Documentation
¶
Index ¶
- Constants
- func FindRequestedIdentities(c echo.Context) []*protos.Identity
- func LogDecorator(c echo.Context) func(f string, a ...interface{}) string
- func LogRequestDecorator(req *http.Request) func(f string, a ...interface{}) string
- func Middleware(next echo.HandlerFunc) echo.HandlerFunc
- func RequestOperator(c echo.Context) (*protos.Identity, error)
- func SupervisorWildcards() []*protos.Identity
- type RequestIdentityFinder
Constants ¶
const ( // Client Certificate CN Header (for logging only) CLIENT_CERT_CN_KEY = "X-Magma-Client-Cert-Cn" // Client Certificate Serial Number Header CLIENT_CERT_SN_KEY = "X-Magma-Client-Cert-Serial" )
RequestOperator relies on x-magma-client-cert-serial HTTP request header, the header string is redefined here to avoid sharing it with magma GRPC Identity middleware & to comply with specific to Go's net/http header capitalization: https://golang.org/pkg/net/http/#Request
const ( MAGMA_ROOT_PART = obsidian.RestRoot + obsidian.UrlSep MAGMA_ROOT_PART_LEN = len(MAGMA_ROOT_PART) )
Variables ¶
This section is empty.
Functions ¶
func FindRequestedIdentities ¶
FindRequestedIdentities examines the request URL and finds Identities of all Entities, the request needs to have access to.
If FindRequestedIdentities cannot determine the entities from the request OR the URL is malformed OR request context is invalid - it will return a list of "supervisor's wildcards" - a list all known entity type wildcards which would correspond to an ACL typical for a supervisor/admin "can do all" operators
func LogDecorator ¶
LogDecorator closure, appends remote address, URI & certificate CN (if available from the passed echo.Context) to every log string
func LogRequestDecorator ¶
LogRequestDecorator closure, appends remote address, URI & certificate CN (if available from the passed http.Request) to every log string
func Middleware ¶
func Middleware(next echo.HandlerFunc) echo.HandlerFunc
func RequestOperator ¶
RequestOperator returns Identity of request's Operator (client) If either the request is missing TLS certificate headers or the certificate's SN is not found by Certifier or one of certificate & its identity checks fail - nil will be returned & the corresponding error logged
func SupervisorWildcards ¶
SupervisorWildcards returns a newly created list of "supervisor's wildcards":
a list all known entity type wildcards which would correspond to an ACL typical to a supervisor/admin "can do all" operators
Types ¶
type RequestIdentityFinder ¶
RequestIdentityFinder Identity finder type
func GetIdentityFinder ¶
func GetIdentityFinder(c echo.Context) RequestIdentityFinder
GetIdentityFinder returns an Identity finder for the request
Source Files
Directories