evaluators

package
v0.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 21, 2024 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	HTTP_HEADER_WRAPPER            = "httpHeader"
	ENVOY_DYNAMIC_METADATA_WRAPPER = "envoyDynamicMetadata"

	DEFAULT_WRAPPER = HTTP_HEADER_WRAPPER
)

Variables

View Source 
var EvaluatorCacheSize int // in megabytes

Functions

func NewDenyAllAuthorization added in v0.10.0 

func NewDenyAllAuthorization(ctx context.Context, name, policyName string) auth.AuthConfigEvaluator

func WrapResponses 

func WrapResponses(responses map[*ResponseConfig]interface{}) (responseHeaders map[string]string, responseMetadata map[string]interface{})

Types

type AuthConfig 

type AuthConfig struct {
	Labels     map[string]string
	Conditions jsonexp.Expression `yaml:"conditions"`

	IdentityConfigs      []auth.AuthConfigEvaluator `yaml:"identity,omitempty"`
	MetadataConfigs      []auth.AuthConfigEvaluator `yaml:"metadata,omitempty"`
	AuthorizationConfigs []auth.AuthConfigEvaluator `yaml:"authorization,omitempty"`
	ResponseConfigs      []auth.AuthConfigEvaluator `yaml:"response,omitempty"`
	CallbackConfigs      []auth.AuthConfigEvaluator `yaml:"callbacks,omitempty"`

	DenyWith
}

AuthConfig holds the static configuration to be evaluated in the auth pipeline

func (*AuthConfig) Clean 

func (config *AuthConfig) Clean(ctx context.Context) error

func (*AuthConfig) GetChallengeHeaders 

func (config *AuthConfig) GetChallengeHeaders() []map[string]string

type AuthorizationConfig 

type AuthorizationConfig struct {
	Name       string             `yaml:"name"`
	Priority   int                `yaml:"priority"`
	Conditions jsonexp.Expression `yaml:"conditions"`
	Metrics    bool               `yaml:"metrics"`
	Cache      EvaluatorCache

	OPA             *authorization.OPA                 `yaml:"opa,omitempty"`
	JSON            *authorization.JSONPatternMatching `yaml:"json,omitempty"`
	KubernetesAuthz *authorization.KubernetesAuthz     `yaml:"kubernetes,omitempty"`
	Authzed         *authorization.Authzed             `yaml:"authzed,omitempty"`
}

func (*AuthorizationConfig) Call 

func (config *AuthorizationConfig) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error)

func (*AuthorizationConfig) Clean 

func (config *AuthorizationConfig) Clean(ctx context.Context) error

func (*AuthorizationConfig) GetAuthConfigEvaluator 

func (config *AuthorizationConfig) GetAuthConfigEvaluator() auth.AuthConfigEvaluator

func (*AuthorizationConfig) GetConditions 

func (config *AuthorizationConfig) GetConditions() jsonexp.Expression

func (*AuthorizationConfig) GetName 

func (config *AuthorizationConfig) GetName() string

func (*AuthorizationConfig) GetPriority 

func (config *AuthorizationConfig) GetPriority() int

func (*AuthorizationConfig) GetType 

func (config *AuthorizationConfig) GetType() string

func (*AuthorizationConfig) MetricsEnabled 

func (config *AuthorizationConfig) MetricsEnabled() bool

type CallbackConfig added in v0.12.0 

type CallbackConfig struct {
	Name       string             `yaml:"name"`
	Priority   int                `yaml:"priority"`
	Conditions jsonexp.Expression `yaml:"conditions"`
	Metrics    bool               `yaml:"metrics"`

	HTTP *metadata.GenericHttp `yaml:"http,omitempty"`
}

func NewCallbackConfig added in v0.12.0 

func NewCallbackConfig(name string, priority int, conditions jsonexp.Expression, metricsEnabled bool) *CallbackConfig

func (*CallbackConfig) Call added in v0.12.0 

func (config *CallbackConfig) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error)

func (*CallbackConfig) GetAuthConfigEvaluator added in v0.12.0 

func (config *CallbackConfig) GetAuthConfigEvaluator() auth.AuthConfigEvaluator

func (*CallbackConfig) GetConditions added in v0.12.0 

func (config *CallbackConfig) GetConditions() jsonexp.Expression

func (*CallbackConfig) GetName added in v0.12.0 

func (config *CallbackConfig) GetName() string

func (*CallbackConfig) GetPriority added in v0.12.0 

func (config *CallbackConfig) GetPriority() int

func (*CallbackConfig) GetType added in v0.12.0 

func (config *CallbackConfig) GetType() string

func (*CallbackConfig) MetricsEnabled added in v0.12.0 

func (config *CallbackConfig) MetricsEnabled() bool

type DenyWith 

type DenyWith struct {
	Unauthenticated *DenyWithValues
	Unauthorized    *DenyWithValues
}

type DenyWithValues 

type DenyWithValues struct {
	Code    int32
	Message expressions.Value
	Headers []json.JSONProperty
	Body    expressions.Value
}

type EvaluatorCache 

type EvaluatorCache interface {
	Get(key interface{}) (interface{}, error)
	Set(key, value interface{}) error
	ResolveKeyFor(authJSON string) (interface{}, error)
	Shutdown() error
}

func NewEvaluatorCache 

func NewEvaluatorCache(keyTemplate expressions.Value, ttl int) EvaluatorCache

type IdentityConfig 

type IdentityConfig struct {
	Name       string             `yaml:"name"`
	Priority   int                `yaml:"priority"`
	Conditions jsonexp.Expression `yaml:"conditions"`
	Metrics    bool               `yaml:"metrics"`
	Cache      EvaluatorCache

	OAuth2         *identity.OAuth2         `yaml:"oauth2,omitempty"`
	OIDC           *identity.OIDC           `yaml:"oidc,omitempty"`
	MTLS           *identity.MTLS           `yaml:"mtls,omitempty"`
	HMAC           *identity.HMAC           `yaml:"hmac,omitempty"`
	APIKey         *identity.APIKey         `yaml:"apiKey,omitempty"`
	KubernetesAuth *identity.KubernetesAuth `yaml:"kubernetes,omitempty"`
	Plain          *identity.Plain          `yaml:"plain,omitempty"`
	Noop           *identity.Noop           `yaml:"noop,omitempty"`

	ExtendedProperties []IdentityExtension `yaml:"extendedProperties"`
}

func (*IdentityConfig) AddK8sSecretBasedIdentity added in v0.9.0 

func (config *IdentityConfig) AddK8sSecretBasedIdentity(ctx context.Context, new v1.Secret)

func (*IdentityConfig) Call 

func (config *IdentityConfig) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error)

func (*IdentityConfig) Clean 

func (config *IdentityConfig) Clean(ctx context.Context) error

func (*IdentityConfig) GetAuthConfigEvaluator 

func (config *IdentityConfig) GetAuthConfigEvaluator() auth.AuthConfigEvaluator

func (*IdentityConfig) GetAuthCredentials 

func (config *IdentityConfig) GetAuthCredentials() auth.AuthCredentials

func (*IdentityConfig) GetConditions 

func (config *IdentityConfig) GetConditions() jsonexp.Expression

func (*IdentityConfig) GetK8sSecretLabelSelectors added in v0.9.0 

func (config *IdentityConfig) GetK8sSecretLabelSelectors() labels.Selector

func (*IdentityConfig) GetName 

func (config *IdentityConfig) GetName() string

func (*IdentityConfig) GetOIDC 

func (config *IdentityConfig) GetOIDC() interface{}

func (*IdentityConfig) GetPriority 

func (config *IdentityConfig) GetPriority() int

func (*IdentityConfig) GetType 

func (config *IdentityConfig) GetType() string

func (*IdentityConfig) MetricsEnabled 

func (config *IdentityConfig) MetricsEnabled() bool

func (*IdentityConfig) ResolveExtendedProperties 

func (config *IdentityConfig) ResolveExtendedProperties(pipeline auth.AuthPipeline) (interface{}, error)

func (*IdentityConfig) RevokeK8sSecretBasedIdentity added in v0.9.0 

func (config *IdentityConfig) RevokeK8sSecretBasedIdentity(ctx context.Context, deleted types.NamespacedName)

type IdentityExtension added in v0.14.0 

type IdentityExtension struct {
	json.JSONProperty
	Overwrite bool
}

func NewIdentityExtension added in v0.14.0 

func NewIdentityExtension(name string, value expressions.Value, overwrite bool) IdentityExtension

func (*IdentityExtension) ResolveFor added in v0.14.0 

func (i *IdentityExtension) ResolveFor(identityObject map[string]any, authJSON string) (interface{}, error)

type MetadataConfig 

type MetadataConfig struct {
	Name       string             `yaml:"name"`
	Priority   int                `yaml:"priority"`
	Conditions jsonexp.Expression `yaml:"conditions"`
	Metrics    bool               `yaml:"metrics"`
	Cache      EvaluatorCache

	UserInfo    *metadata.UserInfo    `yaml:"userinfo,omitempty"`
	UMA         *metadata.UMA         `yaml:"uma,omitempty"`
	GenericHTTP *metadata.GenericHttp `yaml:"http,omitempty"`
}

func (*MetadataConfig) Call 

func (config *MetadataConfig) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error)

func (*MetadataConfig) Clean 

func (config *MetadataConfig) Clean(_ context.Context) error

func (*MetadataConfig) GetAuthConfigEvaluator 

func (config *MetadataConfig) GetAuthConfigEvaluator() auth.AuthConfigEvaluator

func (*MetadataConfig) GetConditions 

func (config *MetadataConfig) GetConditions() jsonexp.Expression

func (*MetadataConfig) GetName 

func (config *MetadataConfig) GetName() string

func (*MetadataConfig) GetPriority 

func (config *MetadataConfig) GetPriority() int

func (*MetadataConfig) GetType 

func (config *MetadataConfig) GetType() string

func (*MetadataConfig) MetricsEnabled 

func (config *MetadataConfig) MetricsEnabled() bool

type ResponseConfig 

type ResponseConfig struct {
	Name       string             `yaml:"name"`
	Priority   int                `yaml:"priority"`
	Conditions jsonexp.Expression `yaml:"conditions"`
	Wrapper    string             `yaml:"wrapper"`
	WrapperKey string             `yaml:"wrapperKey"`
	Metrics    bool               `yaml:"metrics"`
	Cache      EvaluatorCache

	Wristband   auth.WristbandIssuer  `yaml:"wristband,omitempty"`
	DynamicJSON *response.DynamicJSON `yaml:"json,omitempty"`
	Plain       *response.Plain       `yaml:"plain,omitempty"`
}

func NewResponseConfig 

func NewResponseConfig(name string, priority int, conditions jsonexp.Expression, wrapper string, wrapperKey string, metricsEnabled bool) *ResponseConfig

func (*ResponseConfig) Call 

func (config *ResponseConfig) Call(pipeline auth.AuthPipeline, ctx context.Context) (interface{}, error)

func (*ResponseConfig) GetAuthConfigEvaluator 

func (config *ResponseConfig) GetAuthConfigEvaluator() auth.AuthConfigEvaluator

func (*ResponseConfig) GetConditions 

func (config *ResponseConfig) GetConditions() jsonexp.Expression

func (*ResponseConfig) GetName 

func (config *ResponseConfig) GetName() string

func (*ResponseConfig) GetPriority 

func (config *ResponseConfig) GetPriority() int

func (*ResponseConfig) GetType 

func (config *ResponseConfig) GetType() string

func (*ResponseConfig) GetWristbandIssuer 

func (config *ResponseConfig) GetWristbandIssuer() auth.WristbandIssuer

func (*ResponseConfig) MetricsEnabled 

func (config *ResponseConfig) MetricsEnabled() bool

func (*ResponseConfig) WrapObjectAsHeaderValue added in v0.14.0 

func (config *ResponseConfig) WrapObjectAsHeaderValue(obj any) string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.