Documentation ¶
Index ¶
- Constants
- func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)
- func DecodeToMap(s *pb.Struct) map[string]interface{}
- func NewToken(jwtExpiration time.Duration) (jwt.Token, error)
- func ReadProperties(reader io.Reader) (map[string]string, error)
- func SignJWT(t jwt.Token, method jwa.SignatureAlgorithm, key interface{}, kid string) ([]byte, error)
- func WriteProperties(writer io.Writer, props map[string]string) error
- type AccessLogServer
- type AnalyticsConfig
- type AuthConfig
- type AuthManager
- type AuthorizationServer
- type Config
- type ConfigMapCRD
- type GlobalConfig
- type Handler
- type JWTAuthManager
- type Metadata
- type ProductsConfig
- type SecretCRD
- type StaticAuthManager
- type TLSClientConfig
- type TLSListenerConfig
- type TenantConfig
Constants ¶
const ( SecretJKWSKey = "remote-service.crt" // hybrid treats .crt as blob SecretPrivateKey = "remote-service.key" // private key SecretPropsKey = "remote-service.properties" // java properties format: %s=%s SecretPropsKIDKey = "kid" )
note: hybrid forces these specific file extensions! https://docs.apigee.com/hybrid/v1.2/k8s-secrets
const LegacySaaSInternalBase = "https://istioservices.apigee.net/edgemicro"
LegacySaaSInternalBase is the internal API used for auth and analytics
const (
// PEMKeyType is the type of privateKey in the PEM file
PEMKeyType = "RSA PRIVATE KEY"
)
Variables ¶
This section is empty.
Functions ¶
func AuthorizationRoundTripper ¶
func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)
AuthorizationRoundTripper adds an authorization header to any handled request
func DecodeToMap ¶
DecodeToMap converts a pb.Struct to a map from strings to Go types. DecodeToMap panics if s is invalid.
func ReadProperties ¶
ReadProperties reads Java-style %s=%s properties (no escaping)
Types ¶
type AccessLogServer ¶
type AccessLogServer struct {
// contains filtered or unexported fields
}
AccessLogServer server
func (*AccessLogServer) Register ¶
func (a *AccessLogServer) Register(s *grpc.Server, handler *Handler)
Register registers
func (*AccessLogServer) StreamAccessLogs ¶
func (a *AccessLogServer) StreamAccessLogs(srv als.AccessLogService_StreamAccessLogsServer) error
StreamAccessLogs streams
type AnalyticsConfig ¶
type AnalyticsConfig struct { LegacyEndpoint bool `yaml:"legacy_endpoint,omitempty"` FileLimit int `yaml:"file_limit,omitempty"` SendChannelSize int `yaml:"send_channel_size,omitempty"` CollectionInterval time.Duration `yaml:"collection_interval,omitempty"` FluentdEndpoint string `yaml:"fluentd_endpoint,omitempty"` TLS TLSClientConfig `yaml:"tls,omitempty"` }
AnalyticsConfig is analytics-related config
type AuthConfig ¶
type AuthConfig struct { APIKeyClaim string `yaml:"api_key_claim,omitempty"` APIKeyCacheDuration time.Duration `yaml:"api_key_cache_duration,omitempty"` JWKSPollInterval time.Duration `yaml:"jwks_poll_interval,omitempty"` APIKeyHeader string `yaml:"api_key_header,omitempty"` TargetHeader string `yaml:"target_header,omitempty"` JWTProviderKey string `yaml:"-"` }
AuthConfig is auth-related config
type AuthManager ¶
type AuthManager interface {
// contains filtered or unexported methods
}
AuthManager maintains an authorization header value
func NewAuthManager ¶
func NewAuthManager(config *Config) (AuthManager, error)
NewAuthManager creates an auth manager
type AuthorizationServer ¶
type AuthorizationServer struct {
// contains filtered or unexported fields
}
AuthorizationServer server
func (*AuthorizationServer) Check ¶
func (a *AuthorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error)
Check does check
type Config ¶
type Config struct { Global GlobalConfig `yaml:"global,omitempty"` Tenant TenantConfig `yaml:"tenant,omitempty"` Products ProductsConfig `yaml:"products,omitempty"` Analytics AnalyticsConfig `yaml:"analytics,omitempty"` Auth AuthConfig `yaml:"auth,omitempty"` }
Config is all config
func (*Config) IsApigeeManaged ¶
IsApigeeManaged is true for legacy SaaS
func (*Config) IsGCPManaged ¶
IsGCPManaged is true for hybrid and NG SaaS
type ConfigMapCRD ¶
type ConfigMapCRD struct { APIVersion string `yaml:"apiVersion"` Kind string `yaml:"kind"` Metadata Metadata `yaml:"metadata"` Data map[string]string `yaml:"data"` }
ConfigMapCRD is a CRD for ConfigMap
type GlobalConfig ¶
type GlobalConfig struct { APIAddress string `yaml:"api_address,omitempty"` MetricsAddress string `yaml:"metrics_address,omitempty"` TempDir string `yaml:"temp_dir,omitempty"` KeepAliveMaxConnectionAge time.Duration `yaml:"keep_alive_max_connection_age,omitempty"` TLS TLSListenerConfig `yaml:"tls,omitempty"` Namespace string `yaml:"-"` }
GlobalConfig is global configuration for the server
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
A Handler is the main entry
func (*Handler) Environment ¶
Environment is the tenant environment
func (*Handler) InternalAPI ¶
InternalAPI is the internal api base (legacy)
func (*Handler) Organization ¶
Organization is the tenant organization
func (*Handler) RemoteServiceAPI ¶
RemoteServiceAPI is the remote service base
type JWTAuthManager ¶
type JWTAuthManager struct {
// contains filtered or unexported fields
}
JWTAuthManager creates and maintains a current JWT token
type ProductsConfig ¶
ProductsConfig is products-related config
type SecretCRD ¶
type SecretCRD struct { APIVersion string `yaml:"apiVersion"` Kind string `yaml:"kind"` Metadata Metadata `yaml:"metadata"` Type string `yaml:"type,omitempty"` Data map[string]string `yaml:"data"` }
SecretCRD is a CRD for Secret
type StaticAuthManager ¶
type StaticAuthManager struct {
// contains filtered or unexported fields
}
StaticAuthManager just returns a static auth
type TLSClientConfig ¶
type TLSClientConfig struct { CAFile string `yaml:"ca_file,omitempty"` KeyFile string `yaml:"key_file,omitempty"` CertFile string `yaml:"cert_file,omitempty"` AllowUnverifiedSSLCert bool `yaml:"allow_unverified_ssl_cert,omitempty"` }
TLSClientConfig is mtls configuration
type TLSListenerConfig ¶
type TLSListenerConfig struct { KeyFile string `yaml:"key_file,omitempty"` CertFile string `yaml:"cert_file,omitempty"` }
TLSListenerConfig is tls configuration
type TenantConfig ¶
type TenantConfig struct { InternalAPI string `yaml:"internal_api,omitempty"` RemoteServiceAPI string `yaml:"remote_service_api"` OrgName string `yaml:"org_name"` EnvName string `yaml:"env_name"` Key string `yaml:"key,omitempty"` Secret string `yaml:"secret,omitempty"` ClientTimeout time.Duration `yaml:"client_timeout,omitempty"` AllowUnverifiedSSLCert bool `yaml:"allow_unverified_ssl_cert,omitempty"` PrivateKey *rsa.PrivateKey `yaml:"-"` PrivateKeyID string `yaml:"-"` JWKS *jwk.Set `yaml:"-"` InternalJWTDuration time.Duration `yaml:"-"` InternalJWTRefresh time.Duration `yaml:"-"` }
TenantConfig is config relating to an Apigee tentant