Skip to main content
v0.0.x

Check

Using the check command, it is possible to check authz requests.

Usage:
  permguard authz check [flags]

Flags:
  -W, --current-workspace        resolve zone-id and policy-store-id from the current workspace
  -h, --help                     help for check
      --policy-store-id string   override authorization_model.policy_store.id
      --zone-id int              override authorization_model.zone_id

Global Flags:
  -o, --output string            output format (default "terminal")
      --spiffe-enabled           enable native SPIFFE mTLS via Workload API
      --spiffe-endpoint string   SPIFFE Workload API socket path (defaults to SPIFFE_ENDPOINT_SOCKET env)
      --tls-ca-file string       path to CA certificate for server verification (PEM)
      --tls-cert-file string     path to client certificate for mTLS (PEM)
      --tls-key-file string      path to client private key for mTLS (PEM)
      --tls-skip-verify          skip server certificate verification (insecure, dev only)
  -v, --verbose                  true for verbose output
  -w, --workdir string           workdir (default ".")
caution

The output from your current version of Permguard may differ from the example provided on this page.

Check an Authorization Request

The permguard authz check command allows to check an authorization request.

permguard authz check --zone-id 273165098782 /path/to/authorization_request.json

Below are other methods to pass the input:

permguard authz check --zone-id 273165098782 < /path/to/authorization_request.json
cat /path/to/authorization_request.json | permguard authz check --zone-id 273165098782

output:

Authorization check response: true

Override Authorization Model

The --zone-id and --policy-store-id flags allow to override the values defined in the authorization request file.

permguard authz check --zone-id 273165098782 --policy-store-id 04921d7814134921916972693bb3351f /path/to/authorization_request.json

Use Current Workspace

The -W / --current-workspace flag resolves zone-id and policy-store-id from the current workspace, overriding the values defined in the authorization request file.

permguard authz check -W /path/to/authorization_request.json

The explicit --zone-id and --policy-store-id flags take precedence over -W if both are provided.

permguard authz check -W --zone-id 273165098782 /path/to/authorization_request.json

The priority order is:

file → --current-workspace → --zone-id / --policy-store-id

JSON Output

  permguard authz check --zone-id 273165098782 /path/to/authorization_request.json -o json

output:

{
  "authorization_check": {
    "decision": true,
    "context": {},
    "evaluations": [
      {
        "decision": true,
        "context": {}
      }
    ]
  }
}