middleware

package
v0.0.0-...-0490640 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2019 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CertificatePasser

func CertificatePasser(_ context.Context, req *http.Request) metadata.MD

CertificatePasser takes the certificates from the requesting client and stores them in the x-client-cert header for use for cert auth.

Types

type AnnotatedAuthorizationResponse

type AnnotatedAuthorizationResponse interface {
	Err() error
}

type AuthContextReader

type AuthContextReader interface {
	AuthContextRead()
}

AuthContextReader is used to signal that a domain-services is interested in the middelware's auth context.

type AuthMiddleware

type AuthMiddleware int

AuthMiddleware is an enum of valid auth middleware values.

const (
	// Unknown is the zero value for the AuthMiddleware  enum
	Unknown AuthMiddleware = iota
	// AuthV1 is the AuthMiddleware enum value representing v1 of the middleware.
	AuthV1
	// AuthV2 is the AuthMiddleware enum value representing v2 of the middleware.
	AuthV2
)

func ToAuthMiddleware

func ToAuthMiddleware(s string) AuthMiddleware

func (AuthMiddleware) String

func (middleware AuthMiddleware) String() string

type AuthorizationInterceptor

type AuthorizationInterceptor interface {
	UnaryServerInterceptor() grpc.UnaryServerInterceptor
	StreamServerInterceptor() grpc.StreamServerInterceptor
}

AuthorizationInterceptor abstracts the common logic that can be used for both interceptor types.

func NewAuthInterceptor

NewAuthInterceptor returns an AuthInterceptor that performs authentication and authorization for incoming requests. The return function uses the incoming request metadata (from its context), and constructs an authentication request to authn-service's authentication service that uses this metadata as outgoing metadata. If the inquiry's result is an error, it is returned as-is. If it's not, this function returns only the context, and allows for further request processing.

type AuthorizationResponse

type AuthorizationResponse interface {
	GetAuthorized() bool
}

type DeploymentCertAuthOnly

type DeploymentCertAuthOnly interface {
	MustUseDeploymentCertAuth()
}

type FilterPairsResponse

type FilterPairsResponse struct {
	Pairs                  []*pairs.Pair
	MethodsInfo            map[string]pairs.Info
	MapByResourceAndAction map[pairs.Pair][]string
}

FilterPairsResponse includes the "used" half of the inputs, according to v1/v2

type FilterProjectsResponse

type FilterProjectsResponse struct {
	Projects               []string
	MethodsInfo            map[string]pairs.Info
	MapByResourceAndAction map[pairs.Pair][]string
}

type GRPCAuthorizationHandler

type GRPCAuthorizationHandler interface {
	Handle(ctx context.Context, subjects []string, projects []string, req interface{}) (context.Context, error)
}

type HTTPAuthorizationHandler

type HTTPAuthorizationHandler interface {
	IsAuthorized(ctx context.Context, subjects []string, resource, action string) (AuthorizationResponse, error)
}

type IntrospectionHandler

type IntrospectionHandler interface {
	FilterAuthorizedPairs(ctx context.Context, subjects []string, pairs []*pairs.Pair) ([]*pairs.Pair, error)
	FilterAuthorizedProjects(ctx context.Context, subjects []string, pairs []*pairs.Pair) ([]string, error)
}

type SwitchingAuthorizationHandler

type SwitchingAuthorizationHandler interface {
	GRPCAuthorizationHandler
	SwitchingFilterHandler
	IsAuthorized(ctx context.Context, subjects []string,
		resourceV1, actionV1, resourceV2, actionV2 string) (AnnotatedAuthorizationResponse, error)
}

type SwitchingFilterHandler

type SwitchingFilterHandler interface {
	FilterAuthorizedPairs(ctx context.Context, subjects []string,
		mapByResourceAndActionV1, mapByResourceAndActionV2 map[pairs.Pair][]string,
		methodsInfoV1, methodsInfoV2 map[string]pairs.Info,
	) (*FilterPairsResponse, error)
	FilterAuthorizedProjects(ctx context.Context, subjects []string,
		mapByResourceAndActionV1, mapByResourceAndActionV2 map[pairs.Pair][]string,
		methodsInfoV1, methodsInfoV2 map[string]pairs.Info,
	) (*FilterProjectsResponse, error)
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL