README
¶
Authorizer Using the Kessel Relations API
Configure the impl as Kessel
authz:
impl: kessel
kessel:
insecure-client: true
url: localhost:9000
enable-oidc-auth: true
sa-client-id: "svc-test"
sa-client-secret: "<secret>"
sso-token-endpoint: "http://localhost:8084/realms/redhat-external/protocol/openid-connect/token"
Documentation
¶
Index ¶
- func IsJWTTokenExpired(accessToken string) (bool, time.Time)
- func NewTokenClient(config *tokenClientConfig) *tokenClient
- func WithBearerToken(token string) grpc.CallOption
- func WithInsecureBearerToken(token string) grpc.CallOption
- type CompletedConfig
- type Config
- type KesselAuthz
- func (a *KesselAuthz) Check(ctx context.Context, r *kessel.CheckRequest) (*kessel.CheckResponse, error)
- func (a *KesselAuthz) CreateTuples(ctx context.Context, r *kessel.CreateTuplesRequest) (*kessel.CreateTuplesResponse, error)
- func (a *KesselAuthz) DeleteTuples(ctx context.Context, r *kessel.DeleteTuplesRequest) (*kessel.DeleteTuplesResponse, error)
- func (a *KesselAuthz) Health(ctx context.Context) (*kesselv1.GetReadyzResponse, error)
- func (a *KesselAuthz) SetWorkspace(ctx context.Context, local_resource_id, workspace, namespace, name string) (*kessel.CreateTuplesResponse, error)
- type Options
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewTokenClient ¶
func NewTokenClient(config *tokenClientConfig) *tokenClient
NewTokenClient creates and returns a new tokenClient client.
func WithBearerToken ¶
func WithBearerToken(token string) grpc.CallOption
WithBearerToken returns a grpc.CallOption that adds a standard HTTP Bearer token to all requests sent from a client.
func WithInsecureBearerToken ¶
func WithInsecureBearerToken(token string) grpc.CallOption
WithInsecureBearerToken returns a grpc.CallOption that adds a standard HTTP Bearer token to all requests sent from an insecure client.
Must be used in conjunction with `insecure.NewCredentials()`.
Types ¶
type CompletedConfig ¶
type CompletedConfig struct {
// contains filtered or unexported fields
}
type KesselAuthz ¶
type KesselAuthz struct {
HealthService kesselv1.KesselRelationsHealthServiceClient
CheckService kessel.KesselCheckServiceClient
TupleService kessel.KesselTupleServiceClient
Logger *log.Helper
// contains filtered or unexported fields
}
func New ¶
func New(ctx context.Context, config CompletedConfig, logger *log.Helper) (*KesselAuthz, error)
func (*KesselAuthz) Check ¶
func (a *KesselAuthz) Check(ctx context.Context, r *kessel.CheckRequest) (*kessel.CheckResponse, error)
func (*KesselAuthz) CreateTuples ¶
func (a *KesselAuthz) CreateTuples(ctx context.Context, r *kessel.CreateTuplesRequest) (*kessel.CreateTuplesResponse, error)
func (*KesselAuthz) DeleteTuples ¶
func (a *KesselAuthz) DeleteTuples(ctx context.Context, r *kessel.DeleteTuplesRequest) (*kessel.DeleteTuplesResponse, error)
func (*KesselAuthz) Health ¶
func (a *KesselAuthz) Health(ctx context.Context) (*kesselv1.GetReadyzResponse, error)
func (*KesselAuthz) SetWorkspace ¶
func (a *KesselAuthz) SetWorkspace(ctx context.Context, local_resource_id, workspace, namespace, name string) (*kessel.CreateTuplesResponse, error)
type Options ¶
type Options struct {
URL string `mapstructure:"url"`
Insecure bool `mapstructure:"insecure-client"`
EnableOidcAuth bool `mapstructure:"enable-oidc-auth"`
ClientId string `mapstructure:"sa-client-id"`
ClientSecret string `mapstructure:"sa-client-secret"`
TokenEndpoint string `mapstructure:"sso-token-endpoint"`
}
TODO: presumably more will go here to authenticate Common Inventory as a service to call Kessel.
func NewOptions ¶
func NewOptions() *Options
type TokenResponse ¶
Source Files
Click to show internal directories.
Click to hide internal directories.