server

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2020 License: Apache-2.0 Imports: 48 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	SecretJKWSKey     = "remote-service.crt"        // hybrid treats .crt as blob
	SecretPrivateKey  = "remote-service.key"        // private key
	SecretPropsKey    = "remote-service.properties" // java properties format: %s=%s
	SecretPropsKIDKey = "kid"
)

note: hybrid forces these specific file extensions! https://docs.apigee.com/hybrid/v1.2/k8s-secrets

View Source 
const LegacySaaSInternalBase = "https://istioservices.apigee.net/edgemicro"

LegacySaaSInternalBase is the internal API used for auth and analytics

View Source 
const (
	// PEMKeyType is the type of privateKey in the PEM file
	PEMKeyType = "RSA PRIVATE KEY"
)

Variables

This section is empty.

Functions

func AuthorizationRoundTripper 

func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)

AuthorizationRoundTripper adds an authorization header to any handled request

func DecodeToMap 

func DecodeToMap(s *pb.Struct) map[string]interface{}

DecodeToMap converts a pb.Struct to a map from strings to Go types. DecodeToMap panics if s is invalid.

func NewToken 

func NewToken(jwtExpiration time.Duration) (jwt.Token, error)

NewToken generates a new jwt.Token with the necessary claims

func ReadProperties 

func ReadProperties(reader io.Reader) (map[string]string, error)

ReadProperties reads Java-style %s=%s properties (no escaping)

func SignJWT 

func SignJWT(t jwt.Token, method jwa.SignatureAlgorithm, key interface{}, kid string) ([]byte, error)

SignJWT signs an token with specified algorithm and keys

func WriteProperties 

func WriteProperties(writer io.Writer, props map[string]string) error

WriteProperties writes Java-style %s=%s properties (no escaping)

Types

type AccessLogServer 

type AccessLogServer struct {
	// contains filtered or unexported fields
}

AccessLogServer server

func (*AccessLogServer) Register 

func (a *AccessLogServer) Register(s *grpc.Server, handler *Handler)

Register registers

func (*AccessLogServer) StreamAccessLogs 

func (a *AccessLogServer) StreamAccessLogs(srv als.AccessLogService_StreamAccessLogsServer) error

StreamAccessLogs streams

type AnalyticsConfig 

type AnalyticsConfig struct {
	LegacyEndpoint     bool            `yaml:"legacy_endpoint,omitempty"`
	FileLimit          int             `yaml:"file_limit,omitempty"`
	SendChannelSize    int             `yaml:"send_channel_size,omitempty"`
	CollectionInterval time.Duration   `yaml:"collection_interval,omitempty"`
	FluentdEndpoint    string          `yaml:"fluentd_endpoint,omitempty"`
	TLS                TLSClientConfig `yaml:"tls,omitempty"`
}

AnalyticsConfig is analytics-related config

type AuthConfig 

type AuthConfig struct {
	APIKeyClaim         string        `yaml:"api_key_claim,omitempty"`
	APIKeyCacheDuration time.Duration `yaml:"api_key_cache_duration,omitempty"`
	JWKSPollInterval    time.Duration `yaml:"jwks_poll_interval,omitempty"`
	APIKeyHeader        string        `yaml:"api_key_header,omitempty"`
	TargetHeader        string        `yaml:"target_header,omitempty"`
	RejectUnauthorized  bool          `yaml:"reject_unauthorized,omitempty"`
	JWTProviderKey      string        `yaml:"-"`
}

AuthConfig is auth-related config

type AuthManager 

type AuthManager interface {
	// contains filtered or unexported methods
}

AuthManager maintains an authorization header value

func NewAuthManager 

func NewAuthManager(config *Config) (AuthManager, error)

NewAuthManager creates an auth manager

type AuthorizationServer 

type AuthorizationServer struct {
	// contains filtered or unexported fields
}

AuthorizationServer server

func (*AuthorizationServer) Check 

func (a *AuthorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error)

Check does check

func (*AuthorizationServer) Register 

func (a *AuthorizationServer) Register(s *grpc.Server, handler *Handler)

Register registers

type Config 

type Config struct {
	Global    GlobalConfig    `yaml:"global,omitempty"`
	Tenant    TenantConfig    `yaml:"tenant,omitempty"`
	Products  ProductsConfig  `yaml:"products,omitempty"`
	Analytics AnalyticsConfig `yaml:"analytics,omitempty"`
	Auth      AuthConfig      `yaml:"auth,omitempty"`
}

Config is all config

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns a config with defaults set

func (*Config) IsApigeeManaged 

func (c *Config) IsApigeeManaged() bool

IsApigeeManaged is true for legacy SaaS

func (*Config) IsGCPManaged 

func (c *Config) IsGCPManaged() bool

IsGCPManaged is true for hybrid and NG SaaS

func (*Config) IsOPDK 

func (c *Config) IsOPDK() bool

IsOPDK is true for OPDK installs

func (*Config) Load 

func (c *Config) Load(configFile, policySecretPath string) error

Load config

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the config

type ConfigMapCRD 

type ConfigMapCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Data       map[string]string `yaml:"data"`
}

ConfigMapCRD is a CRD for ConfigMap

type GlobalConfig 

type GlobalConfig struct {
	APIAddress                string            `yaml:"api_address,omitempty"`
	MetricsAddress            string            `yaml:"metrics_address,omitempty"`
	TempDir                   string            `yaml:"temp_dir,omitempty"`
	KeepAliveMaxConnectionAge time.Duration     `yaml:"keep_alive_max_connection_age,omitempty"`
	TLS                       TLSListenerConfig `yaml:"tls,omitempty"`
	Namespace                 string            `yaml:"-"`
}

GlobalConfig is global configuration for the server

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

A Handler is the main entry

func NewHandler 

func NewHandler(config *Config) (*Handler, error)

NewHandler creates a handler

func (*Handler) Environment 

func (h *Handler) Environment() string

Environment is the tenant environment

func (*Handler) InternalAPI 

func (h *Handler) InternalAPI() *url.URL

InternalAPI is the internal api base (legacy)

func (*Handler) Organization 

func (h *Handler) Organization() string

Organization is the tenant organization

func (*Handler) RemoteServiceAPI 

func (h *Handler) RemoteServiceAPI() *url.URL

RemoteServiceAPI is the remote service base

type JWTAuthManager 

type JWTAuthManager struct {
	// contains filtered or unexported fields
}

JWTAuthManager creates and maintains a current JWT token

type Metadata 

type Metadata struct {
	Name      string `yaml:"name"`
	Namespace string `yaml:"namespace"`
}

Metadata is for Kubernetes CRD generation

type ProductsConfig 

type ProductsConfig struct {
	RefreshRate time.Duration `yaml:"refresh_rate,omitempty"`
}

ProductsConfig is products-related config

type SecretCRD 

type SecretCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Type       string            `yaml:"type,omitempty"`
	Data       map[string]string `yaml:"data"`
}

SecretCRD is a CRD for Secret

type StaticAuthManager 

type StaticAuthManager struct {
	// contains filtered or unexported fields
}

StaticAuthManager just returns a static auth

type TLSClientConfig 

type TLSClientConfig struct {
	CAFile                 string `yaml:"ca_file,omitempty"`
	KeyFile                string `yaml:"key_file,omitempty"`
	CertFile               string `yaml:"cert_file,omitempty"`
	AllowUnverifiedSSLCert bool   `yaml:"allow_unverified_ssl_cert,omitempty"`
}

TLSClientConfig is mtls configuration

type TLSListenerConfig 

type TLSListenerConfig struct {
	KeyFile  string `yaml:"key_file,omitempty"`
	CertFile string `yaml:"cert_file,omitempty"`
}

TLSListenerConfig is tls configuration

type TenantConfig 

type TenantConfig struct {
	InternalAPI            string          `yaml:"internal_api,omitempty"`
	RemoteServiceAPI       string          `yaml:"remote_service_api"`
	OrgName                string          `yaml:"org_name"`
	EnvName                string          `yaml:"env_name"`
	Key                    string          `yaml:"key,omitempty"`
	Secret                 string          `yaml:"secret,omitempty"`
	ClientTimeout          time.Duration   `yaml:"client_timeout,omitempty"`
	AllowUnverifiedSSLCert bool            `yaml:"allow_unverified_ssl_cert,omitempty"`
	PrivateKey             *rsa.PrivateKey `yaml:"-"`
	PrivateKeyID           string          `yaml:"-"`
	JWKS                   *jwk.Set        `yaml:"-"`
	InternalJWTDuration    time.Duration   `yaml:"-"`
	InternalJWTRefresh     time.Duration   `yaml:"-"`
}

TenantConfig is config relating to an Apigee tentant

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.