authn

package

v0.0.0-...-519b562 Latest Latest Go to latest Published: Jun 5, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jamazruan/mesh

Documentation ¶

Index ¶

Constants
func BuildAuthNFilter(policy *authn.Policy, proxyType model.NodeType, ...) *http_conn.HttpFilter
func BuildJwtFilter(policy *authn.Policy, isXDSMarshalingToAnyEnabled bool) *http_conn.HttpFilter
func CollectJwtSpecs(policy *authn.Policy) []*authn.Jwt
func ConvertPolicyToAuthNFilterConfig(policy *authn.Policy, proxyType model.NodeType) *authn_filter.FilterConfig
func ConvertPolicyToJwtConfig(policy *authn.Policy) *jwtfilter.JwtAuthentication
func GetMutualTLS(policy *authn.Policy) *authn.MutualTls
func NewPlugin() plugin.Plugin
func OutputLocationForJwtIssuer(issuer string) string
type Plugin

Constants ¶

View Source

const (
	// JwtFilterName is the name for the Jwt filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/http_filter_factory.cc#L50
	JwtFilterName = "jwt-auth"

	// AuthnFilterName is the name for the Istio AuthN filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/authn/http_filter_factory.cc#L30
	AuthnFilterName = "istio_authn"

	// EnvoyTLSInspectorFilterName is the name for Envoy TLS sniffing listener filter.
	EnvoyTLSInspectorFilterName = "envoy.listener.tls_inspector"
	// EnvoyRawBufferMatch is the transport protocol name when tls multiplexed is used.
	EnvoyRawBufferMatch = "raw_buffer"
	// EnvoyTLSMatch is the transport protocol name when tls multiplexed is used.
	EnvoyTLSMatch = "tls"
)

Variables ¶

This section is empty.

Functions ¶

func BuildAuthNFilter ¶

func BuildAuthNFilter(policy *authn.Policy, proxyType model.NodeType, isXDSMarshalingToAnyEnabled bool) *http_conn.HttpFilter

BuildAuthNFilter returns authn filter for the given policy. If policy is nil, returns nil.

func BuildJwtFilter ¶

func BuildJwtFilter(policy *authn.Policy, isXDSMarshalingToAnyEnabled bool) *http_conn.HttpFilter

BuildJwtFilter returns a Jwt filter for all Jwt specs in the policy.

func CollectJwtSpecs ¶

func CollectJwtSpecs(policy *authn.Policy) []*authn.Jwt

CollectJwtSpecs returns a list of all JWT specs (pointers) defined the policy. This provides a convenient way to iterate all Jwt specs.

func ConvertPolicyToAuthNFilterConfig ¶

func ConvertPolicyToAuthNFilterConfig(policy *authn.Policy, proxyType model.NodeType) *authn_filter.FilterConfig

ConvertPolicyToAuthNFilterConfig returns an authn filter config corresponding for the input policy.

func ConvertPolicyToJwtConfig ¶

func ConvertPolicyToJwtConfig(policy *authn.Policy) *jwtfilter.JwtAuthentication

ConvertPolicyToJwtConfig converts policy into Jwt filter config for envoy.

func GetMutualTLS ¶

func GetMutualTLS(policy *authn.Policy) *authn.MutualTls

GetMutualTLS returns pointer to mTLS params if the policy use mTLS for (peer) authentication. (note that mTLS params can still be nil). Otherwise, return (false, nil). Callers should ensure the proxy is of sidecar type.

func NewPlugin ¶

func NewPlugin() plugin.Plugin

NewPlugin returns an instance of the authn plugin

func OutputLocationForJwtIssuer ¶

func OutputLocationForJwtIssuer(issuer string) string

OutputLocationForJwtIssuer returns the header location that should be used to output payload if authentication succeeds.

Types ¶

type Plugin ¶

type Plugin struct{}

Plugin implements Istio mTLS auth

func (Plugin) OnInboundCluster ¶

func (Plugin) OnInboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnInboundCluster implements the Plugin interface method.

func (Plugin) OnInboundFilterChains ¶

func (Plugin) OnInboundFilterChains(in *plugin.InputParams) []plugin.FilterChain

OnInboundFilterChains setups filter chains based on the authentication policy.

func (Plugin) OnInboundListener ¶

func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path

func (Plugin) OnInboundRouteConfiguration ¶

func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnInboundRouteConfiguration implements the Plugin interface method.

func (Plugin) OnOutboundCluster ¶

func (Plugin) OnOutboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnOutboundCluster implements the Plugin interface method.

func (Plugin) OnOutboundListener ¶

func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path

func (Plugin) OnOutboundRouteConfiguration ¶

func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnOutboundRouteConfiguration implements the Plugin interface method.

Source Files ¶

View all Source files

authentication.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL