server

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 23, 2020 License: Apache-2.0 Imports: 50 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// LegacySaaSInternalBase is the internal API used for auth and analytics
	LegacySaaSInternalBase = "https://istioservices.apigee.net/edgemicro"

	// GCPExperienceBase is the default management API URL for GCP Experience
	GCPExperienceBase = "https://apigee.googleapis.com"

	// ServiceAccount is the json file with application credentials
	ServiceAccount = "client_secret.json"

	// DefaultAnalyticsSecretPath is the default path the analytics credentials directory
	DefaultAnalyticsSecretPath = "/analytics-secret"

	ApigeeAPIScope = "https://www.googleapis.com/auth/cloud-platform" // scope Apigee API needs
)
View Source
const (
	SecretJWKSKey     = "remote-service.crt"        // hybrid treats .crt as blob
	SecretPrivateKey  = "remote-service.key"        // private key
	SecretPropsKey    = "remote-service.properties" // java properties format: %s=%s
	SecretPropsKIDKey = "kid"
)

note: hybrid forces these specific file extensions! https://docs.apigee.com/hybrid/v1.2/k8s-secrets

View Source
const (
	// PEMKeyType is the type of privateKey in the PEM file
	PEMKeyType = "RSA PRIVATE KEY"
)

Variables

This section is empty.

Functions

func AuthorizationRoundTripper

func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)

AuthorizationRoundTripper adds an authorization header to any handled request

func DecodeToMap

func DecodeToMap(s *pb.Struct) map[string]interface{}

DecodeToMap converts a pb.Struct to a map from strings to Go types. DecodeToMap panics if s is invalid.

func LoadPrivateKey added in v1.4.0

func LoadPrivateKey(privateKeyBytes []byte, rsaPrivateKeyPassword string) (*rsa.PrivateKey, error)

func NewToken

func NewToken(jwtExpiration time.Duration) (jwt.Token, error)

NewToken generates a new jwt.Token with the necessary claims

func NoAuthPUTRoundTripper added in v1.2.0

func NoAuthPUTRoundTripper() http.RoundTripper

NoAuthPUTRoundTripper enables a http client to get rid of the authorization header in any PUT request, specifically used by the GCP managed analytics client to remove the header generated by the token source, which would otherwise interfere with the PUT request to the signed URL.

func ReadProperties

func ReadProperties(reader io.Reader) (map[string]string, error)

ReadProperties reads Java-style %s=%s properties (no escaping)

func SignJWT

func SignJWT(t jwt.Token, method jwa.SignatureAlgorithm, key interface{}, kid string) ([]byte, error)

SignJWT signs an token with specified algorithm and keys

func WriteProperties

func WriteProperties(writer io.Writer, props map[string]string) error

WriteProperties writes Java-style %s=%s properties (no escaping)

Types

type AccessLogServer

type AccessLogServer struct {
	// contains filtered or unexported fields
}

AccessLogServer server

func (*AccessLogServer) Register

func (a *AccessLogServer) Register(s *grpc.Server, handler *Handler, d time.Duration)

Register registers

func (*AccessLogServer) StreamAccessLogs

StreamAccessLogs streams

type AnalyticsConfig

type AnalyticsConfig struct {
	LegacyEndpoint     bool                `yaml:"legacy_endpoint,omitempty" json:"legacy_endpoint,omitempty"`
	FileLimit          int                 `yaml:"file_limit,omitempty" json:"file_limit,omitempty"`
	SendChannelSize    int                 `yaml:"send_channel_size,omitempty" json:"send_channel_size,omitempty"`
	CollectionInterval time.Duration       `yaml:"collection_interval,omitempty" json:"collection_interval,omitempty"`
	FluentdEndpoint    string              `yaml:"fluentd_endpoint,omitempty" json:"fluentd_endpoint,omitempty"`
	TLS                TLSClientConfig     `yaml:"tls,omitempty" json:"tls,omitempty"`
	CredentialsJSON    []byte              `yaml:"-" json:"-"`
	Credentials        *google.Credentials `yaml:"-" json:"-"`
}

AnalyticsConfig is analytics-related config

type AuthConfig

type AuthConfig struct {
	APIKeyClaim         string        `yaml:"api_key_claim,omitempty" json:"api_key_claim,omitempty"`
	APIKeyCacheDuration time.Duration `yaml:"api_key_cache_duration,omitempty" json:"api_key_cache_duration,omitempty"`
	JWKSPollInterval    time.Duration `yaml:"jwks_poll_interval,omitempty" json:"jwks_poll_interval,omitempty"`
	APIKeyHeader        string        `yaml:"api_key_header,omitempty" json:"api_key_header,omitempty"`
	TargetHeader        string        `yaml:"target_header,omitempty" json:"target_header,omitempty"`
	RejectUnauthorized  bool          `yaml:"reject_unauthorized,omitempty" json:"reject_unauthorized,omitempty"`
	JWTProviderKey      string        `yaml:"jwt_provider_key,omitempty" json:"jwt_provider_key,omitempty"`
}

AuthConfig is auth-related config

type AuthManager

type AuthManager interface {
	// contains filtered or unexported methods
}

AuthManager maintains an authorization header value

func NewAuthManager

func NewAuthManager(config *Config) (AuthManager, error)

NewAuthManager creates an auth manager

type AuthorizationServer

type AuthorizationServer struct {
	// contains filtered or unexported fields
}

AuthorizationServer server

func (*AuthorizationServer) Check

Check does check

func (*AuthorizationServer) Register

func (a *AuthorizationServer) Register(s *grpc.Server, handler *Handler)

Register registers

type Config

type Config struct {
	Global    GlobalConfig    `yaml:"global,omitempty" json:"global,omitempty"`
	Tenant    TenantConfig    `yaml:"tenant,omitempty" json:"tenant,omitempty"`
	Products  ProductsConfig  `yaml:"products,omitempty" json:"products,omitempty"`
	Analytics AnalyticsConfig `yaml:"analytics,omitempty" json:"analytics,omitempty"`
	Auth      AuthConfig      `yaml:"auth,omitempty" json:"auth,omitempty"`
}

Config is all config

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns a config with defaults set

func (*Config) IsApigeeManaged

func (c *Config) IsApigeeManaged() bool

IsApigeeManaged is true for legacy SaaS

func (*Config) IsGCPManaged

func (c *Config) IsGCPManaged() bool

IsGCPManaged is true for hybrid and NG SaaS

func (*Config) IsOPDK

func (c *Config) IsOPDK() bool

IsOPDK is true for OPDK installs

func (*Config) Load

func (c *Config) Load(configFile, policySecretPath, analyticsSecretPath string, requireAnalyticsCredentials bool) error

Load config

func (*Config) Validate

func (c *Config) Validate(requireAnalyticsCredentials bool) error

Validate validates the config

type ConfigMapCRD

type ConfigMapCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Data       map[string]string `yaml:"data"`
}

ConfigMapCRD is a CRD for ConfigMap

type GlobalConfig

type GlobalConfig struct {
	APIAddress                string            `yaml:"api_address,omitempty" json:"api_address,omitempty"`
	MetricsAddress            string            `yaml:"metrics_address,omitempty" json:"metrics_address,omitempty"`
	TempDir                   string            `yaml:"temp_dir,omitempty" json:"temp_dir,omitempty"`
	KeepAliveMaxConnectionAge time.Duration     `yaml:"keep_alive_max_connection_age,omitempty" json:"keep_alive_max_connection_age,omitempty"`
	TLS                       TLSListenerConfig `yaml:"tls,omitempty" json:"tls,omitempty"`
	Namespace                 string            `yaml:"-" json:"-"`
}

GlobalConfig is global configuration for the server

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

A Handler is the main entry

func NewHandler

func NewHandler(config *Config) (*Handler, error)

NewHandler creates a handler

func (*Handler) Close added in v1.2.0

func (h *Handler) Close()

Close waits for all managers to close

func (*Handler) Environment

func (h *Handler) Environment() string

Environment is the tenant environment

func (*Handler) InternalAPI

func (h *Handler) InternalAPI() *url.URL

InternalAPI is the internal api base (legacy)

func (*Handler) Organization

func (h *Handler) Organization() string

Organization is the tenant organization

func (*Handler) RemoteServiceAPI

func (h *Handler) RemoteServiceAPI() *url.URL

RemoteServiceAPI is the remote service base

type JWTAuthManager

type JWTAuthManager struct {
	// contains filtered or unexported fields
}

JWTAuthManager creates and maintains a current JWT token

type KubeHealth added in v1.2.0

type KubeHealth struct {
	Handler *Handler
	Health  *health.Server
	// contains filtered or unexported fields
}

func NewKubeHealth added in v1.2.0

func NewKubeHealth(handler *Handler, health *health.Server) *KubeHealth

func (*KubeHealth) HandlerFunc added in v1.2.0

func (h *KubeHealth) HandlerFunc() http.HandlerFunc

KubeHealth returns http.HandlerFunc for endpoint

type Metadata

type Metadata struct {
	Name      string `yaml:"name"`
	Namespace string `yaml:"namespace"`
}

Metadata is for Kubernetes CRD generation

type ProductsConfig

type ProductsConfig struct {
	RefreshRate time.Duration `yaml:"refresh_rate,omitempty" json:"refresh_rate,omitempty"`
}

ProductsConfig is products-related config

type SecretCRD

type SecretCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Type       string            `yaml:"type,omitempty"`
	Data       map[string]string `yaml:"data"`
}

SecretCRD is a CRD for Secret

type StaticAuthManager

type StaticAuthManager struct {
	// contains filtered or unexported fields
}

StaticAuthManager just returns a static auth

type TLSClientConfig

type TLSClientConfig struct {
	CAFile                 string `yaml:"ca_file,omitempty" json:"ca_file,omitempty"`
	KeyFile                string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
	CertFile               string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
	AllowUnverifiedSSLCert bool   `yaml:"allow_unverified_ssl_cert,omitempty" json:"allow_unverified_ssl_cert,omitempty"`
}

TLSClientConfig is mtls configuration

type TLSListenerConfig

type TLSListenerConfig struct {
	KeyFile  string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
	CertFile string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
}

TLSListenerConfig is tls configuration

type TenantConfig

type TenantConfig struct {
	InternalAPI            string          `yaml:"internal_api,omitempty" json:"internal_api,omitempty"`
	RemoteServiceAPI       string          `yaml:"remote_service_api" json:"remote_service_api"`
	OrgName                string          `yaml:"org_name" json:"org_name"`
	EnvName                string          `yaml:"env_name" json:"env_name"`
	Key                    string          `yaml:"key,omitempty" json:"key,omitempty"`
	Secret                 string          `yaml:"secret,omitempty" json:"secret,omitempty"`
	ClientTimeout          time.Duration   `yaml:"client_timeout,omitempty" json:"client_timeout,omitempty"`
	AllowUnverifiedSSLCert bool            `yaml:"allow_unverified_ssl_cert,omitempty" json:"allow_unverified_ssl_cert,omitempty"`
	PrivateKey             *rsa.PrivateKey `yaml:"-" json:"-"`
	PrivateKeyID           string          `yaml:"-" json:"-"`
	JWKS                   *jwk.Set        `yaml:"-" json:"-"`
	InternalJWTDuration    time.Duration   `yaml:"-" json:"-"`
	InternalJWTRefresh     time.Duration   `yaml:"-" json:"-"`
}

TenantConfig is config relating to an Apigee tentant

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL