authorize

package

v1.7.1 Latest Latest Go to latest Published: Jan 15, 2023 License: Apache-2.0 Imports: 14 Imported by: 21

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/networkservicemesh/sdk

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authorize provides authz checks for incoming or returning connections.

Package authorize provides authorization checks for incoming or returning requests.

Package authorize provides authz checks for incoming or returning connections.

Code generated by "-output sync_map.gen.go -type PathIdsMap<string,[]string> -output sync_map.gen.go -type PathIdsMap<string,[]string>"; DO NOT EDIT.

Index ¶

func NewNetworkServiceEndpointRegistryClient(opts ...Option) registry.NetworkServiceEndpointRegistryClient
func NewNetworkServiceEndpointRegistryServer(opts ...Option) registry.NetworkServiceEndpointRegistryServer
func NewNetworkServiceRegistryClient(opts ...Option) registry.NetworkServiceRegistryClient
func NewNetworkServiceRegistryServer(opts ...Option) registry.NetworkServiceRegistryServer
type Option
type PathIdsMap
type Policy
type RegistryOpaInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewNetworkServiceEndpointRegistryClient ¶ added in v1.7.0

func NewNetworkServiceEndpointRegistryClient(opts ...Option) registry.NetworkServiceEndpointRegistryClient

NewNetworkServiceEndpointRegistryClient - returns a new authorization registry.NetworkServiceEndpointRegistryClient Authorize registry client checks path of NSE.

func NewNetworkServiceEndpointRegistryServer ¶

func NewNetworkServiceEndpointRegistryServer(opts ...Option) registry.NetworkServiceEndpointRegistryServer

NewNetworkServiceEndpointRegistryServer - returns a new authorization registry.NetworkServiceEndpointRegistryServer Authorize registry server checks spiffeID of NSE.

func NewNetworkServiceRegistryClient ¶ added in v1.7.0

func NewNetworkServiceRegistryClient(opts ...Option) registry.NetworkServiceRegistryClient

NewNetworkServiceRegistryClient - returns a new authorization registry.NetworkServiceRegistryClient Authorize registry client checks spiffeID of NS.

func NewNetworkServiceRegistryServer ¶

func NewNetworkServiceRegistryServer(opts ...Option) registry.NetworkServiceRegistryServer

NewNetworkServiceRegistryServer - returns a new authorization registry.NetworkServiceRegistryServer Authorize registry server checks spiffeID of NS.

Types ¶

type Option ¶

type Option func(*options)

Option is authorization option for server

func Any ¶

func Any() Option

Any authorizes any call of request/close

func WithPolicies ¶

func WithPolicies(policyPaths ...string) Option

WithPolicies sets custom policies for registry. policyPaths can be combination of both policy files and dirs with policies

func WithResourcePathIdsMap ¶ added in v1.7.0

func WithResourcePathIdsMap(m *PathIdsMap) Option

WithResourcePathIdsMap sets map to keep resourcePathIdsMap to authorize connections with Registry Authorize Chain Element

type PathIdsMap ¶ added in v1.7.0

type PathIdsMap sync.Map

PathIdsMap - sync.Map with key == resource name and value == list of path ids associated with this resource

func (*PathIdsMap) Delete ¶ added in v1.7.0

func (m *PathIdsMap) Delete(key string)

Delete deletes the value for a key.

func (*PathIdsMap) Load ¶ added in v1.7.0

func (m *PathIdsMap) Load(key string) ([]string, bool)

Load returns the value stored in the map for a key, or nil if no value is present. The ok result indicates whether value was found in the map.

func (*PathIdsMap) LoadAndDelete ¶ added in v1.7.0

func (m *PathIdsMap) LoadAndDelete(key string) (value []string, loaded bool)

LoadAndDelete deletes the value for a key, returning the previous value if any. The loaded result reports whether the key was present.

func (*PathIdsMap) LoadOrStore ¶ added in v1.7.0

func (m *PathIdsMap) LoadOrStore(key string, value []string) ([]string, bool)

LoadOrStore returns the existing value for the key if present. Otherwise, it stores and returns the given value. The loaded result is true if the value was loaded, false if stored.

func (*PathIdsMap) Range ¶ added in v1.7.0

func (m *PathIdsMap) Range(f func(key string, value []string) bool)

Range calls f sequentially for each key and value present in the map. If f returns false, range stops the iteration.

Range does not necessarily correspond to any consistent snapshot of the Map's contents: no key will be visited more than once, but if the value for any key is stored or deleted concurrently, Range may reflect any mapping for that key from any point during the Range call.

Range may be O(N) with the number of elements in the map even if f returns false after a constant number of calls.

func (*PathIdsMap) Store ¶ added in v1.7.0

func (m *PathIdsMap) Store(key string, value []string)

Store sets the value for a key.

type Policy ¶

type Policy interface {
	// Check checks authorization
	Check(ctx context.Context, input interface{}) error
}

Policy represents authorization policy for network service.

type RegistryOpaInput ¶

type RegistryOpaInput struct {
	ResourceID         string                      `json:"resource_id"`
	ResourceName       string                      `json:"resource_name"`
	ResourcePathIdsMap map[string][]string         `json:"resource_path_ids_map"`
	PathSegments       []*grpcmetadata.PathSegment `json:"path_segments"`
	Index              uint32                      `json:"index"`
}

RegistryOpaInput represents input for policies in authorizNSEServer and authorizeNSServer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL