v0.0.0-...-7726874 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 11, 2020 License: GPL-3.0 Imports: 15 Imported by: 0




View Source
const (

	// TriremeOIDCCallbackURI is the callback URI that must be presented by
	// any OIDC provider.
	TriremeOIDCCallbackURI = "/aporeto/oidc/callback"


This section is empty.


This section is empty.


type AppAuthResponse

type AppAuthResponse struct {
	// Discovered context and service information
	PUContext *pucontext.PUContext
	ServiceID string
	External  bool

	// Network policy ID and service ID that affect the response.
	NetworkPolicyID  string
	NetworkServiceID string

	// Action of the response and DropReason if the call must be dropped.
	Action     policy.ActionType
	DropReason string

	// Resolved token
	Token string

	// HookMethod is the corresponding HTTP rule hook method
	HookMethod string

	// TLSListener indicates that the external entity is a TLS listener,
	// and we must start a TLS session. Only applies to External connections.
	TLSListener bool

AppAuthResponse is the decision of the authorization process.

type AuthError

type AuthError struct {
	// contains filtered or unexported fields

AuthError implements the error interface, but provides additional information for the types of errors discovered.

func (*AuthError) Error

func (a *AuthError) Error() string

Error implement the string interface of error.

func (*AuthError) Message

func (a *AuthError) Message() string

Message returns the message of the error.

func (*AuthError) Status

func (a *AuthError) Status() int

Status returns the status of the message.

type NetworkAuthResponse

type NetworkAuthResponse struct {

	// Discovered service context and associated information.
	PUContext *pucontext.PUContext
	ServiceID string
	Namespace string

	// Network policy ID and service that affect the call.
	NetworkPolicyID  string
	NetworkServiceID string

	// Definition of the source.
	SourceType collector.EndPointType
	SourcePUID string

	// Action associated with the response and DropReason if dropped.
	Action     policy.ActionType
	DropReason string

	// Redirect information that should be used by the responder.
	Redirect    bool
	RedirectURI string
	Cookie      *http.Cookie
	Data        string
	Header      http.Header

	// UserAttrbutes discovered from the tokens.
	UserAttributes []string

	// TLSListener determines that TLS must be re-initiated towards
	// the listener.
	TLSListener bool

NetworkAuthResponse is the decision of the authorization process.

type Processor

type Processor struct {
	// contains filtered or unexported fields

Processor is an API Authorization processor.

func New

func New(contextID string, r *serviceregistry.Registry, s secrets.Secrets) *Processor

New will create a new authorization processor.

func (*Processor) ApplicationRequest

func (p *Processor) ApplicationRequest(r *Request) (*AppAuthResponse, error)

ApplicationRequest processes an application side request and returns the token that is associated with this application, together with an error if the request must be rejected.

func (*Processor) NetworkRequest

func (p *Processor) NetworkRequest(ctx context.Context, r *Request) (*NetworkAuthResponse, error)

NetworkRequest authorizes a network request and either accepts the request or potentially issues a redirect.

type Request

type Request struct {

	// SourceAddress, only required for network authorization requests.
	SourceAddress *net.TCPAddr

	// OriginalDestination required for all requests.
	OriginalDestination *net.TCPAddr

	// HTTP header information.
	Method     string
	URL        *url.URL
	RequestURI string
	Header     http.Header
	Cookie     *http.Cookie

	// TLS information. This is optional if mutual TLS based authorization
	// must be supported.
	TLS *tls.ConnectionState

Request captures all the important items of request that are needed for processing the authorization decision.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL