authorizationv2

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 16, 2025 License: BSD-3-Clause-Clear Imports: 12 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	AuthorizationService_GetDecision_FullMethodName              = "/authorization.v2.AuthorizationService/GetDecision"
	AuthorizationService_GetDecisionMultiResource_FullMethodName = "/authorization.v2.AuthorizationService/GetDecisionMultiResource"
	AuthorizationService_GetDecisionBulk_FullMethodName          = "/authorization.v2.AuthorizationService/GetDecisionBulk"
	AuthorizationService_GetEntitlements_FullMethodName          = "/authorization.v2.AuthorizationService/GetEntitlements"
)

Variables

View Source 
var (
	Decision_name = map[int32]string{
		0: "DECISION_UNSPECIFIED",
		1: "DECISION_DENY",
		2: "DECISION_PERMIT",
	}
	Decision_value = map[string]int32{
		"DECISION_UNSPECIFIED": 0,
		"DECISION_DENY":        1,
		"DECISION_PERMIT":      2,
	}
)

Enum value maps for Decision.

View Source 
var AuthorizationService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "authorization.v2.AuthorizationService",
	HandlerType: (*AuthorizationServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GetDecision",
			Handler:    _AuthorizationService_GetDecision_Handler,
		},
		{
			MethodName: "GetDecisionMultiResource",
			Handler:    _AuthorizationService_GetDecisionMultiResource_Handler,
		},
		{
			MethodName: "GetDecisionBulk",
			Handler:    _AuthorizationService_GetDecisionBulk_Handler,
		},
		{
			MethodName: "GetEntitlements",
			Handler:    _AuthorizationService_GetEntitlements_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "authorization/v2/authorization.proto",
}

AuthorizationService_ServiceDesc is the grpc.ServiceDesc for AuthorizationService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_authorization_v2_authorization_proto protoreflect.FileDescriptor

Functions

func RegisterAuthorizationServiceServer 

func RegisterAuthorizationServiceServer(s grpc.ServiceRegistrar, srv AuthorizationServiceServer)

Types

type AuthorizationServiceClient 

type AuthorizationServiceClient interface {
	GetDecision(ctx context.Context, in *GetDecisionRequest, opts ...grpc.CallOption) (*GetDecisionResponse, error)
	GetDecisionMultiResource(ctx context.Context, in *GetDecisionMultiResourceRequest, opts ...grpc.CallOption) (*GetDecisionMultiResourceResponse, error)
	GetDecisionBulk(ctx context.Context, in *GetDecisionBulkRequest, opts ...grpc.CallOption) (*GetDecisionBulkResponse, error)
	GetEntitlements(ctx context.Context, in *GetEntitlementsRequest, opts ...grpc.CallOption) (*GetEntitlementsResponse, error)
}

AuthorizationServiceClient is the client API for AuthorizationService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewAuthorizationServiceClient 

func NewAuthorizationServiceClient(cc grpc.ClientConnInterface) AuthorizationServiceClient

type AuthorizationServiceServer 

type AuthorizationServiceServer interface {
	GetDecision(context.Context, *GetDecisionRequest) (*GetDecisionResponse, error)
	GetDecisionMultiResource(context.Context, *GetDecisionMultiResourceRequest) (*GetDecisionMultiResourceResponse, error)
	GetDecisionBulk(context.Context, *GetDecisionBulkRequest) (*GetDecisionBulkResponse, error)
	GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error)
	// contains filtered or unexported methods
}

AuthorizationServiceServer is the server API for AuthorizationService service. All implementations must embed UnimplementedAuthorizationServiceServer for forward compatibility

type Decision 

type Decision int32
const (
	Decision_DECISION_UNSPECIFIED Decision = 0
	Decision_DECISION_DENY        Decision = 1
	Decision_DECISION_PERMIT      Decision = 2
)

func (Decision) Descriptor 

func (Decision) Descriptor() protoreflect.EnumDescriptor

func (Decision) Enum 

func (x Decision) Enum() *Decision

func (Decision) EnumDescriptor deprecated 

func (Decision) EnumDescriptor() ([]byte, []int)

Deprecated: Use Decision.Descriptor instead.

func (Decision) Number 

func (x Decision) Number() protoreflect.EnumNumber

func (Decision) String 

func (x Decision) String() string

func (Decision) Type 

func (Decision) Type() protoreflect.EnumType

type EntityEntitlements 

type EntityEntitlements struct {

	// ephemeral id for tracking between request and response
	EphemeralId                 string                                     `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
	ActionsPerAttributeValueFqn map[string]*EntityEntitlements_ActionsList `` /* 236-byte string literal not displayed */
	// contains filtered or unexported fields
}

Entitlements for a given entity, mapping each attribute value FQN to any entitled actions[]

func (*EntityEntitlements) Descriptor deprecated 

func (*EntityEntitlements) Descriptor() ([]byte, []int)

Deprecated: Use EntityEntitlements.ProtoReflect.Descriptor instead.

func (*EntityEntitlements) GetActionsPerAttributeValueFqn 

func (x *EntityEntitlements) GetActionsPerAttributeValueFqn() map[string]*EntityEntitlements_ActionsList

func (*EntityEntitlements) GetEphemeralId 

func (x *EntityEntitlements) GetEphemeralId() string

func (*EntityEntitlements) ProtoMessage 

func (*EntityEntitlements) ProtoMessage()

func (*EntityEntitlements) ProtoReflect 

func (x *EntityEntitlements) ProtoReflect() protoreflect.Message

func (*EntityEntitlements) Reset 

func (x *EntityEntitlements) Reset()

func (*EntityEntitlements) String 

func (x *EntityEntitlements) String() string

type EntityEntitlements_ActionsList 

type EntityEntitlements_ActionsList struct {
	Actions []*policy.Action `protobuf:"bytes,1,rep,name=actions,proto3" json:"actions,omitempty"`
	// contains filtered or unexported fields
}

func (*EntityEntitlements_ActionsList) Descriptor deprecated 

func (*EntityEntitlements_ActionsList) Descriptor() ([]byte, []int)

Deprecated: Use EntityEntitlements_ActionsList.ProtoReflect.Descriptor instead.

func (*EntityEntitlements_ActionsList) GetActions 

func (x *EntityEntitlements_ActionsList) GetActions() []*policy.Action

func (*EntityEntitlements_ActionsList) ProtoMessage 

func (*EntityEntitlements_ActionsList) ProtoMessage()

func (*EntityEntitlements_ActionsList) ProtoReflect 

func (x *EntityEntitlements_ActionsList) ProtoReflect() protoreflect.Message

func (*EntityEntitlements_ActionsList) Reset 

func (x *EntityEntitlements_ActionsList) Reset()

func (*EntityEntitlements_ActionsList) String 

func (x *EntityEntitlements_ActionsList) String() string

type EntityIdentifier 

type EntityIdentifier struct {

	// Types that are assignable to Identifier:
	//
	//	*EntityIdentifier_EntityChain
	//	*EntityIdentifier_RegisteredResourceValueFqn
	//	*EntityIdentifier_Token
	//	*EntityIdentifier_WithRequestToken
	Identifier isEntityIdentifier_Identifier `protobuf_oneof:"identifier"`
	// contains filtered or unexported fields
}

The EntityIdentifier specifies the actor in an entitlement or decision request - the PE, NPE, or PE+NPE being authorized. The abstraction houses the distinct entity types, PE and/or NPE combinations, or a registered resource value being treated as an entity in entitlement/authorization decisioning.

func (*EntityIdentifier) Descriptor deprecated 

func (*EntityIdentifier) Descriptor() ([]byte, []int)

Deprecated: Use EntityIdentifier.ProtoReflect.Descriptor instead.

func (*EntityIdentifier) GetEntityChain 

func (x *EntityIdentifier) GetEntityChain() *entity.EntityChain

func (*EntityIdentifier) GetIdentifier 

func (m *EntityIdentifier) GetIdentifier() isEntityIdentifier_Identifier

func (*EntityIdentifier) GetRegisteredResourceValueFqn 

func (x *EntityIdentifier) GetRegisteredResourceValueFqn() string

func (*EntityIdentifier) GetToken 

func (x *EntityIdentifier) GetToken() *entity.Token

func (*EntityIdentifier) GetWithRequestToken added in v0.12.0 

func (x *EntityIdentifier) GetWithRequestToken() *wrapperspb.BoolValue

func (*EntityIdentifier) ProtoMessage 

func (*EntityIdentifier) ProtoMessage()

func (*EntityIdentifier) ProtoReflect 

func (x *EntityIdentifier) ProtoReflect() protoreflect.Message

func (*EntityIdentifier) Reset 

func (x *EntityIdentifier) Reset()

func (*EntityIdentifier) String 

func (x *EntityIdentifier) String() string

type EntityIdentifier_EntityChain 

type EntityIdentifier_EntityChain struct {
	// chain of one or more entities and at most 10
	EntityChain *entity.EntityChain `protobuf:"bytes,1,opt,name=entity_chain,json=entityChain,proto3,oneof"`
}

type EntityIdentifier_RegisteredResourceValueFqn 

type EntityIdentifier_RegisteredResourceValueFqn struct {
	// fully qualified name of the registered resource value stored in platform policy, where in
	// this case the resource acts as and represents a single entity for authorization/entitlement decisioning
	RegisteredResourceValueFqn string `protobuf:"bytes,2,opt,name=registered_resource_value_fqn,json=registeredResourceValueFqn,proto3,oneof"`
}

type EntityIdentifier_Token 

type EntityIdentifier_Token struct {
	// access token (JWT), which is used to create an entity chain (comprising one or more entities)
	Token *entity.Token `protobuf:"bytes,3,opt,name=token,proto3,oneof"`
}

type EntityIdentifier_WithRequestToken added in v0.12.0 

type EntityIdentifier_WithRequestToken struct {
	// derive the entity from the request's authorization access token JWT, rather than passing in the body
	WithRequestToken *wrapperspb.BoolValue `protobuf:"bytes,4,opt,name=with_request_token,json=withRequestToken,proto3,oneof"`
}

type GetDecisionBulkRequest 

type GetDecisionBulkRequest struct {
	DecisionRequests []*GetDecisionMultiResourceRequest `protobuf:"bytes,1,rep,name=decision_requests,json=decisionRequests,proto3" json:"decision_requests,omitempty"`
	// contains filtered or unexported fields
}

Is access allowed? 1. Multiplexing of a Decision<EntityIdentifier, Action, repeated Resource> request This is a more performant bulk request for complex decisioning (i.e. multiple entity chains or actions on multiple resources)

func (*GetDecisionBulkRequest) Descriptor deprecated 

func (*GetDecisionBulkRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionBulkRequest.ProtoReflect.Descriptor instead.

func (*GetDecisionBulkRequest) GetDecisionRequests 

func (x *GetDecisionBulkRequest) GetDecisionRequests() []*GetDecisionMultiResourceRequest

func (*GetDecisionBulkRequest) ProtoMessage 

func (*GetDecisionBulkRequest) ProtoMessage()

func (*GetDecisionBulkRequest) ProtoReflect 

func (x *GetDecisionBulkRequest) ProtoReflect() protoreflect.Message

func (*GetDecisionBulkRequest) Reset 

func (x *GetDecisionBulkRequest) Reset()

func (*GetDecisionBulkRequest) String 

func (x *GetDecisionBulkRequest) String() string

type GetDecisionBulkResponse 

type GetDecisionBulkResponse struct {
	DecisionResponses []*GetDecisionMultiResourceResponse `protobuf:"bytes,1,rep,name=decision_responses,json=decisionResponses,proto3" json:"decision_responses,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionBulkResponse) Descriptor deprecated 

func (*GetDecisionBulkResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionBulkResponse.ProtoReflect.Descriptor instead.

func (*GetDecisionBulkResponse) GetDecisionResponses 

func (x *GetDecisionBulkResponse) GetDecisionResponses() []*GetDecisionMultiResourceResponse

func (*GetDecisionBulkResponse) ProtoMessage 

func (*GetDecisionBulkResponse) ProtoMessage()

func (*GetDecisionBulkResponse) ProtoReflect 

func (x *GetDecisionBulkResponse) ProtoReflect() protoreflect.Message

func (*GetDecisionBulkResponse) Reset 

func (x *GetDecisionBulkResponse) Reset()

func (*GetDecisionBulkResponse) String 

func (x *GetDecisionBulkResponse) String() string

type GetDecisionMultiResourceRequest 

type GetDecisionMultiResourceRequest struct {

	// an entity must be identified for authorization decisioning
	EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
	// name on action is required
	Action    *policy.Action `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
	Resources []*Resource    `protobuf:"bytes,3,rep,name=resources,proto3" json:"resources,omitempty"`
	// obligations (fully qualified values) the requester is capable of fulfilling
	// i.e. https://<namespace>/obl/<definition name>/value/<value>
	FulfillableObligationFqns []string `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

Can the identified entity/entities access? 1. one entity reference (actor) 2. one action 3. multiple resources

If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.

Note: this is a more performant bulk request for multiple resource decisions, up to 1000 per request

func (*GetDecisionMultiResourceRequest) Descriptor deprecated 

func (*GetDecisionMultiResourceRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionMultiResourceRequest.ProtoReflect.Descriptor instead.

func (*GetDecisionMultiResourceRequest) GetAction 

func (x *GetDecisionMultiResourceRequest) GetAction() *policy.Action

func (*GetDecisionMultiResourceRequest) GetEntityIdentifier 

func (x *GetDecisionMultiResourceRequest) GetEntityIdentifier() *EntityIdentifier

func (*GetDecisionMultiResourceRequest) GetFulfillableObligationFqns added in v0.11.0 

func (x *GetDecisionMultiResourceRequest) GetFulfillableObligationFqns() []string

func (*GetDecisionMultiResourceRequest) GetResources 

func (x *GetDecisionMultiResourceRequest) GetResources() []*Resource

func (*GetDecisionMultiResourceRequest) ProtoMessage 

func (*GetDecisionMultiResourceRequest) ProtoMessage()

func (*GetDecisionMultiResourceRequest) ProtoReflect 

func (x *GetDecisionMultiResourceRequest) ProtoReflect() protoreflect.Message

func (*GetDecisionMultiResourceRequest) Reset 

func (x *GetDecisionMultiResourceRequest) Reset()

func (*GetDecisionMultiResourceRequest) String 

func (x *GetDecisionMultiResourceRequest) String() string

type GetDecisionMultiResourceResponse 

type GetDecisionMultiResourceResponse struct {

	// convenience flag indicating global resource decisions result (permit/deny)
	AllPermitted *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=all_permitted,json=allPermitted,proto3" json:"all_permitted,omitempty"`
	// individual resource decisions
	ResourceDecisions []*ResourceDecision `protobuf:"bytes,2,rep,name=resource_decisions,json=resourceDecisions,proto3" json:"resource_decisions,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionMultiResourceResponse) Descriptor deprecated 

func (*GetDecisionMultiResourceResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionMultiResourceResponse.ProtoReflect.Descriptor instead.

func (*GetDecisionMultiResourceResponse) GetAllPermitted 

func (x *GetDecisionMultiResourceResponse) GetAllPermitted() *wrapperspb.BoolValue

func (*GetDecisionMultiResourceResponse) GetResourceDecisions 

func (x *GetDecisionMultiResourceResponse) GetResourceDecisions() []*ResourceDecision

func (*GetDecisionMultiResourceResponse) ProtoMessage 

func (*GetDecisionMultiResourceResponse) ProtoMessage()

func (*GetDecisionMultiResourceResponse) ProtoReflect 

func (x *GetDecisionMultiResourceResponse) ProtoReflect() protoreflect.Message

func (*GetDecisionMultiResourceResponse) Reset 

func (x *GetDecisionMultiResourceResponse) Reset()

func (*GetDecisionMultiResourceResponse) String 

func (x *GetDecisionMultiResourceResponse) String() string

type GetDecisionRequest 

type GetDecisionRequest struct {

	// an entity must be identified for authorization decisioning
	EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
	// name on action is required
	Action   *policy.Action `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
	Resource *Resource      `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
	// obligations (fully qualified values) the requester is capable of fulfilling
	// i.e. https://<namespace>/obl/<definition name>/value/<value>
	FulfillableObligationFqns []string `` /* 138-byte string literal not displayed */
	// contains filtered or unexported fields
}

Can the identified entity/entities access? 1. one entity reference (actor) 2. one action 3. one resource

If entitled, checks obligation policy: fulfillable obligations must satisfy all triggered.

func (*GetDecisionRequest) Descriptor deprecated 

func (*GetDecisionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionRequest.ProtoReflect.Descriptor instead.

func (*GetDecisionRequest) GetAction 

func (x *GetDecisionRequest) GetAction() *policy.Action

func (*GetDecisionRequest) GetEntityIdentifier 

func (x *GetDecisionRequest) GetEntityIdentifier() *EntityIdentifier

func (*GetDecisionRequest) GetFulfillableObligationFqns added in v0.11.0 

func (x *GetDecisionRequest) GetFulfillableObligationFqns() []string

func (*GetDecisionRequest) GetResource 

func (x *GetDecisionRequest) GetResource() *Resource

func (*GetDecisionRequest) ProtoMessage 

func (*GetDecisionRequest) ProtoMessage()

func (*GetDecisionRequest) ProtoReflect 

func (x *GetDecisionRequest) ProtoReflect() protoreflect.Message

func (*GetDecisionRequest) Reset 

func (x *GetDecisionRequest) Reset()

func (*GetDecisionRequest) String 

func (x *GetDecisionRequest) String() string

type GetDecisionResponse 

type GetDecisionResponse struct {

	// decision on the resource
	Decision *ResourceDecision `protobuf:"bytes,1,opt,name=decision,proto3" json:"decision,omitempty"`
	// contains filtered or unexported fields
}

func (*GetDecisionResponse) Descriptor deprecated 

func (*GetDecisionResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetDecisionResponse.ProtoReflect.Descriptor instead.

func (*GetDecisionResponse) GetDecision 

func (x *GetDecisionResponse) GetDecision() *ResourceDecision

func (*GetDecisionResponse) ProtoMessage 

func (*GetDecisionResponse) ProtoMessage()

func (*GetDecisionResponse) ProtoReflect 

func (x *GetDecisionResponse) ProtoReflect() protoreflect.Message

func (*GetDecisionResponse) Reset 

func (x *GetDecisionResponse) Reset()

func (*GetDecisionResponse) String 

func (x *GetDecisionResponse) String() string

type GetEntitlementsRequest 

type GetEntitlementsRequest struct {

	// an entity must be identified for entitlement decisioning
	EntityIdentifier *EntityIdentifier `protobuf:"bytes,1,opt,name=entity_identifier,json=entityIdentifier,proto3" json:"entity_identifier,omitempty"`
	// optional parameter to return all entitled values for attribute definitions with hierarchy rules, propagating
	// down the hierarchical values instead of returning solely the value that is directly entitled
	WithComprehensiveHierarchy *bool `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

What is permitted to the identified entity/entities (actor), broken down as permitted actions on attribute value FQNs?

Note: the v1 API parameter 'scope' has been dropped, and it is recommended to use GetDecision if the resource is known

func (*GetEntitlementsRequest) Descriptor deprecated 

func (*GetEntitlementsRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEntitlementsRequest.ProtoReflect.Descriptor instead.

func (*GetEntitlementsRequest) GetEntityIdentifier 

func (x *GetEntitlementsRequest) GetEntityIdentifier() *EntityIdentifier

func (*GetEntitlementsRequest) GetWithComprehensiveHierarchy 

func (x *GetEntitlementsRequest) GetWithComprehensiveHierarchy() bool

func (*GetEntitlementsRequest) ProtoMessage 

func (*GetEntitlementsRequest) ProtoMessage()

func (*GetEntitlementsRequest) ProtoReflect 

func (x *GetEntitlementsRequest) ProtoReflect() protoreflect.Message

func (*GetEntitlementsRequest) Reset 

func (x *GetEntitlementsRequest) Reset()

func (*GetEntitlementsRequest) String 

func (x *GetEntitlementsRequest) String() string

type GetEntitlementsResponse 

type GetEntitlementsResponse struct {
	Entitlements []*EntityEntitlements `protobuf:"bytes,1,rep,name=entitlements,proto3" json:"entitlements,omitempty"`
	// contains filtered or unexported fields
}

func (*GetEntitlementsResponse) Descriptor deprecated 

func (*GetEntitlementsResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetEntitlementsResponse.ProtoReflect.Descriptor instead.

func (*GetEntitlementsResponse) GetEntitlements 

func (x *GetEntitlementsResponse) GetEntitlements() []*EntityEntitlements

func (*GetEntitlementsResponse) ProtoMessage 

func (*GetEntitlementsResponse) ProtoMessage()

func (*GetEntitlementsResponse) ProtoReflect 

func (x *GetEntitlementsResponse) ProtoReflect() protoreflect.Message

func (*GetEntitlementsResponse) Reset 

func (x *GetEntitlementsResponse) Reset()

func (*GetEntitlementsResponse) String 

func (x *GetEntitlementsResponse) String() string

type Resource 

type Resource struct {

	// ephemeral id for tracking between request and response
	EphemeralId string `protobuf:"bytes,1,opt,name=ephemeral_id,json=ephemeralId,proto3" json:"ephemeral_id,omitempty"`
	// Types that are assignable to Resource:
	//
	//	*Resource_AttributeValues_
	//	*Resource_RegisteredResourceValueFqn
	Resource isResource_Resource `protobuf_oneof:"resource"`
	// contains filtered or unexported fields
}

Either a set of attribute values (such as those on a TDF) or a registered resource value

func (*Resource) Descriptor deprecated 

func (*Resource) Descriptor() ([]byte, []int)

Deprecated: Use Resource.ProtoReflect.Descriptor instead.

func (*Resource) GetAttributeValues 

func (x *Resource) GetAttributeValues() *Resource_AttributeValues

func (*Resource) GetEphemeralId 

func (x *Resource) GetEphemeralId() string

func (*Resource) GetRegisteredResourceValueFqn 

func (x *Resource) GetRegisteredResourceValueFqn() string

func (*Resource) GetResource 

func (m *Resource) GetResource() isResource_Resource

func (*Resource) ProtoMessage 

func (*Resource) ProtoMessage()

func (*Resource) ProtoReflect 

func (x *Resource) ProtoReflect() protoreflect.Message

func (*Resource) Reset 

func (x *Resource) Reset()

func (*Resource) String 

func (x *Resource) String() string

type ResourceDecision 

type ResourceDecision struct {

	// ephemeral id for tracking between request and response
	EphemeralResourceId string `protobuf:"bytes,1,opt,name=ephemeral_resource_id,json=ephemeralResourceId,proto3" json:"ephemeral_resource_id,omitempty"`
	// decision result
	Decision Decision `protobuf:"varint,2,opt,name=decision,proto3,enum=authorization.v2.Decision" json:"decision,omitempty"`
	// obligations (fully qualified values) the PEP is required to fulfill on the given resource
	// i.e. https://<namespace>/obl/<definition name>/value/<value>
	RequiredObligations []string `protobuf:"bytes,3,rep,name=required_obligations,json=requiredObligations,proto3" json:"required_obligations,omitempty"`
	// contains filtered or unexported fields
}

func (*ResourceDecision) Descriptor deprecated 

func (*ResourceDecision) Descriptor() ([]byte, []int)

Deprecated: Use ResourceDecision.ProtoReflect.Descriptor instead.

func (*ResourceDecision) GetDecision 

func (x *ResourceDecision) GetDecision() Decision

func (*ResourceDecision) GetEphemeralResourceId 

func (x *ResourceDecision) GetEphemeralResourceId() string

func (*ResourceDecision) GetRequiredObligations added in v0.11.0 

func (x *ResourceDecision) GetRequiredObligations() []string

func (*ResourceDecision) ProtoMessage 

func (*ResourceDecision) ProtoMessage()

func (*ResourceDecision) ProtoReflect 

func (x *ResourceDecision) ProtoReflect() protoreflect.Message

func (*ResourceDecision) Reset 

func (x *ResourceDecision) Reset()

func (*ResourceDecision) String 

func (x *ResourceDecision) String() string

type Resource_AttributeValues 

type Resource_AttributeValues struct {
	Fqns []string `protobuf:"bytes,1,rep,name=fqns,proto3" json:"fqns,omitempty"`
	// contains filtered or unexported fields
}

func (*Resource_AttributeValues) Descriptor deprecated 

func (*Resource_AttributeValues) Descriptor() ([]byte, []int)

Deprecated: Use Resource_AttributeValues.ProtoReflect.Descriptor instead.

func (*Resource_AttributeValues) GetFqns 

func (x *Resource_AttributeValues) GetFqns() []string

func (*Resource_AttributeValues) ProtoMessage 

func (*Resource_AttributeValues) ProtoMessage()

func (*Resource_AttributeValues) ProtoReflect 

func (x *Resource_AttributeValues) ProtoReflect() protoreflect.Message

func (*Resource_AttributeValues) Reset 

func (x *Resource_AttributeValues) Reset()

func (*Resource_AttributeValues) String 

func (x *Resource_AttributeValues) String() string

type Resource_AttributeValues_ 

type Resource_AttributeValues_ struct {
	// a set of attribute value FQNs, such as those on a TDF, between 1 and 20 in count
	AttributeValues *Resource_AttributeValues `protobuf:"bytes,2,opt,name=attribute_values,json=attributeValues,proto3,oneof"`
}

type Resource_RegisteredResourceValueFqn 

type Resource_RegisteredResourceValueFqn struct {
	// fully qualified name of the registered resource value stored in platform policy
	RegisteredResourceValueFqn string `protobuf:"bytes,3,opt,name=registered_resource_value_fqn,json=registeredResourceValueFqn,proto3,oneof"`
}

type UnimplementedAuthorizationServiceServer 

type UnimplementedAuthorizationServiceServer struct {
}

UnimplementedAuthorizationServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedAuthorizationServiceServer) GetDecision 

func (UnimplementedAuthorizationServiceServer) GetDecision(context.Context, *GetDecisionRequest) (*GetDecisionResponse, error)

func (UnimplementedAuthorizationServiceServer) GetDecisionBulk 

func (UnimplementedAuthorizationServiceServer) GetDecisionBulk(context.Context, *GetDecisionBulkRequest) (*GetDecisionBulkResponse, error)

func (UnimplementedAuthorizationServiceServer) GetDecisionMultiResource 

func (UnimplementedAuthorizationServiceServer) GetDecisionMultiResource(context.Context, *GetDecisionMultiResourceRequest) (*GetDecisionMultiResourceResponse, error)

func (UnimplementedAuthorizationServiceServer) GetEntitlements 

func (UnimplementedAuthorizationServiceServer) GetEntitlements(context.Context, *GetEntitlementsRequest) (*GetEntitlementsResponse, error)

type UnsafeAuthorizationServiceServer 

type UnsafeAuthorizationServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeAuthorizationServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AuthorizationServiceServer will result in compilation errors.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.