This feature introduces a callback function that allows service owners to define a fallback mechanism for access control within Knox. This capability supports the integration of custom logic to evaluate access decisions.
Changes Made
Add new global accessCallback and SetAccessCallback that allows setting a callback function for fallback Access (ex. OPA)
Add authorizeRequest function to wrap around principal.CanAccess, which additionally will execute the accessCallback when false is returned from principal.CanAccess
Add a Raw() to all Principal types, which raw version (jsonable ID and Type) of all the principals.
Modify TestNewFileClient to skip test if running on Linux and have the Knox daemon running
Testing
Run all tests in the repo, including new ones implemented for SetAccessCallback and authorizeRequest
Checklist
[x] I have run the code locally and it works as expected.
[x] I have added tests that prove my fix is effective or that my feature works.
[x] I have added necessary documentation (if appropriate).
[x] I have reviewed my own code and ensured it follows the code style of this project.
Description
This feature introduces a callback function that allows service owners to define a fallback mechanism for access control within Knox. This capability supports the integration of custom logic to evaluate access decisions.
Changes Made
Testing
Run all tests in the repo, including new ones implemented for SetAccessCallback and authorizeRequest
Checklist