authpolicy

package

v1.7.3 Latest Latest Go to latest Published: Oct 10, 2023 License: Apache-2.0 Imports: 10 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Engine
- func (e *Engine) Eval(ctx context.Context, input Input) (result Result, err error)
type Input
type LocalOpaProviderConfig
type OpaEngineConfig
type Result

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

Engine drives policy management.

func DefaultAuthPolicy ¶

func DefaultAuthPolicy(ctx context.Context) (*Engine, error)

DefaultAuthPolicy returns the default policy engine

func NewEngineFromConfigOrDefault ¶

func NewEngineFromConfigOrDefault(ctx context.Context, cfg *OpaEngineConfig) (*Engine, error)

NewEngineFromConfigOrDefault returns a new policy engine. Or if no config is provided, provides the default policy

func NewEngineFromRego ¶

func NewEngineFromRego(ctx context.Context, regoPolicy string, dataStore storage.Store) (*Engine, error)

NewEngineFromRego is a helper to create the Engine object

func (*Engine) Eval ¶

func (e *Engine) Eval(ctx context.Context, input Input) (result Result, err error)

Eval determines whether access should be allowed on a resource.

type Input ¶

type Input struct {
	// Caller is the authenticated identity of the actor making a request.
	Caller string `json:"caller"`

	// FullMethod is the fully-qualified name of the proto rpc service method.
	FullMethod string `json:"full_method"`

	// Req represents data received from the request body. It MUST be a
	// protobuf request object with fields that are serializable as JSON,
	// since they will be used in policy definitions.
	Req interface{} `json:"req"`
}

Input represents context associated with an access request.

type LocalOpaProviderConfig ¶

type LocalOpaProviderConfig struct {
	RegoPath       string `hcl:"rego_path"`
	PolicyDataPath string `hcl:"policy_data_path"`
}

type OpaEngineConfig ¶

type OpaEngineConfig struct {
	LocalOpaProvider *LocalOpaProviderConfig `hcl:"local"`
}

type Result ¶

type Result struct {
	Allow             bool `json:"allow"`
	AllowIfAdmin      bool `json:"allow_if_admin"`
	AllowIfLocal      bool `json:"allow_if_local"`
	AllowIfDownstream bool `json:"allow_if_downstream"`
	AllowIfAgent      bool `json:"allow_if_agent"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL