authorization

package
v0.0.0-...-730bba4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package authorization is a generated protocol buffer package.

It is generated from these files: 

mixer/template/authorization/template_instance.proto

It has these top-level messages: 

Type
SubjectType
ActionType
InstanceParam
SubjectInstanceParam
ActionInstanceParam

Index

Constants

View Source 
const TemplateName = "authorization"

Fully qualified name of the template

Variables

View Source 
var (
	ErrInvalidLengthTemplateInstance = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowTemplateInstance   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type Action 

type Action struct {

	// Namespace the target action is taking place in.
	Namespace string

	// The Service the action is being taken on.
	Service string

	// What action is being taken.
	Method string

	// HTTP REST path within the service
	Path string

	// Additional data about the action for use in policy.
	Properties map[string]interface{}
}

An action defines "how a resource is accessed".

type ActionInstanceParam 

type ActionInstanceParam struct {
	Namespace  string            `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	Service    string            `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	Method     string            `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
	Path       string            `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	Properties map[string]string `` /* 154-byte string literal not displayed */
}

func (*ActionInstanceParam) Descriptor 

func (*ActionInstanceParam) Descriptor() ([]byte, []int)

func (*ActionInstanceParam) Equal 

func (this *ActionInstanceParam) Equal(that interface{}) bool

func (*ActionInstanceParam) GetMethod 

func (m *ActionInstanceParam) GetMethod() string

func (*ActionInstanceParam) GetNamespace 

func (m *ActionInstanceParam) GetNamespace() string

func (*ActionInstanceParam) GetPath 

func (m *ActionInstanceParam) GetPath() string

func (*ActionInstanceParam) GetProperties 

func (m *ActionInstanceParam) GetProperties() map[string]string

func (*ActionInstanceParam) GetService 

func (m *ActionInstanceParam) GetService() string

func (*ActionInstanceParam) GoString 

func (this *ActionInstanceParam) GoString() string

func (*ActionInstanceParam) Marshal 

func (m *ActionInstanceParam) Marshal() (dAtA []byte, err error)

func (*ActionInstanceParam) MarshalTo 

func (m *ActionInstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*ActionInstanceParam) ProtoMessage 

func (*ActionInstanceParam) ProtoMessage()

func (*ActionInstanceParam) Reset 

func (m *ActionInstanceParam) Reset()

func (*ActionInstanceParam) Size 

func (m *ActionInstanceParam) Size() (n int)

func (*ActionInstanceParam) String 

func (this *ActionInstanceParam) String() string

func (*ActionInstanceParam) Unmarshal 

func (m *ActionInstanceParam) Unmarshal(dAtA []byte) error

type ActionType 

type ActionType struct {
	// Additional data about the action for use in policy.
	Properties map[string]istio_policy_v1beta1.ValueType `` /* 191-byte string literal not displayed */
}

An action defines "how a resource is accessed".

func (*ActionType) Descriptor 

func (*ActionType) Descriptor() ([]byte, []int)

func (*ActionType) Equal 

func (this *ActionType) Equal(that interface{}) bool

func (*ActionType) GetProperties 

func (m *ActionType) GetProperties() map[string]istio_policy_v1beta1.ValueType

func (*ActionType) GoString 

func (this *ActionType) GoString() string

func (*ActionType) Marshal 

func (m *ActionType) Marshal() (dAtA []byte, err error)

func (*ActionType) MarshalTo 

func (m *ActionType) MarshalTo(dAtA []byte) (int, error)

func (*ActionType) ProtoMessage 

func (*ActionType) ProtoMessage()

func (*ActionType) Reset 

func (m *ActionType) Reset()

func (*ActionType) Size 

func (m *ActionType) Size() (n int)

func (*ActionType) String 

func (this *ActionType) String() string

func (*ActionType) Unmarshal 

func (m *ActionType) Unmarshal(dAtA []byte) error

type Handler 

type Handler interface {
	adapter.Handler

	// HandleAuthorization is called by Mixer at request time to deliver instances to
	// to an adapter.
	HandleAuthorization(context.Context, *Instance) (adapter.CheckResult, error)
}

Handler must be implemented by adapter code if it wants to process data associated with the 'authorization' template.

Mixer uses this interface to call into the adapter at request time in order to dispatch created instances to the adapter. Adapters take the incoming instances and do what they need to achieve their primary function.

The name of each instance can be used as a key into the Type map supplied to the adapter at configuration time via the method 'SetAuthorizationTypes'. These Type associated with an instance describes the shape of the instance

type HandlerBuilder 

type HandlerBuilder interface {
	adapter.HandlerBuilder

	// SetAuthorizationTypes is invoked by Mixer to pass the template-specific Type information for instances that an adapter
	// may receive at runtime. The type information describes the shape of the instance.
	SetAuthorizationTypes(map[string]*Type)
}

HandlerBuilder must be implemented by adapters if they want to process data associated with the 'authorization' template.

Mixer uses this interface to call into the adapter at configuration time to configure it with adapter-specific configuration as well as all template-specific type information.

type Instance 

type Instance struct {
	// Name of the instance as specified in configuration.
	Name string

	// A subject contains a list of attributes that identify
	// the caller identity.
	Subject *Subject

	// An action defines "how a resource is accessed".
	Action *Action
}

Instance is constructed by Mixer for the 'authorization' template.

The `authorization` template defines parameters for performing policy enforcement within Istio. It is primarily concerned with enabling Mixer adapters to make decisions about who is allowed to do what. In this template, the "who" is defined in a Subject message. The "what" is defined in an Action message. During a Mixer Check call, these values will be populated based on configuration from request attributes and passed to individual authorization adapters to adjudicate.

Example config:

```yaml apiVersion: "config.istio.io/v1alpha2" kind: authorization metadata: 

name: authinfo
namespace: istio-system

spec: 

subject:
  user: source.user | request.auth.token[user] | ""
  groups: request.auth.token[groups]
  properties:
   iss: request.auth.token["iss"]
action:
  namespace: target.namespace | "default"
  service: target.service | ""
  path: request.path | "/"
  method: request.method | "post"
  properties:
    version: destination.labels[version] | ""
```

type InstanceParam 

type InstanceParam struct {
	Subject *SubjectInstanceParam `protobuf:"bytes,1,opt,name=subject" json:"subject,omitempty"`
	Action  *ActionInstanceParam  `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
}

func (*InstanceParam) Descriptor 

func (*InstanceParam) Descriptor() ([]byte, []int)

func (*InstanceParam) Equal 

func (this *InstanceParam) Equal(that interface{}) bool

func (*InstanceParam) GetAction 

func (m *InstanceParam) GetAction() *ActionInstanceParam

func (*InstanceParam) GetSubject 

func (m *InstanceParam) GetSubject() *SubjectInstanceParam

func (*InstanceParam) GoString 

func (this *InstanceParam) GoString() string

func (*InstanceParam) Marshal 

func (m *InstanceParam) Marshal() (dAtA []byte, err error)

func (*InstanceParam) MarshalTo 

func (m *InstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*InstanceParam) ProtoMessage 

func (*InstanceParam) ProtoMessage()

func (*InstanceParam) Reset 

func (m *InstanceParam) Reset()

func (*InstanceParam) Size 

func (m *InstanceParam) Size() (n int)

func (*InstanceParam) String 

func (this *InstanceParam) String() string

func (*InstanceParam) Unmarshal 

func (m *InstanceParam) Unmarshal(dAtA []byte) error

type Subject 

type Subject struct {

	// The user name/ID that the subject represents.
	User string

	// Groups the subject belongs to depending on the authentication mechanism,
	// "groups" are normally populated from JWT claim or client certificate.
	// The operator can define how it is populated when creating an instance of
	// the template.
	Groups string

	// Additional attributes about the subject.
	Properties map[string]interface{}
}

A subject contains a list of attributes that identify the caller identity.

type SubjectInstanceParam 

type SubjectInstanceParam struct {
	User       string            `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
	Groups     string            `protobuf:"bytes,2,opt,name=groups,proto3" json:"groups,omitempty"`
	Properties map[string]string `` /* 154-byte string literal not displayed */
}

func (*SubjectInstanceParam) Descriptor 

func (*SubjectInstanceParam) Descriptor() ([]byte, []int)

func (*SubjectInstanceParam) Equal 

func (this *SubjectInstanceParam) Equal(that interface{}) bool

func (*SubjectInstanceParam) GetGroups 

func (m *SubjectInstanceParam) GetGroups() string

func (*SubjectInstanceParam) GetProperties 

func (m *SubjectInstanceParam) GetProperties() map[string]string

func (*SubjectInstanceParam) GetUser 

func (m *SubjectInstanceParam) GetUser() string

func (*SubjectInstanceParam) GoString 

func (this *SubjectInstanceParam) GoString() string

func (*SubjectInstanceParam) Marshal 

func (m *SubjectInstanceParam) Marshal() (dAtA []byte, err error)

func (*SubjectInstanceParam) MarshalTo 

func (m *SubjectInstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*SubjectInstanceParam) ProtoMessage 

func (*SubjectInstanceParam) ProtoMessage()

func (*SubjectInstanceParam) Reset 

func (m *SubjectInstanceParam) Reset()

func (*SubjectInstanceParam) Size 

func (m *SubjectInstanceParam) Size() (n int)

func (*SubjectInstanceParam) String 

func (this *SubjectInstanceParam) String() string

func (*SubjectInstanceParam) Unmarshal 

func (m *SubjectInstanceParam) Unmarshal(dAtA []byte) error

type SubjectType 

type SubjectType struct {
	// Additional attributes about the subject.
	Properties map[string]istio_policy_v1beta1.ValueType `` /* 191-byte string literal not displayed */
}

A subject contains a list of attributes that identify the caller identity.

func (*SubjectType) Descriptor 

func (*SubjectType) Descriptor() ([]byte, []int)

func (*SubjectType) Equal 

func (this *SubjectType) Equal(that interface{}) bool

func (*SubjectType) GetProperties 

func (m *SubjectType) GetProperties() map[string]istio_policy_v1beta1.ValueType

func (*SubjectType) GoString 

func (this *SubjectType) GoString() string

func (*SubjectType) Marshal 

func (m *SubjectType) Marshal() (dAtA []byte, err error)

func (*SubjectType) MarshalTo 

func (m *SubjectType) MarshalTo(dAtA []byte) (int, error)

func (*SubjectType) ProtoMessage 

func (*SubjectType) ProtoMessage()

func (*SubjectType) Reset 

func (m *SubjectType) Reset()

func (*SubjectType) Size 

func (m *SubjectType) Size() (n int)

func (*SubjectType) String 

func (this *SubjectType) String() string

func (*SubjectType) Unmarshal 

func (m *SubjectType) Unmarshal(dAtA []byte) error

type Type 

type Type struct {
	// A subject contains a list of attributes that identify
	// the caller identity.
	Subject *SubjectType `protobuf:"bytes,1,opt,name=subject" json:"subject,omitempty"`
	// An action defines "how a resource is accessed".
	Action *ActionType `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
}

The `authorization` template defines parameters for performing policy enforcement within Istio. It is primarily concerned with enabling Mixer The `authorization` template defines parameters for performing policy enforcement within Istio. It is primarily concerned with enabling Mixer adapters to make decisions about who is allowed to do what. In this template, the "who" is defined in a Subject message. The "what" is defined in an Action message. During a Mixer Check call, these values will be populated based on configuration from request attributes and passed to individual authorization adapters to adjudicate.

Example config:

```yaml apiVersion: "config.istio.io/v1alpha2" kind: authorization metadata: 

name: authinfo
namespace: istio-system

spec: 

subject:
  user: source.user | request.auth.token[user] | ""
  groups: request.auth.token[groups]
  properties:
   iss: request.auth.token["iss"]
action:
  namespace: target.namespace | "default"
  service: target.service | ""
  path: request.path | "/"
  method: request.method | "post"
  properties:
    version: destination.labels[version] | ""
```

func (*Type) Descriptor 

func (*Type) Descriptor() ([]byte, []int)

func (*Type) Equal 

func (this *Type) Equal(that interface{}) bool

func (*Type) GetAction 

func (m *Type) GetAction() *ActionType

func (*Type) GetSubject 

func (m *Type) GetSubject() *SubjectType

func (*Type) GoString 

func (this *Type) GoString() string

func (*Type) Marshal 

func (m *Type) Marshal() (dAtA []byte, err error)

func (*Type) MarshalTo 

func (m *Type) MarshalTo(dAtA []byte) (int, error)

func (*Type) ProtoMessage 

func (*Type) ProtoMessage()

func (*Type) Reset 

func (m *Type) Reset()

func (*Type) Size 

func (m *Type) Size() (n int)

func (*Type) String 

func (this *Type) String() string

func (*Type) Unmarshal 

func (m *Type) Unmarshal(dAtA []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.