authorization

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2024 License: BSD-3-Clause-Clear Imports: 18 Imported by: 5

Documentation

Overview

Package authorization is a reverse proxy.

It translates gRPC into RESTful JSON APIs.

Index

Constants

View Source 
const (
	AuthorizationService_GetDecisions_FullMethodName        = "/authorization.AuthorizationService/GetDecisions"
	AuthorizationService_GetDecisionsByToken_FullMethodName = "/authorization.AuthorizationService/GetDecisionsByToken"
	AuthorizationService_GetEntitlements_FullMethodName     = "/authorization.AuthorizationService/GetEntitlements"
)

Variables

View Source 
var (
	DecisionResponse_Decision_name = map[int32]string{
		0: "DECISION_UNSPECIFIED",
		1: "DECISION_DENY",
		2: "DECISION_PERMIT",
	}
	DecisionResponse_Decision_value = map[string]int32{
		"DECISION_UNSPECIFIED": 0,
		"DECISION_DENY":        1,
		"DECISION_PERMIT":      2,
	}
)

Enum value maps for DecisionResponse_Decision.

View Source 
var AuthorizationService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "authorization.AuthorizationService",
	HandlerType: (*AuthorizationServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GetDecisions",
			Handler:    _AuthorizationService_GetDecisions_Handler,
		},
		{
			MethodName: "GetDecisionsByToken",
			Handler:    _AuthorizationService_GetDecisionsByToken_Handler,
		},
		{
			MethodName: "GetEntitlements",
			Handler:    _AuthorizationService_GetEntitlements_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "authorization/authorization.proto",
}

AuthorizationService_ServiceDesc is the grpc.ServiceDesc for AuthorizationService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_authorization_authorization_proto protoreflect.FileDescriptor

Functions

func RegisterAuthorizationServiceHandler 

func RegisterAuthorizationServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterAuthorizationServiceHandler registers the http handlers for service AuthorizationService to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterAuthorizationServiceHandlerClient 

func RegisterAuthorizationServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthorizationServiceClient) error

RegisterAuthorizationServiceHandlerClient registers the http handlers for service AuthorizationService to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AuthorizationServiceClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AuthorizationServiceClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "AuthorizationServiceClient" to call the correct interceptors.

func RegisterAuthorizationServiceHandlerFromEndpoint 

func RegisterAuthorizationServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterAuthorizationServiceHandlerFromEndpoint is same as RegisterAuthorizationServiceHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterAuthorizationServiceHandlerServer 

func RegisterAuthorizationServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthorizationServiceServer) error

RegisterAuthorizationServiceHandlerServer registers the http handlers for service AuthorizationService to "mux". UnaryRPC :call AuthorizationServiceServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAuthorizationServiceHandlerFromEndpoint instead.

func RegisterAuthorizationServiceServer 

func RegisterAuthorizationServiceServer(s grpc.ServiceRegistrar, srv AuthorizationServiceServer)

Types

type AuthorizationServiceClient 

type AuthorizationServiceClient interface {
	GetDecisions(ctx context.Context, in *GetDecisionsRequest, opts ...grpc.CallOption) (*GetDecisionsResponse, error)
	GetDecisionsByToken(ctx context.Context, in *GetDecisionsByTokenRequest, opts ...grpc.CallOption) (*GetDecisionsByTokenResponse, error)
	GetEntitlements(ctx context.Context, in *GetEntitlementsRequest, opts ...grpc.CallOption) (*GetEntitlementsResponse, error)
}

AuthorizationServiceClient is the client API for AuthorizationService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewAuthorizationServiceClient 

func NewAuthorizationServiceClient(cc grpc.ClientConnInterface) AuthorizationServiceClient

type AuthorizationServiceServer 

type AuthorizationServiceServer interface {
	GetDecisions(context.Context, *GetDecisionsRequest) (*GetDecisionsResponse, error)
	GetDecisionsByToken(context.Context, *GetDecisionsByTokenRequest) (*GetDecisionsByTokenResponse, error)
	GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error)
	// contains filtered or unexported methods
}

AuthorizationServiceServer is the server API for AuthorizationService service. All implementations must embed UnimplementedAuthorizationServiceServer for forward compatibility

type DecisionRequest 

type DecisionRequest struct {
	Actions            []*policy.Action     `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	EntityChains       []*EntityChain       `protobuf:"bytes,2,rep,name=entity_chains,json=entityChains,proto3" json:"entity_chains,omitempty"`
	ResourceAttributes []*ResourceAttribute `protobuf:"bytes,3,rep,name=resource_attributes,json=resourceAttributes,proto3" json:"resource_attributes,omitempty"`
	// contains filtered or unexported fields
}

Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?

{ "actions": [ { "standard": "STANDARD_ACTION_TRANSMIT" } ], "entityChains": [ { "id": "ec1", "entities": [ { "emailAddress": "bob@example.org" } ] }, { "id": "ec2", "entities": [ { "userName": "alice@example.org" } ] } ], "resourceAttributes": [ { "resourceAttributeId": "attr-set-1", "attributeFqns": [ "https://www.example.org/attr/foo/value/value1" ] }, { "resourceAttributeId": "attr-set-2", "attributeFqns": [ "https://example.net/attr/attr1/value/value1", "https://example.net/attr/attr1/value/value2" ] } ] }

func (*DecisionRequest) Descriptor deprecated 

func (*DecisionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecisionRequest.ProtoReflect.Descriptor instead.

func (*DecisionRequest) GetActions 

func (x *DecisionRequest) GetActions() []*policy.Action

func (*DecisionRequest) GetEntityChains 

func (x *DecisionRequest) GetEntityChains() []*EntityChain

func (*DecisionRequest) GetResourceAttributes 

func (x *DecisionRequest) GetResourceAttributes() []*ResourceAttribute

func (*DecisionRequest) ProtoMessage 

func (*DecisionRequest) ProtoMessage()

func (*DecisionRequest) ProtoReflect 

func (x *DecisionRequest) ProtoReflect() protoreflect.Message

func (*DecisionRequest) Reset 

func (x *DecisionRequest) Reset()

func (*DecisionRequest) String 

func (x *DecisionRequest) String() string

type DecisionResponse 

type DecisionResponse struct {
	EntityChainId        string                    `protobuf:"bytes,1,opt,name=entity_chain_id,json=entityChainId,proto3" json:"entity_chain_id,omitempty"`                      // ephemeral entity chain id from the request
	ResourceAttributesId string                    `protobuf:"bytes,2,opt,name=resource_attributes_id,json=resourceAttributesId,proto3" json:"resource_attributes_id,omitempty"` // ephemeral resource attributes id from the request
	Action               *policy.Action            `protobuf:"bytes,3,opt,name=action,proto3" json:"action,omitempty"`                                                           // Action of the decision response
	Decision             DecisionResponse_Decision `protobuf:"varint,4,opt,name=decision,proto3,enum=authorization.DecisionResponse_Decision" json:"decision,omitempty"`         // The decision response
	Obligations          []string                  `protobuf:"bytes,5,rep,name=obligations,proto3" json:"obligations,omitempty"`                                                 //optional list of obligations represented in URI format
	// contains filtered or unexported fields
}

Example response for a Decision Request - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?

Results: - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes

{ "entityChainId": "ec1", "resourceAttributesId": "attr-set-1", "decision": "DECISION_PERMIT", "obligations": [ "http://www.example.org/obligation/watermark" ] }, { "entityChainId": "ec1", "resourceAttributesId": "attr-set-2", "decision": "DECISION_PERMIT" }, { "entityChainId": "ec2", "resourceAttributesId": "attr-set-1", "decision": "DECISION_PERMIT" }, { "entityChainId": "ec2", "resourceAttributesId": "attr-set-2", "decision": "DECISION_DENY" }

func (*DecisionResponse) Descriptor deprecated 

func (*DecisionResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecisionResponse.ProtoReflect.Descriptor instead.

func (*DecisionResponse) GetAction 

func (x *DecisionResponse) GetAction() *policy.Action

func (*DecisionResponse) GetDecision 

func (x *DecisionResponse) GetDecision() DecisionResponse_Decision

func (*DecisionResponse) GetEntityChainId 

func (x *DecisionResponse) GetEntityChainId() string

func (*DecisionResponse) GetObligations 

func (x *DecisionResponse) GetObligations() []string

func (*DecisionResponse) GetResourceAttributesId 

func (x *DecisionResponse) GetResourceAttributesId() string

func (*DecisionResponse) ProtoMessage 

func (*DecisionResponse) ProtoMessage()

func (*DecisionResponse) ProtoReflect 

func (x *DecisionResponse) ProtoReflect() protoreflect.Message

func (*DecisionResponse) Reset 

func (x *DecisionResponse) Reset()

func (*DecisionResponse) String 

func (x *DecisionResponse) String() string

type DecisionResponse_Decision 

type DecisionResponse_Decision int32
const (
	DecisionResponse_DECISION_UNSPECIFIED DecisionResponse_Decision = 0
	DecisionResponse_DECISION_DENY        DecisionResponse_Decision = 1
	DecisionResponse_DECISION_PERMIT      DecisionResponse_Decision = 2
)

func (DecisionResponse_Decision) Descriptor 

func (DecisionResponse_Decision) Descriptor() protoreflect.EnumDescriptor

func (DecisionResponse_Decision) Enum 

func (x DecisionResponse_Decision) Enum() *DecisionResponse_Decision

func (DecisionResponse_Decision) EnumDescriptor deprecated 

func (DecisionResponse_Decision) EnumDescriptor() ([]byte, []int)

Deprecated: Use DecisionResponse_Decision.Descriptor instead.

func (DecisionResponse_Decision) Number 

func (x DecisionResponse_Decision) Number() protoreflect.EnumNumber

func (DecisionResponse_Decision) String 

func (x DecisionResponse_Decision) String() string

func (DecisionResponse_Decision) Type 

func (DecisionResponse_Decision) Type() protoreflect.EnumType

type Entity 

type Entity struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // ephemeral id for tracking between request and response
	// Standard entity types supported by the platform
	//
	// Types that are assignable to EntityType:
	//
	//	*Entity_EmailAddress
	//	*Entity_UserName
	//	*Entity_RemoteClaimsUrl
	//	*Entity_Uuid
	//	*Entity_Claims
	//	*Entity_Custom
	//	*Entity_ClientId
	EntityType isEntity_EntityType `protobuf_oneof:"entity_type"`
	// contains filtered or unexported fields
}

PE (Person Entity) or NPE (Non-Person Entity)

func (*Entity) Descriptor deprecated 

func (*Entity) Descriptor() ([]byte, []int)

Deprecated: Use Entity.ProtoReflect.Descriptor instead.

func (*Entity) GetClaims 

func (x *Entity) GetClaims() *anypb.Any

func (*Entity) GetClientId 

func (x *Entity) GetClientId() string

func (*Entity) GetCustom 

func (x *Entity) GetCustom() *EntityCustom

func (*Entity) GetEmailAddress 

func (x *Entity) GetEmailAddress() string

func (*Entity) GetEntityType 

func (m *Entity) GetEntityType() isEntity_EntityType

func (*Entity) GetId 

func (x *Entity) GetId() string

func (*Entity) GetRemoteClaimsUrl 

func (x *Entity) GetRemoteClaimsUrl() string

func (*Entity) GetUserName 

func (x *Entity) GetUserName() string

func (*Entity) GetUuid added in v0.2.3 

func (x *Entity) GetUuid() string

func (*Entity) ProtoMessage 

func (*Entity) ProtoMessage()

func (*Entity) ProtoReflect 

func (x *Entity) ProtoReflect() protoreflect.Message

func (*Entity) Reset 

func (x *Entity) Reset()

func (*Entity) String 

func (x *Entity) String() string

type EntityChain 

type EntityChain struct {
	Id       string    `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // ephemeral id for tracking between request and response
	Entities []*Entity `protobuf:"bytes,2,rep,name=entities,proto3" json:"entities,omitempty"`
	// contains filtered or unexported fields
}

A set of related PE and NPE

func (*EntityChain) Descriptor deprecated 

func (*EntityChain) Descriptor() ([]byte, []int)

Deprecated: Use EntityChain.ProtoReflect.Descriptor instead.

func (*EntityChain) GetEntities 

func (x *EntityChain) GetEntities() []*Entity

func (*EntityChain) GetId 

func (x *EntityChain) GetId() string

func (*EntityChain) ProtoMessage 

func (*EntityChain) ProtoMessage()

func (*EntityChain) ProtoReflect 

func (x *EntityChain) ProtoReflect() protoreflect.Message

func (*EntityChain) Reset 

func (x *EntityChain) Reset()

func (*EntityChain) String 

func (x *EntityChain) String() string

type EntityCustom 

type EntityCustom struct {
	Extension *anypb.Any `protobuf:"bytes,1,opt,name=extension,proto3" json:"extension,omitempty"`
	// contains filtered or unexported fields
}

Entity type for custom entities beyond the standard types

func (*EntityCustom) Descriptor deprecated 

func (*EntityCustom) Descriptor() ([]byte, []int)

Deprecated: Use EntityCustom.ProtoReflect.Descriptor instead.

func (*EntityCustom) GetExtension 

func (x *EntityCustom) GetExtension() *anypb.Any

func (*EntityCustom) ProtoMessage 

func (*EntityCustom) ProtoMessage()

func (*EntityCustom) ProtoReflect 

func (x *EntityCustom) ProtoReflect() protoreflect.Message

func (*EntityCustom) Reset 

func (x *EntityCustom) Reset()

func (*EntityCustom) String 

func (x *EntityCustom) String() string

type EntityEntitlements 

type EntityEntitlements struct {
	EntityId           string   `protobuf:"bytes,1,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"`
	AttributeValueFqns []string `protobuf:"bytes,2,rep,name=attribute_value_fqns,json=attributeValueFqns,proto3" json:"attribute_value_fqns,omitempty"`
	// contains filtered or unexported fields
}

func (*EntityEntitlements) Descriptor deprecated 

func (*EntityEntitlements) Descriptor() ([]byte, []int)

Deprecated: Use EntityEntitlements.ProtoReflect.Descriptor instead.

func (*EntityEntitlements) GetAttributeValueFqns 

func (x *EntityEntitlements) GetAttributeValueFqns() []string

func (*EntityEntitlements) GetEntityId 

func (x *EntityEntitlements) GetEntityId() string

func (*EntityEntitlements) ProtoMessage 

func (*EntityEntitlements) ProtoMessage()

func (*EntityEntitlements) ProtoReflect 

func (x *EntityEntitlements) ProtoReflect() protoreflect.Message

func (*EntityEntitlements) Reset 

func (x *EntityEntitlements) Reset()

func (*EntityEntitlements) String 

func (x *EntityEntitlements) String() string

type Entity_Claims 

type Entity_Claims struct {
	Claims *anypb.Any `protobuf:"bytes,6,opt,name=claims,proto3,oneof"`
}

type Entity_ClientId 

type Entity_ClientId struct {
	ClientId string `protobuf:"bytes,8,opt,name=client_id,json=clientId,proto3,oneof"`
}

type Entity_Custom 

type Entity_Custom struct {
	Custom *EntityCustom `protobuf:"bytes,7,opt,name=custom,proto3,oneof"`
}

type Entity_EmailAddress 

type Entity_EmailAddress struct {
	EmailAddress string `protobuf:"bytes,2,opt,name=email_address,json=emailAddress,proto3,oneof"`
}

type Entity_RemoteClaimsUrl 

type Entity_RemoteClaimsUrl struct {
	RemoteClaimsUrl string `protobuf:"bytes,4,opt,name=remote_claims_url,json=remoteClaimsUrl,proto3,oneof"`
}

type Entity_UserName 

type Entity_UserName struct {
	UserName string `protobuf:"bytes,3,opt,name=user_name,json=userName,proto3,oneof"`
}

type Entity_Uuid added in v0.2.3 

type Entity_Uuid struct {
	Uuid string `protobuf:"bytes,5,opt,name=uuid,proto3,oneof"`
}

type GetDecisionsByTokenRequest added in v0.2.3 

type GetDecisionsByTokenRequest struct {
	DecisionRequests []*TokenDecisionRequest `protobuf:"bytes,1,rep,name=decision_requests,json=decisionRequests,proto3" json:"decision_requests,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionsByTokenRequest) Descriptor deprecated added in v0.2.3 

func (*GetDecisionsByTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionsByTokenRequest.ProtoReflect.Descriptor instead.

func (*GetDecisionsByTokenRequest) GetDecisionRequests added in v0.2.3 

func (x *GetDecisionsByTokenRequest) GetDecisionRequests() []*TokenDecisionRequest

func (*GetDecisionsByTokenRequest) ProtoMessage added in v0.2.3 

func (*GetDecisionsByTokenRequest) ProtoMessage()

func (*GetDecisionsByTokenRequest) ProtoReflect added in v0.2.3 

func (x *GetDecisionsByTokenRequest) ProtoReflect() protoreflect.Message

func (*GetDecisionsByTokenRequest) Reset added in v0.2.3 

func (x *GetDecisionsByTokenRequest) Reset()

func (*GetDecisionsByTokenRequest) String added in v0.2.3 

func (x *GetDecisionsByTokenRequest) String() string

type GetDecisionsByTokenResponse added in v0.2.3 

type GetDecisionsByTokenResponse struct {
	DecisionResponses []*DecisionResponse `protobuf:"bytes,1,rep,name=decision_responses,json=decisionResponses,proto3" json:"decision_responses,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionsByTokenResponse) Descriptor deprecated added in v0.2.3 

func (*GetDecisionsByTokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionsByTokenResponse.ProtoReflect.Descriptor instead.

func (*GetDecisionsByTokenResponse) GetDecisionResponses added in v0.2.3 

func (x *GetDecisionsByTokenResponse) GetDecisionResponses() []*DecisionResponse

func (*GetDecisionsByTokenResponse) ProtoMessage added in v0.2.3 

func (*GetDecisionsByTokenResponse) ProtoMessage()

func (*GetDecisionsByTokenResponse) ProtoReflect added in v0.2.3 

func (x *GetDecisionsByTokenResponse) ProtoReflect() protoreflect.Message

func (*GetDecisionsByTokenResponse) Reset added in v0.2.3 

func (x *GetDecisionsByTokenResponse) Reset()

func (*GetDecisionsByTokenResponse) String added in v0.2.3 

func (x *GetDecisionsByTokenResponse) String() string

type GetDecisionsRequest 

type GetDecisionsRequest struct {
	DecisionRequests []*DecisionRequest `protobuf:"bytes,1,rep,name=decision_requests,json=decisionRequests,proto3" json:"decision_requests,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionsRequest) Descriptor deprecated 

func (*GetDecisionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionsRequest.ProtoReflect.Descriptor instead.

func (*GetDecisionsRequest) GetDecisionRequests 

func (x *GetDecisionsRequest) GetDecisionRequests() []*DecisionRequest

func (*GetDecisionsRequest) ProtoMessage 

func (*GetDecisionsRequest) ProtoMessage()

func (*GetDecisionsRequest) ProtoReflect 

func (x *GetDecisionsRequest) ProtoReflect() protoreflect.Message

func (*GetDecisionsRequest) Reset 

func (x *GetDecisionsRequest) Reset()

func (*GetDecisionsRequest) String 

func (x *GetDecisionsRequest) String() string

type GetDecisionsResponse 

type GetDecisionsResponse struct {
	DecisionResponses []*DecisionResponse `protobuf:"bytes,1,rep,name=decision_responses,json=decisionResponses,proto3" json:"decision_responses,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionsResponse) Descriptor deprecated 

func (*GetDecisionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionsResponse.ProtoReflect.Descriptor instead.

func (*GetDecisionsResponse) GetDecisionResponses 

func (x *GetDecisionsResponse) GetDecisionResponses() []*DecisionResponse

func (*GetDecisionsResponse) ProtoMessage 

func (*GetDecisionsResponse) ProtoMessage()

func (*GetDecisionsResponse) ProtoReflect 

func (x *GetDecisionsResponse) ProtoReflect() protoreflect.Message

func (*GetDecisionsResponse) Reset 

func (x *GetDecisionsResponse) Reset()

func (*GetDecisionsResponse) String 

func (x *GetDecisionsResponse) String() string

type GetEntitlementsRequest 

type GetEntitlementsRequest struct {
	Entities []*Entity          `protobuf:"bytes,1,rep,name=entities,proto3" json:"entities,omitempty"` // list of requested entities
	Scope    *ResourceAttribute `protobuf:"bytes,2,opt,name=scope,proto3,oneof" json:"scope,omitempty"` //optional attribute fqn as a scope
	// contains filtered or unexported fields
}

Request to get entitlements for one or more entities for an optional attribute scope

Example: Get entitlements for bob and alice (both represented using an email address

{ "entities": [ { "id": "e1", "emailAddress": "bob@example.org" }, { "id": "e2", "emailAddress": "alice@example.org" } ], "scope": { "attributeFqns": [ "https://example.net/attr/attr1/value/value1", "https://example.net/attr/attr1/value/value2" ] } }

func (*GetEntitlementsRequest) Descriptor deprecated 

func (*GetEntitlementsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEntitlementsRequest.ProtoReflect.Descriptor instead.

func (*GetEntitlementsRequest) GetEntities 

func (x *GetEntitlementsRequest) GetEntities() []*Entity

func (*GetEntitlementsRequest) GetScope 

func (x *GetEntitlementsRequest) GetScope() *ResourceAttribute

func (*GetEntitlementsRequest) ProtoMessage 

func (*GetEntitlementsRequest) ProtoMessage()

func (*GetEntitlementsRequest) ProtoReflect 

func (x *GetEntitlementsRequest) ProtoReflect() protoreflect.Message

func (*GetEntitlementsRequest) Reset 

func (x *GetEntitlementsRequest) Reset()

func (*GetEntitlementsRequest) String 

func (x *GetEntitlementsRequest) String() string

type GetEntitlementsResponse 

type GetEntitlementsResponse struct {
	Entitlements []*EntityEntitlements `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
	// contains filtered or unexported fields
}

Example Response for a request of : Get entitlements for bob and alice (both represented using an email address

{ "entitlements": [ { "entityId": "e1", "attributeValueReferences": [ { "attributeFqn": "http://www.example.org/attr/foo/value/bar" } ] }, { "entityId": "e2", "attributeValueReferences": [ { "attributeFqn": "http://www.example.org/attr/color/value/red" } ] } ] }

func (*GetEntitlementsResponse) Descriptor deprecated 

func (*GetEntitlementsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetEntitlementsResponse.ProtoReflect.Descriptor instead.

func (*GetEntitlementsResponse) GetEntitlements 

func (x *GetEntitlementsResponse) GetEntitlements() []*EntityEntitlements

func (*GetEntitlementsResponse) ProtoMessage 

func (*GetEntitlementsResponse) ProtoMessage()

func (*GetEntitlementsResponse) ProtoReflect 

func (x *GetEntitlementsResponse) ProtoReflect() protoreflect.Message

func (*GetEntitlementsResponse) Reset 

func (x *GetEntitlementsResponse) Reset()

func (*GetEntitlementsResponse) String 

func (x *GetEntitlementsResponse) String() string

type ResourceAttribute 

type ResourceAttribute struct {
	ResourceAttributesId string   `protobuf:"bytes,1,opt,name=resource_attributes_id,json=resourceAttributesId,proto3" json:"resource_attributes_id,omitempty"`
	AttributeValueFqns   []string `protobuf:"bytes,2,rep,name=attribute_value_fqns,json=attributeValueFqns,proto3" json:"attribute_value_fqns,omitempty"`
	// contains filtered or unexported fields
}

A logical bucket of attributes belonging to a "Resource"

func (*ResourceAttribute) Descriptor deprecated 

func (*ResourceAttribute) Descriptor() ([]byte, []int)

Deprecated: Use ResourceAttribute.ProtoReflect.Descriptor instead.

func (*ResourceAttribute) GetAttributeValueFqns 

func (x *ResourceAttribute) GetAttributeValueFqns() []string

func (*ResourceAttribute) GetResourceAttributesId added in v0.2.3 

func (x *ResourceAttribute) GetResourceAttributesId() string

func (*ResourceAttribute) ProtoMessage 

func (*ResourceAttribute) ProtoMessage()

func (*ResourceAttribute) ProtoReflect 

func (x *ResourceAttribute) ProtoReflect() protoreflect.Message

func (*ResourceAttribute) Reset 

func (x *ResourceAttribute) Reset()

func (*ResourceAttribute) String 

func (x *ResourceAttribute) String() string

type Token added in v0.2.3 

type Token struct {
	Id  string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`   // ephemeral id for tracking between request and response
	Jwt string `protobuf:"bytes,2,opt,name=jwt,proto3" json:"jwt,omitempty"` // the token
	// contains filtered or unexported fields
}

func (*Token) Descriptor deprecated added in v0.2.3 

func (*Token) Descriptor() ([]byte, []int)

Deprecated: Use Token.ProtoReflect.Descriptor instead.

func (*Token) GetId added in v0.2.3 

func (x *Token) GetId() string

func (*Token) GetJwt added in v0.2.3 

func (x *Token) GetJwt() string

func (*Token) ProtoMessage added in v0.2.3 

func (*Token) ProtoMessage()

func (*Token) ProtoReflect added in v0.2.3 

func (x *Token) ProtoReflect() protoreflect.Message

func (*Token) Reset added in v0.2.3 

func (x *Token) Reset()

func (*Token) String added in v0.2.3 

func (x *Token) String() string

type TokenDecisionRequest added in v0.2.3 

type TokenDecisionRequest struct {
	Actions            []*policy.Action     `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	Tokens             []*Token             `protobuf:"bytes,2,rep,name=tokens,proto3" json:"tokens,omitempty"`
	ResourceAttributes []*ResourceAttribute `protobuf:"bytes,3,rep,name=resource_attributes,json=resourceAttributes,proto3" json:"resource_attributes,omitempty"`
	// contains filtered or unexported fields
}

Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1) and Alice and client2 (represented by token tok2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ?

{ "actions": [ { "standard": "STANDARD_ACTION_TRANSMIT" } ], "tokens": [ { "id": "tok1", "jwt": .... }, { "id": "tok2", "jwt": ..... } ], "resourceAttributes": [ { "attributeFqns": [ "https://www.example.org/attr/foo/value/value1" ] }, { "attributeFqns": [ "https://example.net/attr/attr1/value/value1", "https://example.net/attr/attr1/value/value2" ] } ] }

func (*TokenDecisionRequest) Descriptor deprecated added in v0.2.3 

func (*TokenDecisionRequest) Descriptor() ([]byte, []int)

Deprecated: Use TokenDecisionRequest.ProtoReflect.Descriptor instead.

func (*TokenDecisionRequest) GetActions added in v0.2.3 

func (x *TokenDecisionRequest) GetActions() []*policy.Action

func (*TokenDecisionRequest) GetResourceAttributes added in v0.2.3 

func (x *TokenDecisionRequest) GetResourceAttributes() []*ResourceAttribute

func (*TokenDecisionRequest) GetTokens added in v0.2.3 

func (x *TokenDecisionRequest) GetTokens() []*Token

func (*TokenDecisionRequest) ProtoMessage added in v0.2.3 

func (*TokenDecisionRequest) ProtoMessage()

func (*TokenDecisionRequest) ProtoReflect added in v0.2.3 

func (x *TokenDecisionRequest) ProtoReflect() protoreflect.Message

func (*TokenDecisionRequest) Reset added in v0.2.3 

func (x *TokenDecisionRequest) Reset()

func (*TokenDecisionRequest) String added in v0.2.3 

func (x *TokenDecisionRequest) String() string

type UnimplementedAuthorizationServiceServer 

type UnimplementedAuthorizationServiceServer struct {
}

UnimplementedAuthorizationServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedAuthorizationServiceServer) GetDecisions 

func (UnimplementedAuthorizationServiceServer) GetDecisions(context.Context, *GetDecisionsRequest) (*GetDecisionsResponse, error)

func (UnimplementedAuthorizationServiceServer) GetDecisionsByToken added in v0.2.3 

func (UnimplementedAuthorizationServiceServer) GetDecisionsByToken(context.Context, *GetDecisionsByTokenRequest) (*GetDecisionsByTokenResponse, error)

func (UnimplementedAuthorizationServiceServer) GetEntitlements 

func (UnimplementedAuthorizationServiceServer) GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error)

type UnsafeAuthorizationServiceServer 

type UnsafeAuthorizationServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeAuthorizationServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AuthorizationServiceServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.