Documentation
¶
Index ¶
- func BuildJwtFilter(policy *authn.Policy) *http_conn.HttpFilter
- func CollectJwtSpecs(policy *authn.Policy) []*authn.Jwt
- func ConvertPolicyToJwtConfig(policy *authn.Policy) *jwtfilter.JwtAuthentication
- func JwksURIClusterName(hostname string, port *model.Port) string
- func OutputLocationForJwtIssuer(issuer string) string
- func RequireTLS(policy *authn.Policy) (bool, *authn.MutualTls)
- type Plugin
- func (*Plugin) OnInboundCluster(env model.Environment, node model.Proxy, service *model.Service, ...)
- func (*Plugin) OnInboundListener(in *plugin.CallbackListenerInputParams, ...) error
- func (*Plugin) OnInboundRoute(env model.Environment, node model.Proxy, service *model.Service, ...)
- func (*Plugin) OnOutboundCluster(env model.Environment, node model.Proxy, service *model.Service, ...)
- func (*Plugin) OnOutboundListener(in *plugin.CallbackListenerInputParams, ...) error
- func (*Plugin) OnOutboundRoute(env model.Environment, node model.Proxy, route *xdsapi.RouteConfiguration)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildJwtFilter ¶
func BuildJwtFilter(policy *authn.Policy) *http_conn.HttpFilter
BuildJwtFilter returns a Jwt filter for all Jwt specs in the policy.
func CollectJwtSpecs ¶
CollectJwtSpecs returns a list of all JWT specs (ponters) defined the policy. This provides a convenient way to iterate all Jwt specs.
func ConvertPolicyToJwtConfig ¶
func ConvertPolicyToJwtConfig(policy *authn.Policy) *jwtfilter.JwtAuthentication
ConvertPolicyToJwtConfig converts policy into Jwt filter config for envoy.
func JwksURIClusterName ¶
JwksURIClusterName returns cluster name for the jwks URI. This should be used to override the name for outbound cluster that are added for Jwks URI so that they can be referred correctly in the JWT filter config.
func OutputLocationForJwtIssuer ¶
OutputLocationForJwtIssuer returns the header location that should be used to output payload if authentication succeeds.
Types ¶
type Plugin ¶
type Plugin struct{}
Plugin implements Istio mTLS auth
func (*Plugin) OnInboundCluster ¶
func (*Plugin) OnInboundCluster(env model.Environment, node model.Proxy, service *model.Service, servicePort *model.Port, cluster *xdsapi.Cluster)
OnInboundCluster is called whenever a new cluster is added to the CDS output Not used typically
func (*Plugin) OnInboundListener ¶
func (*Plugin) OnInboundListener(in *plugin.CallbackListenerInputParams, mutable *plugin.CallbackListenerMutableObjects) error
OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path
func (*Plugin) OnInboundRoute ¶
func (*Plugin) OnInboundRoute(env model.Environment, node model.Proxy, service *model.Service, servicePort *model.Port, route *xdsapi.RouteConfiguration)
OnInboundRoute is called whenever a new set of virtual hosts are added to the inbound path. Can be used to enable route specific stuff like Lua filters or other metadata.
func (*Plugin) OnOutboundCluster ¶
func (*Plugin) OnOutboundCluster(env model.Environment, node model.Proxy, service *model.Service, servicePort *model.Port, cluster *xdsapi.Cluster)
OnOutboundCluster is called whenever a new cluster is added to the CDS output Typically used by AuthN plugin to add mTLS settings
func (*Plugin) OnOutboundListener ¶
func (*Plugin) OnOutboundListener(in *plugin.CallbackListenerInputParams, mutable *plugin.CallbackListenerMutableObjects) error
OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path
func (*Plugin) OnOutboundRoute ¶
func (*Plugin) OnOutboundRoute(env model.Environment, node model.Proxy, route *xdsapi.RouteConfiguration)
OnOutboundRoute is called whenever a new set of virtual hosts (a set of virtual hosts with routes) is added to RDS in the outbound path. Can be used to add route specific metadata or additional headers to forward
Source Files