Documentation ¶
Index ¶
- Constants
- func IsOperationAllowedByAccessControlPolicy(spiffeID *SpiffeID, srcAppID string, inputOperation string, ...) (bool, string)
- type AccessControlList
- type AccessControlListOperationAction
- type AccessControlListPolicySpec
- type AccessControlSpec
- type AppOperation
- type AppPolicySpec
- type ApplicationConfig
- type Configuration
- type ConfigurationSpec
- type HandlerSpec
- type MTLSSpec
- type MetricSpec
- type PipelineSpec
- type SecretsScope
- type SecretsSpec
- type SelectorField
- type SelectorSpec
- type SpiffeID
- type TracingSpec
- type ZipkinSpec
Constants ¶
const ( AllowAccess = "allow" DenyAccess = "deny" DefaultTrustDomain = "public" DefaultNamespace = "default" ActionPolicyApp = "app" ActionPolicyGlobal = "global" SpiffeIDPrefix = "spiffe://" HTTPProtocol = "http" GRPCProtocol = "grpc" )
Variables ¶
This section is empty.
Functions ¶
func IsOperationAllowedByAccessControlPolicy ¶
func IsOperationAllowedByAccessControlPolicy(spiffeID *SpiffeID, srcAppID string, inputOperation string, httpVerb common.HTTPExtension_Verb, appProtocol string, accessControlList *AccessControlList) (bool, string)
IsOperationAllowedByAccessControlPolicy determines if access control policies allow the operation on the target app
Types ¶
type AccessControlList ¶
type AccessControlList struct { DefaultAction string TrustDomain string PolicySpec map[string]AccessControlListPolicySpec }
AccessControlList is an in-memory access control list config for fast lookup
func ParseAccessControlSpec ¶
func ParseAccessControlSpec(accessControlSpec AccessControlSpec, protocol string) (*AccessControlList, error)
ParseAccessControlSpec creates an in-memory copy of the Access Control Spec for fast lookup
type AccessControlListOperationAction ¶
type AccessControlListOperationAction struct { VerbAction map[string]string OperationPostFix string OperationAction string }
AccessControlListOperationAction is an in-memory access control list config per operation for fast lookup
type AccessControlListPolicySpec ¶
type AccessControlListPolicySpec struct { AppName string DefaultAction string TrustDomain string Namespace string AppOperationActions map[string]AccessControlListOperationAction }
AccessControlListPolicySpec is an in-memory access control list config per app for fast lookup
type AccessControlSpec ¶
type AccessControlSpec struct { DefaultAction string `json:"defaultAction" yaml:"defaultAction"` TrustDomain string `json:"trustDomain" yaml:"trustDomain"` AppPolicies []AppPolicySpec `json:"policies" yaml:"policies"` }
AccessControlSpec is the spec object in ConfigurationSpec
type AppOperation ¶
type AppOperation struct { Operation string `json:"name" yaml:"name"` HTTPVerb []string `json:"httpVerb" yaml:"httpVerb"` Action string `json:"action" yaml:"action"` }
AppOperation defines the data structure for each app operation
type AppPolicySpec ¶
type AppPolicySpec struct { AppName string `json:"appId" yaml:"appId"` DefaultAction string `json:"defaultAction" yaml:"defaultAction"` TrustDomain string `json:"trustDomain" yaml:"trustDomain"` Namespace string `json:"namespace" yaml:"namespace"` AppOperationActions []AppOperation `json:"operations" yaml:"operations"` }
AppPolicySpec defines the policy data structure for each app
type ApplicationConfig ¶
type ApplicationConfig struct { Entities []string `json:"entities"` // Duration. example: "1h" ActorIdleTimeout string `json:"actorIdleTimeout"` // Duration. example: "30s" ActorScanInterval string `json:"actorScanInterval"` // Duration. example: "30s" DrainOngoingCallTimeout string `json:"drainOngoingCallTimeout"` DrainRebalancedActors bool `json:"drainRebalancedActors"` }
ApplicationConfig is an optional config supplied by user code.
type Configuration ¶
type Configuration struct { metav1.TypeMeta `json:",inline" yaml:",inline"` // See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` // See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status Spec ConfigurationSpec `json:"spec" yaml:"spec"` }
Configuration is an internal (and duplicate) representation of Dapr's Configuration CRD.
func LoadDefaultConfiguration ¶
func LoadDefaultConfiguration() *Configuration
LoadDefaultConfiguration returns the default config
func LoadKubernetesConfiguration ¶
func LoadKubernetesConfiguration(config, namespace string, operatorClient operatorv1pb.OperatorClient) (*Configuration, error)
LoadKubernetesConfiguration gets configuration from the Kubernetes operator with a given name
func LoadStandaloneConfiguration ¶
func LoadStandaloneConfiguration(config string) (*Configuration, string, error)
LoadStandaloneConfiguration gets the path to a config file and loads it into a configuration
type ConfigurationSpec ¶
type ConfigurationSpec struct { HTTPPipelineSpec PipelineSpec `json:"httpPipeline,omitempty" yaml:"httpPipeline,omitempty"` TracingSpec TracingSpec `json:"tracing,omitempty" yaml:"tracing,omitempty"` MTLSSpec MTLSSpec `json:"mtls,omitempty"` MetricSpec MetricSpec `json:"metric,omitempty" yaml:"metric,omitempty"` Secrets SecretsSpec `json:"secrets,omitempty" yaml:"secrets,omitempty"` AccessControlSpec AccessControlSpec `json:"accessControl,omitempty" yaml:"accessControl,omitempty"` }
type HandlerSpec ¶
type HandlerSpec struct { Name string `json:"name" yaml:"name"` Type string `json:"type" yaml:"type"` Version string `json:"version" yaml:"version"` SelectorSpec SelectorSpec `json:"selector,omitempty" yaml:"selector,omitempty"` }
type MetricSpec ¶
type MetricSpec struct {
Enabled bool `json:"enabled" yaml:"enabled"`
}
MetricSpec configuration for metrics
type PipelineSpec ¶
type PipelineSpec struct {
Handlers []HandlerSpec `json:"handlers" yaml:"handlers"`
}
type SecretsScope ¶
type SecretsScope struct { DefaultAccess string `json:"defaultAccess,omitempty" yaml:"defaultAccess,omitempty"` StoreName string `json:"storeName" yaml:"storeName"` AllowedSecrets []string `json:"allowedSecrets,omitempty" yaml:"allowedSecrets,omitempty"` DeniedSecrets []string `json:"deniedSecrets,omitempty" yaml:"deniedSecrets,omitempty"` }
SecretsScope defines the scope for secrets
func (SecretsScope) IsSecretAllowed ¶
func (c SecretsScope) IsSecretAllowed(key string) bool
Check if the secret is allowed to be accessed.
type SecretsSpec ¶
type SecretsSpec struct {
Scopes []SecretsScope `json:"scopes"`
}
type SelectorField ¶
type SelectorSpec ¶
type SelectorSpec struct {
Fields []SelectorField `json:"fields" yaml:"fields"`
}
type TracingSpec ¶
type TracingSpec struct { SamplingRate string `json:"samplingRate" yaml:"samplingRate"` Stdout bool `json:"stdout" yaml:"stdout"` Zipkin ZipkinSpec `json:"zipkin" yaml:"zipkin"` }
type ZipkinSpec ¶
type ZipkinSpec struct {
EndpointAddress string `json:"endpointAddress" yaml:"endpointAddress"`
}
ZipkinSpec defines Zipkin trace configurations