuthorizationPolicy

WithNextTokenSignedPolicy returns default policy for checking that last token in path is signed.

func WithPolicyFromFile

func WithPolicyFromFile(path, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromFile creates custom policy based on rego source file

func WithPolicyFromSource

func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromSource creates custom policy based on rego source code

func WithPrevTokenSignedPolicy

func WithPrevTokenSignedPolicy() *AuthorizationPolicy

WithPrevTokenSignedPolicy returns default policy for checking that last token in path is signed.

func WithTokenChainPolicy

func WithTokenChainPolicy() *AuthorizationPolicy

WithTokenChainPolicy returns default policy for checking tokens chain in path

func WithTokensExpiredPolicy

func WithTokensExpiredPolicy() *AuthorizationPolicy

WithTokensExpiredPolicy returns default policy for checking tokens expiration

func WithTokensValidPolicy

func WithTokensValidPolicy() *AuthorizationPolicy

WithTokensValidPolicy returns default policy for checking that all tokens in the path can be decoded.

func (*AuthorizationPolicy) Check

func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error

Check returns nil if passed tokens are valid

type CheckAccessFunc

type CheckAccessFunc func(result rego.ResultSet) (bool, error)

CheckAccessFunc checks rego result. Returns bool flag that means access. Returns error if something was wrong

func False

func False(query string) CheckAccessFunc

False is default access checker, returns true if in the result set of rego exist query and it has false value

func True

func True(query string) CheckAccessFunc

True is default access checker, returns true if in the result set of rego exist query and it has true value

type CheckQueryFunc

type CheckQueryFunc func(string) CheckAccessFunc

CheckQueryFunc converts query string to CheckAccessFunc function