config

package
v1.0.1-0...-f351835 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2021 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	AllowAccess        = "allow"
	DenyAccess         = "deny"
	DefaultTrustDomain = "public"
	DefaultNamespace   = "default"
	ActionPolicyApp    = "app"
	ActionPolicyGlobal = "global"
	SpiffeIDPrefix     = "spiffe://"
	HTTPProtocol       = "http"
	GRPCProtocol       = "grpc"
)

Variables

This section is empty.

Functions

func IsOperationAllowedByAccessControlPolicy

func IsOperationAllowedByAccessControlPolicy(spiffeID *SpiffeID, srcAppID string, inputOperation string, httpVerb common.HTTPExtension_Verb, appProtocol string, accessControlList *AccessControlList) (bool, string)

IsOperationAllowedByAccessControlPolicy determines if access control policies allow the operation on the target app

Types

type AccessControlList

type AccessControlList struct {
	DefaultAction string
	TrustDomain   string
	PolicySpec    map[string]AccessControlListPolicySpec
}

AccessControlList is an in-memory access control list config for fast lookup

func ParseAccessControlSpec

func ParseAccessControlSpec(accessControlSpec AccessControlSpec, protocol string) (*AccessControlList, error)

ParseAccessControlSpec creates an in-memory copy of the Access Control Spec for fast lookup

type AccessControlListOperationAction

type AccessControlListOperationAction struct {
	VerbAction       map[string]string
	OperationPostFix string
	OperationAction  string
}

AccessControlListOperationAction is an in-memory access control list config per operation for fast lookup

type AccessControlListPolicySpec

type AccessControlListPolicySpec struct {
	AppName             string
	DefaultAction       string
	TrustDomain         string
	Namespace           string
	AppOperationActions map[string]AccessControlListOperationAction
}

AccessControlListPolicySpec is an in-memory access control list config per app for fast lookup

type AccessControlSpec

type AccessControlSpec struct {
	DefaultAction string          `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain   string          `json:"trustDomain" yaml:"trustDomain"`
	AppPolicies   []AppPolicySpec `json:"policies" yaml:"policies"`
}

AccessControlSpec is the spec object in ConfigurationSpec

type AppOperation

type AppOperation struct {
	Operation string   `json:"name" yaml:"name"`
	HTTPVerb  []string `json:"httpVerb" yaml:"httpVerb"`
	Action    string   `json:"action" yaml:"action"`
}

AppOperation defines the data structure for each app operation

type AppPolicySpec

type AppPolicySpec struct {
	AppName             string         `json:"appId" yaml:"appId"`
	DefaultAction       string         `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain         string         `json:"trustDomain" yaml:"trustDomain"`
	Namespace           string         `json:"namespace" yaml:"namespace"`
	AppOperationActions []AppOperation `json:"operations" yaml:"operations"`
}

AppPolicySpec defines the policy data structure for each app

type ApplicationConfig

type ApplicationConfig struct {
	Entities []string `json:"entities"`
	// Duration. example: "1h"
	ActorIdleTimeout string `json:"actorIdleTimeout"`
	// Duration. example: "30s"
	ActorScanInterval string `json:"actorScanInterval"`
	// Duration. example: "30s"
	DrainOngoingCallTimeout string `json:"drainOngoingCallTimeout"`
	DrainRebalancedActors   bool   `json:"drainRebalancedActors"`
}

ApplicationConfig is an optional config supplied by user code.

type Configuration

Configuration is an internal (and duplicate) representation of Dapr's Configuration CRD.

func LoadDefaultConfiguration

func LoadDefaultConfiguration() *Configuration

LoadDefaultConfiguration returns the default config

func LoadKubernetesConfiguration

func LoadKubernetesConfiguration(config, namespace string, operatorClient operatorv1pb.OperatorClient) (*Configuration, error)

LoadKubernetesConfiguration gets configuration from the Kubernetes operator with a given name

func LoadStandaloneConfiguration

func LoadStandaloneConfiguration(config string) (*Configuration, string, error)

LoadStandaloneConfiguration gets the path to a config file and loads it into a configuration

type ConfigurationSpec

type ConfigurationSpec struct {
	HTTPPipelineSpec  PipelineSpec      `json:"httpPipeline,omitempty" yaml:"httpPipeline,omitempty"`
	TracingSpec       TracingSpec       `json:"tracing,omitempty" yaml:"tracing,omitempty"`
	MTLSSpec          MTLSSpec          `json:"mtls,omitempty"`
	MetricSpec        MetricSpec        `json:"metric,omitempty" yaml:"metric,omitempty"`
	Secrets           SecretsSpec       `json:"secrets,omitempty" yaml:"secrets,omitempty"`
	AccessControlSpec AccessControlSpec `json:"accessControl,omitempty" yaml:"accessControl,omitempty"`
}

type HandlerSpec

type HandlerSpec struct {
	Name         string       `json:"name" yaml:"name"`
	Type         string       `json:"type" yaml:"type"`
	Version      string       `json:"version" yaml:"version"`
	SelectorSpec SelectorSpec `json:"selector,omitempty" yaml:"selector,omitempty"`
}

type MTLSSpec

type MTLSSpec struct {
	Enabled          bool   `json:"enabled"`
	WorkloadCertTTL  string `json:"workloadCertTTL"`
	AllowedClockSkew string `json:"allowedClockSkew"`
}

type MetricSpec

type MetricSpec struct {
	Enabled bool `json:"enabled" yaml:"enabled"`
}

MetricSpec configuration for metrics

type PipelineSpec

type PipelineSpec struct {
	Handlers []HandlerSpec `json:"handlers" yaml:"handlers"`
}

type SecretsScope

type SecretsScope struct {
	DefaultAccess  string   `json:"defaultAccess,omitempty" yaml:"defaultAccess,omitempty"`
	StoreName      string   `json:"storeName" yaml:"storeName"`
	AllowedSecrets []string `json:"allowedSecrets,omitempty" yaml:"allowedSecrets,omitempty"`
	DeniedSecrets  []string `json:"deniedSecrets,omitempty" yaml:"deniedSecrets,omitempty"`
}

SecretsScope defines the scope for secrets

func (SecretsScope) IsSecretAllowed

func (c SecretsScope) IsSecretAllowed(key string) bool

Check if the secret is allowed to be accessed.

type SecretsSpec

type SecretsSpec struct {
	Scopes []SecretsScope `json:"scopes"`
}

type SelectorField

type SelectorField struct {
	Field string `json:"field" yaml:"field"`
	Value string `json:"value" yaml:"value"`
}

type SelectorSpec

type SelectorSpec struct {
	Fields []SelectorField `json:"fields" yaml:"fields"`
}

type SpiffeID

type SpiffeID struct {
	TrustDomain string
	Namespace   string
	AppID       string
}

SpiffeID represents the separated fields in a spiffe id

func GetAndParseSpiffeID

func GetAndParseSpiffeID(ctx context.Context) (*SpiffeID, error)

GetAndParseSpiffeID retrieves the SPIFFE Id from the cert and parses it

type TracingSpec

type TracingSpec struct {
	SamplingRate string     `json:"samplingRate" yaml:"samplingRate"`
	Stdout       bool       `json:"stdout" yaml:"stdout"`
	Zipkin       ZipkinSpec `json:"zipkin" yaml:"zipkin"`
}

type ZipkinSpec

type ZipkinSpec struct {
	EndpointAddress string `json:"endpointAddress" yaml:"endpointAddress"`
}

ZipkinSpec defines Zipkin trace configurations

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL