authorization

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2025 License: BSD-3-Clause-Clear Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidCacheConfig    = errors.New("invalid cache configuration")
	ErrFailedToStartCache    = errors.New("failed to start EntitlementPolicyCache")
	ErrFailedToRefreshCache  = errors.New("failed to refresh EntitlementPolicyCache")
	ErrFailedToSet           = errors.New("failed to set cache with fresh entitlement policy")
	ErrFailedToGet           = errors.New("failed to get cached entitlement policy")
	ErrCacheDisabled         = errors.New("EntitlementPolicyCache is disabled (refresh interval is 0 seconds)")
	ErrCachedTypeNotExpected = errors.New("cached data is not of expected type")
)

Functions

func NewRegistration 

func NewRegistration() *serviceregistry.Service[authzV2Connect.AuthorizationServiceHandler]

Types

type Config 

type Config struct {
	Cache EntitlementPolicyCacheConfig `mapstructure:"entitlement_policy_cache" json:"entitlement_policy_cache"`
}

func (*Config) LogValue added in v0.7.0 

func (c *Config) LogValue() slog.Value

func (*Config) Validate added in v0.7.0 

func (c *Config) Validate() error

Validate tests for a sensible configuration

type EntitlementPolicy added in v0.7.0 

type EntitlementPolicy struct {
	Attributes          []*policy.Attribute
	SubjectMappings     []*policy.SubjectMapping
	RegisteredResources []*policy.RegisteredResource
}

The EntitlementPolicy struct holds all the cached entitlement policy, as generics allow one data type per service cache instance.

type EntitlementPolicyCache added in v0.7.0 

type EntitlementPolicyCache struct {
	// contains filtered or unexported fields
}

EntitlementPolicyCache caches attributes and subject mappings with periodic refresh

func NewEntitlementPolicyCache added in v0.7.0 

func NewEntitlementPolicyCache(
	ctx context.Context,
	l *logger.Logger,
	retriever *access.EntitlementPolicyRetriever,
	cacheClient *cache.Cache,
	cacheRefreshInterval time.Duration,
) (*EntitlementPolicyCache, error)

NewEntitlementPolicyCache holds a platform-provided cache client and manages a periodic refresh of cached entitlement policy data, fetching fresh data from the policy services at configured interval.

func (*EntitlementPolicyCache) IsEnabled added in v0.7.0 

func (c *EntitlementPolicyCache) IsEnabled() bool

func (*EntitlementPolicyCache) IsReady added in v0.7.0 

func (c *EntitlementPolicyCache) IsReady(ctx context.Context) bool

func (*EntitlementPolicyCache) ListAllAttributes added in v0.7.0 

func (c *EntitlementPolicyCache) ListAllAttributes(ctx context.Context) ([]*policy.Attribute, error)

ListAllAttributes returns the cached attributes

func (*EntitlementPolicyCache) ListAllRegisteredResources added in v0.7.0 

func (c *EntitlementPolicyCache) ListAllRegisteredResources(ctx context.Context) ([]*policy.RegisteredResource, error)

ListAllRegisteredResources returns the cached registered resources, or none in the event of a cache miss

func (*EntitlementPolicyCache) ListAllSubjectMappings added in v0.7.0 

func (c *EntitlementPolicyCache) ListAllSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)

ListAllSubjectMappings returns the cached subject mappings

func (*EntitlementPolicyCache) Refresh added in v0.7.0 

func (c *EntitlementPolicyCache) Refresh(ctx context.Context) error

Refresh manually refreshes the cache by reaching out to policy services. In the event of an error, the cache is marked as not filled, and the error is returned.

func (*EntitlementPolicyCache) Start added in v0.7.0 

func (c *EntitlementPolicyCache) Start(ctx context.Context) error

Start initiates the cache and begins periodic refresh

func (*EntitlementPolicyCache) Stop added in v0.7.0 

func (c *EntitlementPolicyCache) Stop()

Stop stops the periodic refresh goroutine if it's running

type EntitlementPolicyCacheConfig added in v0.7.0 

type EntitlementPolicyCacheConfig struct {
	Enabled         bool   `mapstructure:"enabled" json:"enabled" default:"false"`
	RefreshInterval string `mapstructure:"refresh_interval" json:"refresh_interval" default:"30s"`
}

Manage config for EntitlementPolicyCache: attributes, subject mappings, and registered resources Default: caching disabled, and if enabled, refresh interval defaulted to 30 seconds.

type Service 

type Service struct {
	trace.Tracer
	// contains filtered or unexported fields
}

func (*Service) Close added in v0.7.0 

func (as *Service) Close()

Close gracefully shuts down the authorization service, closing the entitlement policy cache.

func (*Service) GetDecision 

func (as *Service) GetDecision(ctx context.Context, req *connect.Request[authzV2.GetDecisionRequest]) (*connect.Response[authzV2.GetDecisionResponse], error)

GetDecision for an entity chain and an action on a single resource

func (*Service) GetDecisionBulk 

func (as *Service) GetDecisionBulk(ctx context.Context, req *connect.Request[authzV2.GetDecisionBulkRequest]) (*connect.Response[authzV2.GetDecisionBulkResponse], error)

GetDecisionBulk for multiple requests, each comprising a combination of entity chain, action, and one or more resources

func (*Service) GetDecisionMultiResource 

func (as *Service) GetDecisionMultiResource(ctx context.Context, req *connect.Request[authzV2.GetDecisionMultiResourceRequest]) (*connect.Response[authzV2.GetDecisionMultiResourceResponse], error)

GetDecisionMultiResource for an entity chain and action on multiple resources

func (*Service) GetEntitlements 

func (as *Service) GetEntitlements(ctx context.Context, req *connect.Request[authzV2.GetEntitlementsRequest]) (*connect.Response[authzV2.GetEntitlementsResponse], error)

GetEntitlements for an entity chain

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.