Documentation ¶
Overview ¶
Package iamauthz provides primitives for performing IAM request authorization.
Index ¶
- func Authorize(ctx context.Context)
- func RequireAuthorizationStreamInterceptor(_ interface{}, _ grpc.ServerStream, _ *grpc.StreamServerInfo, ...) error
- func RequireAuthorizationUnaryInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, ...) (interface{}, error)
- func ResolvePermissionForResource(options *iamv1.MethodAuthorizationOptions, resource string) (string, error)
- func WithAuthorization(ctx context.Context) context.Context
- type AfterMethodAuthorization
- type BeforeLongRunningOperationMethodAuthorization
- type BeforeMethodAuthorization
- type Functions
- type PermissionTester
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
Authorize marks the current request as processed by an authorization check. WithAuthorization must have been called on the context for the call to be effective.
Authorize should be called at the start of an authorization check, to ensure that any errors resulting from the authorization check itself are forwarded to the caller.
func RequireAuthorizationStreamInterceptor ¶ added in v0.20.0
func RequireAuthorizationStreamInterceptor( _ interface{}, _ grpc.ServerStream, _ *grpc.StreamServerInfo, _ grpc.StreamHandler, ) error
RequireAuthorizationStreamInterceptor is a grpc.StreamServerInterceptor that aborts all incoming streams, pending implementation of stream support in this package.
func RequireAuthorizationUnaryInterceptor ¶ added in v0.20.0
func RequireAuthorizationUnaryInterceptor( ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler, ) (interface{}, error)
RequireAuthorizationUnaryInterceptor is a grpc.UnaryServerInterceptor that requires authorization to be performed on all incoming requests.
To mark the request as processed by authorization checks, the method implementing authorization should call Authorize on the request context as soon as authorization starts.
func ResolvePermissionForResource ¶ added in v0.15.0
func ResolvePermissionForResource(options *iamv1.MethodAuthorizationOptions, resource string) (string, error)
Types ¶
type AfterMethodAuthorization ¶ added in v0.15.0
type AfterMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewAfterMethodAuthorization ¶ added in v0.15.0
func NewAfterMethodAuthorization( method protoreflect.MethodDescriptor, permissionTester PermissionTester, memberResolver iammember.Resolver, ) (*AfterMethodAuthorization, error)
type BeforeLongRunningOperationMethodAuthorization ¶ added in v0.18.0
type BeforeLongRunningOperationMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewBeforeLongRunningOperationMethodAuthorization ¶ added in v0.18.0
func NewBeforeLongRunningOperationMethodAuthorization( operationsPermissions []*iamv1.LongRunningOperationPermissions, permissionTester PermissionTester, memberResolver iammember.Resolver, ) (*BeforeLongRunningOperationMethodAuthorization, error)
func (*BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest ¶ added in v0.18.0
func (a *BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest( ctx context.Context, request iamreflect.LongRunningOperationRequest, ) (context.Context, error)
type BeforeMethodAuthorization ¶ added in v0.15.0
type BeforeMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewBeforeMethodAuthorization ¶ added in v0.15.0
func NewBeforeMethodAuthorization( method protoreflect.MethodDescriptor, permissionTester PermissionTester, memberResolver iammember.Resolver, ) (*BeforeMethodAuthorization, error)
func (*BeforeMethodAuthorization) AuthorizeRequest ¶ added in v0.15.0
type Functions ¶ added in v0.15.0
type Functions struct {
// contains filtered or unexported fields
}
func NewFunctions ¶ added in v0.15.0
func NewFunctions(options *iamv1.MethodAuthorizationOptions, tester PermissionTester) *Functions