Making Authorization Decisions
Get Entitlements
- Go
- Java
- Javascript
package main
import (
"context"
"log"
"github.com/opentdf/platform/protocol/go/authorization"
"github.com/opentdf/platform/sdk"
)
func main() {
platformEndpoint := "http://localhost:9002"
// Create a new client
client, err := sdk.New(
platformEndpoint,
sdk.WithClientCredentials("opentdf", "secret", nil),
)
if err != nil {
log.Fatal(err)
}
// Get Entitlements
entitlementReq := &authorization.GetEntitlementsRequest{
Entities: []*authorization.Entity{
{
Id: "entity-1",
EntityType: &authorization.Entity_ClientId{
ClientId: "opentdf",
},
},
},
}
entitlements, err := client.Authorization.GetEntitlements(context.Background(), entitlementReq)
if err != nil {
log.Fatal(err)
}
log.Printf("Entitlements: %v", entitlements.GetEntitlements())
}
package io.opentdf.platform;
import io.opentdf.platform.sdk.*;
import java.util.concurrent.ExecutionException;
import io.opentdf.platform.authorization.*;
import java.util.List;
public class GetEntitlements {
public static void main(String[] args) throws ExecutionException, InterruptedException{
String clientId = "opentdf";
String clientSecret = "secret";
String platformEndpoint = "localhost:8080";
SDKBuilder builder = new SDKBuilder();
SDK sdk = builder.platformEndpoint(platformEndpoint)
.clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true)
.build();
GetEntitlementsRequest request = GetEntitlementsRequest.newBuilder()
.addEntities(Entity.newBuilder().setId("entity-1").setClientId("opentdf"))
.build();
GetEntitlementsResponse resp = sdk.getServices().authorization().getEntitlements(request).get();
List<EntityEntitlements> entitlements = resp.getEntitlementsList();
System.out.println(entitlements.get(0).getAttributeValueFqnsList());
}
}
Get Decision
- Go
- Java
- Javascript
package main
import (
"context"
"log"
"github.com/opentdf/platform/protocol/go/authorization"
"github.com/opentdf/platform/protocol/go/policy"
"github.com/opentdf/platform/sdk"
)
func main() {
platformEndpoint := "http://localhost:9002"
// Create a new client
client, err := sdk.New(
platformEndpoint,
sdk.WithClientCredentials("opentdf", "secret", nil),
)
if err != nil {
log.Fatal(err)
}
// Get Entitlements
decision := &authorization.GetDecisionsRequest{
DecisionRequests: []*authorization.DecisionRequest{
{
Actions: []*policy.Action{
{
Value: &policy.Action_Standard{
Standard: policy.Action_STANDARD_ACTION_DECRYPT,
},
},
},
EntityChains: []*authorization.EntityChain{
{
Id: "entity-chain-1",
Entities: []*authorization.Entity{
{
Id: "entity-1",
EntityType: &authorization.Entity_ClientId{
ClientId: "opentdf",
},
},
},
},
},
ResourceAttributes: []*authorization.ResourceAttribute{
{
ResourceAttributesId: "resource-attribute-1",
AttributeValueFqns: []string{"https://opentdf.io/attr/role/value/developer"},
},
},
},
},
}
decisions, err := client.Authorization.GetDecisions(context.Background(), decision)
if err != nil {
log.Fatal(err)
}
log.Printf("Decisions: %v", decisions.GetDecisionResponses())
}
package io.opentdf.platform;
import io.opentdf.platform.sdk.*;
import java.util.concurrent.ExecutionException;
import io.opentdf.platform.authorization.*;
import io.opentdf.platform.policy.Action;
import java.util.List;
public class GetDecisions {
public static void main(String[] args) throws ExecutionException, InterruptedException{
String clientId = "opentdf";
String clientSecret = "secret";
String platformEndpoint = "localhost:8080";
SDKBuilder builder = new SDKBuilder();
SDK sdk = builder.platformEndpoint(platformEndpoint)
.clientSecret(clientId, clientSecret).useInsecurePlaintextConnection(true)
.build();
GetDecisionsRequest request = GetDecisionsRequest.newBuilder()
.addDecisionRequests(DecisionRequest.newBuilder()
.addEntityChains(EntityChain.newBuilder().setId("ec1").addEntities(Entity.newBuilder().setId("entity-1").setClientId("opentdf")))
.addActions(Action.newBuilder().setStandard(Action.StandardAction.STANDARD_ACTION_DECRYPT))
.addResourceAttributes(ResourceAttribute.newBuilder().setResourceAttributesId("resource-attribute-1")
.addAttributeValueFqns("https://mynamespace.com/attr/test/value/test1"))
).build();
GetDecisionsResponse resp = sdk.getServices().authorization().getDecisions(request).get();
List<DecisionResponse> decisions = resp.getDecisionResponsesList();
System.out.println(DecisionResponse.Decision.forNumber(decisions.get(0).getDecisionValue()));
}
}