authorize

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 16, 2022 License: Apache-2.0 Imports: 9 Imported by: 21

Documentation

Overview

Package authorize provides authz checks for incoming or returning connections.

Package authorize provides authz checks for incoming or returning connections.

Code generated by "-output sync_map.gen.go -type spiffeIDResourcesMap<github.com/spiffe/go-spiffe/v2/spiffeid.ID,*github.com/networkservicemesh/sdk/pkg/tools/stringset.StringSet> -output sync_map.gen.go -type spiffeIDResourcesMap<github.com/spiffe/go-spiffe/v2/spiffeid.ID,*github.com/networkservicemesh/sdk/pkg/tools/stringset.StringSet>"; DO NOT EDIT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewNetworkServiceEndpointRegistryServer 

func NewNetworkServiceEndpointRegistryServer(opts ...Option) registry.NetworkServiceEndpointRegistryServer

NewNetworkServiceEndpointRegistryServer - returns a new authorization registry.NetworkServiceEndpointRegistryServer Authorize registry server checks spiffeID of NSE.

func NewNetworkServiceRegistryServer 

func NewNetworkServiceRegistryServer(opts ...Option) registry.NetworkServiceRegistryServer

NewNetworkServiceRegistryServer - returns a new authorization registry.NetworkServiceRegistryServer Authorize registry server checks spiffeID of NS.

Types

type Option 

type Option func(*options)

Option is authorization option for server

func Any 

func Any() Option

Any authorizes any call of request/close

func WithPolicies 

func WithPolicies(p ...Policy) Option

WithPolicies sets custom policies for registry

func WithSpiffeIDResourcesMap 

func WithSpiffeIDResourcesMap(m *spiffeIDResourcesMap) Option

WithSpiffeIDResourcesMap sets map to keep spiffeIDResourcesMap to authorize connections with Registry Authorize Chain Element

type Policy 

type Policy interface {
	// Check checks authorization
	Check(ctx context.Context, input interface{}) error
}

Policy represents authorization policy for network service.

type RegistryOpaInput 

type RegistryOpaInput struct {
	SpiffeID             string              `json:"spiffe_id"`
	ResourceName         string              `json:"resource_name"`
	SpiffeIDResourcesMap map[string][]string `json:"spiffe_id_resources_map"`
}

RegistryOpaInput represents input for policies in authorizNSEServer and authorizeNSServer

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.