authpolicy

package

v1.12.2 Latest Latest Go to latest Published: May 19, 2025 License: Apache-2.0 Imports: 12 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

type Engine
- func (e *Engine) Eval(ctx context.Context, input Input) (result Result, err error)
type Input
type LocalOpaProviderConfig
type OpaEngineConfig
type Result

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine struct {
	// contains filtered or unexported fields
}

Engine drives policy management.

func DefaultAuthPolicy ¶

func DefaultAuthPolicy(ctx context.Context) (*Engine, error)

DefaultAuthPolicy returns the default policy engine

func NewEngineFromConfigOrDefault ¶

func NewEngineFromConfigOrDefault(ctx context.Context, logger logrus.FieldLogger, cfg *OpaEngineConfig) (*Engine, error)

NewEngineFromConfigOrDefault returns a new policy engine. Or if no config is provided, provides the default policy

func NewEngineFromRego ¶

func NewEngineFromRego(ctx context.Context, regoPolicy string, dataStore storage.Store, version ast.RegoVersion) (*Engine, error)

NewEngineFromRego is a helper to create the Engine object

func (*Engine) Eval ¶

func (e *Engine) Eval(ctx context.Context, input Input) (result Result, err error)

Eval determines whether access should be allowed on a resource.

type Input ¶

type Input struct {
	// Caller is the authenticated identity of the actor making a request.
	Caller string `json:"caller"`

	// FullMethod is the fully-qualified name of the proto rpc service method.
	FullMethod string `json:"full_method"`

	// Req represents data received from the request body. It MUST be a
	// protobuf request object with fields that are serializable as JSON,
	// since they will be used in policy definitions.
	Req any `json:"req"`
}

Input represents context associated with an access request.

type LocalOpaProviderConfig ¶

type LocalOpaProviderConfig struct {
	RegoPath       string `hcl:"rego_path"`
	PolicyDataPath string `hcl:"policy_data_path"`
	UseRegoV1      bool   `hcl:"use_rego_v1"`
}

type OpaEngineConfig ¶

type OpaEngineConfig struct {
	LocalOpaProvider *LocalOpaProviderConfig `hcl:"local"`
}

type Result ¶

type Result struct {
	Allow             bool `json:"allow"`
	AllowIfAdmin      bool `json:"allow_if_admin"`
	AllowIfLocal      bool `json:"allow_if_local"`
	AllowIfDownstream bool `json:"allow_if_downstream"`
	AllowIfAgent      bool `json:"allow_if_agent"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL