Documentation ¶
Overview ¶
Package opa implements the policy evaluator interface to make authorization decisions.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct { // AuthorizationPolicy accepts custom rego code which can be used to // apply custom authorization policy. // Defaults to authorization policy defined in config.yaml's policy. AuthorizationPolicy string // Data maps data that will be bound and Data map[string]interface{} }
Options represent OPA's evaluator configurations.
type PolicyEvaluator ¶
type PolicyEvaluator struct {
// contains filtered or unexported fields
}
PolicyEvaluator implements the evaluator interface using the open policy agent framework. The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. https://www.openpolicyagent.org/docs/latest/
func New ¶
func New(ctx context.Context, opts *Options) (*PolicyEvaluator, error)
New creates a new OPA policy evaluator.
func (*PolicyEvaluator) IsAuthorized ¶
func (pe *PolicyEvaluator) IsAuthorized(ctx context.Context, input interface{}) (*pb.IsAuthorizedReply, error)
IsAuthorized determines if a given request input is authorized.
func (*PolicyEvaluator) PutData ¶
func (pe *PolicyEvaluator) PutData(ctx context.Context, data map[string]interface{}) error
PutData adds (or replaces if the mapping key is the same) contextual data for making policy decisions.
func (*PolicyEvaluator) UpdatePolicy ¶
func (pe *PolicyEvaluator) UpdatePolicy(ctx context.Context, authz string) error
UpdatePolicy takes authorization and privilege access management rego code as an input and updates the prepared policy evaluator.