authorizer

package

v1.76.0 Latest Latest Go to latest Published: Feb 27, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pitabwire/frame

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authorizer provides an Ory Keto adapter implementation for the security.Authorizer interface.

Index ¶

Variables
func NewAuditLogger(config AuditLoggerConfig) security.AuditLogger
func NewKetoAdapter(cfg config.ConfigurationAuthorization, auditLogger security.AuditLogger) security.Authorizer
func NewNoOpAuditLogger() security.AuditLogger
func ToConnectError(err error) error
type AuditLoggerConfig
type AuthzServiceError
- func NewAuthzServiceError(operation string, cause error) *AuthzServiceError
- func (e *AuthzServiceError) Error() string
- func (e *AuthzServiceError) Is(target error) bool
- func (e *AuthzServiceError) Unwrap() error
type NoOpAuditLogger
- func (n *NoOpAuditLogger) LogDecision(_ context.Context, _ security.CheckRequest, _ security.CheckResult, ...) error
type PermissionDeniedError
- func NewPermissionDeniedError(object security.ObjectRef, permission string, subject security.SubjectRef, ...) *PermissionDeniedError
- func (e *PermissionDeniedError) Error() string
- func (e *PermissionDeniedError) Is(target error) bool
- func (e *PermissionDeniedError) Unwrap() error
type TenancyAccessChecker
- func NewTenancyAccessChecker(auth security.Authorizer, objectNamespace string, ...) *TenancyAccessChecker
- func (c *TenancyAccessChecker) Check(ctx context.Context, permission string) error
type TenancyAccessDeniedFunc
type TenantPermissionCheckerOption
- func WithOnTenancyAccessDenied(fn TenancyAccessDeniedFunc) TenantPermissionCheckerOption
- func WithSubjectNamespace(ns string) TenantPermissionCheckerOption

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrPermissionDenied indicates the subject lacks the required permission.
	ErrPermissionDenied = errors.New("permission denied")

	// ErrInvalidObject indicates an invalid object reference.
	ErrInvalidObject = errors.New("invalid object reference")

	// ErrInvalidSubject indicates an invalid subject reference.
	ErrInvalidSubject = errors.New("invalid subject reference")

	// ErrTupleNotFound indicates the relationship tuple was not found.
	ErrTupleNotFound = errors.New("relationship tuple not found")

	// ErrTupleAlreadyExists indicates the relationship tuple already exists.
	ErrTupleAlreadyExists = errors.New("relationship tuple already exists")

	// ErrAuthzServiceDown indicates the authorization service is unavailable.
	ErrAuthzServiceDown = errors.New("authorization service unavailable")

	// ErrInvalidPermission indicates an invalid permission was requested.
	ErrInvalidPermission = errors.New("invalid permission")

	// ErrInvalidRole indicates an invalid role was specified.
	ErrInvalidRole = errors.New("invalid role")
)

Functions ¶

func NewAuditLogger ¶

func NewAuditLogger(config AuditLoggerConfig) security.AuditLogger

NewAuditLogger creates a new AuditLogger with the given configuration.

func NewKetoAdapter ¶

func NewKetoAdapter(
	cfg config.ConfigurationAuthorization,
	auditLogger security.AuditLogger,
) security.Authorizer

NewKetoAdapter creates a new Keto adapter with the given configuration.

func NewNoOpAuditLogger ¶

func NewNoOpAuditLogger() security.AuditLogger

NewNoOpAuditLogger creates a new no-op audit logger.

func ToConnectError ¶ added in v1.76.0

func ToConnectError(err error) error

ToConnectError translates authorization errors into ConnectRPC error codes.

Mapping:

ErrInvalidSubject / ErrInvalidObject → CodeUnauthenticated
PermissionDeniedError → CodePermissionDenied
everything else → CodeInternal

Types ¶

type AuditLoggerConfig ¶

type AuditLoggerConfig struct {
	// SampleRate is the fraction of decisions to log (0.0 to 1.0).
	SampleRate float64
}

AuditLoggerConfig holds configuration for the audit logger.

type AuthzServiceError ¶

type AuthzServiceError struct {
	Operation string
	Cause     error
}

AuthzServiceError wraps authorization service errors with context.

func NewAuthzServiceError ¶

func NewAuthzServiceError(operation string, cause error) *AuthzServiceError

NewAuthzServiceError creates a new AuthzServiceError.

func (*AuthzServiceError) Error ¶

func (e *AuthzServiceError) Error() string

Error implements the error interface.

func (*AuthzServiceError) Is ¶

func (e *AuthzServiceError) Is(target error) bool

Is allows checking error type.

func (*AuthzServiceError) Unwrap ¶

func (e *AuthzServiceError) Unwrap() error

Unwrap returns the cause for error wrapping support.

type NoOpAuditLogger ¶

type NoOpAuditLogger struct{}

NoOpAuditLogger is an audit logger that does nothing.

func (*NoOpAuditLogger) LogDecision ¶

func (n *NoOpAuditLogger) LogDecision(
	_ context.Context,
	_ security.CheckRequest,
	_ security.CheckResult,
	_ map[string]string,
) error

LogDecision implements AuditLogger but does nothing.

type PermissionDeniedError ¶

type PermissionDeniedError struct {
	Object     security.ObjectRef
	Permission string
	Subject    security.SubjectRef
	Reason     string
}

PermissionDeniedError provides detailed denial information.

func NewPermissionDeniedError ¶

func NewPermissionDeniedError(
	object security.ObjectRef,
	permission string,
	subject security.SubjectRef,
	reason string,
) *PermissionDeniedError

NewPermissionDeniedError creates a new PermissionDeniedError.

func (*PermissionDeniedError) Error ¶

func (e *PermissionDeniedError) Error() string

Error implements the error interface.

func (*PermissionDeniedError) Is ¶

func (e *PermissionDeniedError) Is(target error) bool

Is allows checking if an error is a PermissionDeniedError.

func (*PermissionDeniedError) Unwrap ¶

func (e *PermissionDeniedError) Unwrap() error

Unwrap returns the base error for error wrapping support.

type TenancyAccessChecker ¶ added in v1.76.0

type TenancyAccessChecker struct {
	// contains filtered or unexported fields
}

TenancyAccessChecker extracts claims from context, builds a CheckRequest against a tenant-scoped object namespace, and calls the authorizer. For system_internal callers it supports a self-healing callback that provisions missing tuples and retries.

func NewTenancyAccessChecker ¶ added in v1.76.0

func NewTenancyAccessChecker(
	auth security.Authorizer,
	objectNamespace string,
	opts ...TenantPermissionCheckerOption,
) *TenancyAccessChecker

NewTenancyAccessChecker creates a checker that verifies permissions against objectNamespace using the provided authorizer.

func (*TenancyAccessChecker) Check ¶ added in v1.76.0

func (c *TenancyAccessChecker) Check(ctx context.Context, permission string) error

Check verifies that the caller in ctx has the given permission on the tenant identified in their claims.

type TenancyAccessDeniedFunc ¶ added in v1.76.0

type TenancyAccessDeniedFunc func(ctx context.Context, auth security.Authorizer, tenantID, subjectID string) error

TenancyAccessDeniedFunc is called when a system_internal caller is denied permission. It should provision the necessary tuples so that a retry succeeds.

type TenantPermissionCheckerOption ¶ added in v1.76.0

type TenantPermissionCheckerOption func(*TenancyAccessChecker)

TenantPermissionCheckerOption configures a TenancyAccessChecker.

func WithOnTenancyAccessDenied ¶ added in v1.76.0

func WithOnTenancyAccessDenied(fn TenancyAccessDeniedFunc) TenantPermissionCheckerOption

WithOnTenancyAccessDenied registers a callback invoked when a system_internal caller is denied. The callback should provision the required tuples so that a subsequent retry can succeed.

func WithSubjectNamespace ¶ added in v1.76.0

func WithSubjectNamespace(ns string) TenantPermissionCheckerOption

WithSubjectNamespace overrides the default subject namespace (security.NamespaceProfile).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL