Categorygithub.com/eko/authz/sdk
package
0.8.3
Repository: https://github.com/eko/authz.git
Documentation: pkg.go.dev
Overview
Dependencies
7
Dependents
1

# Packages

No description provided by the author
No description provided by the author
No description provided by the author

# README

Authz Go SDK

This is the Authz development kit for Go.

Installation

You can install in your projects by importing the following dependency:

$ go get github.com/eko/authz/sdk@latest

Usage

You have to instanciate a new Authz Client in your code by doing:

authzClient, err := sdk.NewClient(&sdk.Config{
    ClientID: "your-client-id",
    ClientSecret: "your-client-secret",
    GrpcAddr: "localhost:8081",
})

Once the client is instanciate, you have access to all the gRPC methods and also some overridden ones.

In order to create a new Principal, you can use

response, err := authzClient.PrincipalCreate(ctx, &authz.PrincipalCreateRequest{
    Id: "user-123",
    Attributes: []*authz.Attribute{
        {Key: "email", Value: "[email protected]"},
    },
})

To declare a new resource:

response, err := authzClient.ResourceCreate(ctx, &authz.ResourceCreateRequest{
    Id: "post.456",
    Kind: "post",
    Value: "456",
    Attributes: []*authz.Attribute{
        {Key: "owner_email", Value: "[email protected]"},
    },
})

You can also declare a new policy this way:

import (
    "github.com/eko/authz/backend/sdk/rule"
)

response, err := authzClient.PolicyCreate(ctx, &authz.PolicyCreateRequest{
    Id: "post-owners",
    Resources: []string{"post.*"},
    Actions: []string{"edit", "delete"},
    AttributeRules: []string{
        rule.AttributeEqual(
            rule.PrincipalResourceAttribute{
                PrincipalAttribute: "email",
                ResourceAttribute:  "owner_email",
            },
        ),
    },
})

Then, you can perform a check with:

isAllowed, err := authzClient.IsAllowed(&authz.Check{
    Principal: "user-123",
    ResourceKind: "post",
    ResourceValue: "456",
    Action: "edit",
})
if err != nil {
    // Log error
}

if isAllowed {
    // Do something
}

Please note that you have access to all the gRPC methods declared here in the proto file.

Configuration

This SDK connects over gRPC to the backend service. Here are the available configuration options:

PropertyDefault valueDescription
ClientIDNoneYour service account client id used to authenticate
ClientSecretNoneYour service account client secret key used to authenticate
GrpcAddr127.0.0.1:8081Authz backend to connect to

Test

Unit tests can be run with:

$ go test -v -race -count=1 ./...