iamauthz

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2021 License: MIT Imports: 19 Imported by: 2

Documentation

Overview

Package iamauthz provides primitives for performing IAM request authorization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authorize 

func Authorize(ctx context.Context)

Authorize marks the current request as processed by an authorization check. WithAuthorization must have been called on the context for the call to be effective.

Authorize should be called at the start of an authorization check, to ensure that any errors resulting from the authorization check itself are forwarded to the caller.

func RequireStreamAuthorization 

func RequireStreamAuthorization(
	_ interface{},
	_ grpc.ServerStream,
	_ *grpc.StreamServerInfo,
	_ grpc.StreamHandler,
) error

RequireStreamAuthorization is a grpc.StreamServerInterceptor that aborts all incoming streams, pending implementation of stream support in this package.

func RequireUnaryAuthorization 

func RequireUnaryAuthorization(
	ctx context.Context,
	req interface{},
	_ *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler,
) (interface{}, error)

RequireUnaryAuthorization is a grpc.UnaryServerInterceptor that requires authorization to be performed on all incoming requests.

To mark the request as processed by authorization checks, the method implementing authorization should call Authorize on the request context as soon as authorization starts.

func ResolvePermissionForResource added in v0.15.0 

func ResolvePermissionForResource(options *iamv1.MethodAuthorizationOptions, resource string) (string, error)

func WithAuthorization 

func WithAuthorization(ctx context.Context) context.Context

WithAuthorization adds authorization to the current request context.

Types

type AfterMethodAuthorization added in v0.15.0 

type AfterMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewAfterMethodAuthorization added in v0.15.0 

func NewAfterMethodAuthorization(
	method protoreflect.MethodDescriptor,
	permissionTester PermissionTester,
	memberResolver iammember.Resolver,
) (*AfterMethodAuthorization, error)

func (*AfterMethodAuthorization) AuthorizeRequestAndResponse added in v0.15.0 

func (a *AfterMethodAuthorization) AuthorizeRequestAndResponse(
	ctx context.Context,
	request proto.Message,
	response proto.Message,
) (context.Context, error)

type BeforeMethodAuthorization added in v0.15.0 

type BeforeMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewBeforeMethodAuthorization added in v0.15.0 

func NewBeforeMethodAuthorization(
	method protoreflect.MethodDescriptor,
	permissionTester PermissionTester,
	memberResolver iammember.Resolver,
) (*BeforeMethodAuthorization, error)

func (*BeforeMethodAuthorization) AuthorizeRequest added in v0.15.0 

func (a *BeforeMethodAuthorization) AuthorizeRequest(
	ctx context.Context,
	request proto.Message,
) (context.Context, error)

type Functions added in v0.15.0 

type Functions struct {
	// contains filtered or unexported fields
}

func NewFunctions added in v0.15.0 

func NewFunctions(options *iamv1.MethodAuthorizationOptions, tester PermissionTester) *Functions

func (*Functions) Declarations added in v0.15.0 

func (f *Functions) Declarations() []*expr.Decl

func (*Functions) Functions added in v0.15.0 

func (f *Functions) Functions() []*functions.Overload

type PermissionTester added in v0.15.0 

type PermissionTester interface {
	TestResourcePermission(context.Context, []string, string, string) (bool, error)
	TestResourcePermissions(context.Context, []string, map[string]string) (map[string]bool, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.