authorization

package
Version: v0.2.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 9, 2020 License: Apache-2.0 Imports: 12 Imported by: 2

Documentation

Overview

Package authorization contains the authorization module implementation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func StreamServerInterceptor

func StreamServerInterceptor(authFuncs map[string]AuthPair) grpc.StreamServerInterceptor

StreamServerInterceptor returns a new stream server interceptor that performs per-request auth.

func UnaryServerInterceptor

func UnaryServerInterceptor(authFuncs map[string]AuthPair) grpc.UnaryServerInterceptor

UnaryServerInterceptor returns a new unary server interceptor that performs per-request auth.

Types

type AuthPair

type AuthPair struct {
	AuthnFunc grpc_auth.AuthFunc
	AuthzFunc AuthzFunc
}

AuthPair defines an authentication and authorization pair.

type AuthzFunc

type AuthzFunc func(context.Context, interface{}) error

AuthzFunc performs authorization using the embedded SecurityContext on a message.

type AuthzPolicy

type AuthzPolicy struct {
	Policy *authzpb.AuthorizationPolicy
}

AuthzPolicy contains the authorization policy.

func (*AuthzPolicy) Authorize

func (a *AuthzPolicy) Authorize(ctx context.Context, m interface{}) error

Authorize verifies that the identity issuing the call. ctx must contain an authentication.SecurityContext. A call is authorized if:

  1. userID matches SecurityContext.Email,
  2. or, SecurityContext.Email is authorized to do the action in directories/directoryID.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL