permissions

package

v0.3.1 Latest Latest Go to latest Published: Jan 23, 2024 License: Apache-2.0 Imports: 26 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infratographer/permissions-api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package permissions implements an echo middleware to simplify checking permission checks in downstream handlers by adding a checking function to the context which may later be called to check permissions.

Index ¶

Variables
func CheckAccess(ctx context.Context, resource gidx.PrefixedID, action string) error
func CheckAll(ctx context.Context, requests ...AccessRequest) error
func CreateAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, ...) error
func DeleteAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, ...) error
func MustViperFlags(v *viper.Viper, flags *pflag.FlagSet)
type AccessRequest
type AuthRelationshipRequestHandler
type Checker
type Config
type Option
type Permissions
- func New(config Config, options ...Option) (*Permissions, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNoAuthToken is the error returned when there is no auth token provided for the API request
	ErrNoAuthToken = errors.New("no auth token provided for client")

	// ErrInvalidAuthToken is the error returned when the auth token is not the expected value
	ErrInvalidAuthToken = errors.New("invalid auth token")

	// ErrPermissionDenied is the error returned when permission is denied to a call
	ErrPermissionDenied = errors.New("subject doesn't have access")

	// ErrBadResponse is the error returned when we receive a bad response from the server
	ErrBadResponse = errors.New("bad response from server")

	// ErrCheckerNotFound is the error returned when CheckAccess does not find the appropriate checker context
	ErrCheckerNotFound = errors.New("no checker found in context")
)

View Source

var (
	// AuthRelationshipRequestHandlerCtxKey is the context key used to set the auth relationship request handler.
	AuthRelationshipRequestHandlerCtxKey = authRelationshipRequestHandlerCtxKey{}
)

View Source

var (

	// ErrPermissionsMiddlewareMissing is returned when a permissions method has been called but the middleware is missing.
	ErrPermissionsMiddlewareMissing = errors.New("permissions middleware missing")
)

Functions ¶

func CheckAccess ¶

func CheckAccess(ctx context.Context, resource gidx.PrefixedID, action string) error

CheckAccess runs the checker function to check if the provided resource and action are supported.

func CheckAll ¶ added in v0.2.0

func CheckAll(ctx context.Context, requests ...AccessRequest) error

CheckAll runs the checker function to check if all the provided resources and actions are permitted.

func CreateAuthRelationships ¶ added in v0.2.0

func CreateAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error

CreateAuthRelationships publishes a create auth relationship request, blocking until a response has been received.

func DeleteAuthRelationships ¶ added in v0.2.0

func DeleteAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error

DeleteAuthRelationships publishes a delete auth relationship request, blocking until a response has been received.

func MustViperFlags ¶

func MustViperFlags(v *viper.Viper, flags *pflag.FlagSet)

MustViperFlags adds permissions config flags and viper bindings

Types ¶

type AccessRequest ¶ added in v0.2.0

type AccessRequest struct {
	ResourceID gidx.PrefixedID `json:"resource_id"`
	Action     string          `json:"action"`
}

AccessRequest defines the required fields to check permissions access.

type AuthRelationshipRequestHandler ¶ added in v0.2.0

type AuthRelationshipRequestHandler interface {
	CreateAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error
	DeleteAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error
}

AuthRelationshipRequestHandler defines the required methods to create or update an auth relationship.

type Checker ¶

type Checker func(ctx context.Context, requests ...AccessRequest) error

Checker defines the checker function definition

var (
	// CheckerCtxKey is the context key used to set the checker handling function
	CheckerCtxKey = checkerCtxKey{}

	// DefaultAllowChecker defaults to allow when checker is disabled or skipped
	DefaultAllowChecker Checker = func(_ context.Context, _ ...AccessRequest) error {
		return nil
	}

	// DefaultDenyChecker defaults to denied when checker is disabled or skipped
	DefaultDenyChecker Checker = func(_ context.Context, _ ...AccessRequest) error {
		return ErrPermissionDenied
	}
)

type Config ¶

type Config struct {
	// URL is the URL checks should be executed against
	URL string

	// IgnoreNoResponders will ignore no responder errors when auth relationship requests are published.
	IgnoreNoResponders bool
}

Config defines the permissions configuration structure

type Option ¶

type Option func(p *Permissions) error

Option defines an option configurator

func WithDefaultChecker ¶

func WithDefaultChecker(checker Checker) Option

WithDefaultChecker sets the default checker if the middleware is skipped

func WithEventsPublisher ¶ added in v0.2.0

func WithEventsPublisher(publisher events.AuthRelationshipPublisher) Option

WithEventsPublisher sets the underlying event publisher the auth handler uses

func WithHTTPClient ¶

func WithHTTPClient(client *http.Client) Option

WithHTTPClient sets the underlying http client the auth handler uses

func WithLogger ¶

func WithLogger(logger *zap.SugaredLogger) Option

WithLogger sets the logger for the auth handler

func WithSkipper ¶

func WithSkipper(skipper middleware.Skipper) Option

WithSkipper sets the echo middleware skipper function

type Permissions ¶

type Permissions struct {
	// contains filtered or unexported fields
}

Permissions handles supporting authorization checks

func New ¶

func New(config Config, options ...Option) (*Permissions, error)

New creates a new Permissions instance

func (*Permissions) CreateAuthRelationships ¶ added in v0.2.0

func (p *Permissions) CreateAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error

CreateAuthRelationships publishes a create auth relationship request, blocking until a response has been received.

func (*Permissions) DeleteAuthRelationships ¶ added in v0.2.0

func (p *Permissions) DeleteAuthRelationships(ctx context.Context, topic string, resourceID gidx.PrefixedID, relations ...events.AuthRelationshipRelation) error

DeleteAuthRelationships publishes a delete auth relationship request, blocking until a response has been received.

func (*Permissions) Middleware ¶

func (p *Permissions) Middleware() echo.MiddlewareFunc

Middleware produces echo middleware to handle authorization checks

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mockpermissions Package mockpermissions implements permissions.AuthRelationshipRequestHandler.	Package mockpermissions implements permissions.AuthRelationshipRequestHandler.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL