authz

package
v1.3.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authorizer

type Authorizer struct {
	Name                       string `json:"-"`
	Context                    string `json:"context,omitempty" xml:"context,omitempty" yaml:"context,omitempty"`
	PrimaryInstance            bool   `json:"primary,omitempty" xml:"primary,omitempty" yaml:"primary,omitempty"`
	AuthURLPath                string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"`
	AuthRedirectDisabled       bool   `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"`
	AuthRedirectQueryDisabled  bool   `` /* 133-byte string literal not displayed */
	AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */
	// The status code for the HTTP redirect for non-authorized users.
	AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */
	// Enable the redirect with Javascript, as opposed to HTTP redirect.
	RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"`
	// The list of URI prefixes which bypass authorization.
	BypassConfigs []*BypassConfig `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"`
	// The list of mappings between header names and field names.
	HeaderInjectionConfigs []*HeaderInjectionConfig `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"`
	AccessListRules        []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"`
	CryptoKeyConfigs       []*kms.CryptoKeyConfig   `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"`
	// CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.
	CryptoKeyStoreConfig        map[string]interface{} `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"`
	AllowedTokenSources         []string               `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"`
	StripTokenEnabled           bool                   `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"`
	ForbiddenURL                string                 `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"`
	UserIdentityField           string                 `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"`
	ValidateBearerHeader        bool                   `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"`
	ValidateMethodPath          bool                   `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"`
	ValidateAccessListPathClaim bool                   `` /* 145-byte string literal not displayed */
	ValidateSourceAddress       bool                   `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"`
	PassClaimsWithHeaders       bool                   `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"`
	// contains filtered or unexported fields
}

Authorizer authorizes access to endpoints based on the presense and content of JWT token.

func (Authorizer) Authenticate

func (m Authorizer) Authenticate(w http.ResponseWriter, r *http.Request, upstreamOptions map[string]interface{}) (map[string]interface{}, bool, error)

Authenticate authorizes access based on the presense and content of JWT token.

func (*Authorizer) Provision

func (m *Authorizer) Provision(upstreamOptions map[string]interface{}) error

Provision provisions JWT authorization provider instances.

func (*Authorizer) Validate

func (m *Authorizer) Validate() error

Validate implements caddy.Validator.

type BypassConfig added in v1.3.11

type BypassConfig struct {
	MatchType string `json:"match_type,omitempty" xml:"match_type,omitempty" yaml:"match_type,omitempty"`
	URI       string `json:"uri,omitempty" xml:"uri,omitempty" yaml:"uri,omitempty"`
	// contains filtered or unexported fields
}

BypassConfig contains the entry for the authorization bypass.

func (*BypassConfig) Validate added in v1.3.11

func (b *BypassConfig) Validate() error

Validate validates BypassConfig

type HeaderInjectionConfig added in v1.3.12

type HeaderInjectionConfig struct {
	Header string `json:"header,omitempty" xml:"header,omitempty" yaml:"header,omitempty"`
	Field  string `json:"field,omitempty" xml:"field,omitempty" yaml:"field,omitempty"`
}

HeaderInjectionConfig contains the entry for the authorization bypass.

func (*HeaderInjectionConfig) Validate added in v1.3.12

func (c *HeaderInjectionConfig) Validate() error

Validate validates HeaderInjectionConfig

type InstanceManager

type InstanceManager struct {
	Members          map[string]*Authorizer `json:"members,omitempty" xml:"members,omitempty" yaml:"members,omitempty"`
	PrimaryInstances map[string]*Authorizer `json:"primary_instances,omitempty" xml:"primary_instances,omitempty" yaml:"primary_instances,omitempty"`
	MemberCount      map[string]int         `json:"member_count,omitempty" xml:"member_count,omitempty" yaml:"member_count,omitempty"`
	// contains filtered or unexported fields
}

InstanceManager provides access to all instances of the plugin.

var AuthManager *InstanceManager

AuthManager is the global authorization provider pool. It provides access to all instances of JWT plugin.

func NewInstanceManager

func NewInstanceManager() *InstanceManager

NewInstanceManager returns a new instance of InstanceManager.

func (*InstanceManager) Register

func (mgr *InstanceManager) Register(ctx context.Context, m *Authorizer) error

Register registers authorization provider instance with the pool.

func (*InstanceManager) Validate

func (mgr *InstanceManager) Validate(ctx context.Context, m *Authorizer) error

Validate validates the provisioning of an Authorizer instance.

type InstanceStatus

type InstanceStatus int

InstanceStatus is the state of an Instance.

const (
	// Unknown is indeterminate state.
	Unknown InstanceStatus = iota
	// BootstrapPrimary is primary instance is ready for bootstrapping.
	BootstrapPrimary
	// BootstrapSecondary is non-primary instance is ready for bootstrapping.
	BootstrapSecondary
	// DelaySecondary is non-primary instance is not ready for bootstrapping.
	DelaySecondary
	// DuplicatePrimary is a dumplicate primary instance.
	DuplicatePrimary
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL