authorization

package

v1.1.3 Latest Latest Go to latest Published: Feb 27, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/canonical/hook-service

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ClientTuple(clientId string) string
func GroupMemberTuple(groupId string) string
func GroupTuple(groupId string) string
func UserTuple(userId string) string
type AuthorizationModelProvider
- func NewAuthorizationModelProvider(apiVersion string) *AuthorizationModelProvider
- func (a *AuthorizationModelProvider) GetModel() *openfga.AuthorizationModel
type Authorizer
- func NewAuthorizer(client AuthzClientInterface, tracer tracing.TracingInterface, ...) *Authorizer
type AuthorizerInterface
type AuthzClientInterface

Constants ¶

View Source

const (
	CAN_ACCESS_RELATION = "can_access"
	MEMBER_RELATION     = "member"
)

Variables ¶

View Source

var ErrInvalidAuthModel = fmt.Errorf("invalid authorization model schema")

Functions ¶

func ClientTuple ¶

func ClientTuple(clientId string) string

func GroupMemberTuple ¶

func GroupMemberTuple(groupId string) string

func GroupTuple ¶

func GroupTuple(groupId string) string

func UserTuple ¶

func UserTuple(userId string) string

Types ¶

type AuthorizationModelProvider ¶

type AuthorizationModelProvider struct {
	// contains filtered or unexported fields
}

func NewAuthorizationModelProvider ¶

func NewAuthorizationModelProvider(apiVersion string) *AuthorizationModelProvider

func (*AuthorizationModelProvider) GetModel ¶

func (a *AuthorizationModelProvider) GetModel() *openfga.AuthorizationModel

type Authorizer ¶

type Authorizer struct {
	// contains filtered or unexported fields
}

func NewAuthorizer ¶

func NewAuthorizer(client AuthzClientInterface, tracer tracing.TracingInterface, monitor monitoring.MonitorInterface, logger logging.LoggerInterface) *Authorizer

func (*Authorizer) AddAllowedAppToGroup ¶

func (a *Authorizer) AddAllowedAppToGroup(ctx context.Context, groupID, clientID string) error

func (*Authorizer) BatchCanAccess ¶

func (a *Authorizer) BatchCanAccess(ctx context.Context, userId string, clientIds []string, groups []string) (bool, error)

func (*Authorizer) CanAccess ¶

func (a *Authorizer) CanAccess(ctx context.Context, userId, clientId string, groups []string) (bool, error)

func (*Authorizer) Check ¶

func (a *Authorizer) Check(ctx context.Context, user string, relation string, object string, contextualTuples ...openfga.Tuple) (bool, error)

func (*Authorizer) DeleteGroup ¶

func (a *Authorizer) DeleteGroup(ctx context.Context, group string) error

func (*Authorizer) FilterObjects ¶

func (a *Authorizer) FilterObjects(ctx context.Context, user string, relation string, objectType string, objs []string) ([]string, error)

func (*Authorizer) ListObjects ¶

func (a *Authorizer) ListObjects(ctx context.Context, user string, relation string, objectType string) ([]string, error)

func (*Authorizer) RemoveAllAllowedAppsFromGroup ¶

func (a *Authorizer) RemoveAllAllowedAppsFromGroup(ctx context.Context, groupId string) error

func (*Authorizer) RemoveAllAllowedGroupsForApp ¶

func (a *Authorizer) RemoveAllAllowedGroupsForApp(ctx context.Context, clientID string) error

func (*Authorizer) RemoveAllowedAppFromGroup ¶

func (a *Authorizer) RemoveAllowedAppFromGroup(ctx context.Context, groupID, clientID string) error

func (*Authorizer) ValidateModel ¶

func (a *Authorizer) ValidateModel(ctx context.Context) error

type AuthorizerInterface ¶

type AuthorizerInterface interface {
	ListObjects(context.Context, string, string, string) ([]string, error)
	Check(context.Context, string, string, string, ...openfga.Tuple) (bool, error)
	FilterObjects(context.Context, string, string, string, []string) ([]string, error)
	ValidateModel(context.Context) error
	CanAccess(context.Context, string, string, []string) (bool, error)
	BatchCanAccess(context.Context, string, []string, []string) (bool, error)

	AddAllowedAppToGroup(context.Context, string, string) error
	RemoveAllowedAppFromGroup(context.Context, string, string) error
	RemoveAllAllowedAppsFromGroup(context.Context, string) error
	RemoveAllAllowedGroupsForApp(context.Context, string) error

	DeleteGroup(context.Context, string) error
}

type AuthzClientInterface ¶

type AuthzClientInterface interface {
	ListObjects(context.Context, string, string, string) ([]string, error)
	Check(context.Context, string, string, string, ...openfga.Tuple) (bool, error)
	BatchCheck(context.Context, ...openfga.TupleWithContext) (bool, error)
	ReadModel(context.Context) (*fga.AuthorizationModel, error)
	CompareModel(context.Context, fga.AuthorizationModel) (bool, error)
	ReadTuples(context.Context, string, string, string, string) (*client.ClientReadResponse, error)
	WriteTuple(ctx context.Context, user, relation, object string) error
	DeleteTuple(ctx context.Context, user, relation, object string) error
	DeleteTuples(context.Context, ...openfga.Tuple) error
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL