plugin

package
v1.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package plugin defines the plugin system for Warden. Plugins are notified of lifecycle events (check performed, role created, policy updated, etc.) and can react — logging, metrics, tracing, etc.

Each lifecycle hook is a separate interface so plugins opt in only to the events they care about.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AfterCheck 

type AfterCheck interface {
	OnAfterCheck(ctx context.Context, req, result any) error
}

AfterCheck is called after an authorization check completes. The req parameter is *warden.CheckRequest; result is *warden.CheckResult.

type BeforeCheck 

type BeforeCheck interface {
	OnBeforeCheck(ctx context.Context, req any) error
}

BeforeCheck is called before an authorization check is evaluated. The req parameter is *warden.CheckRequest (passed as any to avoid import cycle).

type PermissionAttached 

type PermissionAttached interface {
	OnPermissionAttached(ctx context.Context, roleID id.RoleID, permID id.PermissionID) error
}

PermissionAttached is called after a permission is attached to a role.

type PermissionCreated 

type PermissionCreated interface {
	OnPermissionCreated(ctx context.Context, p *permission.Permission) error
}

PermissionCreated is called after a permission is created.

type PermissionDeleted 

type PermissionDeleted interface {
	OnPermissionDeleted(ctx context.Context, permID id.PermissionID) error
}

PermissionDeleted is called after a permission is deleted.

type PermissionDetached 

type PermissionDetached interface {
	OnPermissionDetached(ctx context.Context, roleID id.RoleID, permID id.PermissionID) error
}

PermissionDetached is called after a permission is detached from a role.

type Plugin 

type Plugin interface {
	// Name returns a unique human-readable name for the plugin.
	Name() string
}

Plugin is the base interface all plugins must implement.

type PolicyCreated 

type PolicyCreated interface {
	OnPolicyCreated(ctx context.Context, p *policy.Policy) error
}

PolicyCreated is called after a policy is created.

type PolicyDeleted 

type PolicyDeleted interface {
	OnPolicyDeleted(ctx context.Context, polID id.PolicyID) error
}

PolicyDeleted is called after a policy is deleted.

type PolicyObligationFired 

type PolicyObligationFired interface {
	OnPolicyObligationFired(ctx context.Context, polID id.PolicyID, obligation string, req, result any) error
}

PolicyObligationFired is called for every obligation emitted during a Check evaluation — once per (policy, obligation_name) pair. Plugins implementing this hook can react to side-effect signals like "audit-log", "require-mfa", or "notify-security" without having to scan CheckResult.Obligations themselves.

Fired after the engine has merged decisions across RBAC / ReBAC / ABAC, so the obligation list is already deduplicated. policyID identifies the matched policy that produced the obligation; obligation is the named action to perform.

type PolicyUpdated 

type PolicyUpdated interface {
	OnPolicyUpdated(ctx context.Context, p *policy.Policy) error
}

PolicyUpdated is called after a policy is updated.

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry holds registered plugins and dispatches lifecycle events. It type-caches plugins at registration time so emit calls iterate only over plugins implementing the relevant hook.

func NewRegistry 

func NewRegistry(logger log.Logger) *Registry

NewRegistry creates a plugin registry with the given logger.

func (*Registry) EmitAfterCheck 

func (r *Registry) EmitAfterCheck(ctx context.Context, req, result any)

EmitAfterCheck notifies all plugins that implement AfterCheck.

func (*Registry) EmitBeforeCheck 

func (r *Registry) EmitBeforeCheck(ctx context.Context, req any)

EmitBeforeCheck notifies all plugins that implement BeforeCheck.

func (*Registry) EmitPermissionAttached 

func (r *Registry) EmitPermissionAttached(ctx context.Context, roleID id.RoleID, permID id.PermissionID)

EmitPermissionAttached notifies all plugins that implement PermissionAttached.

func (*Registry) EmitPermissionCreated 

func (r *Registry) EmitPermissionCreated(ctx context.Context, p *permission.Permission)

EmitPermissionCreated notifies all plugins that implement PermissionCreated.

func (*Registry) EmitPermissionDeleted 

func (r *Registry) EmitPermissionDeleted(ctx context.Context, permID id.PermissionID)

EmitPermissionDeleted notifies all plugins that implement PermissionDeleted.

func (*Registry) EmitPermissionDetached 

func (r *Registry) EmitPermissionDetached(ctx context.Context, roleID id.RoleID, permID id.PermissionID)

EmitPermissionDetached notifies all plugins that implement PermissionDetached.

func (*Registry) EmitPolicyCreated 

func (r *Registry) EmitPolicyCreated(ctx context.Context, p *policy.Policy)

EmitPolicyCreated notifies all plugins that implement PolicyCreated.

func (*Registry) EmitPolicyDeleted 

func (r *Registry) EmitPolicyDeleted(ctx context.Context, polID id.PolicyID)

EmitPolicyDeleted notifies all plugins that implement PolicyDeleted.

func (*Registry) EmitPolicyObligationFired 

func (r *Registry) EmitPolicyObligationFired(ctx context.Context, polID id.PolicyID, obligation string, req, result any)

EmitPolicyObligationFired notifies all plugins that implement PolicyObligationFired. Called once per obligation produced by the engine after merging RBAC / ReBAC / ABAC results.

func (*Registry) EmitPolicyUpdated 

func (r *Registry) EmitPolicyUpdated(ctx context.Context, p *policy.Policy)

EmitPolicyUpdated notifies all plugins that implement PolicyUpdated.

func (*Registry) EmitRelationDeleted 

func (r *Registry) EmitRelationDeleted(ctx context.Context, relID id.RelationID)

EmitRelationDeleted notifies all plugins that implement RelationDeleted.

func (*Registry) EmitRelationWritten 

func (r *Registry) EmitRelationWritten(ctx context.Context, t *relation.Tuple)

EmitRelationWritten notifies all plugins that implement RelationWritten.

func (*Registry) EmitRoleAssigned 

func (r *Registry) EmitRoleAssigned(ctx context.Context, a *assignment.Assignment)

EmitRoleAssigned notifies all plugins that implement RoleAssigned.

func (*Registry) EmitRoleCreated 

func (r *Registry) EmitRoleCreated(ctx context.Context, rl *role.Role)

EmitRoleCreated notifies all plugins that implement RoleCreated.

func (*Registry) EmitRoleDeleted 

func (r *Registry) EmitRoleDeleted(ctx context.Context, roleID id.RoleID)

EmitRoleDeleted notifies all plugins that implement RoleDeleted.

func (*Registry) EmitRoleUnassigned 

func (r *Registry) EmitRoleUnassigned(ctx context.Context, a *assignment.Assignment)

EmitRoleUnassigned notifies all plugins that implement RoleUnassigned.

func (*Registry) EmitRoleUpdated 

func (r *Registry) EmitRoleUpdated(ctx context.Context, rl *role.Role)

EmitRoleUpdated notifies all plugins that implement RoleUpdated.

func (*Registry) EmitShutdown 

func (r *Registry) EmitShutdown(ctx context.Context)

EmitShutdown notifies all plugins that implement Shutdown.

func (*Registry) Plugins 

func (r *Registry) Plugins() []Plugin

Plugins returns all registered plugins.

func (*Registry) Register 

func (r *Registry) Register(p Plugin)

Register adds a plugin and type-asserts it into all applicable hook caches. Plugins are notified in registration order.

type RelationDeleted 

type RelationDeleted interface {
	OnRelationDeleted(ctx context.Context, relID id.RelationID) error
}

RelationDeleted is called after a relation tuple is deleted.

type RelationWritten 

type RelationWritten interface {
	OnRelationWritten(ctx context.Context, t *relation.Tuple) error
}

RelationWritten is called after a relation tuple is written.

type RoleAssigned 

type RoleAssigned interface {
	OnRoleAssigned(ctx context.Context, a *assignment.Assignment) error
}

RoleAssigned is called after a role is assigned to a subject.

type RoleCreated 

type RoleCreated interface {
	OnRoleCreated(ctx context.Context, r *role.Role) error
}

RoleCreated is called after a role is created.

type RoleDeleted 

type RoleDeleted interface {
	OnRoleDeleted(ctx context.Context, roleID id.RoleID) error
}

RoleDeleted is called after a role is deleted.

type RoleUnassigned 

type RoleUnassigned interface {
	OnRoleUnassigned(ctx context.Context, a *assignment.Assignment) error
}

RoleUnassigned is called after a role is unassigned from a subject.

type RoleUpdated 

type RoleUpdated interface {
	OnRoleUpdated(ctx context.Context, r *role.Role) error
}

RoleUpdated is called after a role is updated.

type Shutdown 

type Shutdown interface {
	OnShutdown(ctx context.Context) error
}

Shutdown is called during graceful shutdown.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.