plugin

package
v0.0.0-...-a6a3a47 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2023 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	URL         = "url"
	AuthToken   = "auth_token"
	EnableHTTP2 = "enable_http2"

	EnvPolicyPluginURL         = "MINIO_POLICY_PLUGIN_URL"
	EnvPolicyPluginAuthToken   = "MINIO_POLICY_PLUGIN_AUTH_TOKEN"
	EnvPolicyPluginEnableHTTP2 = "MINIO_POLICY_PLUGIN_ENABLE_HTTP2"
)

Authorization Plugin config and env variables

Variables

View Source
var (
	DefaultKVS = config.KVS{
		config.KV{
			Key:   URL,
			Value: "",
		},
		config.KV{
			Key:   AuthToken,
			Value: "",
		},
		config.KV{
			Key:   EnableHTTP2,
			Value: "off",
		},
	}
)

DefaultKVS - default config for Authz plugin config

View Source
var (
	Help = config.HelpKVS{
		config.HelpKV{
			Key:         URL,
			Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"` + defaultHelpPostfix(URL),
			Type:        "url",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization header for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         EnableHTTP2,
			Description: "Enable experimental HTTP2 support to connect to plugin service" + defaultHelpPostfix(EnableHTTP2),
			Optional:    true,
			Type:        "bool",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
	}
)

Help template for Access Management Plugin policy feature.

Functions

func Enabled

func Enabled(kvs config.KVS) bool

Enabled returns if AuthZPlugin is enabled.

Types

type Args

type Args struct {
	URL         *xnet.URL             `json:"url"`
	AuthToken   string                `json:"authToken"`
	Transport   http.RoundTripper     `json:"-"`
	CloseRespFn func(r io.ReadCloser) `json:"-"`
}

Args for general purpose policy engine configuration.

func LookupConfig

func LookupConfig(s config.Config, httpSettings xhttp.ConnSettings, closeRespFn func(io.ReadCloser)) (Args, error)

LookupConfig lookup AuthZPlugin from config, override with any ENVs.

func (*Args) UnmarshalJSON

func (a *Args) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

func (*Args) Validate

func (a *Args) Validate() error

Validate - validate opa configuration params.

type AuthZPlugin

type AuthZPlugin struct {
	// contains filtered or unexported fields
}

AuthZPlugin - implements opa policy agent calls.

func New

func New(args Args) *AuthZPlugin

New - initializes Authorization Management Plugin.

func (*AuthZPlugin) IsAllowed

func (o *AuthZPlugin) IsAllowed(args iampolicy.Args) (bool, error)

IsAllowed - checks given policy args is allowed to continue the REST API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL