Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrMissingNamespace = elemental.NewError( "Forbidden", "Missing X-Namespace header", "a3s:authorizer", http.StatusForbidden, ) ErrInvalidNamespace = elemental.NewError( "Forbidden", "Invalid X-Namespace header. A namespace must start with /", "a3s:authorizer", http.StatusForbidden, ) ErrMissingToken = elemental.NewError( "Forbidden", "Missing token in either Authorization header or X-A3S-Token in cookies", "a3s:authorizer", http.StatusForbidden, ) )
Various Authorizer errors.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer interface {
bahamut.Authorizer
CheckAuthorization(
ctx context.Context,
claims []string,
op string,
ns string,
resource string,
opts ...OptionCheck,
) (bool, error)
}
An Authorizer is a bahamut.Authorizer compliant structure that can be used to authorize a session or a request.
func New ¶
func New(ctx context.Context, retriever permissions.Retriever, pubsub bahamut.PubSubClient, options ...Option) Authorizer
New creates a new Authorizer using the given permissions.Retriever and PubSubClient. The authorizer aggressively chache the authentication results and uses the pubsub to update the state of cache, by dropping parts of cache affected by a change in namespace or Authorization policies.
func NewRemote ¶
func NewRemote(ctx context.Context, m manipulate.Manipulator, r permissions.Retriever, options ...Option) Authorizer
NewRemote returns a ready to use bahamut.Authorizer that can be used over the API. This is meant to be use by external bahamut service. Updates of the namespace/authorization state comes from the websocket.
type MockOperationTransformer ¶
type MockOperationTransformer interface {
OperationTransformer
MockTransform(t *testing.T, impl func(elemental.Operation) string)
}
A MockOperationTransformer allows to mock a transform.OperationTransformer for unit tests.
func NewMockOperationTransformer ¶
func NewMockOperationTransformer() MockOperationTransformer
NewMockOperationTransformer returns a MockOperationTransformer.
type OperationTransformer ¶
A OperationTransformer is an interface that can transform the operation being evaluated.
type Option ¶
type Option func(*config)
An Option can be used to configure various options in the Authorizer.
func OptionIgnoredResources ¶
OptionIgnoredResources sets the list of identities that should skip authorizations.
func OptionOperationTransformer ¶
func OptionOperationTransformer(t OperationTransformer) Option
OptionOperationTransformer sets operation transformer to apply to each operation.
type OptionCheck ¶
type OptionCheck func(*checkConfig)
An OptionCheck can be used to configure various options when calling CheckPermissions.
func OptionCheckID ¶
func OptionCheckID(id string) OptionCheck
OptionCheckID sets source IP of the request.
func OptionCheckRestrictions ¶
func OptionCheckRestrictions(r permissions.Restrictions) OptionCheck
OptionCheckRestrictions sets source restrictions to apply.
func OptionCheckSourceIP ¶
func OptionCheckSourceIP(ip string) OptionCheck
OptionCheckSourceIP sets source IP of the request.
Source Files