authorization

package
v1.5.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 7, 2021 License: MIT Imports: 24 Imported by: 16

Documentation

Overview

Package authorization is a generated GoMock package.

Package authorization is a generated GoMock package.

Index

Constants

View Source
const (
	RoleWorker = Role(1 << iota)
	RoleReader
	RoleWriter
	RoleAdmin
	RoleUndefined = Role(0)
)

@@@SNIPSTART temporal-common-authorization-role-enum User authz within the context of an entity, such as system, namespace or workflow. User may have any combination of these authz within each context, except for RoleUndefined, as a bitmask.

View Source
const (
	ContextKeyMappedClaims = "auth-mappedClaims"
)

Variables

This section is empty.

Functions

func NewAuthorizationInterceptor added in v1.3.0

func NewAuthorizationInterceptor(
	claimMapper ClaimMapper,
	authorizer Authorizer,
	metrics metrics.Client,
	logger log.Logger,
) grpc.UnaryServerInterceptor

GetAuthorizationInterceptor creates an authorization interceptor and return a func that points to its Interceptor method

func NewDefaultTokenKeyProvider added in v1.5.0

func NewDefaultTokenKeyProvider(cfg *config.Config) *defaultTokenKeyProvider

Types

type AuthInfo added in v1.4.0

type AuthInfo struct {
	AuthToken     string
	TLSSubject    *pkix.Name
	TLSConnection *credentials.TLSInfo
	ExtraData     string
}

@@@SNIPSTART temporal-common-authorization-authinfo Authentication information from subject's JWT token or/and mTLS certificate

type Authorizer

type Authorizer interface {
	Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)
}

@@@SNIPSTART temporal-common-authorization-authorizer-interface Authorizer is an interface for implementing authorization logic

func NewDefaultAuthorizer added in v1.4.0

func NewDefaultAuthorizer() Authorizer

NewDefaultAuthorizer creates a default authorizer

func NewNopAuthorizer

func NewNopAuthorizer() Authorizer

NewNopAuthorizer creates a no-op authority

type CallTarget added in v1.4.0

type CallTarget struct {
	// APIName must be the full API function name.
	// Example: "/temporal.api.workflowservice.v1.WorkflowService/StartWorkflowExecution".
	APIName string
	// If a Namespace is not being targeted this be set to an empty string.
	Namespace string
}

@@@SNIPSTART temporal-common-authorization-authorizer-calltarget CallTarget is contains information for Authorizer to make a decision. It can be extended to include resources like WorkflowType and TaskQueue

type ClaimMapper added in v1.4.0

type ClaimMapper interface {
	GetClaims(authInfo *AuthInfo) (*Claims, error)
}

@@@SNIPSTART temporal-common-authorization-claimmapper-interface ClaimMapper converts authorization info of a subject into Temporal claims (permissions) for authorization

func NewDefaultJWTClaimMapper added in v1.4.0

func NewDefaultJWTClaimMapper(provider TokenKeyProvider, cfg *config.Config) ClaimMapper

func NewNoopClaimMapper added in v1.4.0

func NewNoopClaimMapper(_ *config.Config) ClaimMapper

type Claims added in v1.4.0

type Claims struct {
	// Identity of the subject
	Subject string
	// Role within the context of the whole Temporal cluster or a multi-cluster setup
	System Role
	// Roles within specific namespaces
	Namespaces map[string]Role
}

@@@SNIPSTART temporal-common-authorization-claims Claims contains the identity of the subject and subject's roles at the system level and for individual namespaces

type Decision

type Decision int

Decision is enum type for auth decision

const (
	// DecisionDeny means auth decision is deny
	DecisionDeny Decision = iota + 1
	// DecisionAllow means auth decision is allow
	DecisionAllow
)

type MockAuthorizer

type MockAuthorizer struct {
	// contains filtered or unexported fields
}

MockAuthorizer is a mock of Authorizer interface.

func NewMockAuthorizer

func NewMockAuthorizer(ctrl *gomock.Controller) *MockAuthorizer

NewMockAuthorizer creates a new mock instance.

func (*MockAuthorizer) Authorize

func (m *MockAuthorizer) Authorize(ctx context.Context, caller *Claims, target *CallTarget) (Result, error)

Authorize mocks base method.

func (*MockAuthorizer) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

type MockAuthorizerMockRecorder

type MockAuthorizerMockRecorder struct {
	// contains filtered or unexported fields
}

MockAuthorizerMockRecorder is the mock recorder for MockAuthorizer.

func (*MockAuthorizerMockRecorder) Authorize

func (mr *MockAuthorizerMockRecorder) Authorize(ctx, caller, target interface{}) *gomock.Call

Authorize indicates an expected call of Authorize.

type MockClaimMapper added in v1.4.0

type MockClaimMapper struct {
	// contains filtered or unexported fields
}

MockClaimMapper is a mock of ClaimMapper interface.

func NewMockClaimMapper added in v1.4.0

func NewMockClaimMapper(ctrl *gomock.Controller) *MockClaimMapper

NewMockClaimMapper creates a new mock instance.

func (*MockClaimMapper) EXPECT added in v1.4.0

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockClaimMapper) GetClaims added in v1.4.0

func (m *MockClaimMapper) GetClaims(authInfo *AuthInfo) (*Claims, error)

GetClaims mocks base method.

type MockClaimMapperMockRecorder added in v1.4.0

type MockClaimMapperMockRecorder struct {
	// contains filtered or unexported fields
}

MockClaimMapperMockRecorder is the mock recorder for MockClaimMapper.

func (*MockClaimMapperMockRecorder) GetClaims added in v1.4.0

func (mr *MockClaimMapperMockRecorder) GetClaims(authInfo interface{}) *gomock.Call

GetClaims indicates an expected call of GetClaims.

type MockrequestWithName added in v1.3.0

type MockrequestWithName struct {
	// contains filtered or unexported fields
}

MockrequestWithName is a mock of requestWithName interface.

func NewMockrequestWithName added in v1.3.0

func NewMockrequestWithName(ctrl *gomock.Controller) *MockrequestWithName

NewMockrequestWithName creates a new mock instance.

func (*MockrequestWithName) EXPECT added in v1.3.0

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockrequestWithName) GetName added in v1.3.0

func (m *MockrequestWithName) GetName() string

GetName mocks base method.

type MockrequestWithNameMockRecorder added in v1.3.0

type MockrequestWithNameMockRecorder struct {
	// contains filtered or unexported fields
}

MockrequestWithNameMockRecorder is the mock recorder for MockrequestWithName.

func (*MockrequestWithNameMockRecorder) GetName added in v1.3.0

GetName indicates an expected call of GetName.

type MockrequestWithNamespace added in v1.3.0

type MockrequestWithNamespace struct {
	// contains filtered or unexported fields
}

MockrequestWithNamespace is a mock of requestWithNamespace interface.

func NewMockrequestWithNamespace added in v1.3.0

func NewMockrequestWithNamespace(ctrl *gomock.Controller) *MockrequestWithNamespace

NewMockrequestWithNamespace creates a new mock instance.

func (*MockrequestWithNamespace) EXPECT added in v1.3.0

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockrequestWithNamespace) GetNamespace added in v1.3.0

func (m *MockrequestWithNamespace) GetNamespace() string

GetNamespace mocks base method.

type MockrequestWithNamespaceMockRecorder added in v1.3.0

type MockrequestWithNamespaceMockRecorder struct {
	// contains filtered or unexported fields
}

MockrequestWithNamespaceMockRecorder is the mock recorder for MockrequestWithNamespace.

func (*MockrequestWithNamespaceMockRecorder) GetNamespace added in v1.3.0

func (mr *MockrequestWithNamespaceMockRecorder) GetNamespace() *gomock.Call

GetNamespace indicates an expected call of GetNamespace.

type Result

type Result struct {
	Decision Decision
}

Result is result from authority.

type Role added in v1.4.0

type Role int16

func (Role) IsValid added in v1.4.0

func (b Role) IsValid() bool

Checks if the provided role bitmask represents a valid combination of authz

type TokenKeyProvider added in v1.4.0

type TokenKeyProvider interface {
	EcdsaKey(alg string, kid string) (*ecdsa.PublicKey, error)
	HmacKey(alg string, kid string) ([]byte, error)
	RsaKey(alg string, kid string) (*rsa.PublicKey, error)
	Close()
}

@@@SNIPSTART temporal-common-authorization-tokenkeyprovider-interface Provides keys for validating JWT tokens

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL