iamauthz

package
v0.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 14, 2021 License: MIT Imports: 13 Imported by: 2

Documentation

Overview

Package iamauthz provides primitives for performing IAM request authorization.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authorize

func Authorize(ctx context.Context)

Authorize marks the current request as processed by an authorization check. WithAuthorization must have been called on the context for the call to be effective.

Authorize should be called at the start of an authorization check, to ensure that any errors resulting from the authorization check itself are forwarded to the caller.

func RequireAuthorizationStreamInterceptor added in v0.20.0

func RequireAuthorizationStreamInterceptor(
	_ interface{},
	_ grpc.ServerStream,
	_ *grpc.StreamServerInfo,
	_ grpc.StreamHandler,
) error

RequireAuthorizationStreamInterceptor is a grpc.StreamServerInterceptor that aborts all incoming streams, pending implementation of stream support in this package.

func RequireAuthorizationUnaryInterceptor added in v0.20.0

func RequireAuthorizationUnaryInterceptor(
	ctx context.Context,
	req interface{},
	_ *grpc.UnaryServerInfo,
	handler grpc.UnaryHandler,
) (interface{}, error)

RequireAuthorizationUnaryInterceptor is a grpc.UnaryServerInterceptor that requires authorization to be performed on all incoming requests.

To mark the request as processed by authorization checks, the method implementing authorization should call Authorize on the request context as soon as authorization starts.

func WithAuthorization

func WithAuthorization(ctx context.Context) context.Context

WithAuthorization adds authorization to the current request context.

Types

type AfterMethodAuthorization added in v0.15.0

type AfterMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewAfterMethodAuthorization added in v0.15.0

func NewAfterMethodAuthorization(
	method protoreflect.MethodDescriptor,
	options *iamv1.MethodAuthorizationOptions,
	permissionTester iamcel.PermissionTester,
	memberResolver iammember.Resolver,
) (*AfterMethodAuthorization, error)

func (*AfterMethodAuthorization) AuthorizeRequestAndResponse added in v0.15.0

func (a *AfterMethodAuthorization) AuthorizeRequestAndResponse(
	ctx context.Context,
	request proto.Message,
	response proto.Message,
) (context.Context, error)

type BeforeLongRunningOperationMethodAuthorization added in v0.18.0

type BeforeLongRunningOperationMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewBeforeLongRunningOperationMethodAuthorization added in v0.18.0

func NewBeforeLongRunningOperationMethodAuthorization(
	options *iamv1.LongRunningOperationsAuthorizationOptions,
	permissionTester iamcel.PermissionTester,
	memberResolver iammember.Resolver,
) (*BeforeLongRunningOperationMethodAuthorization, error)

func (*BeforeLongRunningOperationMethodAuthorization) AuthorizeRequest added in v0.18.0

type BeforeMethodAuthorization added in v0.15.0

type BeforeMethodAuthorization struct {
	// contains filtered or unexported fields
}

func NewBeforeMethodAuthorization added in v0.15.0

func NewBeforeMethodAuthorization(
	method protoreflect.MethodDescriptor,
	options *iamv1.MethodAuthorizationOptions,
	permissionTester iamcel.PermissionTester,
	memberResolver iammember.Resolver,
) (*BeforeMethodAuthorization, error)

func (*BeforeMethodAuthorization) AuthorizeRequest added in v0.15.0

func (a *BeforeMethodAuthorization) AuthorizeRequest(
	ctx context.Context,
	request proto.Message,
) (context.Context, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL