Documentation ¶
Overview ¶
Package iamauthz provides primitives for performing IAM request authorization.
Index ¶
- func Authorize(ctx context.Context)
- func RequireAuthorizationStreamInterceptor(_ interface{}, _ grpc.ServerStream, _ *grpc.StreamServerInfo, ...) error
- func RequireAuthorizationUnaryInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, ...) (interface{}, error)
- func WithAuthorization(ctx context.Context) context.Context
- type AfterMethodAuthorization
- type BeforeLongRunningOperationMethodAuthorization
- type BeforeMethodAuthorization
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
Authorize marks the current request as processed by an authorization check. WithAuthorization must have been called on the context for the call to be effective.
Authorize should be called at the start of an authorization check, to ensure that any errors resulting from the authorization check itself are forwarded to the caller.
func RequireAuthorizationStreamInterceptor ¶ added in v0.20.0
func RequireAuthorizationStreamInterceptor( _ interface{}, _ grpc.ServerStream, _ *grpc.StreamServerInfo, _ grpc.StreamHandler, ) error
RequireAuthorizationStreamInterceptor is a grpc.StreamServerInterceptor that aborts all incoming streams, pending implementation of stream support in this package.
func RequireAuthorizationUnaryInterceptor ¶ added in v0.20.0
func RequireAuthorizationUnaryInterceptor( ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler, ) (interface{}, error)
RequireAuthorizationUnaryInterceptor is a grpc.UnaryServerInterceptor that requires authorization to be performed on all incoming requests.
To mark the request as processed by authorization checks, the method implementing authorization should call Authorize on the request context as soon as authorization starts.
Types ¶
type AfterMethodAuthorization ¶ added in v0.15.0
type AfterMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewAfterMethodAuthorization ¶ added in v0.15.0
func NewAfterMethodAuthorization( method protoreflect.MethodDescriptor, options *iamv1.MethodAuthorizationOptions, permissionTester iamcel.PermissionTester, memberResolver iammember.Resolver, ) (*AfterMethodAuthorization, error)
type BeforeLongRunningOperationMethodAuthorization ¶ added in v0.18.0
type BeforeLongRunningOperationMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewBeforeLongRunningOperationMethodAuthorization ¶ added in v0.18.0
func NewBeforeLongRunningOperationMethodAuthorization( options *iamv1.LongRunningOperationsAuthorizationOptions, permissionTester iamcel.PermissionTester, memberResolver iammember.Resolver, ) (*BeforeLongRunningOperationMethodAuthorization, error)
func (*BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest ¶ added in v0.18.0
func (a *BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest( ctx context.Context, request iampermission.LongRunningOperationRequest, ) (context.Context, error)
type BeforeMethodAuthorization ¶ added in v0.15.0
type BeforeMethodAuthorization struct {
// contains filtered or unexported fields
}
func NewBeforeMethodAuthorization ¶ added in v0.15.0
func NewBeforeMethodAuthorization( method protoreflect.MethodDescriptor, options *iamv1.MethodAuthorizationOptions, permissionTester iamcel.PermissionTester, memberResolver iammember.Resolver, ) (*BeforeMethodAuthorization, error)