authz

Documentation

Overview

Package authz provides simple rule-based authorization that can be used to implement access control

Index

• Constants
• type Claims
• type Conf
  • func (authz Conf) Validate() error
• type Rule
• type Rules
  • func (rules Rules) Authorized(path, method string, claims *Claims) bool

Constants

const GroupAnonymous = "anonymous"

GroupAnonymous is the group name for unauthenticated users

Types

type Claims

type Claims struct {
	Username string
	Groups   []string
	Roles    []string
	ClientID string // for tokens issued as part of client credentials grant
	// Status is the message given when token is not validated
	Status string
}

Claims are the profile attributes of user/client that are part of the JWT claims

type Conf

type Conf struct {
	// Enabled toggles authorization
	Enabled bool `json:"enabled"`
	// Authorization rules
	Rules Rules `json:"rules"`
}

Authorization struct

func (Conf) Validate

func (authz Conf) Validate() error

Validate authorization config

type Rule

type Rule struct {
	Paths                  []string `json:"paths"`
	Methods                []string `json:"methods"`
	Users                  []string `json:"users"`
	Groups                 []string `json:"groups"`
	Roles                  []string `json:"roles"`
	Clients                []string `json:"clients"`
	ExcludePathSubstrtings []string `json:"excludePathSubstrings"`
	// Deprecated. Use Paths instead.
	Resources []string `json:"resources"`
	// Deprecated. Use ExcludePathSubstrtings instead.
	DenyPathSubstrtings []string `json:"denyPathSubstrings"`
}

Authorization rule

type Rules

type Rules []Rule

func (Rules) Authorized

func (rules Rules) Authorized(path, method string, claims *Claims) bool

Authorized checks whether a request is authorized given the path, method, and claims