authz

package

v1.0.11 Latest Latest Go to latest Published: Jan 29, 2022 License: Apache-2.0 Imports: 20 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/greenpau/go-authcrunch

Links

Open Source Insights

Documentation ¶

Index ¶

type Authorizer
type Gatekeeper
- func NewGatekeeper(cfg *PolicyConfig, logger *zap.Logger) (*Gatekeeper, error)
- func (g *Gatekeeper) Authenticate(w http.ResponseWriter, r *http.Request, ar *requests.AuthorizationRequest) error
- func (g *Gatekeeper) Register() error
type GatekeeperRegistry
type PolicyConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authorizer ¶

type Authorizer struct {
	Path           string `json:"path,omitempty" xml:"path,omitempty" yaml:"path,omitempty"`
	GatekeeperName string `json:"gatekeeper_name,omitempty" xml:"gatekeeper_name,omitempty" yaml:"gatekeeper_name,omitempty"`
	// contains filtered or unexported fields
}

Authorizer is an authentication endpoint.

func (*Authorizer) Authenticate ¶

func (m *Authorizer) Authenticate(w http.ResponseWriter, r *http.Request, rr *requests.AuthorizationRequest) error

Authenticate authorizes HTTP requests.

func (*Authorizer) Provision ¶

func (m *Authorizer) Provision(logger *zap.Logger) error

Provision configures the instance of Authorizer.

func (*Authorizer) Validate ¶

func (m *Authorizer) Validate() error

Validate validates the provisioning.

type Gatekeeper ¶

type Gatekeeper struct {
	// contains filtered or unexported fields
}

Gatekeeper is an auth.

func NewGatekeeper ¶

func NewGatekeeper(cfg *PolicyConfig, logger *zap.Logger) (*Gatekeeper, error)

NewGatekeeper returns an instance of Gatekeeper.

func (*Gatekeeper) Authenticate ¶

func (g *Gatekeeper) Authenticate(w http.ResponseWriter, r *http.Request, ar *requests.AuthorizationRequest) error

Authenticate authorizes HTTP requests.

func (*Gatekeeper) Register ¶

func (g *Gatekeeper) Register() error

Register registers the Gatekeeper with GatekeeperRegistry.

type GatekeeperRegistry ¶

type GatekeeperRegistry struct {
	// contains filtered or unexported fields
}

GatekeeperRegistry is a registry of authorization gateways.

func (*GatekeeperRegistry) LookupGatekeeper ¶ added in v1.0.6

func (r *GatekeeperRegistry) LookupGatekeeper(s string) (*Gatekeeper, error)

LookupGatekeeper returns Gatekeeper entry from the GatekeeperRegistry.

func (*GatekeeperRegistry) RegisterAuthorizer ¶ added in v1.0.6

func (r *GatekeeperRegistry) RegisterAuthorizer(a *Authorizer) error

RegisterAuthorizer registers Authorizer with the GatekeeperRegistry.

func (*GatekeeperRegistry) RegisterGatekeeper ¶ added in v1.0.6

func (r *GatekeeperRegistry) RegisterGatekeeper(s string, p *Gatekeeper) error

RegisterGatekeeper registers Gatekeeper with the GatekeeperRegistry.

func (*GatekeeperRegistry) UnregisterGatekeeper ¶ added in v1.0.6

func (r *GatekeeperRegistry) UnregisterGatekeeper(s string)

UnregisterGatekeeper unregisters Gatekeeper from the GatekeeperRegistry.

type PolicyConfig ¶

type PolicyConfig struct {
	Name                       string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	AuthURLPath                string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"`
	AuthRedirectDisabled       bool   `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"`
	AuthRedirectQueryDisabled  bool   `` /* 133-byte string literal not displayed */
	AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */
	// The status code for the HTTP redirect for non-authorized users.
	AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */
	// Enable the redirect with Javascript, as opposed to HTTP redirect.
	RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"`
	// The list of URI prefixes which bypass authorization.
	BypassConfigs []*bypass.Config `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"`
	// The list of mappings between header names and field names.
	HeaderInjectionConfigs []*injector.Config       `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"`
	AccessListRules        []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"`
	CryptoKeyConfigs       []*kms.CryptoKeyConfig   `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"`
	// CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.
	CryptoKeyStoreConfig   map[string]interface{}      `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"`
	IdentityProviderConfig *idp.IdentityProviderConfig `json:"identity_provider_config,omitempty" xml:"identity_provider_config,omitempty" yaml:"identity_provider_config,omitempty"`
	AllowedTokenSources    []string                    `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"`
	StripTokenEnabled      bool                        `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"`
	ForbiddenURL           string                      `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"`
	UserIdentityField      string                      `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"`
	// Validate HTTP Authorization header.
	ValidateBearerHeader bool `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"`
	// Validate HTTP method and path.
	ValidateMethodPath bool `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"`
	// Validate HTTP path derived from JWT token.
	ValidateAccessListPathClaim bool `` /* 145-byte string literal not displayed */
	// Validate source address matches between HTTP request and JWT token.
	ValidateSourceAddress bool `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"`
	// Pass claims from JWT token via HTTP X- headers.
	PassClaimsWithHeaders bool `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"`
	// contains filtered or unexported fields
}

PolicyConfig TODO

func (*PolicyConfig) AddRawCryptoConfigs ¶

func (cfg *PolicyConfig) AddRawCryptoConfigs(s string)

AddRawCryptoConfigs adds raw crypto configs.

func (*PolicyConfig) AddRawIdpConfig ¶

func (cfg *PolicyConfig) AddRawIdpConfig(s string)

AddRawIdpConfig add raw identity provider configs.

func (*PolicyConfig) Validate ¶

func (cfg *PolicyConfig) Validate() error

Validate validates PolicyConfig.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bypass
cache
handlers
injector
options
validator

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL