middleware

package

v0.0.0-...-6794c67 Latest Latest Go to latest Published: Aug 24, 2021 License: Apache-2.0 Imports: 19 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chef/automate

Documentation ¶

Index ¶

func CertificatePasser(_ context.Context, req *http.Request) metadata.MD
type AuthorizationHandler
type AuthorizationInterceptor
- func NewAuthInterceptor(authn authn.AuthenticationServiceClient, authz GRPCAuthorizationHandler) AuthorizationInterceptor
type DeploymentCertAuthOnly
type GRPCAuthorizationHandler
type HTTPAuthorizationHandler
type IntrospectionHandler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CertificatePasser ¶

func CertificatePasser(_ context.Context, req *http.Request) metadata.MD

CertificatePasser takes the certificates from the requesting client and stores them in the x-client-cert header for use for cert auth.

Types ¶

type AuthorizationHandler ¶

type AuthorizationHandler interface {
	HTTPAuthorizationHandler
	GRPCAuthorizationHandler
	IntrospectionHandler
}

type AuthorizationInterceptor ¶

type AuthorizationInterceptor interface {
	UnaryServerInterceptor() grpc.UnaryServerInterceptor
	StreamServerInterceptor() grpc.StreamServerInterceptor
}

AuthorizationInterceptor abstracts the common logic that can be used for both interceptor types.

func NewAuthInterceptor ¶

func NewAuthInterceptor(
	authn authn.AuthenticationServiceClient,
	authz GRPCAuthorizationHandler,
) AuthorizationInterceptor

NewAuthInterceptor returns an AuthInterceptor that performs authentication and authorization for incoming requests. The return function uses the incoming request metadata (from its context), and constructs an authentication request to authn-service's authentication service that uses this metadata as outgoing metadata. If the inquiry's result is an error, it is returned as-is. If it's not, this function returns only the context, and allows for further request processing.

type DeploymentCertAuthOnly ¶

type DeploymentCertAuthOnly interface {
	MustUseDeploymentCertAuth()
}

type GRPCAuthorizationHandler ¶

type GRPCAuthorizationHandler interface {
	Handle(ctx context.Context, subjects []string, projects []string, req interface{}) (context.Context, error)
}

type HTTPAuthorizationHandler ¶

type HTTPAuthorizationHandler interface {
	IsAuthorized(ctx context.Context, subjects []string, resource, action string, projects []string) (context.Context, bool, error)
}

type IntrospectionHandler ¶

type IntrospectionHandler interface {
	FilterAuthorizedPairs(ctx context.Context, subjects []string, pairs []*pairs.Pair) ([]*pairs.Pair, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authz

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL