Documentation ¶
Index ¶
- type Oso
- func (o Oso) Authorize(actor interface{}, action interface{}, resource interface{}) error
- func (o Oso) AuthorizeField(actor interface{}, action interface{}, resource interface{}, field interface{}) error
- func (o Oso) AuthorizeRequest(actor interface{}, request interface{}) error
- func (o Oso) AuthorizedActions(actor interface{}, resource interface{}, allowWildcard bool) (map[interface{}]struct{}, error)
- func (o Oso) AuthorizedFields(actor interface{}, action interface{}, resource interface{}, ...) (map[interface{}]struct{}, error)
- func (o Oso) AuthorizedQuery(actor interface{}, action interface{}, resource_type string) (interface{}, error)
- func (o Oso) AuthorizedResources(actor interface{}, action interface{}, resource_type string) ([]interface{}, error)
- func (o Oso) ClearRules() error
- func (o Oso) GetAllowedActions(actor interface{}, resource interface{}, allowWildcard bool) (map[interface{}]struct{}, error)deprecated
- func (o *Oso) GetHost() *host.Host
- func (o Oso) IsAllowed(actor interface{}, action interface{}, resource interface{}) (bool, error)
- func (o Oso) LoadFile(f string) errordeprecated
- func (o Oso) LoadFiles(files []string) error
- func (o Oso) LoadString(s string) error
- func (o Oso) NewQueryFromRule(name string, args ...interface{}) (*Query, error)
- func (o Oso) NewQueryFromStr(q string) (*Query, error)
- func (o Oso) QueryRule(name string, args ...interface{}) (<-chan map[string]interface{}, <-chan error)
- func (o Oso) QueryRuleOnce(name string, args ...interface{}) (bool, error)
- func (o Oso) QueryStr(q string) (<-chan map[string]interface{}, <-chan error)
- func (o Oso) RegisterClass(cls interface{}, ctor interface{}) error
- func (o Oso) RegisterClassWithName(cls interface{}, ctor interface{}, name string) error
- func (o Oso) RegisterClassWithNameAndFields(cls interface{}, ctor interface{}, name string, fields map[string]interface{}) error
- func (o Oso) RegisterConstant(value interface{}, name string) error
- func (o Oso) Repl() error
- func (o Oso) SetDataFilteringAdapter(adapter types.Adapter)
- func (o *Oso) SetForbiddenError(forbiddenError func() error)
- func (o *Oso) SetNotFoundError(notFoundError func() error)
- func (o *Oso) SetReadAction(readAction interface{})
- type Polar
- type Query
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Oso ¶
type Oso struct {
// contains filtered or unexported fields
}
The central object to manage policy state and verify requests.
func NewOso ¶
Construct a new Oso instance.
import oso "github.com/osohq/go-oso" if o, err := oso.NewOso(); err != nil { t.Fatalf("Failed to set up Oso: %v", err) }
func (Oso) Authorize ¶ added in v0.20.1
Ensure that `actor` is allowed to perform `action` on `resource`.
If the action is permitted with an `allow` rule in the policy, then this method returns `nil`. If the action is not permitted by the policy, this method will return an error.
The error returned by this method depends on whether the actor can perform the `"read"` action on the resource. If they cannot read the resource, then a `NotFoundError` error is returned. Otherwise, a `ForbiddenError` is returned.
You can customize the errors returned by this function using the `SetReadAction`, `SetForbiddenError`, and `SetNotFoundError` configuration functions.
func (Oso) AuthorizeField ¶ added in v0.20.1
func (o Oso) AuthorizeField(actor interface{}, action interface{}, resource interface{}, field interface{}) error
Ensure that `actor` is allowed to perform `action` on a given `resource`'s `field`.
Checks the `allow_field` rule of a policy.
If the action is permitted by an `allow_field` rule in the policy, then this method returns `nil`. If the action is not permitted by the policy, this method returns a `ForbiddenError`.
func (Oso) AuthorizeRequest ¶ added in v0.20.1
Ensure that `actor` is allowed to send `request` to the server.
Checks the `allow_request` rule of a policy.
If the request is permitted with an `allow_request` rule in the policy, then this method returns `nil`. Otherwise, this method returns a `ForbiddenError`.
func (Oso) AuthorizedActions ¶ added in v0.20.1
func (o Oso) AuthorizedActions(actor interface{}, resource interface{}, allowWildcard bool) (map[interface{}]struct{}, error)
Return a set of actions allowed by the given (actor, resource) combination allowed by the policy.
func (Oso) AuthorizedFields ¶ added in v0.20.1
func (o Oso) AuthorizedFields(actor interface{}, action interface{}, resource interface{}, allowWildcard bool) (map[interface{}]struct{}, error)
Determine the fields of `resource` on which `actor` is allowed to perform `action`.
Uses `allow_field` rules in the policy to find all allowed fields.
func (Oso) AuthorizedQuery ¶ added in v0.25.0
func (Oso) AuthorizedResources ¶ added in v0.25.0
func (Oso) ClearRules ¶
Clear all rules from the Oso knowledge base (i.e., remove all loaded policies).
func (Oso) GetAllowedActions
deprecated
added in
v0.14.0
func (Oso) IsAllowed ¶
Check if an (actor, action, resource) combination is allowed by the policy. Returns the result as a bool, or an error.
func (Oso) LoadFile
deprecated
Load Polar policy from a ".polar" file, checking that all inline queries succeed.
Deprecated: `Oso.LoadFile` has been deprecated in favor of `Oso.LoadFiles` as of the 0.20 release. Please see changelog for migration instructions: https://docs.osohq.com/project/changelogs/2021-09-15.html
func (Oso) LoadFiles ¶ added in v0.20.1
Load Polar policy from ".polar" files, checking that all inline queries succeed.
func (Oso) LoadString ¶
Load Polar policy from a string, checking that all inline queries succeed.
func (Oso) NewQueryFromRule ¶
Create policy query for a rule. Accepts the name of the rule to query, and a variadic list of rule arguments. Returns a new *Query, on which `Next()` can be called to get the next result, or an error.
func (Oso) NewQueryFromStr ¶
Create policy query from a query string. Accepts the string to query for. Returns a new *Query, on which `Next()` can be called to get the next result, or an error.
func (Oso) QueryRule ¶
func (o Oso) QueryRule(name string, args ...interface{}) (<-chan map[string]interface{}, <-chan error)
Query the policy for a rule; the query is run in a new Go routine. Accepts the name of the rule to query, and a variadic list of rule arguments. Returns a channel of resulting binding maps, and a channel for errors. As the query is evaluated, all resulting bindings will be written to the results channel, and any errors will be written to the error channel. The results channel must be completely consumed or it will leak memory.
func (Oso) QueryRuleOnce ¶ added in v0.20.1
Query the policy for a rule, and return true if there are any results. Returns false if there are no results.
func (Oso) QueryStr ¶
Query the policy using a query string; the query is run in a new Go routine. Accepts the string to query for. Returns a channel of resulting binding maps, and a channel for errors. As the query is evaluated, all resulting bindings will be written to the results channel, and any errors will be written to the error channel. The results channel must be completely consumed or it will leak memory.
func (Oso) RegisterClass ¶ added in v0.0.3
Register a Go type so that it can be referenced within Polar files. Accepts a concrete value of the Go type and a constructor function or nil if no constructor is required.
func (Oso) RegisterClassWithName ¶ added in v0.0.3
Register a Go type under a certain name/alias so that it can be referenced within Polar files by that name. Accepts a concrete value of the Go type and a constructor function or nil if no constructor is required.
func (Oso) RegisterClassWithNameAndFields ¶ added in v0.25.0
func (o Oso) RegisterClassWithNameAndFields(cls interface{}, ctor interface{}, name string, fields map[string]interface{}) error
Register a Go type under a certain name/alias so that it can be referenced within Polar files by that name. Accepts a concrete value of the Go type and a constructor function or nil if no constructor is required.
func (Oso) RegisterConstant ¶ added in v0.0.3
Register a Go value as a Polar constant variable called `name`.
func (Oso) Repl ¶ added in v0.11.0
Start the oso repl where you can make queries and see results printed out.
func (Oso) SetDataFilteringAdapter ¶ added in v0.25.0
func (*Oso) SetForbiddenError ¶ added in v0.20.1
Override the default ForbiddenError, returned when authorization fails.
o, _ = oso.NewOso() o.SetForbiddenError(func() error { return &MyCustomError{} })
func (*Oso) SetNotFoundError ¶ added in v0.20.1
Override the default NotFoundError, returned by the Authorize method when a user does not have read permission.
o, _ = oso.NewOso() o.SetNotFoundError(func() error { return &MyCustomError{} })
func (*Oso) SetReadAction ¶ added in v0.20.1
func (o *Oso) SetReadAction(readAction interface{})
Override the "read" action, which is used to differentiate between a NotFoundError and a ForbiddenError on authorization failures.
o, _ = oso.NewOso() o.SetReadAction("READ")
type Query ¶
type Query struct {
// contains filtered or unexported fields
}
Execute a Polar query through the FFI/event interface.
func (*Query) GetAllResults ¶ added in v0.0.3
Executes the query until all results have been returned, and returns results as a list of binding maps.
func (*Query) Next ¶
Get the next query result. Returns a pointer to a map of result bindings, or a nil pointer if there are no results.
func (*Query) SetAcceptExpression ¶ added in v0.24.0
Set whether the Host accepts Expression types from Polar, or raises an error.