v1beta1

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the config v1beta1 API group +kubebuilder:object:generate=true +groupName=authorino.kuadrant.io

Index

Constants

View Source 
const (
	TypeUnknown                      = "UNKNOWN"
	IdentityOAuth2                   = "IDENTITY_OAUTH2"
	IdentityOidc                     = "IDENTITY_OIDC"
	IdentityApiKey                   = "IDENTITY_APIKEY"
	IdentityKubernetesAuth           = "IDENTITY_KUBERNETESAUTH"
	MetadataUma                      = "METADATA_UMA"
	MetadataGenericHTTP              = "METADATA_GENERIC_HTTP"
	MetadataUserinfo                 = "METADATA_USERINFO"
	AuthorizationOPA                 = "AUTHORIZATION_OPA"
	AuthorizationJSONPatternMatching = "AUTHORIZATION_JSON"
	AuthorizationKubernetesAuthz     = "AUTHORIZATION_KUBERNETESAUTHZ"
	ResponseWristband                = "RESPONSE_WRISTBAND"
	ResponseDynamicJSON              = "RESPONSE_DYNAMIC_JSON"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "authorino.kuadrant.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthConfig added in v0.4.0 

type AuthConfig struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthConfigSpec   `json:"spec,omitempty"`
	Status AuthConfigStatus `json:"status,omitempty"`
}

AuthConfig is the schema for Authorino's AuthConfig API +kubebuilder:object:root=true +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Ready",type=boolean,JSONPath=`.status.ready`,description="Ready?" +kubebuilder:printcolumn:name="Id sources",type=integer,JSONPath=`.status.numIdentitySources`,description="Number of trusted identity sources",priority=2 +kubebuilder:printcolumn:name="Metadata sources",type=integer,JSONPath=`.status.numMetadataSources`,description="Number of external metadata sources",priority=2 +kubebuilder:printcolumn:name="Authz policies",type=integer,JSONPath=`.status.numAuthorizationPolicies`,description="Number of authorization policies",priority=2 +kubebuilder:printcolumn:name="Response items",type=integer,JSONPath=`.status.numResponseItems`,description="Number of items added to the client response",priority=2 +kubebuilder:printcolumn:name="Wristband",type=boolean,JSONPath=`.status.festivalWristbandEnabled`,description="Whether issuing Festival Wristbands",priority=2

func (*AuthConfig) DeepCopy added in v0.4.0 

func (in *AuthConfig) DeepCopy() *AuthConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfig.

func (*AuthConfig) DeepCopyInto added in v0.4.0 

func (in *AuthConfig) DeepCopyInto(out *AuthConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfig) DeepCopyObject added in v0.4.0 

func (in *AuthConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthConfigList added in v0.4.0 

type AuthConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthConfig `json:"items"`
}

AuthConfigList contains a list of AuthConfig

func (*AuthConfigList) DeepCopy added in v0.4.0 

func (in *AuthConfigList) DeepCopy() *AuthConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigList.

func (*AuthConfigList) DeepCopyInto added in v0.4.0 

func (in *AuthConfigList) DeepCopyInto(out *AuthConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthConfigList) DeepCopyObject added in v0.4.0 

func (in *AuthConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthConfigSpec added in v0.4.0 

type AuthConfigSpec struct {

	// The list of public host names of the services protected by this authentication/authorization scheme.
	// Authorino uses the requested host to lookup for the corresponding authentication/authorization configs to enforce.
	Hosts []string `json:"hosts"`

	// List of identity sources/authentication modes.
	// At least one config of this list MUST evaluate to a valid identity for a request to be successful in the identity verification phase.
	Identity []*Identity `json:"identity,omitempty"`

	// List of metadata source configs.
	// Authorino fetches JSON content from sources on this list on every request.
	Metadata []*Metadata `json:"metadata,omitempty"`

	// Authorization is the list of authorization policies.
	// All policies in this list MUST evaluate to "true" for a request be successful in the authorization phase.
	Authorization []*Authorization `json:"authorization,omitempty"`

	// List of response configs.
	// Authorino gathers data from the auth pipeline to build custom responses for the client.
	Response []*Response `json:"response,omitempty"`

	// Custom denial response codes, statuses and headers to override default 40x's.
	DenyWith *DenyWith `json:"denyWith,omitempty"`
}

Specifies the desired state of the AuthConfig resource, i.e. the authencation/authorization scheme to be applied to protect the matching service hosts.

func (*AuthConfigSpec) DeepCopy added in v0.4.0 

func (in *AuthConfigSpec) DeepCopy() *AuthConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigSpec.

func (*AuthConfigSpec) DeepCopyInto added in v0.4.0 

func (in *AuthConfigSpec) DeepCopyInto(out *AuthConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthConfigStatus added in v0.4.0 

type AuthConfigStatus struct {
	Ready                    bool  `json:"ready"`
	NumIdentitySources       int64 `json:"numIdentitySources"`
	NumMetadataSources       int64 `json:"numMetadataSources"`
	NumAuthorizationPolicies int64 `json:"numAuthorizationPolicies"`
	NumResponseItems         int64 `json:"numResponseItems"`
	FestivalWristbandEnabled bool  `json:"festivalWristbandEnabled"`
}

AuthConfigStatus defines the observed state of AuthConfig

func (*AuthConfigStatus) DeepCopy added in v0.4.0 

func (in *AuthConfigStatus) DeepCopy() *AuthConfigStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthConfigStatus.

func (*AuthConfigStatus) DeepCopyInto added in v0.4.0 

func (in *AuthConfigStatus) DeepCopyInto(out *AuthConfigStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization 

type Authorization struct {
	// Name of the authorization policy.
	// It can be used to refer to the resolved authorization object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	OPA             *Authorization_OPA                 `json:"opa,omitempty"`
	JSON            *Authorization_JSONPatternMatching `json:"json,omitempty"`
	KubernetesAuthz *Authorization_KubernetesAuthz     `json:"kubernetes,omitempty"`
}

Authorization policy to be enforced. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "opa", "json" or "kubernetes".

func (*Authorization) DeepCopy 

func (in *Authorization) DeepCopy() *Authorization

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization.

func (*Authorization) DeepCopyInto 

func (in *Authorization) DeepCopyInto(out *Authorization)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Authorization) GetType 

func (a *Authorization) GetType() string

type Authorization_JSONPatternMatching 

type Authorization_JSONPatternMatching struct {
	// Conditions that must match for Authorino to enforce this policy; otherwise, the policy will be skipped.
	Conditions []Authorization_JSONPatternMatching_Rule `json:"conditions,omitempty"`

	// The rules that must all evaluate to "true" for the request to be authorized.
	Rules []Authorization_JSONPatternMatching_Rule `json:"rules,omitempty"`
}

JSON pattern matching authorization policy.

func (*Authorization_JSONPatternMatching) DeepCopy 

func (in *Authorization_JSONPatternMatching) DeepCopy() *Authorization_JSONPatternMatching

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_JSONPatternMatching.

func (*Authorization_JSONPatternMatching) DeepCopyInto 

func (in *Authorization_JSONPatternMatching) DeepCopyInto(out *Authorization_JSONPatternMatching)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_JSONPatternMatching_Rule 

type Authorization_JSONPatternMatching_Rule struct {
	// Any pattern supported by https://pkg.go.dev/github.com/tidwall/gjson.
	// The value is used to fetch content from the input authorization JSON built by Authorino along the identity and metadata phases.
	Selector string `json:"selector"`
	// The binary operator to be applied to the content fetched from the authorization JSON, for comparison with "value".
	// Possible values are: "eq" (equal to), "neq" (not equal to), "incl" (includes; for arrays), "excl" (excludes; for arrays), "matches" (regex)
	Operator JSONPatternMatching_Rule_Operator `json:"operator"`
	// The value of reference for the comparison with the content fetched from the authorization policy.
	// If used with the "matches" operator, the value must compile to a valid Golang regex.
	Value string `json:"value"`
}

func (*Authorization_JSONPatternMatching_Rule) DeepCopy 

func (in *Authorization_JSONPatternMatching_Rule) DeepCopy() *Authorization_JSONPatternMatching_Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_JSONPatternMatching_Rule.

func (*Authorization_JSONPatternMatching_Rule) DeepCopyInto 

func (in *Authorization_JSONPatternMatching_Rule) DeepCopyInto(out *Authorization_JSONPatternMatching_Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_KubernetesAuthz added in v0.5.0 

type Authorization_KubernetesAuthz struct {
	// Conditions that must match for Authorino to enforce this policy; otherwise, the policy will be skipped.
	Conditions []Authorization_JSONPatternMatching_Rule `json:"conditions,omitempty"`

	// User to test for.
	// If without "Groups", then is it interpreted as "What if User were not a member of any groups"
	User Authorization_KubernetesAuthz_Attribute `json:"user"`

	// Groups to test for.
	Groups []string `json:"groups,omitempty"`

	// Use ResourceAttributes for checking permissions on Kubernetes resources
	// If omitted, it performs a non-resource `SubjectAccessReview`, with verb and path inferred from the request.
	ResourceAttributes *Authorization_KubernetesAuthz_ResourceAttributes `json:"resourceAttributes,omitempty"`
}

Kubernetes authorization policy based on `SubjectAccessReview` Path and Verb are inferred from the request.

func (*Authorization_KubernetesAuthz) DeepCopy added in v0.5.0 

func (in *Authorization_KubernetesAuthz) DeepCopy() *Authorization_KubernetesAuthz

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_KubernetesAuthz.

func (*Authorization_KubernetesAuthz) DeepCopyInto added in v0.5.0 

func (in *Authorization_KubernetesAuthz) DeepCopyInto(out *Authorization_KubernetesAuthz)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_KubernetesAuthz_Attribute added in v0.5.0 

type Authorization_KubernetesAuthz_Attribute struct {
	Value     string            `json:"value,omitempty"`
	ValueFrom ValueFromAuthJSON `json:"valueFrom,omitempty"`
}

func (*Authorization_KubernetesAuthz_Attribute) DeepCopy added in v0.5.0 

func (in *Authorization_KubernetesAuthz_Attribute) DeepCopy() *Authorization_KubernetesAuthz_Attribute

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_KubernetesAuthz_Attribute.

func (*Authorization_KubernetesAuthz_Attribute) DeepCopyInto added in v0.5.0 

func (in *Authorization_KubernetesAuthz_Attribute) DeepCopyInto(out *Authorization_KubernetesAuthz_Attribute)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_KubernetesAuthz_ResourceAttributes added in v0.5.0 

type Authorization_KubernetesAuthz_ResourceAttributes struct {
	Namespace   Authorization_KubernetesAuthz_Attribute `json:"namespace,omitempty"`
	Group       Authorization_KubernetesAuthz_Attribute `json:"group,omitempty"`
	Resource    Authorization_KubernetesAuthz_Attribute `json:"resource,omitempty"`
	Name        Authorization_KubernetesAuthz_Attribute `json:"name,omitempty"`
	SubResource Authorization_KubernetesAuthz_Attribute `json:"subresource,omitempty"`
	Verb        Authorization_KubernetesAuthz_Attribute `json:"verb,omitempty"`
}

func (*Authorization_KubernetesAuthz_ResourceAttributes) DeepCopy added in v0.5.0 

func (in *Authorization_KubernetesAuthz_ResourceAttributes) DeepCopy() *Authorization_KubernetesAuthz_ResourceAttributes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_KubernetesAuthz_ResourceAttributes.

func (*Authorization_KubernetesAuthz_ResourceAttributes) DeepCopyInto added in v0.5.0 

func (in *Authorization_KubernetesAuthz_ResourceAttributes) DeepCopyInto(out *Authorization_KubernetesAuthz_ResourceAttributes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Authorization_OPA 

type Authorization_OPA struct {
	// Authorization policy as a Rego language document.
	// The Rego document must include the "allow" condition, set by Authorino to "false" by default (i.e. requests are unauthorized unless changed).
	// The Rego document must NOT include the "package" declaration in line 1.
	InlineRego string `json:"inlineRego,omitempty"`

	// External registry of OPA policies.
	ExternalRegistry ExternalRegistry `json:"externalRegistry,omitempty"`
}

Open Policy Agent (OPA) authorization policy.

func (*Authorization_OPA) DeepCopy 

func (in *Authorization_OPA) DeepCopy() *Authorization_OPA

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authorization_OPA.

func (*Authorization_OPA) DeepCopyInto 

func (in *Authorization_OPA) DeepCopyInto(out *Authorization_OPA)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Credentials 

type Credentials struct {
	// The location in the request where client credentials shall be passed on requests authenticating with this identity source/authentication mode.
	// +kubebuilder:default:=authorization_header
	In Credentials_In `json:"in,omitempty"`
	// Used in conjunction with the `in` parameter.
	// When used with `authorization_header`, the value is the prefix of the client credentials string, separated by a white-space, in the HTTP Authorization header (e.g. "Bearer", "Basic").
	// When used with `custom_header`, `query` or `cookie`, the value is the name of the HTTP header, query string parameter or cookie key, respectively.
	KeySelector string `json:"keySelector"`
}

func (*Credentials) DeepCopy 

func (in *Credentials) DeepCopy() *Credentials

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Credentials.

func (*Credentials) DeepCopyInto 

func (in *Credentials) DeepCopyInto(out *Credentials)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Credentials_In 

type Credentials_In string

+kubebuilder:validation:Enum:=authorization_header;custom_header;query;cookie

type DenyWith added in v0.5.0 

type DenyWith struct {
	// Denial status customization when the request is unauthenticated.
	Unauthenticated *DenyWithSpec `json:"unauthenticated,omitempty"`

	// Denial status customization when the request is unauthorized.
	Unauthorized *DenyWithSpec `json:"unauthorized,omitempty"`
}

func (*DenyWith) DeepCopy added in v0.5.0 

func (in *DenyWith) DeepCopy() *DenyWith

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DenyWith.

func (*DenyWith) DeepCopyInto added in v0.5.0 

func (in *DenyWith) DeepCopyInto(out *DenyWith)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DenyWithSpec added in v0.5.0 

type DenyWithSpec struct {
	// HTTP status code to override the default denial status code.
	Code DenyWith_Code `json:"code,omitempty"`

	// HTTP message to override the default denial message.
	Message string `json:"message,omitempty"`

	// HTTP response headers to override the default denial headers.
	Headers []JsonProperty `json:"headers,omitempty"`
}

func (*DenyWithSpec) DeepCopy added in v0.5.0 

func (in *DenyWithSpec) DeepCopy() *DenyWithSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DenyWithSpec.

func (*DenyWithSpec) DeepCopyInto added in v0.5.0 

func (in *DenyWithSpec) DeepCopyInto(out *DenyWithSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DenyWith_Code added in v0.5.0 

type DenyWith_Code int64

+kubebuilder:validation:Minimum:=300 +kubebuilder:validation:Maximum:=599

type ExternalRegistry added in v0.5.0 

type ExternalRegistry struct {
	// Endpoint of the HTTP external registry.
	// The endpoint must respond with either plain/text or application/json content-type.
	// In the latter case, the JSON returned in the body must include a path `result.raw`, where the raw Rego policy will be extracted from. This complies with the specification of the OPA REST API (https://www.openpolicyagent.org/docs/latest/rest-api/#get-a-policy).
	Endpoint string `json:"endpoint,omitempty"`

	// Reference to a Secret key whose value will be passed by Authorino in the request.
	// The HTTP service can use the shared secret to authenticate the origin of the request.
	SharedSecret *SecretKeyReference `json:"sharedSecretRef,omitempty"`

	// Defines where client credentials will be passed in the request to the service.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value.
	Credentials Credentials `json:"credentials,omitempty"`
}

ExternalRegistry specifies external source of data (i.e. OPA policy registry)

func (*ExternalRegistry) DeepCopy added in v0.5.0 

func (in *ExternalRegistry) DeepCopy() *ExternalRegistry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRegistry.

func (*ExternalRegistry) DeepCopyInto added in v0.5.0 

func (in *ExternalRegistry) DeepCopyInto(out *ExternalRegistry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GenericHTTP_Method added in v0.2.0 

type GenericHTTP_Method string

+kubebuilder:validation:Enum:=GET;POST

type Identity 

type Identity struct {
	// The name of this identity source/authentication mode.
	// It usually identifies a source of identities or group of users/clients of the protected service.
	// It can be used to refer to the resolved identity object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// Defines where client credentials are required to be passed in the request for this identity source/authentication mode.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the credentials value (token, API key, etc).
	Credentials Credentials `json:"credentials,omitempty"`

	// Extends the resolved identity object with additional custom properties before appending to the authorization JSON.
	// It requires the resolved identity object to always be of the JSON type 'object'. Other JSON types (array, string, etc) will break.
	ExtendedProperties []JsonProperty `json:"extendedProperties,omitempty"`

	OAuth2         *Identity_OAuth2Config   `json:"oauth2,omitempty"`
	Oidc           *Identity_OidcConfig     `json:"oidc,omitempty"`
	APIKey         *Identity_APIKey         `json:"apiKey,omitempty"`
	KubernetesAuth *Identity_KubernetesAuth `json:"kubernetes,omitempty"`
}

The identity source/authentication mode config. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "oicd", "apiKey" or "kubernetes".

func (*Identity) DeepCopy 

func (in *Identity) DeepCopy() *Identity

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity.

func (*Identity) DeepCopyInto 

func (in *Identity) DeepCopyInto(out *Identity)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Identity) GetType 

func (i *Identity) GetType() string

type Identity_APIKey 

type Identity_APIKey struct {
	// The map of label selectors used by Authorino to match secrets from the cluster storing valid credentials to authenticate to this service
	LabelSelectors map[string]string `json:"labelSelectors"`
}

func (*Identity_APIKey) DeepCopy 

func (in *Identity_APIKey) DeepCopy() *Identity_APIKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_APIKey.

func (*Identity_APIKey) DeepCopyInto 

func (in *Identity_APIKey) DeepCopyInto(out *Identity_APIKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_KubernetesAuth 

type Identity_KubernetesAuth struct {
	// The list of audiences (scopes) that must be claimed in a Kubernetes authentication token supplied in the request, and reviewed by Authorino.
	// If omitted, Authorino will review tokens expecting the host name of the requested protected service amongst the audiences.
	Audiences []string `json:"audiences,omitempty"`
}

func (*Identity_KubernetesAuth) DeepCopy 

func (in *Identity_KubernetesAuth) DeepCopy() *Identity_KubernetesAuth

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_KubernetesAuth.

func (*Identity_KubernetesAuth) DeepCopyInto 

func (in *Identity_KubernetesAuth) DeepCopyInto(out *Identity_KubernetesAuth)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_OAuth2Config 

type Identity_OAuth2Config struct {
	// The full URL of the token introspection endpoint.
	TokenIntrospectionUrl string `json:"tokenIntrospectionUrl"`
	// The token type hint for the token introspection.
	// If omitted, it defaults to "access_token".
	TokenTypeHint string `json:"tokenTypeHint,omitempty"`

	// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the OAuth2 server.
	Credentials *v1.LocalObjectReference `json:"credentialsRef"`
}

func (*Identity_OAuth2Config) DeepCopy 

func (in *Identity_OAuth2Config) DeepCopy() *Identity_OAuth2Config

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_OAuth2Config.

func (*Identity_OAuth2Config) DeepCopyInto 

func (in *Identity_OAuth2Config) DeepCopyInto(out *Identity_OAuth2Config)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Identity_OidcConfig 

type Identity_OidcConfig struct {
	// Endpoint of the OIDC issuer.
	// Authorino will append to this value the well-known path to the OpenID Connect discovery endpoint (i.e. "/.well-known/openid-configuration"), used to automatically discover the OpenID Connect configuration, whose set of claims is expected to include (among others) the "jkws_uri" claim.
	// The value must coincide with the value of  the "iss" (issuer) claim of the discovered OpenID Connect configuration.
	Endpoint string `json:"endpoint"`
	// Decides how long to wait before refreshing the OIDC configuration (in seconds).
	TTL int `json:"ttl,omitempty"`
}

func (*Identity_OidcConfig) DeepCopy 

func (in *Identity_OidcConfig) DeepCopy() *Identity_OidcConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Identity_OidcConfig.

func (*Identity_OidcConfig) DeepCopyInto 

func (in *Identity_OidcConfig) DeepCopyInto(out *Identity_OidcConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONPatternMatching_Rule_Operator 

type JSONPatternMatching_Rule_Operator string

+kubebuilder:validation:Enum:=eq;neq;incl;excl;matches

type JsonProperty added in v0.4.0 

type JsonProperty struct {
	// The name of the claim
	Name string `json:"name"`
	// Static value of the claim
	// +kubebuilder:validation:Schemaless
	// +kubebuilder:pruning:PreserveUnknownFields
	Value runtime.RawExtension `json:"value,omitempty"`
	// Dynamic value of the claim
	ValueFrom ValueFromAuthJSON `json:"valueFrom,omitempty"`
}

func (*JsonProperty) DeepCopy added in v0.4.0 

func (in *JsonProperty) DeepCopy() *JsonProperty

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JsonProperty.

func (*JsonProperty) DeepCopyInto added in v0.4.0 

func (in *JsonProperty) DeepCopyInto(out *JsonProperty)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata 

type Metadata struct {
	// The name of the metadata source.
	// It can be used to refer to the resolved metadata object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	UserInfo    *Metadata_UserInfo    `json:"userInfo,omitempty"`
	UMA         *Metadata_UMA         `json:"uma,omitempty"`
	GenericHTTP *Metadata_GenericHTTP `json:"http,omitempty"`
}

The metadata config. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "userInfo" or "uma".

func (*Metadata) DeepCopy 

func (in *Metadata) DeepCopy() *Metadata

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata.

func (*Metadata) DeepCopyInto 

func (in *Metadata) DeepCopyInto(out *Metadata)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Metadata) GetType 

func (m *Metadata) GetType() string

type Metadata_GenericHTTP added in v0.2.0 

type Metadata_GenericHTTP struct {
	// Endpoint of the HTTP service.
	// The endpoint accepts variable placeholders in the format "{selector}", where "selector" is any pattern supported
	// by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
	// E.g. https://ext-auth-server.io/metadata?p={context.request.http.path}
	Endpoint string `json:"endpoint"`

	// HTTP verb used in the request to the service. Accepted values: GET (default), POST.
	// When the request method is POST, the authorization JSON is passed in the body of the request.
	Method GenericHTTP_Method `json:"method,omitempty"`

	// Custom parameters to encode in the body of the HTTP request.
	// Use it with method=POST; for GET requests, specify parameters using placeholders in the endpoint.
	Parameters []JsonProperty `json:"bodyParameters,omitempty"`

	// Custom headers in the HTTP request.
	Headers []JsonProperty `json:"headers,omitempty"`

	// Content-Type of the request body.
	// +kubebuilder:default:=application/x-www-form-urlencoded
	ContentType Metadata_GenericHTTP_ContentType `json:"contentType,omitempty"`

	// Reference to a Secret key whose value will be passed by Authorino in the request.
	// The HTTP service can use the shared secret to authenticate the origin of the request.
	SharedSecret *SecretKeyReference `json:"sharedSecretRef,omitempty"`

	// Defines where client credentials will be passed in the request to the service.
	// If omitted, it defaults to client credentials passed in the HTTP Authorization header and the "Bearer" prefix expected prepended to the secret value.
	Credentials Credentials `json:"credentials,omitempty"`
}

Generic HTTP interface to obtain authorization metadata from a HTTP service.

func (*Metadata_GenericHTTP) DeepCopy added in v0.2.0 

func (in *Metadata_GenericHTTP) DeepCopy() *Metadata_GenericHTTP

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_GenericHTTP.

func (*Metadata_GenericHTTP) DeepCopyInto added in v0.2.0 

func (in *Metadata_GenericHTTP) DeepCopyInto(out *Metadata_GenericHTTP)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata_GenericHTTP_ContentType added in v0.5.0 

type Metadata_GenericHTTP_ContentType string

+kubebuilder:validation:Enum:=application/x-www-form-urlencoded;application/json

type Metadata_UMA 

type Metadata_UMA struct {
	// The endpoint of the UMA server.
	// The value must coincide with the "issuer" claim of the UMA config discovered from the well-known uma configuration endpoint.
	Endpoint string `json:"endpoint"`

	// Reference to a Kubernetes secret in the same namespace, that stores client credentials to the resource registration API of the UMA server.
	Credentials *v1.LocalObjectReference `json:"credentialsRef"`
}

User-Managed Access (UMA) source of resource data.

func (*Metadata_UMA) DeepCopy 

func (in *Metadata_UMA) DeepCopy() *Metadata_UMA

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_UMA.

func (*Metadata_UMA) DeepCopyInto 

func (in *Metadata_UMA) DeepCopyInto(out *Metadata_UMA)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Metadata_UserInfo 

type Metadata_UserInfo struct {
	// The name of an OIDC identity source included in the "identity" section and whose OpenID Connect configuration discovered includes the OIDC "userinfo_endpoint" claim.
	IdentitySource string `json:"identitySource"`
}

OpendID Connect UserInfo linked to an OIDC identity config of this same spec.

func (*Metadata_UserInfo) DeepCopy 

func (in *Metadata_UserInfo) DeepCopy() *Metadata_UserInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata_UserInfo.

func (*Metadata_UserInfo) DeepCopyInto 

func (in *Metadata_UserInfo) DeepCopyInto(out *Metadata_UserInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Response added in v0.4.0 

type Response struct {
	// Name of the custom response.
	// It can be used to refer to the resolved response object in other configs.
	Name string `json:"name"`

	// Priority group of the config.
	// All configs in the same priority group are evaluated concurrently; consecutive priority groups are evaluated sequentially.
	// +kubebuilder:default:=0
	Priority int `json:"priority,omitempty"`

	// How Authorino wraps the response.
	// Use "httpHeader" (default) to wrap the response in an HTTP header; or "envoyDynamicMetadata" to wrap the response as Envoy Dynamic Metadata
	// +kubebuilder:default:=httpHeader
	Wrapper Response_Wrapper `json:"wrapper,omitempty"`
	// The name of key used in the wrapped response (name of the HTTP header or property of the Envoy Dynamic Metadata JSON).
	// If omitted, it will be set to the name of the configuration.
	WrapperKey string `json:"wrapperKey,omitempty"`

	Wristband *Response_Wristband   `json:"wristband,omitempty"`
	JSON      *Response_DynamicJSON `json:"json,omitempty"`
}

Dynamic response to return to the client. Apart from "name", one of the following parameters is required and only one of the following parameters is allowed: "wristband" or "json".

func (*Response) DeepCopy added in v0.4.0 

func (in *Response) DeepCopy() *Response

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response.

func (*Response) DeepCopyInto added in v0.4.0 

func (in *Response) DeepCopyInto(out *Response)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Response) GetType added in v0.4.0 

func (r *Response) GetType() string

type Response_DynamicJSON added in v0.4.0 

type Response_DynamicJSON struct {
	// List of JSON property-value pairs to be added to the dynamic response.
	Properties []JsonProperty `json:"properties"`
}

func (*Response_DynamicJSON) DeepCopy added in v0.4.0 

func (in *Response_DynamicJSON) DeepCopy() *Response_DynamicJSON

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response_DynamicJSON.

func (*Response_DynamicJSON) DeepCopyInto added in v0.4.0 

func (in *Response_DynamicJSON) DeepCopyInto(out *Response_DynamicJSON)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Response_Wrapper added in v0.4.0 

type Response_Wrapper string

+kubebuilder:validation:Enum:=httpHeader;envoyDynamicMetadata

type Response_Wristband added in v0.4.0 

type Response_Wristband struct {
	// The endpoint to the Authorino service that issues the wristband (format: <scheme>://<host>:<port>/<realm>, where <realm> = <namespace>/<authorino-auth-config-resource-name/wristband-config-name)
	Issuer string `json:"issuer"`
	// Any claims to be added to the wristband token apart from the standard JWT claims (iss, iat, exp) added by default.
	CustomClaims []JsonProperty `json:"customClaims,omitempty"`
	// Time span of the wristband token, in seconds.
	TokenDuration *int64 `json:"tokenDuration,omitempty"`
	// Reference by name to Kubernetes secrets and corresponding signing algorithms.
	// The secrets must contain a `key.pem` entry whose value is the signing key formatted as PEM.
	SigningKeyRefs []*SigningKeyRef `json:"signingKeyRefs"`
}

func (*Response_Wristband) DeepCopy added in v0.4.0 

func (in *Response_Wristband) DeepCopy() *Response_Wristband

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Response_Wristband.

func (*Response_Wristband) DeepCopyInto added in v0.4.0 

func (in *Response_Wristband) DeepCopyInto(out *Response_Wristband)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretKeyReference added in v0.2.0 

type SecretKeyReference struct {
	// The name of the secret in the Authorino's namespace to select from.
	Name string `json:"name"`

	// The key of the secret to select from.  Must be a valid secret key.
	Key string `json:"key"`
}

SecretKeyReference selects a key of a Secret.

func (*SecretKeyReference) DeepCopy added in v0.2.0 

func (in *SecretKeyReference) DeepCopy() *SecretKeyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReference.

func (*SecretKeyReference) DeepCopyInto added in v0.2.0 

func (in *SecretKeyReference) DeepCopyInto(out *SecretKeyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SigningKeyAlgorithm added in v0.2.0 

type SigningKeyAlgorithm string

+kubebuilder:validation:Enum:=ES256;ES384;ES512;RS256;RS384;RS512

type SigningKeyRef added in v0.2.0 

type SigningKeyRef struct {
	// Name of the signing key.
	// The value is used to reference the Kubernetes secret that stores the key and in the `kid` claim of the wristband token header.
	Name string `json:"name"`

	// Algorithm to sign the wristband token using the signing key provided
	Algorithm SigningKeyAlgorithm `json:"algorithm"`
}

func (*SigningKeyRef) DeepCopy added in v0.2.0 

func (in *SigningKeyRef) DeepCopy() *SigningKeyRef

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SigningKeyRef.

func (*SigningKeyRef) DeepCopyInto added in v0.2.0 

func (in *SigningKeyRef) DeepCopyInto(out *SigningKeyRef)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ValueFromAuthJSON added in v0.4.0 

type ValueFromAuthJSON struct {
	// Selector to fill the value from the authorization JSON.
	// Any patterns supported by https://pkg.go.dev/github.com/tidwall/gjson can be used.
	// The value can be just the pattern with the path to fetch from the authorization JSON (e.g. 'context.request.http.host')
	// or a string template with variable placeholders that resolve to patterns (e.g. "Hello, {auth.identity.name}!")
	// The following string modifiers are available: @extract:{sep:" ",pos:0}, @replace{old:"",new:""}, @case:upper|lower,
	// and @base64:encode|decode.
	AuthJSON string `json:"authJSON,omitempty"`
}

func (*ValueFromAuthJSON) DeepCopy added in v0.4.0 

func (in *ValueFromAuthJSON) DeepCopy() *ValueFromAuthJSON

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ValueFromAuthJSON.

func (*ValueFromAuthJSON) DeepCopyInto added in v0.4.0 

func (in *ValueFromAuthJSON) DeepCopyInto(out *ValueFromAuthJSON)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.