authorize

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EmailDomain added in v0.0.5 

func EmailDomain(email string) string

EmailDomain returns the domain portion of an email.

func ValidateOptions added in v0.0.5 

func ValidateOptions(o config.Options) error

ValidateOptions checks to see if configuration values are valid for the authorize service. Returns first error, if found.

Types

type Authorize 

type Authorize struct {
	SharedKey string
	// contains filtered or unexported fields
}

Authorize struct holds

func New 

func New(opts config.Options) (*Authorize, error)

New validates and creates a new Authorize service from a set of Options

func (*Authorize) Authorize 

func (a *Authorize) Authorize(ctx context.Context, in *pb.Identity) (*pb.AuthorizeReply, error)

Authorize validates the user identity, device, and context of a request for a given route. Currently only checks identity.

func (*Authorize) IsAdmin added in v0.0.5 

func (a *Authorize) IsAdmin(ctx context.Context, in *pb.Identity) (*pb.IsAdminReply, error)

IsAdmin validates the user is an administrative user.

func (*Authorize) UpdateOptions added in v0.0.5 

func (a *Authorize) UpdateOptions(o config.Options) error

UpdateOptions updates internal structures based on config.Options

func (*Authorize) ValidIdentity 

func (a *Authorize) ValidIdentity(route string, identity *Identity) bool

ValidIdentity returns if an identity is authorized to access a route resource.

type Identity 

type Identity struct {
	User   string
	Email  string
	Groups []string
	// Impersonation
	ImpersonateEmail  string
	ImpersonateGroups []string
}

Identity contains a user's identity information.

func (*Identity) IsImpersonating added in v0.0.5 

func (i *Identity) IsImpersonating() bool

IsImpersonating returns whether the user is trying to impersonate another user email or group.

type IdentityValidator 

type IdentityValidator interface {
	Valid(string, *Identity) bool
	IsAdmin(*Identity) bool
}

IdentityValidator provides an interface to check whether a user has access to a given route.

func NewIdentityWhitelist 

func NewIdentityWhitelist(policies []config.Policy, admins []string) IdentityValidator

NewIdentityWhitelist returns an indentity validator. todo(bdd) : a radix-tree implementation is probably more efficient

type MockIdentityValidator 

type MockIdentityValidator struct {
	ValidResponse   bool
	IsAdminResponse bool
}

MockIdentityValidator is a mock implementation of IdentityValidator

func (*MockIdentityValidator) IsAdmin added in v0.0.5 

func (mv *MockIdentityValidator) IsAdmin(i *Identity) bool

IsAdmin is a mock implementation IdentityValidator's IsAdmin method

func (*MockIdentityValidator) Valid 

func (mv *MockIdentityValidator) Valid(u string, i *Identity) bool

Valid is a mock implementation IdentityValidator's Valid method

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.