Documentation
¶
Index ¶
- Constants
- func GenerateFunctionEventResourceString(projectName, functionName, functionEventName string) string
- func GenerateFunctionRedeployResourceString(projectName, functionName string) string
- func GenerateFunctionResourceString(projectName, functionName string) string
- func GenerateProjectResourceString(projectName string) string
- func GetUserAndGroupIdsFromAuthSession(session auth.Session) []string
- func GetUserAndGroupIdsFromHeaders(request *http.Request) []string
- type Action
- type Client
- type ClientKind
- type Config
- type HTTPClient
- type MockClient
- type NopClient
- type PermissionFilterRequest
- type PermissionFilterRequestInput
- type PermissionFilterResponse
- type PermissionOptions
- type PermissionQueryRequest
- type PermissionQueryRequestInput
- type PermissionQueryResponse
Constants ¶
View Source
const ( ClientKindHTTP ClientKind = "http" ClientKindNop ClientKind = "nop" ClientKindMock ClientKind = "mock" DefaultClientKind = ClientKindNop DefaultRequestTimeOut = 10 DefaultPermissionQueryPath = "/v1/data/iguazio/authz/allow" DefaultPermissionFilterPath = "/v1/data/iguazio/authz/filter_allowed" )
View Source
const (
OverrideHeader string = "x-projects-role"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
type ClientKind ¶
type ClientKind string
type Config ¶
type Config struct {
// OPA server address
Address string `json:"address,omitempty"`
// client kind to use (nop | http | mock)
ClientKind ClientKind `json:"clientKind,omitempty"`
// timeout period when querying opa server
RequestTimeout int `json:"requestTimeout,omitempty"`
// the path used when querying single resource against opa server (e.g.: /v1/data/somewhere/authz/allow)
PermissionQueryPath string `json:"permissionQueryPath,omitempty"`
// the path used when querying multiple resources against opa server (e.g.: /v1/data/somewhere/authz/filter_allowed)
PermissionFilterPath string `json:"permissionFilterPath,omitempty"`
// for extra verbosity on top of nuclio logger
LogLevel int `json:"logLevel,omitempty"`
// the header value for bypassing OPA if needed
OverrideHeaderValue string `json:"overrideHeaderValue,omitempty"`
}
type HTTPClient ¶
type HTTPClient struct {
// contains filtered or unexported fields
}
func NewHTTPClient ¶
func (*HTTPClient) QueryPermissions ¶
func (c *HTTPClient) QueryPermissions(resource string, action Action, permissionOptions *PermissionOptions) (bool, error)
func (*HTTPClient) QueryPermissionsMultiResources ¶
func (c *HTTPClient) QueryPermissionsMultiResources(ctx context.Context, resources []string, action Action, permissionOptions *PermissionOptions) ([]bool, error)
QueryPermissionsMultiResources query permissions for multiple resources at once. The response is a list of booleans indicating for each resource if the action against such resource is allowed or not. Therefore, it is guaranteed that len(resources) and len(results) are equal and resources[i] query permission is at results[i]
type MockClient ¶
func (*MockClient) QueryPermissions ¶
func (mc *MockClient) QueryPermissions(resource string, action Action, permissionOptions *PermissionOptions) (bool, error)
func (*MockClient) QueryPermissionsMultiResources ¶
func (mc *MockClient) QueryPermissionsMultiResources(ctx context.Context, resources []string, action Action, permissionOptions *PermissionOptions) ([]bool, error)
type NopClient ¶
type NopClient struct {
// contains filtered or unexported fields
}
func (*NopClient) QueryPermissions ¶
func (*NopClient) QueryPermissionsMultiResources ¶
type PermissionFilterRequest ¶
type PermissionFilterRequest struct {
Input PermissionFilterRequestInput `json:"input,omitempty"`
}
type PermissionFilterResponse ¶
type PermissionFilterResponse struct {
Result []string `json:"result,omitempty"`
}
type PermissionOptions ¶
type PermissionQueryRequest ¶
type PermissionQueryRequest struct {
Input PermissionQueryRequestInput `json:"input,omitempty"`
}
type PermissionQueryResponse ¶
type PermissionQueryResponse struct {
Result bool `json:"result,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.