envoy

Documentation

Index

• func AuthzRequestToFlowLabels(request *authv3.AttributeContext_Request) flowlabel.FlowLabels
• func Module() fx.Option
• func Register(in RegisterIn)
• type Handler
  • func NewHandler(classifier *classification.ClassificationEngine, ...) *Handler
  • func (h *Handler) Check(ctx context.Context, req *authv3.CheckRequest) (*authv3.CheckResponse, error)
• type RegisterIn

Functions

func AuthzRequestToFlowLabels

func AuthzRequestToFlowLabels(request *authv3.AttributeContext_Request) flowlabel.FlowLabels

AuthzRequestToFlowLabels converts request attributes to new FlowLabels.

func Module

func Module() fx.Option

Module provides authz handler

Authz handler is one of the APIs to classification and flowcontrol modules. Authz uses envoy's external authorization gRPC API.

func Register

func Register(in RegisterIn)

Register registers the handler on grpc.Server

To be used in fx.Invoke.

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler implements envoy.service.auth.v3.Authorization and handles Check call.

func NewHandler

func NewHandler(
	classifier *classification.ClassificationEngine,
	serviceGetter servicegetter.ServiceGetter,
	fcHandler check.HandlerWithValues,
) *Handler

NewHandler creates new authorization handler for authz api

Authz will use the given classifier to inject flow labels and return them as metadata in the response to the Check calls.

func (*Handler) Check

func (h *Handler) Check(ctx context.Context, req *authv3.CheckRequest) (*authv3.CheckResponse, error)

Check is the Check method of Authorization service

Check * computes flow labels and returns them via DynamicMetadata. * makes the allow/deny decision - sends flow labels to flow control's Check function.

type RegisterIn

type RegisterIn struct {
	fx.In
	Server       *grpc.Server `name:"default"`
	Handler      *Handler
	HealthServer *health.Server
}

RegisterIn bundles and annotates parameters.