internal

package
v0.5.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2026 License: MIT Imports: 40 Imported by: 0

Documentation

Overview

Package internal implements the workflow-plugin-authz plugin, providing Casbin-based RBAC authorization and Permit.io authorization as modules and pipeline steps.

Index

Constants

This section is empty.

Variables

View Source 
var Version = "0.0.0"

Version is set at build time via -ldflags "-X github.com/GoCodeAlone/workflow-plugin-authz/internal.Version=X.Y.Z"

Functions

func GetPermitClient 

func GetPermitClient(name string) (*permitClient, bool)

GetPermitClient retrieves a permitClient by module name.

func NewAuthzPlugin 

func NewAuthzPlugin() sdk.PluginProvider

NewAuthzPlugin returns a new authzPlugin instance.

func RegisterAuthzProvider added in v0.5.7 

func RegisterAuthzProvider(name string, provider AuthzProvider)

func RegisterModule 

func RegisterModule(m *CasbinModule)

RegisterModule adds a CasbinModule to the global registry. It is called by CreateModule so that CreateStep can find the enforcer by name.

func RegisterPermitClient 

func RegisterPermitClient(name string, c *permitClient)

RegisterPermitClient adds a permitClient to the global permit registry.

func UnregisterPermitClient 

func UnregisterPermitClient(name string)

UnregisterPermitClient removes a permitClient from the global permit registry.

Types

type AssignmentFilter added in v0.5.7 

type AssignmentFilter struct {
	Subject string
	Role    string
	Context string
}

type AttributeCheck added in v0.5.7 

type AttributeCheck struct {
	Subject               string
	Context               string
	Resource              string
	Action                string
	SubjectAttributes     map[string]string
	ResourceAttributes    map[string]string
	EnvironmentAttributes map[string]string
}

type AttributeCheckResult added in v0.5.7 

type AttributeCheckResult struct {
	Allowed         bool
	Subject         string
	Context         string
	Resource        string
	Action          string
	MatchedPolicyID string
	Reason          string
}

type AttributeCondition added in v0.5.7 

type AttributeCondition struct {
	Target    string
	Attribute string
	Operator  string
	Values    []string
}

type AttributePolicy added in v0.5.7 

type AttributePolicy struct {
	ID          string
	Context     string
	Resource    string
	Action      string
	Effect      string
	Conditions  []AttributeCondition
	Description string
	OwnerPlugin string
	OwnerModule string
}

type AttributePolicyFilter added in v0.5.7 

type AttributePolicyFilter struct {
	ID          string
	Context     string
	Resource    string
	Action      string
	OwnerPlugin string
	OwnerModule string
}

type AttributePolicyProvider added in v0.5.7 

type AttributePolicyProvider interface {
	Name() string
	DeclareAttributes(context.Context, []*contracts.AttributeDeclaration) error
	UpsertAttributePolicy(context.Context, AttributePolicy) error
	ListAttributePolicies(context.Context, AttributePolicyFilter) ([]AttributePolicy, error)
	RemoveAttributePolicy(context.Context, AttributePolicyFilter) error
	CheckAttributes(context.Context, AttributeCheck) (AttributeCheckResult, error)
}

type AuthorizationDecisionInput added in v0.5.7 

type AuthorizationDecisionInput struct {
	Provider              string
	Mode                  AuthzCapability
	Subject               string
	Context               string
	Resource              string
	Action                string
	Scope                 string
	Relation              string
	SubjectAttributes     map[string]string
	ResourceAttributes    map[string]string
	EnvironmentAttributes map[string]string
	Explain               bool
}

type AuthorizationDecisionOutput added in v0.5.7 

type AuthorizationDecisionOutput struct {
	Allowed bool
	Mode    AuthzCapability
	Subject string
	Context string
	Reason  string
	Explain string
}

func DecideAuthorization added in v0.5.7 

func DecideAuthorization(ctx context.Context, provider any, input AuthorizationDecisionInput) (AuthorizationDecisionOutput, error)

type AuthzCapability 

type AuthzCapability string

AuthzCapability represents an authorization model supported by a provider. 

const (
	CapabilityRBAC  AuthzCapability = "rbac"  // Role-Based Access Control
	CapabilityABAC  AuthzCapability = "abac"  // Attribute-Based Access Control
	CapabilityReBAC AuthzCapability = "rebac" // Relationship-Based Access Control
	CapabilityACL   AuthzCapability = "acl"   // Access Control Lists
)

type AuthzOperation added in v0.5.7 

type AuthzOperation string

AuthzOperation is a provider-neutral operation that can be performed for an authorization mode. Operations are intentionally narrow so providers do not advertise management surfaces they have not implemented. 

const (
	OperationCheck           AuthzOperation = "check"
	OperationManageRoles     AuthzOperation = "manage_roles"
	OperationManagePolicies  AuthzOperation = "manage_policies"
	OperationManageRelations AuthzOperation = "manage_relations"
	OperationList            AuthzOperation = "list"
)

type AuthzProvider 

type AuthzProvider interface {
	Capabilities() []AuthzCapability
	SupportsCapability(AuthzCapability) bool
	CapabilityDescriptors() []CapabilityDescriptor
	RequireCapabilities([]CapabilityRequirement) error
}

AuthzProvider is implemented by authorization providers to declare their supported authorization models.

type CapabilityDescriptor added in v0.5.7 

type CapabilityDescriptor struct {
	Mode              AuthzCapability
	Operations        []AuthzOperation
	Configured        bool
	Source            string
	Health            string
	UnsupportedReason string
}

CapabilityDescriptor describes a provider mode, the implemented operations, and whether the provider is healthy enough to use that mode.

type CapabilityRequirement added in v0.5.7 

type CapabilityRequirement struct {
	Mode       AuthzCapability
	Operations []AuthzOperation
}

CapabilityRequirement describes the mode and operations a consumer needs.

type CasbinModule 

type CasbinModule struct {
	// contains filtered or unexported fields
}

CasbinModule implements sdk.ModuleInstance and holds a Casbin enforcer loaded from inline config (model text + policy rows + role assignments), a file adapter, or a GORM adapter backed by postgres/mysql/sqlite3.

func NewCasbinModuleFromConfig 

func NewCasbinModuleFromConfig(name string, config map[string]any) (*CasbinModule, error)

NewCasbinModuleFromConfig creates a CasbinModule from raw config. Exported for use by the public authz/ package.

func (*CasbinModule) AddGroupingPolicy 

func (m *CasbinModule) AddGroupingPolicy(rule []string) (bool, error)

AddGroupingPolicy adds a role mapping and saves the adapter. When the enforcer uses a FilteredAdapter, SavePolicy is skipped.

func (*CasbinModule) AddPolicy 

func (m *CasbinModule) AddPolicy(rule []string) (bool, error)

AddPolicy adds a policy rule and saves it to the adapter. When the enforcer uses a FilteredAdapter, SavePolicy is skipped because the incremental adapter.AddPolicy already persisted the row.

func (*CasbinModule) AssignRole added in v0.5.7 

func (m *CasbinModule) AssignRole(ctx context.Context, assignment SubjectRoleAssignment) error

func (*CasbinModule) Capabilities 

func (m *CasbinModule) Capabilities() []AuthzCapability

Capabilities returns the authorization models supported by Casbin.

func (*CasbinModule) CapabilityDescriptors added in v0.5.7 

func (m *CasbinModule) CapabilityDescriptors() []CapabilityDescriptor

CapabilityDescriptors returns Casbin authorization modes detected from the configured model and only includes operations the adapter exposes.

func (*CasbinModule) CheckAttributes added in v0.5.7 

func (m *CasbinModule) CheckAttributes(ctx context.Context, check AttributeCheck) (AttributeCheckResult, error)

func (*CasbinModule) CheckRelation added in v0.5.7 

func (m *CasbinModule) CheckRelation(ctx context.Context, check RelationCheck) (RelationCheckResult, error)

func (*CasbinModule) CheckScope added in v0.5.7 

func (m *CasbinModule) CheckScope(ctx context.Context, check ScopeCheck) (ScopeCheckResult, error)

func (*CasbinModule) DeclareAttributes added in v0.5.7 

func (m *CasbinModule) DeclareAttributes(ctx context.Context, attrs []*contracts.AttributeDeclaration) error

func (*CasbinModule) DeclareScopes added in v0.5.7 

func (m *CasbinModule) DeclareScopes(ctx context.Context, scopes []*contracts.ScopeDeclaration) error

func (*CasbinModule) Enforce 

func (m *CasbinModule) Enforce(sub, obj, act string, extra ...string) (bool, error)

Enforce checks whether sub can perform act on obj with optional extra request dimensions. Extra fields are inserted between sub and (obj, act), so the Casbin request tuple becomes (sub, extra[0], extra[1], …, obj, act). This allows multi-tenant models such as r = sub, tenant, obj, act. It is safe for concurrent use.

func (*CasbinModule) Init 

func (m *CasbinModule) Init() error

Init builds the Casbin enforcer from the configured adapter.

func (*CasbinModule) InvokeMethod added in v0.5.7 

func (m *CasbinModule) InvokeMethod(method string, input map[string]any) (map[string]any, error)

func (*CasbinModule) ListAssignments added in v0.5.7 

func (m *CasbinModule) ListAssignments(ctx context.Context, filter AssignmentFilter) ([]SubjectRoleAssignment, error)

func (*CasbinModule) ListAttributePolicies added in v0.5.7 

func (m *CasbinModule) ListAttributePolicies(ctx context.Context, filter AttributePolicyFilter) ([]AttributePolicy, error)

func (*CasbinModule) ListRelationTuples added in v0.5.7 

func (m *CasbinModule) ListRelationTuples(_ context.Context, filter RelationTupleFilter) ([]RelationTuple, error)

func (*CasbinModule) Name 

func (m *CasbinModule) Name() string

Name returns the module name.

func (*CasbinModule) RemoveAssignment added in v0.5.7 

func (m *CasbinModule) RemoveAssignment(ctx context.Context, assignment SubjectRoleAssignment) error

func (*CasbinModule) RemoveAttributePolicy added in v0.5.7 

func (m *CasbinModule) RemoveAttributePolicy(ctx context.Context, filter AttributePolicyFilter) error

func (*CasbinModule) RemoveGroupingPolicy 

func (m *CasbinModule) RemoveGroupingPolicy(rule []string) (bool, error)

RemoveGroupingPolicy removes a role mapping and saves the adapter. When the enforcer uses a FilteredAdapter, SavePolicy is skipped.

func (*CasbinModule) RemovePolicy 

func (m *CasbinModule) RemovePolicy(rule []string) (bool, error)

RemovePolicy removes a policy rule and saves the adapter. When the enforcer uses a FilteredAdapter, SavePolicy is skipped.

func (*CasbinModule) RemoveRelationTuple added in v0.5.7 

func (m *CasbinModule) RemoveRelationTuple(_ context.Context, tuple RelationTuple) error

func (*CasbinModule) RequireCapabilities added in v0.5.7 

func (m *CasbinModule) RequireCapabilities(requirements []CapabilityRequirement) error

func (*CasbinModule) Start 

func (m *CasbinModule) Start(_ context.Context) error

Start begins the polling watcher goroutine if watcher.type is "polling".

func (*CasbinModule) Stop 

func (m *CasbinModule) Stop(_ context.Context) error

Stop shuts down the polling watcher if running.

func (*CasbinModule) SupportsCapability 

func (m *CasbinModule) SupportsCapability(cap AuthzCapability) bool

SupportsCapability reports whether the Casbin module supports the given authorization model.

func (*CasbinModule) UpsertAttributePolicy added in v0.5.7 

func (m *CasbinModule) UpsertAttributePolicy(ctx context.Context, policy AttributePolicy) error

func (*CasbinModule) UpsertRelationTuple added in v0.5.7 

func (m *CasbinModule) UpsertRelationTuple(_ context.Context, tuple RelationTuple) error

func (*CasbinModule) UpsertRole added in v0.5.7 

func (m *CasbinModule) UpsertRole(ctx context.Context, grant RoleScopeGrant) error

type GORMFilter 

type GORMFilter struct {
	// Field is the column name to filter on (one of "v0" through "v5").
	Field string
	// Value is the value the column must equal.
	Value string
}

GORMFilter specifies a WHERE clause for tenant-scoped policy loading. It is the concrete filter type accepted by gormAdapter.LoadFilteredPolicy.

type KetoModule added in v0.5.7 

type KetoModule struct {
	// contains filtered or unexported fields
}

func (*KetoModule) AssignRole added in v0.5.7 

func (m *KetoModule) AssignRole(ctx context.Context, assignment SubjectRoleAssignment) error

func (*KetoModule) Capabilities added in v0.5.7 

func (m *KetoModule) Capabilities() []AuthzCapability

Capabilities returns authorization models represented by the Keto adapter.

func (*KetoModule) CapabilityDescriptors added in v0.5.7 

func (m *KetoModule) CapabilityDescriptors() []CapabilityDescriptor

CapabilityDescriptors returns the provider-neutral operations implemented by the Keto adapter.

func (*KetoModule) CheckRelation added in v0.5.7 

func (m *KetoModule) CheckRelation(ctx context.Context, check RelationCheck) (RelationCheckResult, error)

func (*KetoModule) CheckScope added in v0.5.7 

func (m *KetoModule) CheckScope(ctx context.Context, check ScopeCheck) (ScopeCheckResult, error)

func (*KetoModule) DeclareScopes added in v0.5.7 

func (m *KetoModule) DeclareScopes(ctx context.Context, scopes []*contracts.ScopeDeclaration) error

func (*KetoModule) Init added in v0.5.7 

func (m *KetoModule) Init() error

func (*KetoModule) InvokeMethod added in v0.5.7 

func (m *KetoModule) InvokeMethod(method string, input map[string]any) (map[string]any, error)

func (*KetoModule) ListAssignments added in v0.5.7 

func (m *KetoModule) ListAssignments(ctx context.Context, filter AssignmentFilter) ([]SubjectRoleAssignment, error)

func (*KetoModule) ListRelationTuples added in v0.5.7 

func (m *KetoModule) ListRelationTuples(ctx context.Context, filter RelationTupleFilter) ([]RelationTuple, error)

func (*KetoModule) Name added in v0.5.7 

func (m *KetoModule) Name() string

func (*KetoModule) RemoveAssignment added in v0.5.7 

func (m *KetoModule) RemoveAssignment(ctx context.Context, assignment SubjectRoleAssignment) error

func (*KetoModule) RemoveRelationTuple added in v0.5.7 

func (m *KetoModule) RemoveRelationTuple(ctx context.Context, tuple RelationTuple) error

func (*KetoModule) RequireCapabilities added in v0.5.7 

func (m *KetoModule) RequireCapabilities(requirements []CapabilityRequirement) error

func (*KetoModule) Start added in v0.5.7 

func (m *KetoModule) Start(_ context.Context) error

func (*KetoModule) Stop added in v0.5.7 

func (m *KetoModule) Stop(_ context.Context) error

func (*KetoModule) SupportsCapability added in v0.5.7 

func (m *KetoModule) SupportsCapability(cap AuthzCapability) bool

SupportsCapability reports whether the Keto module supports the given authorization model.

func (*KetoModule) UpsertRelationTuple added in v0.5.7 

func (m *KetoModule) UpsertRelationTuple(ctx context.Context, tuple RelationTuple) error

func (*KetoModule) UpsertRole added in v0.5.7 

func (m *KetoModule) UpsertRole(ctx context.Context, grant RoleScopeGrant) error

type PermitModule 

type PermitModule struct {
	// contains filtered or unexported fields
}

PermitModule implements sdk.ModuleInstance for the permit.provider module type. Scope-role APIs use the official Permit.io Go SDK. Legacy step helpers still use the old registered client until those unused step contracts are removed.

func NewPermitModuleFromConfig 

func NewPermitModuleFromConfig(name string, config map[string]any) (*PermitModule, error)

NewPermitModuleFromConfig creates a PermitModule from raw config. Exported for use by the public authz/ package.

func (*PermitModule) AssignRole added in v0.5.7 

func (m *PermitModule) AssignRole(ctx context.Context, assignment SubjectRoleAssignment) error

func (*PermitModule) Capabilities 

func (m *PermitModule) Capabilities() []AuthzCapability

Capabilities returns the authorization models supported by Permit.io.

func (*PermitModule) CapabilityDescriptors added in v0.5.7 

func (m *PermitModule) CapabilityDescriptors() []CapabilityDescriptor

CapabilityDescriptors returns the provider-neutral Permit operations exposed by this adapter today. More Permit-native ABAC/ReBAC operations are added by later adapter phases; they are not advertised until implemented.

func (*PermitModule) CheckAttributes added in v0.5.7 

func (m *PermitModule) CheckAttributes(_ context.Context, check AttributeCheck) (AttributeCheckResult, error)

func (*PermitModule) CheckRelation added in v0.5.7 

func (m *PermitModule) CheckRelation(_ context.Context, check RelationCheck) (RelationCheckResult, error)

func (*PermitModule) CheckScope added in v0.5.7 

func (m *PermitModule) CheckScope(ctx context.Context, check ScopeCheck) (ScopeCheckResult, error)

func (*PermitModule) DeclareAttributes added in v0.5.7 

func (m *PermitModule) DeclareAttributes(context.Context, []*contracts.AttributeDeclaration) error

func (*PermitModule) DeclareScopes added in v0.5.7 

func (m *PermitModule) DeclareScopes(ctx context.Context, scopes []*contracts.ScopeDeclaration) error

func (*PermitModule) Init 

func (m *PermitModule) Init() error

Init creates the HTTP client and registers it in the global permit registry.

func (*PermitModule) InvokeMethod added in v0.5.7 

func (m *PermitModule) InvokeMethod(method string, input map[string]any) (map[string]any, error)

func (*PermitModule) ListAssignments added in v0.5.7 

func (m *PermitModule) ListAssignments(ctx context.Context, filter AssignmentFilter) ([]SubjectRoleAssignment, error)

func (*PermitModule) ListAttributePolicies added in v0.5.7 

func (m *PermitModule) ListAttributePolicies(context.Context, AttributePolicyFilter) ([]AttributePolicy, error)

func (*PermitModule) ListRelationTuples added in v0.5.7 

func (m *PermitModule) ListRelationTuples(context.Context, RelationTupleFilter) ([]RelationTuple, error)

func (*PermitModule) Name 

func (m *PermitModule) Name() string

Name returns the module name.

func (*PermitModule) RemoveAssignment added in v0.5.7 

func (m *PermitModule) RemoveAssignment(ctx context.Context, assignment SubjectRoleAssignment) error

func (*PermitModule) RemoveAttributePolicy added in v0.5.7 

func (m *PermitModule) RemoveAttributePolicy(context.Context, AttributePolicyFilter) error

func (*PermitModule) RemoveRelationTuple added in v0.5.7 

func (m *PermitModule) RemoveRelationTuple(context.Context, RelationTuple) error

func (*PermitModule) RequireCapabilities added in v0.5.7 

func (m *PermitModule) RequireCapabilities(requirements []CapabilityRequirement) error

func (*PermitModule) Start 

func (m *PermitModule) Start(_ context.Context) error

Start is a no-op for the permit module.

func (*PermitModule) Stop 

func (m *PermitModule) Stop(_ context.Context) error

Stop removes the client from the registry.

func (*PermitModule) SupportsCapability 

func (m *PermitModule) SupportsCapability(cap AuthzCapability) bool

SupportsCapability reports whether the Permit module supports the given authorization model.

func (*PermitModule) UpsertAttributePolicy added in v0.5.7 

func (m *PermitModule) UpsertAttributePolicy(context.Context, AttributePolicy) error

func (*PermitModule) UpsertRelationTuple added in v0.5.7 

func (m *PermitModule) UpsertRelationTuple(context.Context, RelationTuple) error

func (*PermitModule) UpsertRole added in v0.5.7 

func (m *PermitModule) UpsertRole(ctx context.Context, grant RoleScopeGrant) error

type RelationCheck added in v0.5.7 

type RelationCheck struct {
	Subject  string
	Relation string
	Object   string
	Context  string
}

type RelationCheckResult added in v0.5.7 

type RelationCheckResult struct {
	Allowed  bool
	Subject  string
	Relation string
	Object   string
	Context  string
	Reason   string
}

type RelationTuple added in v0.5.7 

type RelationTuple struct {
	Subject  string
	Relation string
	Object   string
	Context  string
}

type RelationTupleFilter added in v0.5.7 

type RelationTupleFilter struct {
	Subject  string
	Relation string
	Object   string
	Context  string
}

type RelationshipProvider added in v0.5.7 

type RelationshipProvider interface {
	Name() string
	UpsertRelationTuple(context.Context, RelationTuple) error
	RemoveRelationTuple(context.Context, RelationTuple) error
	ListRelationTuples(context.Context, RelationTupleFilter) ([]RelationTuple, error)
	CheckRelation(context.Context, RelationCheck) (RelationCheckResult, error)
}

type RoleScopeGrant added in v0.5.7 

type RoleScopeGrant struct {
	Role    string
	Context string
	Scopes  []string
}

type ScopeCheck added in v0.5.7 

type ScopeCheck struct {
	Subject  string
	Context  string
	Scope    string
	Resource string
	Action   string
}

type ScopeCheckResult added in v0.5.7 

type ScopeCheckResult struct {
	Allowed       bool
	Provider      string
	Subject       string
	Context       string
	Scope         string
	MatchedRole   string
	MatchedScopes []string
	Reason        string
}

type ScopeRoleProvider added in v0.5.7 

type ScopeRoleProvider interface {
	Name() string
	DeclareScopes(context.Context, []*contracts.ScopeDeclaration) error
	UpsertRole(context.Context, RoleScopeGrant) error
	AssignRole(context.Context, SubjectRoleAssignment) error
	ListAssignments(context.Context, AssignmentFilter) ([]SubjectRoleAssignment, error)
	RemoveAssignment(context.Context, SubjectRoleAssignment) error
	CheckScope(context.Context, ScopeCheck) (ScopeCheckResult, error)
}

type StepExecutor 

type StepExecutor interface {
	Execute(
		ctx context.Context,
		triggerData map[string]any,
		stepOutputs map[string]map[string]any,
		current map[string]any,
		metadata map[string]any,
		config map[string]any,
	) (*sdk.StepResult, error)
}

StepExecutor is the interface satisfied by all internal step types. It matches sdk.StepInstance.Execute but is defined here to avoid leaking the SDK type into the public authz/ package API.

func NewAddPolicyStep 

func NewAddPolicyStep(name string, config map[string]any) (StepExecutor, error)

NewAddPolicyStep creates a step.authz_add_policy step instance.

func NewAuthzABACAddPolicyStep 

func NewAuthzABACAddPolicyStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzABACAddPolicyStep creates a step.authz_abac_add_policy step instance.

func NewAuthzABACCheckStep 

func NewAuthzABACCheckStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzABACCheckStep creates a step.authz_abac_check step instance.

func NewAuthzACLCheckStep 

func NewAuthzACLCheckStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzACLCheckStep creates a step.authz_acl_check step instance.

func NewAuthzACLGrantStep 

func NewAuthzACLGrantStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzACLGrantStep creates a step.authz_acl_grant step instance.

func NewAuthzACLListStep 

func NewAuthzACLListStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzACLListStep creates a step.authz_acl_list step instance.

func NewAuthzACLRevokeStep 

func NewAuthzACLRevokeStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzACLRevokeStep creates a step.authz_acl_revoke step instance.

func NewAuthzCapabilitiesStep 

func NewAuthzCapabilitiesStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzCapabilitiesStep creates a step.authz_capabilities step instance.

func NewAuthzReBACAddRelationStep 

func NewAuthzReBACAddRelationStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzReBACAddRelationStep creates a step.authz_rebac_add_relation step instance.

func NewAuthzReBACCheckStep 

func NewAuthzReBACCheckStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzReBACCheckStep creates a step.authz_rebac_check step instance.

func NewAuthzReBACListRelationsStep 

func NewAuthzReBACListRelationsStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzReBACListRelationsStep creates a step.authz_rebac_list_relations step instance.

func NewAuthzReBACRemoveRelationStep 

func NewAuthzReBACRemoveRelationStep(name string, config map[string]any) (StepExecutor, error)

NewAuthzReBACRemoveRelationStep creates a step.authz_rebac_remove_relation step instance.

func NewCasbinCheckStep 

func NewCasbinCheckStep(name string, config map[string]any) (StepExecutor, error)

NewCasbinCheckStep creates a step.authz_check_casbin step instance.

func NewPermitCheckBulkStep 

func NewPermitCheckBulkStep(name string, config map[string]any) (StepExecutor, error)

NewPermitCheckBulkStep creates a step.permit_check_bulk step instance.

func NewPermitCheckStep 

func NewPermitCheckStep(name string, config map[string]any) (StepExecutor, error)

NewPermitCheckStep creates a step.permit_check step instance.

func NewPermitRoleAssignStep 

func NewPermitRoleAssignStep(name string, config map[string]any) (StepExecutor, error)

NewPermitRoleAssignStep creates a step.permit_role_assign step instance.

func NewPermitRoleUnassignStep 

func NewPermitRoleUnassignStep(name string, config map[string]any) (StepExecutor, error)

NewPermitRoleUnassignStep creates a step.permit_role_unassign step instance.

func NewPermitUserSyncStep 

func NewPermitUserSyncStep(name string, config map[string]any) (StepExecutor, error)

NewPermitUserSyncStep creates a step.permit_user_sync step instance.

func NewRemovePolicyStep 

func NewRemovePolicyStep(name string, config map[string]any) (StepExecutor, error)

NewRemovePolicyStep creates a step.authz_remove_policy step instance.

func NewRoleAssignStep 

func NewRoleAssignStep(name string, config map[string]any) (StepExecutor, error)

NewRoleAssignStep creates a step.authz_role_assign step instance.

type SubjectRoleAssignment added in v0.5.7 

type SubjectRoleAssignment struct {
	Subject      string
	Role         string
	Context      string
	DirectScopes []string
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.