server

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2020 License: Apache-2.0 Imports: 50 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	// LegacySaaSInternalBase is the internal API used for auth and analytics
	LegacySaaSInternalBase = "https://istioservices.apigee.net/edgemicro"

	// GCPExperienceBase is the default management API URL for GCP Experience
	GCPExperienceBase = "https://apigee.googleapis.com"

	// ServiceAccount is the json file with application credentials
	ServiceAccount = "client_secret.json"

	// DefaultAnalyticsSecretPath is the default path the analytics credentials directory
	DefaultAnalyticsSecretPath = "/analytics-secret"

	ApigeeAPIScope = "https://www.googleapis.com/auth/cloud-platform" // scope Apigee API needs
)
View Source 
const (
	SecretJWKSKey     = "remote-service.crt"        // hybrid treats .crt as blob
	SecretPrivateKey  = "remote-service.key"        // private key
	SecretPropsKey    = "remote-service.properties" // java properties format: %s=%s
	SecretPropsKIDKey = "kid"
)

note: hybrid forces these specific file extensions! https://docs.apigee.com/hybrid/v1.2/k8s-secrets

View Source 
const (
	// PEMKeyType is the type of privateKey in the PEM file
	PEMKeyType = "RSA PRIVATE KEY"
)

Variables

This section is empty.

Functions

func AuthorizationRoundTripper 

func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)

AuthorizationRoundTripper adds an authorization header to any handled request

func DecodeToMap 

func DecodeToMap(s *pb.Struct) map[string]interface{}

DecodeToMap converts a pb.Struct to a map from strings to Go types. DecodeToMap panics if s is invalid.

func LoadPrivateKey added in v1.4.0 

func LoadPrivateKey(privateKeyBytes []byte, rsaPrivateKeyPassword string) (*rsa.PrivateKey, error)

func NewToken 

func NewToken(jwtExpiration time.Duration) (jwt.Token, error)

NewToken generates a new jwt.Token with the necessary claims

func NoAuthPUTRoundTripper added in v1.2.0 

func NoAuthPUTRoundTripper() http.RoundTripper

NoAuthPUTRoundTripper enables a http client to get rid of the authorization header in any PUT request, specifically used by the GCP managed analytics client to remove the header generated by the token source, which would otherwise interfere with the PUT request to the signed URL.

func ReadProperties 

func ReadProperties(reader io.Reader) (map[string]string, error)

ReadProperties reads Java-style %s=%s properties (no escaping)

func SignJWT 

func SignJWT(t jwt.Token, method jwa.SignatureAlgorithm, key interface{}, kid string) ([]byte, error)

SignJWT signs an token with specified algorithm and keys

func WriteProperties 

func WriteProperties(writer io.Writer, props map[string]string) error

WriteProperties writes Java-style %s=%s properties (no escaping)

Types

type AccessLogServer 

type AccessLogServer struct {
	// contains filtered or unexported fields
}

AccessLogServer server

func (*AccessLogServer) Register 

func (a *AccessLogServer) Register(s *grpc.Server, handler *Handler, d time.Duration)

Register registers

func (*AccessLogServer) StreamAccessLogs 

func (a *AccessLogServer) StreamAccessLogs(srv als.AccessLogService_StreamAccessLogsServer) error

StreamAccessLogs streams

type AnalyticsConfig 

type AnalyticsConfig struct {
	LegacyEndpoint     bool                `yaml:"legacy_endpoint,omitempty" json:"legacy_endpoint,omitempty"`
	FileLimit          int                 `yaml:"file_limit,omitempty" json:"file_limit,omitempty"`
	SendChannelSize    int                 `yaml:"send_channel_size,omitempty" json:"send_channel_size,omitempty"`
	CollectionInterval time.Duration       `yaml:"collection_interval,omitempty" json:"collection_interval,omitempty"`
	FluentdEndpoint    string              `yaml:"fluentd_endpoint,omitempty" json:"fluentd_endpoint,omitempty"`
	TLS                TLSClientConfig     `yaml:"tls,omitempty" json:"tls,omitempty"`
	CredentialsJSON    []byte              `yaml:"-" json:"-"`
	Credentials        *google.Credentials `yaml:"-" json:"-"`
}

AnalyticsConfig is analytics-related config

type AuthConfig 

type AuthConfig struct {
	APIKeyClaim         string        `yaml:"api_key_claim,omitempty" json:"api_key_claim,omitempty"`
	APIKeyCacheDuration time.Duration `yaml:"api_key_cache_duration,omitempty" json:"api_key_cache_duration,omitempty"`
	JWKSPollInterval    time.Duration `yaml:"jwks_poll_interval,omitempty" json:"jwks_poll_interval,omitempty"`
	APIKeyHeader        string        `yaml:"api_key_header,omitempty" json:"api_key_header,omitempty"`
	TargetHeader        string        `yaml:"target_header,omitempty" json:"target_header,omitempty"`
	RejectUnauthorized  bool          `yaml:"reject_unauthorized,omitempty" json:"reject_unauthorized,omitempty"`
	JWTProviderKey      string        `yaml:"jwt_provider_key,omitempty" json:"jwt_provider_key,omitempty"`
}

AuthConfig is auth-related config

type AuthManager 

type AuthManager interface {
	// contains filtered or unexported methods
}

AuthManager maintains an authorization header value

func NewAuthManager 

func NewAuthManager(config *Config) (AuthManager, error)

NewAuthManager creates an auth manager

type AuthorizationServer 

type AuthorizationServer struct {
	// contains filtered or unexported fields
}

AuthorizationServer server

func (*AuthorizationServer) Check 

func (a *AuthorizationServer) Check(ctx context.Context, req *auth.CheckRequest) (*auth.CheckResponse, error)

Check does check

func (*AuthorizationServer) Register 

func (a *AuthorizationServer) Register(s *grpc.Server, handler *Handler)

Register registers

type Config 

type Config struct {
	Global    GlobalConfig    `yaml:"global,omitempty" json:"global,omitempty"`
	Tenant    TenantConfig    `yaml:"tenant,omitempty" json:"tenant,omitempty"`
	Products  ProductsConfig  `yaml:"products,omitempty" json:"products,omitempty"`
	Analytics AnalyticsConfig `yaml:"analytics,omitempty" json:"analytics,omitempty"`
	Auth      AuthConfig      `yaml:"auth,omitempty" json:"auth,omitempty"`
}

Config is all config

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns a config with defaults set

func (*Config) IsApigeeManaged 

func (c *Config) IsApigeeManaged() bool

IsApigeeManaged is true for legacy SaaS

func (*Config) IsGCPManaged 

func (c *Config) IsGCPManaged() bool

IsGCPManaged is true for hybrid and NG SaaS

func (*Config) IsOPDK 

func (c *Config) IsOPDK() bool

IsOPDK is true for OPDK installs

func (*Config) Load 

func (c *Config) Load(configFile, policySecretPath, analyticsSecretPath string, requireAnalyticsCredentials bool) error

Load config

func (*Config) Validate 

func (c *Config) Validate(requireAnalyticsCredentials bool) error

Validate validates the config

type ConfigMapCRD 

type ConfigMapCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Data       map[string]string `yaml:"data"`
}

ConfigMapCRD is a CRD for ConfigMap

type GlobalConfig 

type GlobalConfig struct {
	APIAddress                string            `yaml:"api_address,omitempty" json:"api_address,omitempty"`
	MetricsAddress            string            `yaml:"metrics_address,omitempty" json:"metrics_address,omitempty"`
	TempDir                   string            `yaml:"temp_dir,omitempty" json:"temp_dir,omitempty"`
	KeepAliveMaxConnectionAge time.Duration     `yaml:"keep_alive_max_connection_age,omitempty" json:"keep_alive_max_connection_age,omitempty"`
	TLS                       TLSListenerConfig `yaml:"tls,omitempty" json:"tls,omitempty"`
	Namespace                 string            `yaml:"-" json:"-"`
}

GlobalConfig is global configuration for the server

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

A Handler is the main entry

func NewHandler 

func NewHandler(config *Config) (*Handler, error)

NewHandler creates a handler

func (*Handler) Close added in v1.2.0 

func (h *Handler) Close()

Close waits for all managers to close

func (*Handler) Environment 

func (h *Handler) Environment() string

Environment is the tenant environment

func (*Handler) InternalAPI 

func (h *Handler) InternalAPI() *url.URL

InternalAPI is the internal api base (legacy)

func (*Handler) Organization 

func (h *Handler) Organization() string

Organization is the tenant organization

func (*Handler) RemoteServiceAPI 

func (h *Handler) RemoteServiceAPI() *url.URL

RemoteServiceAPI is the remote service base

type JWTAuthManager 

type JWTAuthManager struct {
	// contains filtered or unexported fields
}

JWTAuthManager creates and maintains a current JWT token

type KubeHealth added in v1.2.0 

type KubeHealth struct {
	Handler *Handler
	Health  *health.Server
	// contains filtered or unexported fields
}

func NewKubeHealth added in v1.2.0 

func NewKubeHealth(handler *Handler, health *health.Server) *KubeHealth

func (*KubeHealth) HandlerFunc added in v1.2.0 

func (h *KubeHealth) HandlerFunc() http.HandlerFunc

KubeHealth returns http.HandlerFunc for endpoint

type Metadata 

type Metadata struct {
	Name      string `yaml:"name"`
	Namespace string `yaml:"namespace"`
}

Metadata is for Kubernetes CRD generation

type ProductsConfig 

type ProductsConfig struct {
	RefreshRate time.Duration `yaml:"refresh_rate,omitempty" json:"refresh_rate,omitempty"`
}

ProductsConfig is products-related config

type SecretCRD 

type SecretCRD struct {
	APIVersion string            `yaml:"apiVersion"`
	Kind       string            `yaml:"kind"`
	Metadata   Metadata          `yaml:"metadata"`
	Type       string            `yaml:"type,omitempty"`
	Data       map[string]string `yaml:"data"`
}

SecretCRD is a CRD for Secret

type StaticAuthManager 

type StaticAuthManager struct {
	// contains filtered or unexported fields
}

StaticAuthManager just returns a static auth

type TLSClientConfig 

type TLSClientConfig struct {
	CAFile                 string `yaml:"ca_file,omitempty" json:"ca_file,omitempty"`
	KeyFile                string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
	CertFile               string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
	AllowUnverifiedSSLCert bool   `yaml:"allow_unverified_ssl_cert,omitempty" json:"allow_unverified_ssl_cert,omitempty"`
}

TLSClientConfig is mtls configuration

type TLSListenerConfig 

type TLSListenerConfig struct {
	KeyFile  string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
	CertFile string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
}

TLSListenerConfig is tls configuration

type TenantConfig 

type TenantConfig struct {
	InternalAPI            string          `yaml:"internal_api,omitempty" json:"internal_api,omitempty"`
	RemoteServiceAPI       string          `yaml:"remote_service_api" json:"remote_service_api"`
	OrgName                string          `yaml:"org_name" json:"org_name"`
	EnvName                string          `yaml:"env_name" json:"env_name"`
	Key                    string          `yaml:"key,omitempty" json:"key,omitempty"`
	Secret                 string          `yaml:"secret,omitempty" json:"secret,omitempty"`
	ClientTimeout          time.Duration   `yaml:"client_timeout,omitempty" json:"client_timeout,omitempty"`
	AllowUnverifiedSSLCert bool            `yaml:"allow_unverified_ssl_cert,omitempty" json:"allow_unverified_ssl_cert,omitempty"`
	PrivateKey             *rsa.PrivateKey `yaml:"-" json:"-"`
	PrivateKeyID           string          `yaml:"-" json:"-"`
	JWKS                   *jwk.Set        `yaml:"-" json:"-"`
	InternalJWTDuration    time.Duration   `yaml:"-" json:"-"`
	InternalJWTRefresh     time.Duration   `yaml:"-" json:"-"`
}

TenantConfig is config relating to an Apigee tentant

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.