This sample shows how to inject a low-level authorizer component that can control access to all API calls. It includes an implementation of the authorizer myAuthorizer
which allows all requests to the "temporal-system" namespace and denies UpdateNameSpace
calls for all other namespaces.
The sample implementation of the authorizer interface authorization.Authorizer
allows all requests to the "temporal-system" namespace and denies UpdateNamespace
calls for all other namespaces.
-
Start up the dependencies by running the
make start-dependencies
command from within the main Temporal repository as described in the contribution guide. -
Create the database schema by running
make install-schema
. -
Start Temporal by running
go run authorizer/server/main.go
. -
Use
tctl
to interact with Temporal
- Run
tctl n l
to list available namespaces. You should only see "temporal-system" initially. - Run
tctl --ns test n register
to create a namespace "test" - Run
tctl n l
to see "test" listed - Run
tctl --ns test n update
to try to update the "test" namespace. You should see aPermissionDenied
error becausemyAuthorizer
deniesUpdateNamespace
calls.