authz

package

v0.40.7 Latest Latest Go to latest Published: Feb 29, 2024 License: Apache-2.0 Imports: 22 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/oathkeeper

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func NewErrAuthorizerMisconfigured(a Authorizer, err error) *herodot.DefaultError
func NewErrAuthorizerNotEnabled(a Authorizer) *herodot.DefaultError
type Authorizer
type AuthorizerAllow
- func NewAuthorizerAllow(c configuration.Provider) *AuthorizerAllow
- func (a *AuthorizerAllow) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, ...) error
- func (a *AuthorizerAllow) GetID() string
- func (a *AuthorizerAllow) Validate(config json.RawMessage) error
type AuthorizerDeny
- func NewAuthorizerDeny(c configuration.Provider) *AuthorizerDeny
- func (a *AuthorizerDeny) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, ...) error
- func (a *AuthorizerDeny) GetID() string
- func (a *AuthorizerDeny) Validate(config json.RawMessage) error
type AuthorizerKetoEngineACPORY
- func NewAuthorizerKetoEngineACPORY(c configuration.Provider, d interface{ ... }) *AuthorizerKetoEngineACPORY
- func (a *AuthorizerKetoEngineACPORY) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, ...) (err error)
- func (a *AuthorizerKetoEngineACPORY) Config(config json.RawMessage) (*AuthorizerKetoEngineACPORYConfiguration, error)
- func (a *AuthorizerKetoEngineACPORY) GetID() string
- func (a *AuthorizerKetoEngineACPORY) Validate(config json.RawMessage) error
- func (a *AuthorizerKetoEngineACPORY) WithContextCreator(f authorizerKetoWardenContext)
type AuthorizerKetoEngineACPORYConfiguration
- func (c *AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID() string
- func (c *AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID() string
- func (c *AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID() string
type AuthorizerKetoEngineACPORYRequestBody
type AuthorizerRemote
- func NewAuthorizerRemote(c configuration.Provider, d interface{ ... }) *AuthorizerRemote
- func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, ...) (err error)
- func (a *AuthorizerRemote) Config(config json.RawMessage) (*AuthorizerRemoteConfiguration, error)
- func (a *AuthorizerRemote) GetID() string
- func (a *AuthorizerRemote) Validate(config json.RawMessage) error
type AuthorizerRemoteConfiguration
type AuthorizerRemoteJSON
- func NewAuthorizerRemoteJSON(c configuration.Provider, d interface{ ... }) *AuthorizerRemoteJSON
- func (a *AuthorizerRemoteJSON) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, ...) (err error)
- func (a *AuthorizerRemoteJSON) Config(config json.RawMessage) (*AuthorizerRemoteJSONConfiguration, error)
- func (a *AuthorizerRemoteJSON) GetID() string
- func (a *AuthorizerRemoteJSON) Validate(config json.RawMessage) error
type AuthorizerRemoteJSONConfiguration
- func (c *AuthorizerRemoteJSONConfiguration) PayloadTemplateID() string
type AuthorizerRemoteJSONRetryConfiguration
type AuthorizerRemoteRetryConfiguration
type Registry

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrAuthorizerNotEnabled = herodot.DefaultError{
	ErrorField:  "authorizer matching this route is misconfigured or disabled",
	CodeField:   http.StatusInternalServerError,
	StatusField: http.StatusText(http.StatusInternalServerError),
}

Functions ¶

func NewErrAuthorizerMisconfigured ¶

func NewErrAuthorizerMisconfigured(a Authorizer, err error) *herodot.DefaultError

func NewErrAuthorizerNotEnabled ¶

func NewErrAuthorizerNotEnabled(a Authorizer) *herodot.DefaultError

Types ¶

type Authorizer ¶

type Authorizer interface {
	Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rule pipeline.Rule) error
	GetID() string
	Validate(config json.RawMessage) error
}

type AuthorizerAllow ¶

type AuthorizerAllow struct {
	// contains filtered or unexported fields
}

func NewAuthorizerAllow ¶

func NewAuthorizerAllow(c configuration.Provider) *AuthorizerAllow

func (*AuthorizerAllow) Authorize ¶

func (a *AuthorizerAllow) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerAllow) GetID ¶

func (a *AuthorizerAllow) GetID() string

func (*AuthorizerAllow) Validate ¶

func (a *AuthorizerAllow) Validate(config json.RawMessage) error

type AuthorizerDeny ¶

type AuthorizerDeny struct {
	// contains filtered or unexported fields
}

func NewAuthorizerDeny ¶

func NewAuthorizerDeny(c configuration.Provider) *AuthorizerDeny

func (*AuthorizerDeny) Authorize ¶

func (a *AuthorizerDeny) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) error

func (*AuthorizerDeny) GetID ¶

func (a *AuthorizerDeny) GetID() string

func (*AuthorizerDeny) Validate ¶

func (a *AuthorizerDeny) Validate(config json.RawMessage) error

type AuthorizerKetoEngineACPORY ¶

type AuthorizerKetoEngineACPORY struct {
	// contains filtered or unexported fields
}

func NewAuthorizerKetoEngineACPORY ¶

func NewAuthorizerKetoEngineACPORY(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerKetoEngineACPORY

func (*AuthorizerKetoEngineACPORY) Authorize ¶

func (a *AuthorizerKetoEngineACPORY) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, _ pipeline.Rule) (err error)

func (*AuthorizerKetoEngineACPORY) Config ¶

func (a *AuthorizerKetoEngineACPORY) Config(config json.RawMessage) (*AuthorizerKetoEngineACPORYConfiguration, error)

func (*AuthorizerKetoEngineACPORY) GetID ¶

func (a *AuthorizerKetoEngineACPORY) GetID() string

func (*AuthorizerKetoEngineACPORY) Validate ¶

func (a *AuthorizerKetoEngineACPORY) Validate(config json.RawMessage) error

func (*AuthorizerKetoEngineACPORY) WithContextCreator ¶

func (a *AuthorizerKetoEngineACPORY) WithContextCreator(f authorizerKetoWardenContext)

type AuthorizerKetoEngineACPORYConfiguration ¶

type AuthorizerKetoEngineACPORYConfiguration struct {
	RequiredAction   string `json:"required_action"`
	RequiredResource string `json:"required_resource"`
	Subject          string `json:"subject"`
	Flavor           string `json:"flavor"`
	BaseURL          string `json:"base_url"`
}

func (*AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID ¶

func (c *AuthorizerKetoEngineACPORYConfiguration) ActionTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID ¶

func (c *AuthorizerKetoEngineACPORYConfiguration) ResourceTemplateID() string

func (*AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID ¶

func (c *AuthorizerKetoEngineACPORYConfiguration) SubjectTemplateID() string

type AuthorizerKetoEngineACPORYRequestBody ¶

type AuthorizerKetoEngineACPORYRequestBody struct {
	Action   string                 `json:"action"`
	Context  map[string]interface{} `json:"context"`
	Resource string                 `json:"resource"`
	Subject  string                 `json:"subject"`
}

type AuthorizerRemote ¶

type AuthorizerRemote struct {
	// contains filtered or unexported fields
}

AuthorizerRemote implements the Authorizer interface.

func NewAuthorizerRemote ¶

func NewAuthorizerRemote(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemote

NewAuthorizerRemote creates a new AuthorizerRemote.

func (*AuthorizerRemote) Authorize ¶

func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) (err error)

Authorize implements the Authorizer interface.

func (*AuthorizerRemote) Config ¶

func (a *AuthorizerRemote) Config(config json.RawMessage) (*AuthorizerRemoteConfiguration, error)

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemote) GetID ¶

func (a *AuthorizerRemote) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemote) Validate ¶

func (a *AuthorizerRemote) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteConfiguration ¶

type AuthorizerRemoteConfiguration struct {
	Remote                           string                              `json:"remote"`
	Headers                          map[string]string                   `json:"headers"`
	ForwardResponseHeadersToUpstream []string                            `json:"forward_response_headers_to_upstream"`
	Retry                            *AuthorizerRemoteRetryConfiguration `json:"retry"`
}

AuthorizerRemoteConfiguration represents a configuration for the remote authorizer.

type AuthorizerRemoteJSON ¶

type AuthorizerRemoteJSON struct {
	// contains filtered or unexported fields
}

AuthorizerRemoteJSON implements the Authorizer interface.

func NewAuthorizerRemoteJSON ¶

func NewAuthorizerRemoteJSON(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemoteJSON

NewAuthorizerRemoteJSON creates a new AuthorizerRemoteJSON.

func (*AuthorizerRemoteJSON) Authorize ¶

func (a *AuthorizerRemoteJSON) Authorize(r *http.Request, session *authn.AuthenticationSession, config json.RawMessage, rl pipeline.Rule) (err error)

Authorize implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Config ¶

func (a *AuthorizerRemoteJSON) Config(config json.RawMessage) (*AuthorizerRemoteJSONConfiguration, error)

Config merges config and the authorizer's configuration and validates the resulting configuration. It reports an error if the configuration is invalid.

func (*AuthorizerRemoteJSON) GetID ¶

func (a *AuthorizerRemoteJSON) GetID() string

GetID implements the Authorizer interface.

func (*AuthorizerRemoteJSON) Validate ¶

func (a *AuthorizerRemoteJSON) Validate(config json.RawMessage) error

Validate implements the Authorizer interface.

type AuthorizerRemoteJSONConfiguration ¶

type AuthorizerRemoteJSONConfiguration struct {
	Remote                           string                                  `json:"remote"`
	Headers                          map[string]string                       `json:"headers"`
	Payload                          string                                  `json:"payload"`
	ForwardResponseHeadersToUpstream []string                                `json:"forward_response_headers_to_upstream"`
	Retry                            *AuthorizerRemoteJSONRetryConfiguration `json:"retry"`
}

AuthorizerRemoteJSONConfiguration represents a configuration for the remote_json authorizer.

func (*AuthorizerRemoteJSONConfiguration) PayloadTemplateID ¶

func (c *AuthorizerRemoteJSONConfiguration) PayloadTemplateID() string

PayloadTemplateID returns a string with which to associate the payload template.

type AuthorizerRemoteJSONRetryConfiguration ¶

type AuthorizerRemoteJSONRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type AuthorizerRemoteRetryConfiguration ¶

type AuthorizerRemoteRetryConfiguration struct {
	Timeout string `json:"max_delay"`
	MaxWait string `json:"give_up_after"`
}

type Registry ¶

type Registry interface {
	AvailablePipelineAuthorizers() []string
	PipelineAuthorizer(string) (Authorizer, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL