opahttp

Documentation

Overview

Package opahttp implements the authz.Authorizer using an Open Policy Agent (OPA).

Index

• Constants
• type OPA
  • func New(opts ...Option) *OPA
  • func (a *OPA) Authorize(ctx context.Context, req *authz.Request) error
  • func (a *OPA) Close() error
• type Option
  • func WithAPIPath(p string) Option
  • func WithHostURL(u string) Option
  • func WithInsecureTestUser() Option

Constants

const (
	DefaultHostURL = "http://localhost:8181"
	DefaultAPIPath = "/v1/data/entroq/authz"
)

Types

type OPA

type OPA struct {
	// contains filtered or unexported fields
}

OPA is a client-like object for interacting with OPA authorization policies. It adheres to the authz.Authorizer interface.

func New

func New(opts ...Option) *OPA

New creates a new OPA client with the given options.

func (*OPA) Authorize

func (a *OPA) Authorize(ctx context.Context, req *authz.Request) error

Authorize checks for unmatched queues and actions. A nil error means authorized. If the error satisfies errors.Is on a *authz.AuthzError, it can be unpacked to find which queues and actions were not satisfied.

func (*OPA) Close

func (a *OPA) Close() error

Close cleans up any resources used.

type Option

type Option func(*OPA)

Option defines a setting for creating an OPA authorizer.

func WithAPIPath

func WithAPIPath(p string) Option

WithAPIPath sets the API path to request for authorization.

func WithHostURL

func WithHostURL(u string) Option

WithHostURL sets the host OPA URL for a query authorization request, such as its default value given in DefaultURL.

func WithInsecureTestUser

func WithInsecureTestUser() Option

WithInsecureTestUser must be set when doing testing and the use of the Authz.TestUser (instead of a signed token, for example) is desired. Without this option, the presence of the TestUser field causes an error.