auth

package

v0.20.0 Latest Latest Go to latest Published: Nov 21, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kuadrant/authorino

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthConfigCleaner
type AuthConfigEvaluator
type AuthCredential
- func NewAuthCredential(selector string, location string) *AuthCredential
type AuthCredentials
type AuthPipeline
type AuthResult
- func (result *AuthResult) Success() bool
type ConditionalEvaluator
type IdentityConfigEvaluator
type K8sSecretBasedIdentityConfigEvaluator
type NamedEvaluator
type Prioritizable
type ResponseConfigEvaluator
type TypedEvaluator
type WristbandIssuer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthConfigCleaner ¶

type AuthConfigCleaner interface {
	// Clean is used to give the different auth configs chance to clean up anything internal to that config
	Clean(context.Context) error
}

type AuthConfigEvaluator ¶

type AuthConfigEvaluator interface {
	Call(AuthPipeline, context.Context) (interface{}, error)
}

AuthConfigEvaluator interface represents the configuration pieces of Identity, Metadata and Authorization

type AuthCredential ¶

type AuthCredential struct {
	KeySelector string `yaml:"keySelector"`
	In          string `yaml:"in"`
}

AuthCredential struct implements the AuthCredentials interface

func NewAuthCredential ¶

func NewAuthCredential(selector string, location string) *AuthCredential

NewAuthCredential creates a new instance of AuthCredential

func (*AuthCredential) BuildRequestWithCredentials ¶

func (c *AuthCredential) BuildRequestWithCredentials(ctx context.Context, endpoint string, method string, credentialValue string, body io.Reader) (*http.Request, error)

func (*AuthCredential) GetCredentialsFromReq ¶

func (c *AuthCredential) GetCredentialsFromReq(httpReq *envoy_auth.AttributeContext_HttpRequest) (string, error)

GetCredentialsFromReq will retrieve the secrets from a given location

func (*AuthCredential) GetCredentialsIn ¶

func (c *AuthCredential) GetCredentialsIn() string

func (*AuthCredential) GetCredentialsKeySelector ¶

func (c *AuthCredential) GetCredentialsKeySelector() string

type AuthCredentials ¶

type AuthCredentials interface {
	GetCredentialsFromReq(*envoy_auth.AttributeContext_HttpRequest) (string, error)
	GetCredentialsKeySelector() string
	GetCredentialsIn() string
	BuildRequestWithCredentials(ctx context.Context, endpoint string, method string, credentialValue string, body io.Reader) (*http.Request, error)
}

AuthCredentials interface represents the methods needed to fetch credentials from input

type AuthPipeline ¶

type AuthPipeline interface {
	Evaluate() AuthResult
	GetRequest() *envoy_auth.CheckRequest
	GetHttp() *envoy_auth.AttributeContext_HttpRequest
	GetAPI() interface{}
	GetResolvedIdentity() (interface{}, interface{})
	GetAuthorizationJSON() string
}

type AuthResult ¶

type AuthResult struct {
	// Code is gRPC response code to the auth check
	Code rpc.Code `json:"code,omitempty"`
	// Status is HTTP status code to override the default mapping between gRPC response codes and HTTP status messages
	// for auth
	Status envoy_type.StatusCode `json:"status,omitempty"`
	// Message is X-Ext-Auth-Reason message returned in an injected HTTP response header, to explain the reason of the
	// auth check result
	Message string `json:"message,omitempty"`
	// Headers are other HTTP headers to inject in the response
	Headers []map[string]string `json:"headers,omitempty"`
	// Metadata are Envoy dynamic metadata content
	Metadata map[string]interface{} `json:"metadata,omitempty"`
	// Body in the response of the request
	// auth check result
	Body string `json:"body,omitempty"`
}

AuthResult holds the result data for building the response to an auth check

func (*AuthResult) Success ¶

func (result *AuthResult) Success() bool

Success tells whether the auth check result was successful and therefore access can be granted to the requested resource or it has failed (deny access)

type ConditionalEvaluator ¶

type ConditionalEvaluator interface {
	GetConditions() jsonexp.Expression
}

type IdentityConfigEvaluator ¶

type IdentityConfigEvaluator interface {
	GetAuthCredentials() AuthCredentials
	GetOIDC() interface{}
	ResolveExtendedProperties(AuthPipeline) (interface{}, error)
}

type K8sSecretBasedIdentityConfigEvaluator ¶ added in v0.9.0

type K8sSecretBasedIdentityConfigEvaluator interface {
	GetK8sSecretLabelSelectors() labels.Selector
	AddK8sSecretBasedIdentity(context.Context, v1.Secret)
	RevokeK8sSecretBasedIdentity(context.Context, types.NamespacedName)
}

type NamedEvaluator ¶

type NamedEvaluator interface {
	GetName() string
}

type Prioritizable ¶

type Prioritizable interface {
	GetPriority() int
}

type ResponseConfigEvaluator ¶

type ResponseConfigEvaluator interface {
	NamedEvaluator
	GetWristbandIssuer() WristbandIssuer
}

type TypedEvaluator ¶

type TypedEvaluator interface {
	GetType() string
}

type WristbandIssuer ¶

type WristbandIssuer interface {
	AuthConfigEvaluator
	GetIssuer() string
	OpenIDConfig() (string, error)
	JWKS() (string, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mock_auth is a generated GoMock package.	Package mock_auth is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL