README
¶
Radix Oauth Guard
The Guard is a HTTP Server that responds to requests on http://localhost:8000/auth and authenticates the header Authorization: Bearer JWT against the configured ISSUER, AUDIENCE and authorizes the request agains a comma separated list of subjects.
How to use
This application is designed to use with Forward Auth, specifically for ingress-nginx, enable with this annotation:
metadata:
annotations:
nginx.ingress.kubernetes.io/auth-url: "http://oauth-guard.monitor.svc.cluster.local:8000/auth"
Configuration
ISSUER- Required. A issuer to verify JWT against. Must support the${ISSUER}.well-known/openid-configurationendpoint.AUDIENCE- Required. The configured Audience in the token.SUBJECTS- Required. Comma seperated list of subjects that are authorized.LOG_LEVEL- Defaults to info.LOG_PRETTY- Defaults to json. Output is ANSI colored text instead of json.
Developing
You need Go installed. Linting is done by golangci-lint
Dependencies - go modules
Go modules are used for dependency management. See link for information how to add, upgrade and remove dependencies. E.g. To update radix-operator dependency:
- list versions:
go list -m -versions github.com/coreos/go-oidc/v3 - update:
go get github.com/coreos/go-oidc/v3@v3.10.0
Running locally
The following env vars are needed. Useful default values in brackets.
LOG_PRETTY=True ISSUER=https://issuer-url/ AUDIENCE=some-audience SUBJECTS=default,kubernetes,somename go run .
Validate code
- run
make lint
Update version
We follow the semantic version as recommended by go.
-
tagin git repository (inmainbranch):Run following command to set
tag(with corresponding version)git tag v1.0.0 git push origin v1.0.0
Deployment
TODO
Pull request checking
Radix API makes use of GitHub Actions for build checking in every pull request to the main branch. Refer to the configuration file of the workflow for more details.
Contributing
Read our contributing guidelines
Documentation
¶
There is no documentation for this package.
Source Files