service

package

v0.9.1 Latest Latest Go to latest Published: Jun 22, 2022 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kuadrant/authorino

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewAuthPipeline(parentCtx gocontext.Context, req *envoy_auth.CheckRequest, ...) auth.AuthPipeline
type AuthPipeline
type AuthService
- func (a *AuthService) Check(parentContext gocontext.Context, req *envoy_auth.CheckRequest) (*envoy_auth.CheckResponse, error)
- func (a *AuthService) ServeHTTP(resp http.ResponseWriter, req *http.Request)
type EvaluationResponse
- func (evresp *EvaluationResponse) GetErrorMessage() string
- func (evresp *EvaluationResponse) Success() bool
type HealthService
- func (self *HealthService) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error)
- func (self *HealthService) Watch(in *healthpb.HealthCheckRequest, srv healthpb.Health_WatchServer) error
type OidcService
- func (o *OidcService) ServeHTTP(writer http.ResponseWriter, req *http.Request)

Constants ¶

View Source

const (
	HTTPAuthorizationBasePath = "/check"

	X_EXT_AUTH_REASON_HEADER = "X-Ext-Auth-Reason"

	RESPONSE_MESSAGE_INVALID_REQUEST   = "Invalid request"
	RESPONSE_MESSAGE_SERVICE_NOT_FOUND = "Service not found"

	X_LOOKUP_KEY_NAME = "host"
)

View Source

const OIDCBasePath = "/"

Variables ¶

This section is empty.

Functions ¶

func NewAuthPipeline ¶

func NewAuthPipeline(parentCtx gocontext.Context, req *envoy_auth.CheckRequest, authConfig evaluators.AuthConfig) auth.AuthPipeline

NewAuthPipeline creates an AuthPipeline instance

Types ¶

type AuthPipeline ¶

type AuthPipeline struct {
	Context    gocontext.Context
	Request    *envoy_auth.CheckRequest
	AuthConfig *evaluators.AuthConfig

	Identity      map[*evaluators.IdentityConfig]interface{}
	Metadata      map[*evaluators.MetadataConfig]interface{}
	Authorization map[*evaluators.AuthorizationConfig]interface{}
	Response      map[*evaluators.ResponseConfig]interface{}

	Logger log.Logger
}

AuthPipeline evaluates the context of an auth request upon the authconfigs defined for the requested API Throughout the pipeline, user identity, ad hoc metadata and authorization policies are evaluated and their corresponding resulting objects stored in the respective maps.

func (*AuthPipeline) Evaluate ¶

func (pipeline *AuthPipeline) Evaluate() auth.AuthResult

Evaluate evaluates all steps of the auth pipeline (identity → metadata → policy enforcement)

func (*AuthPipeline) GetAPI ¶

func (pipeline *AuthPipeline) GetAPI() interface{}

func (*AuthPipeline) GetAuthorizationJSON ¶ added in v0.6.0

func (pipeline *AuthPipeline) GetAuthorizationJSON() string

func (*AuthPipeline) GetHttp ¶

func (pipeline *AuthPipeline) GetHttp() *envoy_auth.AttributeContext_HttpRequest

func (*AuthPipeline) GetRequest ¶

func (pipeline *AuthPipeline) GetRequest() *envoy_auth.CheckRequest

func (*AuthPipeline) GetResolvedIdentity ¶

func (pipeline *AuthPipeline) GetResolvedIdentity() (interface{}, interface{})

type AuthService ¶

type AuthService struct {
	Cache   cache.Cache
	Timeout time.Duration
}

AuthService is the server API for the authorization service.

func (*AuthService) Check ¶

func (a *AuthService) Check(parentContext gocontext.Context, req *envoy_auth.CheckRequest) (*envoy_auth.CheckResponse, error)

Check performs authorization check based on the attributes associated with the incoming request, and returns status `OK` or not `OK`.

func (*AuthService) ServeHTTP ¶ added in v0.9.0

func (a *AuthService) ServeHTTP(resp http.ResponseWriter, req *http.Request)

ServeHTTP invokes authorization check for a simple GET/POST HTTP authorization request Content-Type header must be 'application/json' The body can be any JSON object; in case the input is a Kubernetes AdmissionReview resource, the response is compatible with the Dynamic Admission API

type EvaluationResponse ¶

type EvaluationResponse struct {
	Evaluator auth.AuthConfigEvaluator
	Object    interface{}
	Error     error
}

func (*EvaluationResponse) GetErrorMessage ¶

func (evresp *EvaluationResponse) GetErrorMessage() string

func (*EvaluationResponse) Success ¶

func (evresp *EvaluationResponse) Success() bool

type HealthService ¶

type HealthService struct{}

HealthService is the server API for the gRPC health service

func (*HealthService) Check ¶

func (self *HealthService) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error)

Check performs a health of the gRPC service

func (*HealthService) Watch ¶

func (self *HealthService) Watch(in *healthpb.HealthCheckRequest, srv healthpb.Health_WatchServer) error

Watch is for streaming health-check (not yet implemented)

type OidcService ¶ added in v0.2.0

type OidcService struct {
	Cache cache.Cache
}

OidcService implements an HTTP server for OpenID Connect Discovery

func (*OidcService) ServeHTTP ¶ added in v0.2.0

func (o *OidcService) ServeHTTP(writer http.ResponseWriter, req *http.Request)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL