iamauthz

package
v0.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 12, 2021 License: MIT Imports: 21 Imported by: 2

Documentation

Overview

Package iamauthz provides primitives for performing IAM request authorization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authorize 

func Authorize(ctx context.Context)

Authorize marks the current request as processed by an authorization check. WithAuthorization must have been called on the context for the call to be effective.

Authorize should be called at the start of an authorization check, to ensure that any errors resulting from the authorization check itself are forwarded to the caller.

func RequireAuthorizationStreamInterceptor added in v0.20.0 

func RequireAuthorizationStreamInterceptor(
	_ interface{},
	_ grpc.ServerStream,
	_ *grpc.StreamServerInfo,
	_ grpc.StreamHandler,
) error

RequireAuthorizationStreamInterceptor is a grpc.StreamServerInterceptor that aborts all incoming streams, pending implementation of stream support in this package.

func RequireAuthorizationUnaryInterceptor added in v0.20.0 

func RequireAuthorizationUnaryInterceptor(
	ctx context.Context,
	req interface{},
	_ *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler,
) (interface{}, error)

RequireAuthorizationUnaryInterceptor is a grpc.UnaryServerInterceptor that requires authorization to be performed on all incoming requests.

To mark the request as processed by authorization checks, the method implementing authorization should call Authorize on the request context as soon as authorization starts.

func WithAuthorization 

func WithAuthorization(ctx context.Context) context.Context

WithAuthorization adds authorization to the current request context.

Types

type AfterMethodAuthorization added in v0.15.0 

type AfterMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewAfterMethodAuthorization added in v0.15.0 

func NewAfterMethodAuthorization(
	method protoreflect.MethodDescriptor,
	permissionTester PermissionTester,
	memberResolver iammember.Resolver,
) (*AfterMethodAuthorization, error)

func (*AfterMethodAuthorization) AuthorizeRequestAndResponse added in v0.15.0 

func (a *AfterMethodAuthorization) AuthorizeRequestAndResponse(
	ctx context.Context,
	request proto.Message,
	response proto.Message,
) (context.Context, error)

type BeforeLongRunningOperationMethodAuthorization added in v0.18.0 

type BeforeLongRunningOperationMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewBeforeLongRunningOperationMethodAuthorization added in v0.18.0 

func NewBeforeLongRunningOperationMethodAuthorization(
	operationsPermissions []*iamv1.LongRunningOperationPermissions,
	permissionTester PermissionTester,
	memberResolver iammember.Resolver,
) (*BeforeLongRunningOperationMethodAuthorization, error)

func (*BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest added in v0.18.0 

func (a *BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest(
	ctx context.Context,
	request iamreflect.LongRunningOperationRequest,
) (context.Context, error)

type BeforeMethodAuthorization added in v0.15.0 

type BeforeMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewBeforeMethodAuthorization added in v0.15.0 

func NewBeforeMethodAuthorization(
	method protoreflect.MethodDescriptor,
	permissionTester PermissionTester,
	memberResolver iammember.Resolver,
) (*BeforeMethodAuthorization, error)

func (*BeforeMethodAuthorization) AuthorizeRequest added in v0.15.0 

func (a *BeforeMethodAuthorization) AuthorizeRequest(
	ctx context.Context,
	request proto.Message,
) (context.Context, error)

type PermissionTestFunctions added in v0.26.0 

type PermissionTestFunctions struct {
	// contains filtered or unexported fields
}

func NewPermissionTestFunctions added in v0.26.0 

func NewPermissionTestFunctions(
	options *iamv1.MethodAuthorizationOptions,
	tester PermissionTester,
) *PermissionTestFunctions

func (*PermissionTestFunctions) Declarations added in v0.26.0 

func (f *PermissionTestFunctions) Declarations() []*expr.Decl

func (*PermissionTestFunctions) Functions added in v0.26.0 

func (f *PermissionTestFunctions) Functions() []*functions.Overload

type PermissionTester added in v0.15.0 

type PermissionTester interface {
	TestResourcePermission(
		ctx context.Context, members []string, resource string, permission string,
	) (bool, error)
	TestResourcePermissions(
		ctx context.Context, members []string, resourcePermissions map[string]string,
	) (map[string]bool, error)
}

type ResourceNameFunctions added in v0.26.0 

type ResourceNameFunctions struct{}

func (ResourceNameFunctions) Declarations added in v0.26.0 

func (ResourceNameFunctions) Declarations() []*expr.Decl

func (ResourceNameFunctions) Functions added in v0.26.0 

func (f ResourceNameFunctions) Functions() []*functions.Overload

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.