Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Gatekeeper ¶
type Gatekeeper struct {
// contains filtered or unexported fields
}
Gatekeeper is an auth.
func NewGatekeeper ¶
func NewGatekeeper(cfg *PolicyConfig, logger *zap.Logger) (*Gatekeeper, error)
NewGatekeeper returns an instance of Gatekeeper.
func (*Gatekeeper) AddAuthenticators ¶
func (g *Gatekeeper) AddAuthenticators(authenticators []authproxy.Authenticator) error
AddAuthenticators adds authproxy.Authenticator instances to Gatekeeper.
func (*Gatekeeper) Authenticate ¶
func (g *Gatekeeper) Authenticate(w http.ResponseWriter, r *http.Request, ar *requests.AuthorizationRequest) error
Authenticate authorizes HTTP requests.
type PolicyConfig ¶
type PolicyConfig struct { Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"` AuthURLPath string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"` AuthRedirectDisabled bool `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"` AuthRedirectQueryDisabled bool `` /* 133-byte string literal not displayed */ AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */ // The status code for the HTTP redirect for non-authorized users. AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */ // Enable the redirect with Javascript, as opposed to HTTP redirect. RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"` // The list of URI prefixes which bypass authorization. BypassConfigs []*bypass.Config `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"` // The list of mappings between header names and field names. HeaderInjectionConfigs []*injector.Config `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"` AccessListRules []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"` CryptoKeyConfigs []*kms.CryptoKeyConfig `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"` // CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime. CryptoKeyStoreConfig map[string]interface{} `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"` AuthProxyConfig *authproxy.Config `json:"auth_proxy_config,omitempty" xml:"auth_proxy_config,omitempty" yaml:"auth_proxy_config,omitempty"` AllowedTokenSources []string `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"` StripTokenEnabled bool `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"` ForbiddenURL string `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"` UserIdentityField string `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"` // Validate HTTP Authorization header. ValidateBearerHeader bool `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"` // Validate HTTP method and path. ValidateMethodPath bool `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"` // Validate HTTP path derived from JWT token. ValidateAccessListPathClaim bool `` /* 145-byte string literal not displayed */ // Validate source address matches between HTTP request and JWT token. ValidateSourceAddress bool `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"` // Pass claims from JWT token via HTTP X- headers. PassClaimsWithHeaders bool `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"` // Validate the login hint which can be passed to the auth provider LoginHintValidators []string `json:"login_hint_validators,omitempty" xml:"login_hint_validators,omitempty" yaml:"login_hint_validators,omitempty"` // Allow to append scopes that come from the query parameter 'additionalScopes' AdditionalScopes bool `json:"additional_scopes,omitempty" xml:"additional_scopes,omitempty" yaml:"additional_scopes,omitempty"` // contains filtered or unexported fields }
PolicyConfig is Gatekeeper configuration.
func (*PolicyConfig) AddRawCryptoConfigs ¶
func (cfg *PolicyConfig) AddRawCryptoConfigs(s string)
AddRawCryptoConfigs adds raw crypto configs.
func (*PolicyConfig) AddRawIdpConfig ¶
func (cfg *PolicyConfig) AddRawIdpConfig(s string)
AddRawIdpConfig add raw identity provider configs.
func (*PolicyConfig) Validate ¶
func (cfg *PolicyConfig) Validate() error
Validate validates PolicyConfig.
Click to show internal directories.
Click to hide internal directories.