authorize

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2022 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Overview

Package authorize is a pomerium service that is responsible for determining if a given request should be authorized (AuthZ).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessTracker added in v0.17.3 

type AccessTracker struct {
	// contains filtered or unexported fields
}

A AccessTracker tracks accesses to sessions

func NewAccessTracker added in v0.17.3 

func NewAccessTracker(
	provider AccessTrackerProvider,
	maxSize int,
	debouncePeriod time.Duration,
) *AccessTracker

NewAccessTracker creates a new SessionAccessTracker.

func (*AccessTracker) Run added in v0.17.3 

func (tracker *AccessTracker) Run(ctx context.Context)

Run runs the access tracker.

func (*AccessTracker) TrackServiceAccountAccess added in v0.17.3 

func (tracker *AccessTracker) TrackServiceAccountAccess(serviceAccountID string)

TrackServiceAccountAccess tracks a service account access.

func (*AccessTracker) TrackSessionAccess added in v0.17.3 

func (tracker *AccessTracker) TrackSessionAccess(sessionID string)

TrackSessionAccess tracks a session access.

type AccessTrackerProvider added in v0.17.3 

type AccessTrackerProvider interface {
	GetDataBrokerServiceClient() databroker.DataBrokerServiceClient
}

A AccessTrackerProvider provides the databroker service client for tracking session access.

type Authorize 

type Authorize struct {
	// contains filtered or unexported fields
}

Authorize struct holds

func New 

func New(cfg *config.Config) (*Authorize, error)

New validates and creates a new Authorize service from a set of config options.

func (*Authorize) Check added in v0.9.0 

func (a *Authorize) Check(ctx context.Context, in *envoy_service_auth_v3.CheckRequest) (out *envoy_service_auth_v3.CheckResponse, err error)

Check implements the envoy auth server gRPC endpoint.

func (*Authorize) GetDataBrokerServiceClient added in v0.17.3 

func (a *Authorize) GetDataBrokerServiceClient() databroker.DataBrokerServiceClient

GetDataBrokerServiceClient returns the current DataBrokerServiceClient.

func (*Authorize) OnConfigChange added in v0.10.0 

func (a *Authorize) OnConfigChange(ctx context.Context, cfg *config.Config)

OnConfigChange updates internal structures based on config.Options

func (*Authorize) Run added in v0.10.0 

func (a *Authorize) Run(ctx context.Context) error

Run runs the authorize service.

Source Files

View all Source files

Directories

Path Synopsis
Package evaluator contains rego evaluators for evaluating authorize policy.
 Package evaluator contains rego evaluators for evaluating authorize policy.
opa
Package opa implements the policy evaluator interface to make authorization decisions.
 Package opa implements the policy evaluator interface to make authorization decisions.
internal
store
Package store contains a datastore for authorization policy evaluation.
 Package store contains a datastore for authorization policy evaluation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.