Categorygithub.com/infobloxopen/atlas-authz-middleware/v2
2.2.0
Repository: https://github.com/infobloxopen/atlas-authz-middleware.git
Documentation: pkg.go.dev
Overview
Dependencies
0
Dependents
0

# Packages

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# README

Direct (Non-GRPC-Interceptor) Usage

import opamw "github.com/infobloxopen/atlas-authz-middleware/grpc_opa"

// Create Authorizer with example options
authzer := opamw.NewDefaultAuthorizer(
    viper.GetString("app.id"),
    opamw.WithAddress(opa_client.DefaultAddress),
    opamw.WithDecisionInputHandler(&myDecisionInputer{}),
)

// AffirmAuthorization makes an authz request to sidecar-OPA.
// If authorization is permitted, error returned is nil,
// and a new context is returned, possibly containing obligations.
// Caller must further evaluate obligations if required.
newCtx, err := authzer.AffirmAuthorization(ctx, "MyService.MyMethod", nil)

if err == nil {
    // Operation is permitted, fetch and process obligations
    if newCtx != nil {
        obVal := newCtx.Value(opamw.ObKey)
        if obVal != nil {
            obTree, ok := obVal.(opamw.ObligationsNode)
            if ok && obTree != nil  && !obTree.IsShallowEmpty() {
                // process any obligations in obTree if required
            }
        }
    }
}

GRPC Unary Interceptor Usage

import opamw "github.com/infobloxopen/atlas-authz-middleware/grpc_opa"

// Create unary-interceptor with example options
authzOpaInterceptor := opamw.UnaryServerInterceptor(
    viper.GetString("app.id"),
    opamw.WithAddress(opa_client.DefaultAddress),
    opamw.WithDecisionInputHandler(&myDecisionInputer{}),
)

interceptors = append(interceptors, authzOpaInterceptor)