cerbos

package module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2023 License: MIT Imports: 8 Imported by: 1

README

Cerbos

GitHub Workflow Status go.dev reference built with nix

Authorize registry token requests using Cerbos.

[!WARNING] Project is under development. Backwards compatibility is not guaranteed.

Development

For an optimal developer experience, it is recommended to install Nix and direnv.

Using Dagger

Run tests:

dagger call test

Run linters:

dagger call lint
Manual workflow

Launch Cerbos:

docker compose up -d

Run tests:

go test -race -v ./...

Run linter:

golangci-lint run

To test changes made in registry-auth and registry-auth-config:

Make sure registry-auth is checked out in the same directory:

cd ..
git clone git@github.com:portward/registry-auth.git
cd cerbos

Set up a Go workspace:

go work init
go work use .
go work use ../registry-auth
go work sync

Cleanup:

docker compose down -v

License

The project is licensed under the MIT License.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authorizer

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer uses Cerbos to authorize resource requests.

func NewAuthorizer

func NewAuthorizer(client *cerbos.GRPCClient, defaultRoles []string) Authorizer

NewAuthorizer returns a new Authorizer.

func (Authorizer) Authorize

func (a Authorizer) Authorize(ctx context.Context, subject auth.Subject, requestedScopes []auth.Scope) ([]auth.Scope, error)

Authorize implements the auth.Authorizer interface.

type Config

type Config struct {
	Address      string        `mapstructure:"address"`
	Options      OptionsConfig `mapstructure:"options"`
	DefaultRoles []string      `mapstructure:"defaultRoles"`
}

Config implements the AuthorizerFactory interface defined by Portward.

func (Config) New

func (c Config) New() (auth.Authorizer, error)

New returns a new Authorizer from the configuration.

func (Config) Validate

func (c Config) Validate() error

Validate validates the configuration.

type OptionsConfig

type OptionsConfig struct {
	Plaintext bool `mapstructure:"plaintext"`
}

OptionsConfig implements options for the Cerbos client connection.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL