Documentation
¶
Overview ¶
Package accessx provides a small authn + authz + audit facade for handlers.
It is intentionally a thin orchestration layer. Business code may depend on Guard for endpoint protection, while lower-level services should still depend directly on authn.Authenticator, authz.Authorizer, and auditx.Recorder.
Index ¶
- type Check
- type Guard
- func (g Guard) Authenticate(ctx context.Context, check Check) (authn.Principal, error)
- func (g Guard) Authorize(ctx context.Context, principal authn.Principal, check Check) (authz.Decision, error)
- func (g Guard) Can(ctx context.Context, check Check) (bool, error)
- func (g Guard) Record(ctx context.Context, record auditx.Record) error
- func (g Guard) Require(ctx context.Context, check Check) (authn.Principal, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Check ¶
type Check struct {
Credential authn.Credential
Principal authn.Principal
Permission string
Resource authz.ObjectRef
TenantID string
OrgID string
ProjectID string
SubjectAttrs authz.AttributeSet
ResourceAttrs authz.AttributeSet
EnvironmentAttrs authz.AttributeSet
Consistency authz.Consistency
AuditAction string
RequestID string
TraceID string
ClientIP string
UserAgent string
Metadata auditx.AttributeSet
}
type Guard ¶
type Guard struct {
Authn authn.Authenticator
Authz authz.Authorizer
Audit auditx.Recorder
}
func AllowAllForDevOnly ¶
func AllowAllForDevOnly() Guard
func DenyAllGuard ¶
func DenyAllGuard() Guard
func New ¶
func New(authenticator authn.Authenticator, authorizer authz.Authorizer, recorder auditx.Recorder) Guard
func (Guard) Authenticate ¶
Click to show internal directories.
Click to hide internal directories.