PartialAuthorizer is a prepared authorizer with the subject, action, and resource type fields already filled in. This speeds up authorization when authorizing the same type of object numerous times. See rbac.Filter for example usage.
| 513 | // when authorizing the same type of object numerous times. |
| 514 | // See rbac.Filter for example usage. |
| 515 | type PartialAuthorizer struct { |
| 516 | // partialQueries is mainly used for unit testing to assert our rego policy |
| 517 | // can always be compressed into a set of queries. |
| 518 | partialQueries *rego.PartialQueries |
| 519 | |
| 520 | // input is used purely for debugging and logging. |
| 521 | subjectInput Subject |
| 522 | subjectAction policy.Action |
| 523 | subjectResourceType Object |
| 524 | |
| 525 | // preparedQueries are the compiled set of queries after partial evaluation. |
| 526 | // Cache these prepared queries to avoid re-compiling the queries. |
| 527 | // If alwaysTrue is true, then ignore these. |
| 528 | preparedQueries []rego.PreparedEvalQuery |
| 529 | // alwaysTrue is if the subject can always perform the action on the |
| 530 | // resource type, regardless of the unknown fields. |
| 531 | alwaysTrue bool |
| 532 | } |
| 533 | |
| 534 | var _ PreparedAuthorized = (*PartialAuthorizer)(nil) |
| 535 |
nothing calls this directly
no outgoing calls
no test coverage detected