lbac

package

v0.0.0-...-d2452cb Latest Latest Go to latest Published: Oct 31, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/philipgough/prom-auth-proxy

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func RawPolicyToFilterMetadata(b []byte) (*structpb.Value, error)
type Policies
- func RawPolicyToPolicy(b []byte) (Policies, error)
type Policy
- func (p Policy) Apply(expr parser.Expr) error
- func (p Policy) Evaluate(againstState map[string]any) (bool, error)
type RawPolicy
type RawSelector
type Selector

Constants ¶

View Source

const (
	ServerName               = "envoy.filters.http.ext_proc"
	ServerDefaultPort        = 3001
	DefaultMetadataNamespace = "lbac"
	DefaultPolicySubKey      = "policies"
	DefaultStateSubKey       = "state"
	DefaultStateNamespace    = "namespace"
	DefaultStateKey          = "key"
)

Variables ¶

This section is empty.

Functions ¶

func RawPolicyToFilterMetadata ¶

func RawPolicyToFilterMetadata(b []byte) (*structpb.Value, error)

RawPolicyToFilterMetadata converts a raw policy to a filter metadata.

Types ¶

type Policies ¶

type Policies []Policy

Policies is a list of Policy.

func RawPolicyToPolicy ¶

func RawPolicyToPolicy(b []byte) (Policies, error)

RawPolicyToPolicy converts a raw policy to a policy.

type Policy ¶

type Policy struct {
	// Name is a human-readable name for the policy.
	Name string `json:"name"`
	// CELExpression is a CEL expression that must evaluate to true for the policy to be applied.
	CELExpression string `json:"expression"`
	// Selectors is a list of matchers to be injected into the request as part of the policy if the CELExpression evaluates to true.
	Selectors []Selector `json:"selectors"`
}

Policy is a list of CEL expressions and matchers. If all the CELExpressions evaluate to true the Selectors are injected into the request.

func (Policy) Apply ¶

func (p Policy) Apply(expr parser.Expr) error

Apply applies the policy to the expression.

func (Policy) Evaluate ¶

func (p Policy) Evaluate(againstState map[string]any) (bool, error)

Evaluate evaluates the policy against the source.

type RawPolicy ¶

type RawPolicy struct {
	Name string `json:"name"`
	// CELExpression is a CEL expression that must evaluate to true for the policy to be applied.
	CELExpression string `json:"expression"`
	// Selectors is a list of label selectors/matcher in string format to be injected into the request as part of the policy.
	Selectors []RawSelector `json:"selectors"`
}

RawPolicy is a list of CEL expressions and matchers in string form.

type RawSelector ¶

type RawSelector struct {
	// LabelSelector is the label selector that will be applied if all the selectors in the ConditionalSelector are true.
	LabelSelector string `json:"label_selector"`
	// ConditionalSelector is a list of selectors that must all evaluate to true for the Selector to be applied.
	// This is optional and if not present the Selector will be applied if the CELExpression evaluates to true.
	ConditionalSelector *string `json:"conditional_selector,omitempty"`
}

RawSelector is a list of selectors in string form.

type Selector ¶

type Selector struct {
	// LabelSelector is the label selector that will be applied if all the selectors in the ConditionalSelector are true.
	LabelSelector []*labels.Matcher `json:"label_selector"`
	// ConditionalSelector is a list of selectors that must all evaluate to true for the Selector to be applied.
	// This is optional and if not present the Selector will be applied if the CELExpression evaluates to true.
	ConditionalSelector []*labels.Matcher `json:"conditional_selector,omitempty"`
}

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL