Documentation
¶
Overview ¶
Package authorizer provides an Ory Keto adapter implementation for the security.Authorizer interface.
Index ¶
- Variables
- func NewAuditLogger(config AuditLoggerConfig) security.AuditLogger
- func NewKetoAdapter(cfg config.ConfigurationAuthorization, cl client.Manager, ...) security.Authorizer
- func NewNoOpAuditLogger() security.AuditLogger
- type AuditLoggerConfig
- type AuthzServiceError
- type NoOpAuditLogger
- type PermissionDeniedError
Constants ¶
This section is empty.
Variables ¶
var ( // ErrPermissionDenied indicates the subject lacks the required permission. ErrPermissionDenied = errors.New("permission denied") // ErrInvalidObject indicates an invalid object reference. ErrInvalidObject = errors.New("invalid object reference") // ErrInvalidSubject indicates an invalid subject reference. ErrInvalidSubject = errors.New("invalid subject reference") // ErrTupleNotFound indicates the relationship tuple was not found. ErrTupleNotFound = errors.New("relationship tuple not found") // ErrTupleAlreadyExists indicates the relationship tuple already exists. ErrTupleAlreadyExists = errors.New("relationship tuple already exists") // ErrAuthzServiceDown indicates the authorization service is unavailable. ErrAuthzServiceDown = errors.New("authorization service unavailable") // ErrInvalidPermission indicates an invalid permission was requested. ErrInvalidPermission = errors.New("invalid permission") // ErrInvalidRole indicates an invalid role was specified. ErrInvalidRole = errors.New("invalid role") )
Functions ¶
func NewAuditLogger ¶
func NewAuditLogger(config AuditLoggerConfig) security.AuditLogger
NewAuditLogger creates a new AuditLogger with the given configuration.
func NewKetoAdapter ¶
func NewKetoAdapter( cfg config.ConfigurationAuthorization, cl client.Manager, auditLogger security.AuditLogger, ) security.Authorizer
NewKetoAdapter creates a new Keto adapter with the given configuration.
func NewNoOpAuditLogger ¶
func NewNoOpAuditLogger() security.AuditLogger
NewNoOpAuditLogger creates a new no-op audit logger.
Types ¶
type AuditLoggerConfig ¶
type AuditLoggerConfig struct {
// SampleRate is the fraction of decisions to log (0.0 to 1.0).
SampleRate float64
}
AuditLoggerConfig holds configuration for the audit logger.
type AuthzServiceError ¶
AuthzServiceError wraps authorization service errors with context.
func NewAuthzServiceError ¶
func NewAuthzServiceError(operation string, cause error) *AuthzServiceError
NewAuthzServiceError creates a new AuthzServiceError.
func (*AuthzServiceError) Error ¶
func (e *AuthzServiceError) Error() string
Error implements the error interface.
func (*AuthzServiceError) Is ¶
func (e *AuthzServiceError) Is(target error) bool
Is allows checking error type.
func (*AuthzServiceError) Unwrap ¶
func (e *AuthzServiceError) Unwrap() error
Unwrap returns the cause for error wrapping support.
type NoOpAuditLogger ¶
type NoOpAuditLogger struct{}
NoOpAuditLogger is an audit logger that does nothing.
func (*NoOpAuditLogger) LogDecision ¶
func (n *NoOpAuditLogger) LogDecision( _ context.Context, _ security.CheckRequest, _ security.CheckResult, _ map[string]string, ) error
LogDecision implements AuditLogger but does nothing.
type PermissionDeniedError ¶
type PermissionDeniedError struct {
Object security.ObjectRef
Permission string
Subject security.SubjectRef
Reason string
}
PermissionDeniedError provides detailed denial information.
func NewPermissionDeniedError ¶
func NewPermissionDeniedError( object security.ObjectRef, permission string, subject security.SubjectRef, reason string, ) *PermissionDeniedError
NewPermissionDeniedError creates a new PermissionDeniedError.
func (*PermissionDeniedError) Error ¶
func (e *PermissionDeniedError) Error() string
Error implements the error interface.
func (*PermissionDeniedError) Is ¶
func (e *PermissionDeniedError) Is(target error) bool
Is allows checking if an error is a PermissionDeniedError.
func (*PermissionDeniedError) Unwrap ¶
func (e *PermissionDeniedError) Unwrap() error
Unwrap returns the base error for error wrapping support.
Source Files