AddOuterParens adds outer parentheses only if required.

EntitlementsCtxOp is a simple operator to manipulate over entitled features in context.

FlattenRawEntitledFeatures flattens raw entitled_features into an array The raw JSON-unmarshaled entitled_features is of the form: map[string]interface {}{"lic":[]interface {}{"dhcp", "ipam"}, "rpz":[]interface {}{"bogon", "malware"}}} Returns flattened array of the form: []string{"lic.dhcp", "lic.ipam", "rpz.bogon", "rpz.malware"}.

FromContext retrieves authZ information from the Context.

IsNilInterface returns whether the interface parameter is nil Ref: https://mangatmodi.medium.com/go-check-nil-interface-the-right-way-d142776edef1.

NewDefaultConfig returns a new default Config.

NullClaimsVerifier does nothing and just returns non-error empty bearer string.

StreamServerInterceptor returns a new Stream client interceptor that optionally logs the execution of external gRPC calls.

UnaryServerInterceptor returns a new unary client interceptor that optionally logs the execution of external gRPC calls.

UnverifiedClaimFromBearers parses JWT claims from 'bearer' and 'newBearer' strings, and returns the chosen valid bearer string ('newBearer' has precedence over 'bearer').

WithAcctEntitlementsApiPath overrides default AcctEntitlementsApiPath.

WithAddress.

WithAuthorizer overrides the request/response processing of OPA.

WithClaimsVerifier overrides default ClaimsVerifier.

WithDecisionInputHandler supplies optional DecisionInputHandler for DefaultAuthorizer to obtain additional input for OPA ABAC decision processing.

WithEntitledServices overrides default EntitledServices.

WithHTTPClient overrides the http.Client used to call Opa.

WithOpaClienter overrides the Clienter used to call Opa.

WithOpaEvaluator overrides the OpaEvaluator use to evaluate authorization against OPA.

DefaultAcctEntitlementsApiPath is default OPA path to fetch acct entitlements.

DefaultValidatePath is default OPA path to perform authz validation.

EntitledFeaturesKey is the entitled_features key stored in the caller's context.

The different kinds of ObligationsNode.

The different kinds of ObligationsNode.

Default "zero" value for uninitialized ObligationsEnum.

The different kinds of ObligationsNode.

Application is set at initization.

ErrInvalidEntitledFeatures is returned upon invalid entitled_features.

ErrInvalidObligations is returned upon invalid obligations.

Override to set your servicename.

AcctEntitlementsApiInput is the input payload for acct_entitlements_api.

AcctEntitlementsApiResult is the data type json.Unmarshaled from OPA RESTAPI query to acct_entitlements_api.

DecisionInput is app/service-specific data supplied by app/service ABAC requests.

DefaultDecisionInputer is an example DecisionInputHandler that is used as default.

ObligationsNode defines the generic obligations tree returned by middleware in the context.

OPARequest is used to query OPA.

WrappedSrvStream allows modifying context.

Authorizer interface is implemented for making arbitrary requests to Opa.

fullMethod is of the form "Service.FullMethod".

ABACKey is a context.Context key type.

AcctEntitlementsType is a convenience data type, returned by GetAcctEntitlements() (map of acct_id to map of service to array of features).

EntitledFeaturesKeyType is the type of the entitled_features key stored in the caller's context.

ObligationsEnum enumerates the different kinds of ObligationsNode.

OpaEvaluator implements calling OPA with a request and receiving the raw response.

OPAResponse unmarshals the response from OPA into a generic untyped structure.