-
Notifications
You must be signed in to change notification settings - Fork 3
/
zanzibar.go
58 lines (45 loc) · 1.61 KB
/
zanzibar.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package zanzibar
import (
"context"
"errors"
"github.com/tx7do/kratos-authz/engine"
"github.com/tx7do/kratos-authz/engine/zanzibar/keto"
"github.com/tx7do/kratos-authz/engine/zanzibar/openfga"
)
var _ engine.Engine = (*State)(nil)
type State struct {
ketoClient *keto.Client
openfgaClient *openfga.Client
}
func New(_ context.Context, opts ...OptFunc) (*State, error) {
s := &State{}
for _, opt := range opts {
opt(s)
}
if s.openfgaClient == nil && s.ketoClient == nil {
return nil, errors.New("zanzibar client is nil")
}
return s, nil
}
func (s *State) ProjectsAuthorized(_ context.Context, _ engine.Subjects, _ engine.Action, _ engine.Resource, _ engine.Projects) (engine.Projects, error) {
return engine.Projects{}, nil
}
func (s *State) FilterAuthorizedPairs(_ context.Context, _ engine.Subjects, _ engine.Pairs) (engine.Pairs, error) {
return engine.Pairs{}, nil
}
func (s *State) FilterAuthorizedProjects(_ context.Context, _ engine.Subjects) (engine.Projects, error) {
return engine.Projects{}, nil
}
func (s *State) IsAuthorized(ctx context.Context, subject engine.Subject, action engine.Action, resource engine.Resource, project engine.Project) (bool, error) {
if s.ketoClient != nil {
allow, err := s.ketoClient.GetCheck(ctx, string(project), string(resource), string(action), string(subject))
return allow, err
} else if s.openfgaClient != nil {
allow, err := s.openfgaClient.GetCheck(ctx, string(resource), string(action), string(subject))
return allow, err
}
return false, nil
}
func (s *State) SetPolicies(_ context.Context, _ engine.PolicyMap, _ engine.RoleMap) error {
return nil
}