authorization

package
v1.2.15-prerelease07 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2024 License: MIT Imports: 24 Imported by: 0

Documentation

Overview

Package authorization is a generated GoMock package.

Index

Constants

This section is empty.

Variables

View Source
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() }

SHA256 algorithm

View Source
var SHA512 scram.HashGeneratorFcn = func() hash.Hash { return sha512.New() }

SHA512 algorithm

Functions

func GetAuthProviderClient added in v0.24.0

func GetAuthProviderClient(privateKey string) (clientworker.AuthorizationProvider, error)

Types

type Attributes

type Attributes struct {
	Actor        string
	APIName      string
	DomainName   string
	WorkflowType *types.WorkflowType
	TaskList     *types.TaskList
	Permission   Permission
	RequestBody  FilteredRequestBody // request object except for data inputs (PII)
}

Attributes is input for authority to make decision. It can be extended in future if required auth on resources like WorkflowType and TaskList

type Authorizer

type Authorizer interface {
	Authorize(ctx context.Context, attributes *Attributes) (Result, error)
}

Authorizer is an interface for authorization

func NewAuthorizer added in v0.23.1

func NewAuthorizer(authorization config.Authorization, logger log.Logger, domainCache cache.DomainCache) (Authorizer, error)

func NewNopAuthorizer

func NewNopAuthorizer() (Authorizer, error)

NewNopAuthorizer creates a no-op authority

func NewOAuthAuthorizer added in v0.23.1

func NewOAuthAuthorizer(
	oauthConfig config.OAuthAuthorizer,
	log log.Logger,
	domainCache cache.DomainCache,
) (Authorizer, error)

NewOAuthAuthorizer creates an oauth Authorizer

type Decision

type Decision int

Decision is enum type for auth decision

const (
	// DecisionDeny means auth decision is deny
	DecisionDeny Decision = iota + 1
	// DecisionAllow means auth decision is allow
	DecisionAllow
)

type FilteredRequestBody added in v1.2.1

type FilteredRequestBody interface {
	SerializeForLogging() (string, error)
}

FilteredRequestBody request object except for data inputs (PII)

func NewFilteredRequestBody

func NewFilteredRequestBody(request interface{}) FilteredRequestBody

type JWTClaims added in v0.23.1

type JWTClaims struct {
	jwt.RegisteredClaims

	Name   string
	Groups string // separated by space
	Admin  bool
	TTL    int64 // TODO should be removed. ExpiresAt should be used
}

JWTClaims is a Cadence specific claim with embeded Claims defined https://datatracker.ietf.org/doc/html/rfc7519#section-4.1

func (JWTClaims) GetGroups added in v1.2.7

func (j JWTClaims) GetGroups() []string

type MockAuthorizer added in v0.12.0

type MockAuthorizer struct {
	// contains filtered or unexported fields
}

MockAuthorizer is a mock of Authorizer interface.

func NewMockAuthorizer added in v0.12.0

func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer

NewMockAuthorizer creates a new mock instance.

func (*MockAuthorizer) Authorize added in v0.12.0

func (m *MockAuthorizer) Authorize(ctx context.Context, attributes *Attributes) (Result, error)

Authorize mocks base method.

func (*MockAuthorizer) EXPECT added in v0.12.0

EXPECT returns an object that allows the caller to indicate expected use.

type MockAuthorizerMockRecorder added in v0.12.0

type MockAuthorizerMockRecorder struct {
	// contains filtered or unexported fields
}

MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.

func (*MockAuthorizerMockRecorder) Authorize added in v0.12.0

func (mr *MockAuthorizerMockRecorder) Authorize(ctx, attributes interface{}) *gomock.Call

Authorize indicates an expected call of Authorize.

type MockFilteredRequestBody added in v1.2.1

type MockFilteredRequestBody struct {
	// contains filtered or unexported fields
}

MockFilteredRequestBody is a mock of FilteredRequestBody interface.

func NewMockFilteredRequestBody added in v1.2.1

func NewMockFilteredRequestBody(ctrl *gomock.Controller) *MockFilteredRequestBody

NewMockFilteredRequestBody creates a new mock instance.

func (*MockFilteredRequestBody) EXPECT added in v1.2.1

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockFilteredRequestBody) SerializeForLogging added in v1.2.1

func (m *MockFilteredRequestBody) SerializeForLogging() (string, error)

SerializeForLogging mocks base method.

type MockFilteredRequestBodyMockRecorder added in v1.2.1

type MockFilteredRequestBodyMockRecorder struct {
	// contains filtered or unexported fields
}

MockFilteredRequestBodyMockRecorder is the mock recorder for MockFilteredRequestBody.

func (*MockFilteredRequestBodyMockRecorder) SerializeForLogging added in v1.2.1

func (mr *MockFilteredRequestBodyMockRecorder) SerializeForLogging() *gomock.Call

SerializeForLogging indicates an expected call of SerializeForLogging.

type Permission added in v0.23.1

type Permission int

Permission is enum type for auth permission

const (
	// PermissionRead means the user can write on the domain level APIs
	PermissionRead Permission = iota + 1
	// PermissionWrite means the user can write on the domain level APIs
	PermissionWrite
	// PermissionAdmin means the user can read+write on the domain level APIs
	PermissionAdmin
)

func NewPermission added in v0.23.1

func NewPermission(permission string) Permission

type Result

type Result struct {
	Decision Decision
}

Result is result from authority.

type XDGSCRAMClient added in v0.21.0

type XDGSCRAMClient struct {
	*scram.Client
	*scram.ClientConversation
	scram.HashGeneratorFcn
}

XDGSCRAMClient is the scram client

func (*XDGSCRAMClient) Begin added in v0.21.0

func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error)

Begin creates new client

func (*XDGSCRAMClient) Done added in v0.21.0

func (x *XDGSCRAMClient) Done() bool

Done stops the client

func (*XDGSCRAMClient) Step added in v0.21.0

func (x *XDGSCRAMClient) Step(challenge string) (response string, err error)

Step takes a string provided from a server (or just an empty string for the very first conversation step) and attempts to move the authentication conversation forward. It returns a string to be sent to the server or an error if the server message is invalid. Calling Step after a conversation completes is also an error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL