Documentation ¶
Overview ¶
Package rule implements management capabilities for rules
A rule is used to decide what to do with requests that are hitting the ORY Oathkeeper proxy server. A rule must define the HTTP methods and the URL under which it will apply. A URL may not have more than one rule. If a URL has no rule applied, the proxy server will return a 404 not found error.
ORY Oathkeeper stores as many rules as required and iterates through them on every request. Rules are essential to the way ORY Oathkeeper works.
Index ¶
- type Fetcher
- type FetcherDefault
- type Matcher
- type Registry
- type Repository
- type RepositoryMemory
- func (m *RepositoryMemory) Count(ctx context.Context) (int, error)
- func (m *RepositoryMemory) Get(ctx context.Context, id string) (*Rule, error)
- func (m *RepositoryMemory) List(ctx context.Context, limit, offset int) ([]Rule, error)
- func (m *RepositoryMemory) Match(ctx context.Context, method string, u *url.URL) (*Rule, error)
- func (m *RepositoryMemory) Set(ctx context.Context, rules []Rule) error
- func (m *RepositoryMemory) WithRules(rules []Rule)
- type Rule
- type RuleHandler
- type RuleMatch
- type Upstream
- type Validator
- type ValidatorDefault
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FetcherDefault ¶ added in v0.39.0
type FetcherDefault struct {
// contains filtered or unexported fields
}
func NewFetcherDefault ¶ added in v0.39.0
func NewFetcherDefault( c configuration.Provider, r fetcherRegistry, ) *FetcherDefault
type Registry ¶ added in v0.39.0
type Registry interface { RuleValidator() Validator RuleFetcher() Fetcher RuleRepository() Repository RuleMatcher() Matcher }
type Repository ¶ added in v0.39.0
type RepositoryMemory ¶ added in v0.39.0
func NewRepositoryMemory ¶ added in v0.39.0
func NewRepositoryMemory(r repositoryMemoryRegistry) *RepositoryMemory
func (*RepositoryMemory) Count ¶ added in v0.39.0
func (m *RepositoryMemory) Count(ctx context.Context) (int, error)
func (*RepositoryMemory) Set ¶ added in v0.39.0
func (m *RepositoryMemory) Set(ctx context.Context, rules []Rule) error
func (*RepositoryMemory) WithRules ¶ added in v0.39.0
func (m *RepositoryMemory) WithRules(rules []Rule)
WithRules sets rules without validation. For testing only.
type Rule ¶
type Rule struct { // ID is the unique id of the rule. It can be at most 190 characters long, but the layout of the ID is up to you. // You will need this ID later on to update or delete the rule. ID string `json:"id"` // Description is a human readable description of this rule. Description string `json:"description"` // Match defines the URL that this rule should match. Match RuleMatch `json:"match"` // Authenticators is a list of authentication handlers that will try and authenticate the provided credentials. // Authenticators are checked iteratively from index 0 to n and if the first authenticator to return a positive // result will be the one used. // // If you want the rule to first check a specific authenticator before "falling back" to others, have that authenticator // as the first item in the array. Authenticators []RuleHandler `json:"authenticators"` // Authorizer is the authorization handler which will try to authorize the subject (authenticated using an Authenticator) // making the request. Authorizer RuleHandler `json:"authorizer"` // Mutator is a handler that transform the HTTP request. A common use case is generating a new set of credentials // (e.g. JWT) which then will be forwarded to the upstream server. Mutator RuleHandler `json:"mutator"` // Upstream is the location of the server where requests matching this rule should be forwarded to. Upstream Upstream `json:"upstream"` }
Rule is a single rule that will get checked on every HTTP request.
type RuleHandler ¶ added in v0.15.0
type RuleHandler struct { // Handler identifies the implementation which will be used to handle this specific request. Please read the user // guide for a complete list of available handlers. Handler string `json:"handler"` // Config contains the configuration for the handler. Please read the user // guide for a complete list of each handler's available settings. Config json.RawMessage `json:"config"` }
type RuleMatch ¶ added in v0.15.0
type RuleMatch struct { // An array of HTTP methods (e.g. GET, POST, PUT, DELETE, ...). When ORY Oathkeeper searches for rules // to decide what to do with an incoming request to the proxy server, it compares the HTTP method of the incoming // request with the HTTP methods of each rules. If a match is found, the rule is considered a partial match. // If the matchesUrl field is satisfied as well, the rule is considered a full match. Methods []string `json:"methods"` // This field represents the URL pattern this rule matches. When ORY Oathkeeper searches for rules // to decide what to do with an incoming request to the proxy server, it compares the full request URL // (e.g. https://mydomain.com/api/resource) without query parameters of the incoming // request with this field. If a match is found, the rule is considered a partial match. // If the matchesMethods field is satisfied as well, the rule is considered a full match. // // You can use regular expressions in this field to match more than one url. Regular expressions are encapsulated in // brackets < and >. The following example matches all paths of the domain `mydomain.com`: `https://mydomain.com/<.*>`. URL string `json:"url"` // contains filtered or unexported fields }
type Upstream ¶ added in v0.15.0
type Upstream struct { // PreserveHost, if false (the default), tells ORY Oathkeeper to set the upstream request's Host header to the // hostname of the API's upstream's URL. Setting this flag to true instructs ORY Oathkeeper not to do so. PreserveHost bool `json:"preserve_host"` // StripPath if set, replaces the provided path prefix when forwarding the requested URL to the upstream URL. StripPath string `json:"strip_path"` // URL is the URL the request will be proxied to. URL string `json:"url"` }
type ValidatorDefault ¶ added in v0.39.0
type ValidatorDefault struct {
// contains filtered or unexported fields
}
func NewValidatorDefault ¶ added in v0.39.0
func NewValidatorDefault(r validatorRegistry) *ValidatorDefault
func (*ValidatorDefault) Validate ¶ added in v0.39.0
func (v *ValidatorDefault) Validate(r *Rule) error
Click to show internal directories.
Click to hide internal directories.