Documentation ¶
Overview ¶
Package authorization is a generated GoMock package.
Package authorization is a generated GoMock package.
Index ¶
- Constants
- func NewAuthorizationInterceptor(claimMapper ClaimMapper, authorizer Authorizer, metrics metrics.Client, ...) grpc.UnaryServerInterceptor
- func NewDefaultTokenKeyProvider(cfg *config.Authorization, logger log.Logger) *defaultTokenKeyProvider
- type AuthInfo
- type Authorizer
- type CallTarget
- type ClaimMapper
- type Claims
- type Decision
- type MockAuthorizer
- type MockAuthorizerMockRecorder
- type MockClaimMapper
- type MockClaimMapperMockRecorder
- type MockrequestWithNamespace
- type MockrequestWithNamespaceMockRecorder
- type Result
- type Role
- type TokenKeyProvider
Constants ¶
const ( ContextKeyMappedClaims = "auth-mappedClaims" ContextAuthHeader = "auth-header" )
const ( RoleWorker = Role(1 << iota) RoleReader RoleWriter RoleAdmin RoleUndefined = Role(0) )
@@@SNIPSTART temporal-common-authorization-role-enum User authz within the context of an entity, such as system, namespace or workflow. User may have any combination of these authz within each context, except for RoleUndefined, as a bitmask.
Variables ¶
This section is empty.
Functions ¶
func NewAuthorizationInterceptor ¶ added in v1.3.0
func NewAuthorizationInterceptor( claimMapper ClaimMapper, authorizer Authorizer, metrics metrics.Client, logger log.Logger, ) grpc.UnaryServerInterceptor
GetAuthorizationInterceptor creates an authorization interceptor and return a func that points to its Interceptor method
func NewDefaultTokenKeyProvider ¶ added in v1.5.0
func NewDefaultTokenKeyProvider(cfg *config.Authorization, logger log.Logger) *defaultTokenKeyProvider
Types ¶
type AuthInfo ¶ added in v1.4.0
type AuthInfo struct { AuthToken string TLSSubject *pkix.Name TLSConnection *credentials.TLSInfo ExtraData string }
@@@SNIPSTART temporal-common-authorization-authinfo Authentication information from subject's JWT token or/and mTLS certificate
type Authorizer ¶
type Authorizer interface {
Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)
}
@@@SNIPSTART temporal-common-authorization-authorizer-interface Authorizer is an interface for implementing authorization logic
func GetAuthorizerFromConfig ¶ added in v1.5.7
func GetAuthorizerFromConfig(config *config.Authorization) (Authorizer, error)
func NewDefaultAuthorizer ¶ added in v1.4.0
func NewDefaultAuthorizer() Authorizer
NewDefaultAuthorizer creates a default authorizer
func NewNoopAuthorizer ¶ added in v1.5.7
func NewNoopAuthorizer() Authorizer
NewNoopAuthorizer creates a no-op authorizer
type CallTarget ¶ added in v1.4.0
type CallTarget struct { // APIName must be the full API function name. // Example: "/temporal.api.workflowservice.v1.WorkflowService/StartWorkflowExecution". APIName string // If a Namespace is not being targeted this be set to an empty string. Namespace string }
@@@SNIPSTART temporal-common-authorization-authorizer-calltarget CallTarget is contains information for Authorizer to make a decision. It can be extended to include resources like WorkflowType and TaskQueue
type ClaimMapper ¶ added in v1.4.0
@@@SNIPSTART temporal-common-authorization-claimmapper-interface ClaimMapper converts authorization info of a subject into Temporal claims (permissions) for authorization
func GetClaimMapperFromConfig ¶ added in v1.5.7
func GetClaimMapperFromConfig(config *config.Authorization, logger log.Logger) (ClaimMapper, error)
func NewDefaultJWTClaimMapper ¶ added in v1.4.0
func NewDefaultJWTClaimMapper(provider TokenKeyProvider, cfg *config.Authorization, logger log.Logger) ClaimMapper
func NewNoopClaimMapper ¶ added in v1.4.0
func NewNoopClaimMapper() ClaimMapper
type Claims ¶ added in v1.4.0
type Claims struct { // Identity of the subject Subject string // Role within the context of the whole Temporal cluster or a multi-cluster setup System Role // Roles within specific namespaces Namespaces map[string]Role }
@@@SNIPSTART temporal-common-authorization-claims Claims contains the identity of the subject and subject's roles at the system level and for individual namespaces
type MockAuthorizer ¶
type MockAuthorizer struct {
// contains filtered or unexported fields
}
MockAuthorizer is a mock of Authorizer interface.
func NewMockAuthorizer ¶
func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer
NewMockAuthorizer creates a new mock instance.
func (*MockAuthorizer) Authorize ¶
func (m *MockAuthorizer) Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)
Authorize mocks base method.
func (*MockAuthorizer) EXPECT ¶
func (m *MockAuthorizer) EXPECT() *MockAuthorizerMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockAuthorizerMockRecorder ¶
type MockAuthorizerMockRecorder struct {
// contains filtered or unexported fields
}
MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.
func (*MockAuthorizerMockRecorder) Authorize ¶
func (mr *MockAuthorizerMockRecorder) Authorize(ctx, caller, target interface{}) *gomock.Call
Authorize indicates an expected call of Authorize.
type MockClaimMapper ¶ added in v1.4.0
type MockClaimMapper struct {
// contains filtered or unexported fields
}
MockClaimMapper is a mock of ClaimMapper interface.
func NewMockClaimMapper ¶ added in v1.4.0
func NewMockClaimMapper(ctrl *gomock.Controller) *MockClaimMapper
NewMockClaimMapper creates a new mock instance.
func (*MockClaimMapper) EXPECT ¶ added in v1.4.0
func (m *MockClaimMapper) EXPECT() *MockClaimMapperMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockClaimMapperMockRecorder ¶ added in v1.4.0
type MockClaimMapperMockRecorder struct {
// contains filtered or unexported fields
}
MockClaimMapperMockRecorder is the mock recorder for MockClaimMapper.
func (*MockClaimMapperMockRecorder) GetClaims ¶ added in v1.4.0
func (mr *MockClaimMapperMockRecorder) GetClaims(authInfo interface{}) *gomock.Call
GetClaims indicates an expected call of GetClaims.
type MockrequestWithNamespace ¶ added in v1.3.0
type MockrequestWithNamespace struct {
// contains filtered or unexported fields
}
MockrequestWithNamespace is a mock of requestWithNamespace interface.
func NewMockrequestWithNamespace ¶ added in v1.3.0
func NewMockrequestWithNamespace(ctrl *gomock.Controller) *MockrequestWithNamespace
NewMockrequestWithNamespace creates a new mock instance.
func (*MockrequestWithNamespace) EXPECT ¶ added in v1.3.0
func (m *MockrequestWithNamespace) EXPECT() *MockrequestWithNamespaceMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockrequestWithNamespace) GetNamespace ¶ added in v1.3.0
func (m *MockrequestWithNamespace) GetNamespace() string
GetNamespace mocks base method.
type MockrequestWithNamespaceMockRecorder ¶ added in v1.3.0
type MockrequestWithNamespaceMockRecorder struct {
// contains filtered or unexported fields
}
MockrequestWithNamespaceMockRecorder is the mock recorder for MockrequestWithNamespace.
func (*MockrequestWithNamespaceMockRecorder) GetNamespace ¶ added in v1.3.0
func (mr *MockrequestWithNamespaceMockRecorder) GetNamespace() *gomock.Call
GetNamespace indicates an expected call of GetNamespace.
type TokenKeyProvider ¶ added in v1.4.0
type TokenKeyProvider interface { EcdsaKey(alg string, kid string) (*ecdsa.PublicKey, error) HmacKey(alg string, kid string) ([]byte, error) RsaKey(alg string, kid string) (*rsa.PublicKey, error) Close() }
@@@SNIPSTART temporal-common-authorization-tokenkeyprovider-interface Provides keys for validating JWT tokens