Documentation
¶
Index ¶
- Variables
- func NewRegistration() *serviceregistry.Service[authzV2Connect.AuthorizationServiceHandler]
- type Config
- type EntitlementPolicy
- type EntitlementPolicyCache
- func (c *EntitlementPolicyCache) IsEnabled() bool
- func (c *EntitlementPolicyCache) IsReady(ctx context.Context) bool
- func (c *EntitlementPolicyCache) ListAllAttributes(ctx context.Context) ([]*policy.Attribute, error)
- func (c *EntitlementPolicyCache) ListAllObligations(ctx context.Context) ([]*policy.Obligation, error)
- func (c *EntitlementPolicyCache) ListAllRegisteredResources(ctx context.Context) ([]*policy.RegisteredResource, error)
- func (c *EntitlementPolicyCache) ListAllSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
- func (c *EntitlementPolicyCache) Refresh(ctx context.Context) error
- func (c *EntitlementPolicyCache) Start(ctx context.Context) error
- func (c *EntitlementPolicyCache) Stop()
- type EntitlementPolicyCacheConfig
- type Service
- func (as *Service) Close()
- func (as *Service) GetDecision(ctx context.Context, req *connect.Request[authzV2.GetDecisionRequest]) (*connect.Response[authzV2.GetDecisionResponse], error)
- func (as *Service) GetDecisionBulk(ctx context.Context, req *connect.Request[authzV2.GetDecisionBulkRequest]) (*connect.Response[authzV2.GetDecisionBulkResponse], error)
- func (as *Service) GetDecisionMultiResource(ctx context.Context, ...) (*connect.Response[authzV2.GetDecisionMultiResourceResponse], error)
- func (as *Service) GetEntitlements(ctx context.Context, req *connect.Request[authzV2.GetEntitlementsRequest]) (*connect.Response[authzV2.GetEntitlementsResponse], error)
Constants ¶
This section is empty.
Variables ¶
var ( ErrFailedToBuildRequestContext = errors.New("failed to contextualize decision request") ErrFailedToInitPDP = errors.New("failed to create JIT PDP") ErrFailedToGetDecision = errors.New("failed to get decision") ErrFailedToGetEntitlements = errors.New("failed to get entitlements") )
var ( ErrInvalidCacheConfig = errors.New("invalid cache configuration") ErrFailedToStartCache = errors.New("failed to start EntitlementPolicyCache") ErrFailedToRefreshCache = errors.New("failed to refresh EntitlementPolicyCache") ErrFailedToSet = errors.New("failed to set cache with fresh entitlement policy") ErrFailedToGet = errors.New("failed to get cached entitlement policy") ErrCacheDisabled = errors.New("EntitlementPolicyCache is disabled (refresh interval is 0 seconds)") ErrCachedTypeNotExpected = errors.New("cached data is not of expected type") )
var ( ErrFailedToRollupDecision = errors.New("failed to rollup decision") ErrResponseSafeInternalError = errors.New("an unexpected error occurred") ErrNoDecisions = errors.New("no decisions returned") ErrDecisionCannotBeNil = errors.New("decision cannot be nil") ErrDecisionMustHaveResults = errors.New("decision must have results") )
Functions ¶
func NewRegistration ¶
func NewRegistration() *serviceregistry.Service[authzV2Connect.AuthorizationServiceHandler]
Types ¶
type Config ¶
type Config struct {
Cache EntitlementPolicyCacheConfig `mapstructure:"entitlement_policy_cache" json:"entitlement_policy_cache"`
}
type EntitlementPolicy ¶ added in v0.7.0
type EntitlementPolicy struct {
Attributes []*policy.Attribute
SubjectMappings []*policy.SubjectMapping
RegisteredResources []*policy.RegisteredResource
Obligations []*policy.Obligation
}
The EntitlementPolicy struct holds all the cached entitlement policy, as generics allow one data type per service cache instance.
type EntitlementPolicyCache ¶ added in v0.7.0
type EntitlementPolicyCache struct {
// contains filtered or unexported fields
}
EntitlementPolicyCache caches attributes and subject mappings with periodic refresh
func NewEntitlementPolicyCache ¶ added in v0.7.0
func NewEntitlementPolicyCache( ctx context.Context, l *logger.Logger, retriever *access.EntitlementPolicyRetriever, cacheClient *cache.Cache, cacheRefreshInterval time.Duration, ) (*EntitlementPolicyCache, error)
NewEntitlementPolicyCache holds a platform-provided cache client and manages a periodic refresh of cached entitlement policy data, fetching fresh data from the policy services at configured interval.
func (*EntitlementPolicyCache) IsEnabled ¶ added in v0.7.0
func (c *EntitlementPolicyCache) IsEnabled() bool
func (*EntitlementPolicyCache) IsReady ¶ added in v0.7.0
func (c *EntitlementPolicyCache) IsReady(ctx context.Context) bool
func (*EntitlementPolicyCache) ListAllAttributes ¶ added in v0.7.0
func (c *EntitlementPolicyCache) ListAllAttributes(ctx context.Context) ([]*policy.Attribute, error)
ListAllAttributes returns the cached attributes
func (*EntitlementPolicyCache) ListAllObligations ¶ added in v0.11.0
func (c *EntitlementPolicyCache) ListAllObligations(ctx context.Context) ([]*policy.Obligation, error)
ListAllObligations returns the cached obligations, or none in the event of a cache miss
func (*EntitlementPolicyCache) ListAllRegisteredResources ¶ added in v0.7.0
func (c *EntitlementPolicyCache) ListAllRegisteredResources(ctx context.Context) ([]*policy.RegisteredResource, error)
ListAllRegisteredResources returns the cached registered resources, or none in the event of a cache miss
func (*EntitlementPolicyCache) ListAllSubjectMappings ¶ added in v0.7.0
func (c *EntitlementPolicyCache) ListAllSubjectMappings(ctx context.Context) ([]*policy.SubjectMapping, error)
ListAllSubjectMappings returns the cached subject mappings
func (*EntitlementPolicyCache) Refresh ¶ added in v0.7.0
func (c *EntitlementPolicyCache) Refresh(ctx context.Context) error
Refresh manually refreshes the cache by reaching out to policy services. In the event of an error, the cache is marked as not filled, and the error is returned.
func (*EntitlementPolicyCache) Start ¶ added in v0.7.0
func (c *EntitlementPolicyCache) Start(ctx context.Context) error
Start initiates the cache and begins periodic refresh
func (*EntitlementPolicyCache) Stop ¶ added in v0.7.0
func (c *EntitlementPolicyCache) Stop()
Stop stops the periodic refresh goroutine if it's running
type EntitlementPolicyCacheConfig ¶ added in v0.7.0
type EntitlementPolicyCacheConfig struct {
Enabled bool `mapstructure:"enabled" json:"enabled" default:"false"`
RefreshInterval string `mapstructure:"refresh_interval" json:"refresh_interval" default:"30s"`
}
Manage config for EntitlementPolicyCache: attributes, subject mappings, and registered resources Default: caching disabled, and if enabled, refresh interval defaulted to 30 seconds.
type Service ¶
func (*Service) Close ¶ added in v0.7.0
func (as *Service) Close()
Close gracefully shuts down the authorization service, closing the entitlement policy cache.
func (*Service) GetDecision ¶
func (as *Service) GetDecision(ctx context.Context, req *connect.Request[authzV2.GetDecisionRequest]) (*connect.Response[authzV2.GetDecisionResponse], error)
GetDecision for an entity chain and an action on a single resource
func (*Service) GetDecisionBulk ¶
func (as *Service) GetDecisionBulk(ctx context.Context, req *connect.Request[authzV2.GetDecisionBulkRequest]) (*connect.Response[authzV2.GetDecisionBulkResponse], error)
GetDecisionBulk for multiple requests, each comprising a combination of entity chain, action, and one or more resources
func (*Service) GetDecisionMultiResource ¶
func (as *Service) GetDecisionMultiResource(ctx context.Context, req *connect.Request[authzV2.GetDecisionMultiResourceRequest]) (*connect.Response[authzV2.GetDecisionMultiResourceResponse], error)
GetDecisionMultiResource for an entity chain and action on multiple resources
func (*Service) GetEntitlements ¶
func (as *Service) GetEntitlements(ctx context.Context, req *connect.Request[authzV2.GetEntitlementsRequest]) (*connect.Response[authzV2.GetEntitlementsResponse], error)
GetEntitlements for an entity chain
Source Files