# Functions
AddOuterParens adds outer parentheses only if required.
EntitlementsCtxOp is a simple operator to manipulate over entitled features in context.
FlattenRawEntitledFeatures flattens raw entitled_features into an array The raw JSON-unmarshaled entitled_features is of the form: map[string]interface {}{"lic":[]interface {}{"dhcp", "ipam"}, "rpz":[]interface {}{"bogon", "malware"}}} Returns flattened array of the form: []string{"lic.dhcp", "lic.ipam", "rpz.bogon", "rpz.malware"}.
FromContext retrieves authZ information from the Context.
IsNilInterface returns whether the interface parameter is nil Ref: https://mangatmodi.medium.com/go-check-nil-interface-the-right-way-d142776edef1.
No description provided by the author
NewDefaultConfig returns a new default Config.
NullClaimsVerifier does nothing and just returns non-error empty bearer string.
StreamServerInterceptor returns a new Stream client interceptor that optionally logs the execution of external gRPC calls.
UnaryServerInterceptor returns a new unary client interceptor that optionally logs the execution of external gRPC calls.
UnverifiedClaimFromBearers parses JWT claims from 'bearer' and 'newBearer' strings, and returns the chosen valid bearer string ('newBearer' has precedence over 'bearer').
WithAcctEntitlementsApiPath overrides default AcctEntitlementsApiPath.
WithAddress.
WithAuthorizer overrides the request/response processing of OPA.
WithClaimsVerifier overrides default ClaimsVerifier.
WithDecisionInputHandler supplies optional DecisionInputHandler for DefaultAuthorizer to obtain additional input for OPA ABAC decision processing.
WithEntitledServices overrides default EntitledServices.
WithHTTPClient overrides the http.Client used to call Opa.
WithOpaClienter overrides the Clienter used to call Opa.
WithOpaEvaluator overrides the OpaEvaluator use to evaluate authorization against OPA.
# Constants
DefaultAcctEntitlementsApiPath is default OPA path to fetch acct entitlements.
DefaultValidatePath is default OPA path to perform authz validation.
EntitledFeaturesKey is the entitled_features key stored in the caller's context.
No description provided by the author
The different kinds of ObligationsNode.
The different kinds of ObligationsNode.
Default "zero" value for uninitialized ObligationsEnum.
The different kinds of ObligationsNode.
No description provided by the author
No description provided by the author
No description provided by the author
# Variables
Application is set at initization.
No description provided by the author
No description provided by the author
ErrInvalidEntitledFeatures is returned upon invalid entitled_features.
ErrInvalidObligations is returned upon invalid obligations.
No description provided by the author
No description provided by the author
Override to set your servicename.
# Structs
AcctEntitlementsApiInput is the input payload for acct_entitlements_api.
AcctEntitlementsApiResult is the data type json.Unmarshaled from OPA RESTAPI query to acct_entitlements_api.
No description provided by the author
DecisionInput is app/service-specific data supplied by app/service ABAC requests.
No description provided by the author
DefaultDecisionInputer is an example DecisionInputHandler that is used as default.
ObligationsNode defines the generic obligations tree returned by middleware in the context.
OPARequest is used to query OPA.
No description provided by the author
WrappedSrvStream allows modifying context.
# Interfaces
Authorizer interface is implemented for making arbitrary requests to Opa.
fullMethod is of the form "Service.FullMethod".
# Type aliases
ABACKey is a context.Context key type.
AcctEntitlementsType is a convenience data type, returned by GetAcctEntitlements() (map of acct_id to map of service to array of features).
No description provided by the author
No description provided by the author
EntitledFeaturesKeyType is the type of the entitled_features key stored in the caller's context.
No description provided by the author
ObligationsEnum enumerates the different kinds of ObligationsNode.
OpaEvaluator implements calling OPA with a request and receiving the raw response.
OPAResponse unmarshals the response from OPA into a generic untyped structure.
No description provided by the author