Categorygithub.com/eko/authz/sdk
modulepackage
0.8.3
Repository: https://github.com/eko/authz.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
7
Dependents
1
Files
75 SLOC

# README

Authz Go SDK

This is the Authz development kit for Go.

Installation

You can install in your projects by importing the following dependency:

$ go get github.com/eko/authz/sdk@latest

Usage

You have to instanciate a new Authz Client in your code by doing:

authzClient, err := sdk.NewClient(&sdk.Config{
    ClientID: "your-client-id",
    ClientSecret: "your-client-secret",
    GrpcAddr: "localhost:8081",
})

Once the client is instanciate, you have access to all the gRPC methods and also some overridden ones.

In order to create a new Principal, you can use

response, err := authzClient.PrincipalCreate(ctx, &authz.PrincipalCreateRequest{
    Id: "user-123",
    Attributes: []*authz.Attribute{
        {Key: "email", Value: "[email protected]"},
    },
})

To declare a new resource:

response, err := authzClient.ResourceCreate(ctx, &authz.ResourceCreateRequest{
    Id: "post.456",
    Kind: "post",
    Value: "456",
    Attributes: []*authz.Attribute{
        {Key: "owner_email", Value: "[email protected]"},
    },
})

You can also declare a new policy this way:

import (
    "github.com/eko/authz/backend/sdk/rule"
)

response, err := authzClient.PolicyCreate(ctx, &authz.PolicyCreateRequest{
    Id: "post-owners",
    Resources: []string{"post.*"},
    Actions: []string{"edit", "delete"},
    AttributeRules: []string{
        rule.AttributeEqual(
            rule.PrincipalResourceAttribute{
                PrincipalAttribute: "email",
                ResourceAttribute:  "owner_email",
            },
        ),
    },
})

Then, you can perform a check with:

isAllowed, err := authzClient.IsAllowed(&authz.Check{
    Principal: "user-123",
    ResourceKind: "post",
    ResourceValue: "456",
    Action: "edit",
})
if err != nil {
    // Log error
}

if isAllowed {
    // Do something
}

Please note that you have access to all the gRPC methods declared here in the proto file.

Configuration

This SDK connects over gRPC to the backend service. Here are the available configuration options:

PropertyDefault valueDescription
ClientIDNoneYour service account client id used to authenticate
ClientSecretNoneYour service account client secret key used to authenticate
GrpcAddr127.0.0.1:8081Authz backend to connect to

Test

Unit tests can be run with:

$ go test -v -race -count=1 ./...

# Packages

No description provided by the author
No description provided by the author
No description provided by the author

# Functions

No description provided by the author

# Variables

DefaultConfig is the default configuration to use.

# Structs

Config represents the SDK configuration values.

# Interfaces

No description provided by the author