opa

Documentation

Overview

Package opa provides of utilities for using OPA

Index

• func ParseX509Cert(authInfo credentials.AuthInfo) *x509.Certificate
• func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)
• type AuthorizationPolicy
  • func PoliciesByFileMask(masks ...string) ([]*AuthorizationPolicy, error)
  • func PolicyFromFile(p string) (*AuthorizationPolicy, error)
  • func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy
  • func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error
• type CheckAccessFunc
  • func True(query string) CheckAccessFunc
• type CheckQueryFunc

Functions

func ParseX509Cert

func ParseX509Cert(authInfo credentials.AuthInfo) *x509.Certificate

ParseX509Cert - parses x509 certificate from the passed credentials.AuthInfo

func PreparedOpaInput

func PreparedOpaInput(ctx context.Context, model interface{}) (map[string]interface{}, error)

PreparedOpaInput - converts model to map. It also puts auth_info in root of the map if it is presented in context.

Types

type AuthorizationPolicy

type AuthorizationPolicy struct {
	// contains filtered or unexported fields
}

AuthorizationPolicy checks that passed tokens are valid

func PoliciesByFileMask

func PoliciesByFileMask(masks ...string) ([]*AuthorizationPolicy, error)

func PolicyFromFile

func PolicyFromFile(p string) (*AuthorizationPolicy, error)

func WithPolicyFromSource

func WithPolicyFromSource(source, query string, checkQuery CheckQueryFunc) *AuthorizationPolicy

WithPolicyFromSource creates custom policy based on rego source code

func (*AuthorizationPolicy) Check

func (d *AuthorizationPolicy) Check(ctx context.Context, model interface{}) error

Check returns nil if passed tokens are valid

type CheckAccessFunc

type CheckAccessFunc func(result rego.ResultSet) (bool, error)

CheckAccessFunc checks rego result. Returns bool flag that means access. Returns error if something was wrong

func True

func True(query string) CheckAccessFunc

True is default access checker, returns true if in the result set of rego exist query and it has true value

type CheckQueryFunc

type CheckQueryFunc func(string) CheckAccessFunc

CheckQueryFunc converts query string to CheckAccessFunc function