Categorygo.alis.build/authz
modulepackage
0.11.1
Repository: https://github.com/alis-exchange/go-alis-build.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
23
Dependents
1
Files
800 SLOC

# README

Autz: A simple Authorization package based on the Google IAM Policy framework

Creating a simple Authorization package based on the Google IAM (Identity and Access Management) Policy framework involves defining and managing access controls for resources.

This package does not handle the identification / authn part of the IAM framework. It only deals with the Authorisation / Authz side of the framework. It authorises whether a particular Principal (user or service account) is able to perform a particular Permission (Get, Update, List, etc.) on a particular Resource. A resource is defined in the context of a Resource Driven development framework as defined at RDD inline with the API Improvement Proposals

# Functions

Returns a new PolicySource for the given resource which is not implemented locally and thus requires a gRPC client to fetch the policy.
Creates a new HttpAuthorizer with the given authHost.
Create a new server authorizer from the given roles and deployment service account email.
Returns a new PolicySource for the given resource which is implemented locally and thus can be fetched directly from the locally implemented server.

# Constants

One of the headers that cloudrun uses to send the JWT token of the authorized requester.
The header that this package uses to forward the JWT token of the authorized requester.
The header that Google Cloud IAP uses to forward the JWT token of the authorized requester.
The header that Google Cloud ESPv2 proxy uses to forward the JWT token of the authorized requester.
One of the headers that cloudrun uses to send the JWT token of the authorized requester.

# Structs

An authorizer lives for the duration of a grpc method call and is used to authorize the requester while providing access to the policy cache and the member cache to prevent redundant calls.
No description provided by the author
A PolicyFetcher is used to fetch/add policies that will be used for authorization.
A source of an IAM policy, consisting of the resource name and a function to get the policy.
No description provided by the author
An object that contains the role ids and the resource types where the roles could be stored in policies.
A server authorizer is setup once per grpc server and contains static information about the roles, permissions and functions to resolve group memberships.