github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-06 11:01:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
4668e94027
drone/internal/auth/authz/unsafe.go
Johannes Batzill 4668e94027 [Harness] Adding JWT/PAT/SAT Support, Harness Clients, Inline User/ServiceAccount Creation, harness Build flag, ... (#22) 
This change adds the initial stepping stones for harness integration:
- Authentication: JWT/PAT/SAT support
- Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet)
- Remote Clients for Token, User, ServiceAccount, ACL
- User Integration: Syncs harness users during authentication if unknown
- SA integration: syncs harness service accounts during authentication if unknown
- Initial harness API: THIS WILL BE CHANGED IN THE FUTURE!
- single harness subpackage (all marked with harness build flag)
- harness & standalone wire + make build commands
2022-09-30 16:22:12 -07:00

53 lines
1.3 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package authz
import (
"context"
"github.com/rs/zerolog/log"
"github.com/harness/gitness/internal/auth"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
var _ Authorizer = (*UnsafeAuthorizer)(nil)
/*
* An unsafe authorizer that gives permits any action and simply logs the permission request.
*/
type UnsafeAuthorizer struct{}
func NewUnsafeAuthorizer() *UnsafeAuthorizer {
return &UnsafeAuthorizer{}
}
func (a *UnsafeAuthorizer) Check(ctx context.Context, session *auth.Session,
scope *types.Scope, resource *types.Resource, permission enum.Permission) (bool, error) {
log.Info().Msgf(
"[Authz] %s with id '%d' requests %s for %s '%s' in scope %#v with metadata %#v\n",
session.Principal.Type,
session.Principal.ID,
permission,
resource.Type,
resource.Name,
scope,
session.Metadata,
)
return true, nil
}
func (a *UnsafeAuthorizer) CheckAll(ctx context.Context, session *auth.Session,
permissionChecks ...types.PermissionCheck) (bool, error) {
for _, p := range permissionChecks {
if _, err := a.Check(ctx, session, &p.Scope, &p.Resource, p.Permission); err != nil {
return false, err
}
}
return true, nil
}
Reference in New Issue View Git Blame Copy Permalink