arnz

package
v3.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2025 License: MIT Imports: 6 Imported by: 0

README

Arnz

ArnZ is a DSL for authorizing methods based on AWS IAM caller ARNs.

Given

Your Goa application...

  1. is recieving traffic via an AWS API Gateway.
  2. is using the AWS_IAM authorizer.

You Can

Authenticate All Callers

When imported, all methods will require all callers to be IAM authenticated.

package design

import (
	. "goa.design/goa/v3/dsl"
	_ "goa.design/plugins/v3/arnz/dsl"
)
Authorize Callers by ARN

You can authorize callers by ARN using the AllowArnsMatching function, passing it a regular expression.

Method("privileged", func() {
	AllowArnsMatching("^arn:aws:iam::123456789012:user/administrator$")
	Result(SecretStuff)
	HTTP(func() {
		Get("/secrets")
		Response(StatusOK)
	})
})
Allow Unsigned Requests

Allowing unsigned requests is useful for allowing traffic not originated from API gateway.

Method("healthz", func() {
	AllowUnsignedCallers()
	Result(HealthCheck)
	HTTP(func() {
		GET("/healthz")
		Response(StatusOK)
	})
})

note: Allowing unsigned callers does not disable authentication or authorization for signed requests.

Further Reading

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var MethodGates = make(map[string]map[string]*auth.Gate)

Functions

func Generate 

func Generate(genpkg string, roots []eval.Root, files []*codegen.File) ([]*codegen.File, error)

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
cmd/example
design
gen/arnz
gen/http/arnz/client
gen/http/arnz/server
gen/http/cli/arnz

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.