Affected by 
Documentation
¶
Overview ¶
Package authorization is a generated GoMock package.
Package authorization is a generated GoMock package.
Index ¶
- Constants
- func NewAuthorizationInterceptor(claimMapper ClaimMapper, authorizer Authorizer, metrics metrics.Client) grpc.UnaryServerInterceptor
- func NewRSAKeyProvider(cfg *config.Config) *rsaKeyProvider
- type AuthInfo
- type Authorizer
- type CallTarget
- type ClaimMapper
- type Claims
- type Decision
- type MockAuthorizer
- type MockAuthorizerMockRecorder
- type MockClaimMapper
- type MockClaimMapperMockRecorder
- type MockrequestWithName
- type MockrequestWithNameMockRecorder
- type MockrequestWithNamespace
- type MockrequestWithNamespaceMockRecorder
- type Result
- type Role
- type TokenKeyProvider
Constants ¶
const ( RoleWorker = Role(1 << iota) RoleReader RoleWriter RoleAdmin RoleUndefined = Role(0) )
User authz within the context of an entity, such as system, namespace or workflow. User may have any combination of these authz within each context, except for RoleUndefined, as a bitmask.
const (
ContextKeyMappedClaims = "auth-mappedClaims"
)
Variables ¶
This section is empty.
Functions ¶
func NewAuthorizationInterceptor ¶ added in v1.3.0
func NewAuthorizationInterceptor( claimMapper ClaimMapper, authorizer Authorizer, metrics metrics.Client, ) grpc.UnaryServerInterceptor
GetAuthorizationInterceptor creates an authorization interceptor and return a func that points to its Interceptor method
func NewRSAKeyProvider ¶ added in v1.4.0
Types ¶
type AuthInfo ¶ added in v1.4.0
type AuthInfo struct {
AuthToken string
TLSSubject *pkix.Name
TLSConnection *credentials.TLSInfo
}
Authentication information from subject's JWT token or/and mTLS certificate
type Authorizer ¶
type Authorizer interface {
Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)
}
Authorizer is an interface for authorization
func NewDefaultAuthorizer ¶ added in v1.4.0
func NewDefaultAuthorizer() Authorizer
NewDefaultAuthorizer creates a default authorizer
func NewNopAuthorizer ¶
func NewNopAuthorizer() Authorizer
NewNopAuthorizer creates a no-op authority
type CallTarget ¶ added in v1.4.0
Attributes is input for authority to make decision. It can be extended in future if required auth on resources like WorkflowType and TaskQueue
type ClaimMapper ¶ added in v1.4.0
Converts authorization info of a subject into Temporal claims (permissions) for authorization
func NewDefaultJWTClaimMapper ¶ added in v1.4.0
func NewDefaultJWTClaimMapper(provider TokenKeyProvider, cfg *config.Config) ClaimMapper
func NewNoopClaimMapper ¶ added in v1.4.0
func NewNoopClaimMapper(_ *config.Config) ClaimMapper
type Claims ¶ added in v1.4.0
type Claims struct {
// Identity of the subject
Subject string
// Role within the context of the whole Temporal cluster or a multi-cluster setup
System Role
// Roles within specific namespaces
Namespaces map[string]Role
}
Contains identity of the subject and subject's roles at the system level and for individual namespaces
type MockAuthorizer ¶
type MockAuthorizer struct {
// contains filtered or unexported fields
}
MockAuthorizer is a mock of Authorizer interface.
func NewMockAuthorizer ¶
func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer
NewMockAuthorizer creates a new mock instance.
func (*MockAuthorizer) Authorize ¶
func (m *MockAuthorizer) Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)
Authorize mocks base method.
func (*MockAuthorizer) EXPECT ¶
func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockAuthorizerMockRecorder ¶
type MockAuthorizerMockRecorder struct {
// contains filtered or unexported fields
}
MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.
func (*MockAuthorizerMockRecorder) Authorize ¶
func (mr *MockAuthorizerMockRecorder) Authorize(ctx, caller, target interface{}) *gomock.Call
Authorize indicates an expected call of Authorize.
type MockClaimMapper ¶ added in v1.4.0
type MockClaimMapper struct {
// contains filtered or unexported fields
}
MockClaimMapper is a mock of ClaimMapper interface.
func NewMockClaimMapper ¶ added in v1.4.0
func NewMockClaimMapper(ctrl *gomock.Controller) *MockClaimMapper
NewMockClaimMapper creates a new mock instance.
func (*MockClaimMapper) EXPECT ¶ added in v1.4.0
func (m *MockClaimMapper) EXPECT() *MockClaimMapperMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockClaimMapperMockRecorder ¶ added in v1.4.0
type MockClaimMapperMockRecorder struct {
// contains filtered or unexported fields
}
MockClaimMapperMockRecorder is the mock recorder for MockClaimMapper.
func (*MockClaimMapperMockRecorder) GetClaims ¶ added in v1.4.0
func (mr *MockClaimMapperMockRecorder) GetClaims(authInfo interface{}) *gomock.Call
GetClaims indicates an expected call of GetClaims.
type MockrequestWithName ¶ added in v1.3.0
type MockrequestWithName struct {
// contains filtered or unexported fields
}
MockrequestWithName is a mock of requestWithName interface.
func NewMockrequestWithName ¶ added in v1.3.0
func NewMockrequestWithName(ctrl *gomock.Controller) *MockrequestWithName
NewMockrequestWithName creates a new mock instance.
func (*MockrequestWithName) EXPECT ¶ added in v1.3.0
func (m *MockrequestWithName) EXPECT() *MockrequestWithNameMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockrequestWithName) GetName ¶ added in v1.3.0
func (m *MockrequestWithName) GetName() string
GetName mocks base method.
type MockrequestWithNameMockRecorder ¶ added in v1.3.0
type MockrequestWithNameMockRecorder struct {
// contains filtered or unexported fields
}
MockrequestWithNameMockRecorder is the mock recorder for MockrequestWithName.
func (*MockrequestWithNameMockRecorder) GetName ¶ added in v1.3.0
func (mr *MockrequestWithNameMockRecorder) GetName() *gomock.Call
GetName indicates an expected call of GetName.
type MockrequestWithNamespace ¶ added in v1.3.0
type MockrequestWithNamespace struct {
// contains filtered or unexported fields
}
MockrequestWithNamespace is a mock of requestWithNamespace interface.
func NewMockrequestWithNamespace ¶ added in v1.3.0
func NewMockrequestWithNamespace(ctrl *gomock.Controller) *MockrequestWithNamespace
NewMockrequestWithNamespace creates a new mock instance.
func (*MockrequestWithNamespace) EXPECT ¶ added in v1.3.0
func (m *MockrequestWithNamespace) EXPECT() *MockrequestWithNamespaceMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockrequestWithNamespace) GetNamespace ¶ added in v1.3.0
func (m *MockrequestWithNamespace) GetNamespace() string
GetNamespace mocks base method.
type MockrequestWithNamespaceMockRecorder ¶ added in v1.3.0
type MockrequestWithNamespaceMockRecorder struct {
// contains filtered or unexported fields
}
MockrequestWithNamespaceMockRecorder is the mock recorder for MockrequestWithNamespace.
func (*MockrequestWithNamespaceMockRecorder) GetNamespace ¶ added in v1.3.0
func (mr *MockrequestWithNamespaceMockRecorder) GetNamespace() *gomock.Call
GetNamespace indicates an expected call of GetNamespace.
Source Files