mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-02 00:10:45 +02:00
cache : add cache service (#457)
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
parent
8a9cb0f803
commit
dccc7cd2ff
46 changed files with 1837 additions and 587 deletions
71
internal/grpc/authorize/client/authorize_client.go
Normal file
71
internal/grpc/authorize/client/authorize_client.go
Normal file
|
@ -0,0 +1,71 @@
|
|||
package client
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
pb "github.com/pomerium/pomerium/internal/grpc/authorize"
|
||||
"github.com/pomerium/pomerium/internal/sessions"
|
||||
"github.com/pomerium/pomerium/internal/telemetry/trace"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
)
|
||||
|
||||
// Authorizer provides the authorize service interface
|
||||
type Authorizer interface {
|
||||
// Authorize takes a route and user session and returns whether the
|
||||
// request is valid per access policy
|
||||
Authorize(context.Context, string, *sessions.State) (bool, error)
|
||||
// IsAdmin takes a session and returns whether the user is an administrator
|
||||
IsAdmin(context.Context, *sessions.State) (bool, error)
|
||||
// Close closes the auth connection if any.
|
||||
Close() error
|
||||
}
|
||||
|
||||
// Client is a gRPC implementation of an authenticator (authorize client)
|
||||
type Client struct {
|
||||
Conn *grpc.ClientConn
|
||||
client pb.AuthorizerClient
|
||||
}
|
||||
|
||||
// New returns a new authorize service client.
|
||||
func New(conn *grpc.ClientConn) (p *Client, err error) {
|
||||
return &Client{Conn: conn, client: pb.NewAuthorizerClient(conn)}, nil
|
||||
}
|
||||
|
||||
// Authorize takes a route and user session and returns whether the
|
||||
// request is valid per access policy
|
||||
func (c *Client) Authorize(ctx context.Context, route string, s *sessions.State) (bool, error) {
|
||||
ctx, span := trace.StartSpan(ctx, "grpc.authorize.client.Authorize")
|
||||
defer span.End()
|
||||
|
||||
if s == nil {
|
||||
return false, errors.New("session cannot be nil")
|
||||
}
|
||||
response, err := c.client.Authorize(ctx, &pb.Identity{
|
||||
Route: route,
|
||||
User: s.User,
|
||||
Email: s.Email,
|
||||
Groups: s.Groups,
|
||||
ImpersonateEmail: s.ImpersonateEmail,
|
||||
ImpersonateGroups: s.ImpersonateGroups,
|
||||
})
|
||||
return response.GetIsValid(), err
|
||||
}
|
||||
|
||||
// IsAdmin takes a session and returns whether the user is an administrator
|
||||
func (c *Client) IsAdmin(ctx context.Context, s *sessions.State) (bool, error) {
|
||||
ctx, span := trace.StartSpan(ctx, "grpc.authorize.client.IsAdmin")
|
||||
defer span.End()
|
||||
|
||||
if s == nil {
|
||||
return false, errors.New("session cannot be nil")
|
||||
}
|
||||
response, err := c.client.IsAdmin(ctx, &pb.Identity{Email: s.Email, Groups: s.Groups})
|
||||
return response.GetIsAdmin(), err
|
||||
}
|
||||
|
||||
// Close tears down the ClientConn and all underlying connections.
|
||||
func (c *Client) Close() error {
|
||||
return c.Conn.Close()
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue