Affected by GO-2024-2965 and 1 other vulnerabilities

GO-2024-2965: Pomerium exposed OAuth2 access and ID tokens in user info endpoint response in github.com/pomerium/pomerium

GO-2024-3179: Pomerium service account access token may grant unintended access to databroker API in github.com/pomerium/pomerium

authorize

package

v0.23.0 Latest Latest Go to latest Published: Aug 23, 2023 License: Apache-2.0 Imports: 52 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pomerium/pomerium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).

Index ¶

type AccessTracker
- func NewAccessTracker(provider AccessTrackerProvider, maxSize int, debouncePeriod time.Duration) *AccessTracker
type AccessTrackerProvider
type Authorize
- func New(cfg *config.Config) (*Authorize, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessTracker ¶ added in v0.17.3

type AccessTracker struct {
	// contains filtered or unexported fields
}

A AccessTracker tracks accesses to sessions

func NewAccessTracker ¶ added in v0.17.3

func NewAccessTracker(
	provider AccessTrackerProvider,
	maxSize int,
	debouncePeriod time.Duration,
) *AccessTracker

NewAccessTracker creates a new SessionAccessTracker.

func (*AccessTracker) Run ¶ added in v0.17.3

func (tracker *AccessTracker) Run(ctx context.Context)

Run runs the access tracker.

func (*AccessTracker) TrackServiceAccountAccess ¶ added in v0.17.3

func (tracker *AccessTracker) TrackServiceAccountAccess(serviceAccountID string)

TrackServiceAccountAccess tracks a service account access.

func (*AccessTracker) TrackSessionAccess ¶ added in v0.17.3

func (tracker *AccessTracker) TrackSessionAccess(sessionID string)

TrackSessionAccess tracks a session access.

type AccessTrackerProvider ¶ added in v0.17.3

type AccessTrackerProvider interface {
	GetDataBrokerServiceClient() databroker.DataBrokerServiceClient
}

A AccessTrackerProvider provides the databroker service client for tracking session access.

type Authorize ¶

type Authorize struct {
	// contains filtered or unexported fields
}

Authorize struct holds

func New ¶

func New(cfg *config.Config) (*Authorize, error)

New validates and creates a new Authorize service from a set of config options.

func (*Authorize) Check ¶ added in v0.9.0

func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRequest) (*envoy_service_auth_v3.CheckResponse, error)

Check implements the envoy auth server gRPC endpoint.

func (*Authorize) GetDataBrokerServiceClient ¶ added in v0.17.3

func (a *Authorize) GetDataBrokerServiceClient() databroker.DataBrokerServiceClient

GetDataBrokerServiceClient returns the current DataBrokerServiceClient.

func (*Authorize) OnConfigChange ¶ added in v0.10.0

func (a *Authorize) OnConfigChange(ctx context.Context, cfg *config.Config)

OnConfigChange updates internal structures based on config.Options

func (*Authorize) Run ¶ added in v0.10.0

func (a *Authorize) Run(ctx context.Context) error

Run runs the authorize service.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
evaluator Package evaluator contains rego evaluators for evaluating authorize policy.	Package evaluator contains rego evaluators for evaluating authorize policy.
opa Package opa implements the policy evaluator interface to make authorization decisions.	Package opa implements the policy evaluator interface to make authorization decisions.
internal
store Package store contains a datastore for authorization policy evaluation.	Package store contains a datastore for authorization policy evaluation.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL