The highest tagged major version is v2.

envoy

package

v0.8.0-rc.1 Latest Latest Go to latest Published: Oct 28, 2022 License: AGPL-3.0 Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fluxninja/aperture

Documentation ¶

Index ¶

Variables
func AuthzRequestToFlowLabels(request *ext_authz.AttributeContext_Request) flowlabel.FlowLabels
func Register(handler *Handler, server *grpc.Server, healthsrv *health.Server)
type Handler
- func NewHandler(classifier *classification.ClassificationEngine, ...) *Handler
- func (h *Handler) Check(ctx context.Context, req *ext_authz.CheckRequest) (*ext_authz.CheckResponse, error)
type Invocations
- func OnNamedServer(serverName string) Invocations

Constants ¶

This section is empty.

Variables ¶

View Source

var Module = fx.Options(
	fx.Provide(ProvideHandler),
	fx.Invoke(Register),
)

Module provides authz handler

Authz handler is one of the APIs to classification and flowcontrol modules. Authz uses envoy's external authorization grpc API.

Note: Register function is not bundled inside this module and should be invoked explicitly.

View Source

var ProvideHandler = NewHandler

ProvideHandler provides an authz handler

See NewHandler for more docs.

Functions ¶

func AuthzRequestToFlowLabels ¶ added in v0.2.1

func AuthzRequestToFlowLabels(request *ext_authz.AttributeContext_Request) flowlabel.FlowLabels

AuthzRequestToFlowLabels converts request attributes to new FlowLabels.

func Register ¶

func Register(handler *Handler, server *grpc.Server, healthsrv *health.Server)

Register registers the handler on grpc.Server

To be used in fx.Invoke.

Types ¶

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler implements envoy.service.auth.v3.Authorization and handles Check call.

func NewHandler ¶

func NewHandler(
	classifier *classification.ClassificationEngine,
	entityCache *entitycache.EntityCache,
	fcHandler common.HandlerWithValues,
) *Handler

NewHandler creates new authorization handler for authz api

Authz will use the given classifier to inject flow labels and return them as metadata in the response to the Check calls

entityCache can be nil. In this case services will be guessed based on Host header. No-entity-cache support is mostly so that authz can be experimented with without the need for tagger to run.

func (*Handler) Check ¶

func (h *Handler) Check(ctx context.Context, req *ext_authz.CheckRequest) (*ext_authz.CheckResponse, error)

Check is the Check method of Authorization service

Check * computes flow labels and returns them via DynamicMetadata. * makes the allow/deny decision - sends flow labels to flow control's Check function.

type Invocations ¶

type Invocations struct {
	Register interface{}
}

Invocations is a set of register functions to be used in fx.Invoke.

func OnNamedServer ¶

func OnNamedServer(serverName string) Invocations

OnNamedServer returns a register function that will register authz handler on *named* grpc.Server

Usage:

fx.Invoke(authz.OnNamedServer("foo").Register)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
baggage

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL