authz

package
v0.5.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package authz is the principal + capability model: it maps an authenticated principal to a per-database access Level. It is deliberately neutral — it knows nothing about HOW a principal authenticated (that is package auth) or which transport carried the request — so both the auth middleware (which sets the request principal) and the HTTP handler (which enforces the level) depend only on this package, never on each other.

Index

Constants

View Source
const Wildcard = "*"

Wildcard is the grant subject that matches every principal, including the anonymous one.

Variables

View Source
var Anonymous = &Principal{Name: "", Method: "none"}

Anonymous is the identity of an unauthenticated request on a listener that admits `none`. It holds no named grants — only wildcard (`*`) grants and open mode apply to it.

Functions

func NewContext

func NewContext(ctx context.Context, p *Principal) context.Context

NewContext returns a copy of ctx carrying the authenticated principal.

Types

type Level

type Level int

Level is a principal's capability on one database. The zero value (None) is "no access", so an unset grant fails closed.

const (
	None      Level = iota // no access
	ReadOnly               // may read (SELECT and friends)
	ReadWrite              // may read and write
	Admin                  // read/write plus control-plane admin (Phase 6)
)

func ParseLevel

func ParseLevel(s string) (Level, bool)

ParseLevel maps a config level string to a Level.

func (Level) CanAdmin

func (l Level) CanAdmin() bool

CanAdmin reports whether the level permits control-plane admin.

func (Level) CanRead

func (l Level) CanRead() bool

CanRead reports whether the level permits reads.

func (Level) CanWrite

func (l Level) CanWrite() bool

CanWrite reports whether the level permits writes.

func (Level) String

func (l Level) String() string

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

Policy is the compiled grant table: database → principal → Level. A named principal's effective level on a database is the max of its explicit grant and any wildcard (`*`) grant. In open mode (no auth configured anywhere) every principal gets ReadWrite on every database, preserving the pre-auth bind-to-localhost behavior until the operator configures grants.

Policy is safe for concurrent use: requests read levels while the control plane grants for a runtime-created database.

func NewPolicy

func NewPolicy(open bool) *Policy

NewPolicy builds an empty policy. open=true selects open mode.

func (*Policy) Grant

func (p *Policy) Grant(db, principal string, level Level)

Grant records that principal (a name or Wildcard) has at least level on db. Re-granting keeps the highest level.

func (*Policy) Level

func (p *Policy) Level(pr *Principal, db string) Level

Level returns the effective capability of pr on db.

func (*Policy) Open

func (p *Policy) Open() bool

Open reports whether the policy is in open (no-auth-configured) mode.

func (*Policy) Revoke

func (p *Policy) Revoke(db string)

Revoke drops every grant on db, so a later database that reuses the name does not inherit the old database's privileges. Called when the control plane detaches a database.

type Principal

type Principal struct {
	Name   string
	Method string
}

Principal is an authenticated identity. The anonymous principal has an empty Name; Method records how it authenticated ("none", "bearer", "mtls", …) for logging and audit.

func FromContext

func FromContext(ctx context.Context) *Principal

FromContext returns the principal set by the auth middleware, or Anonymous if none was set (so a handler always has a non-nil principal to reason about).

func (*Principal) IsAnonymous

func (p *Principal) IsAnonymous() bool

IsAnonymous reports whether p is the anonymous (unnamed) principal.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL