auth

package

v0.0.0-...-485f7c5 Latest Latest Go to latest Published: Sep 9, 2024 License: Apache-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/projectcontour/contour-authserver

Documentation ¶

Index ¶

Constants
func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)
func RegisterServer(srv *grpc.Server, c Checker)
func RunServer(ctx context.Context, listener net.Listener, srv *grpc.Server) error
type CheckRequestV2
type CheckRequestV3
type CheckResponseV2
type CheckResponseV3
type Checker
type Htpasswd
type OIDCConnect
- func (o *OIDCConnect) Check(ctx context.Context, req *Request) (*Response, error)
type Request
- func (r *Request) FromV2(c *CheckRequestV2) *Request
- func (r *Request) FromV3(c *CheckRequestV3) *Request
type Response
- func (r *Response) AsV2() *CheckResponseV2
- func (r *Response) AsV3() *CheckResponseV3
type Testserver
- func (t *Testserver) Check(xts context.Context, request *Request) (*Response, error)

Constants ¶

View Source

const (
	// AnnotationAuthType labels Secrets that can be used for basic Auth.
	AnnotationAuthType = "projectcontour.io/auth-type"
	// AnnotationAuthRealm labels Secrets that match our authentication realm.
	AnnotationAuthRealm = "projectcontour.io/auth-realm"
)

Variables ¶

This section is empty.

Functions ¶

func NewServerCredentials ¶

func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)

NewServerCredentials loads TLS transport credentials for the GRPC server.

func RegisterServer ¶

func RegisterServer(srv *grpc.Server, c Checker)

RegisterServer registers the Checker with the external authorization GRPC server.

func RunServer ¶

func RunServer(ctx context.Context, listener net.Listener, srv *grpc.Server) error

RunServer runs the server until signaled by stopChan.

Types ¶

type CheckRequestV2 ¶

type CheckRequestV2 = envoy_service_auth_v2.CheckRequest //nolint:golint

type CheckRequestV3 ¶

type CheckRequestV3 = envoy_service_auth_v3.CheckRequest //nolint:golint

type CheckResponseV2 ¶

type CheckResponseV2 = envoy_service_auth_v2.CheckResponse //nolint:golint

type CheckResponseV3 ¶

type CheckResponseV3 = envoy_service_auth_v3.CheckResponse //nolint:golint

type Checker ¶

type Checker interface {
	Check(context.Context, *Request) (*Response, error)
}

Checker is an implementation of the Envoy External Auth API.

https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v3/external_auth.proto https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v2/external_auth.proto

type Htpasswd ¶

type Htpasswd struct {
	Log       logr.Logger
	Realm     string
	Client    client.Client
	Passwords *htpasswd.File
	Selector  labels.Selector

	Lock sync.Mutex
}

Htpasswd watches Secrets for htpasswd files and uses them for HTTP Basic Authentication.

func (*Htpasswd) Check ¶

func (h *Htpasswd) Check(ctx context.Context, request *Request) (*Response, error)

Check ...

func (*Htpasswd) Match ¶

func (h *Htpasswd) Match(user string, pass string) bool

Match authenticates the credential against the htpasswd file.

func (*Htpasswd) Reconcile ¶

func (h *Htpasswd) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile ...

func (*Htpasswd) RegisterWithManager ¶

func (h *Htpasswd) RegisterWithManager(mgr ctrl.Manager) error

RegisterWithManager ...

func (*Htpasswd) Set ¶

func (h *Htpasswd) Set(passwd *htpasswd.File)

Set set the htpasswd file to use.

type OIDCConnect ¶

type OIDCConnect struct {
	Log        logr.Logger
	OidcConfig *config.OIDCConfig
	Cache      *bigcache.BigCache
	HTTPClient *http.Client
	// contains filtered or unexported fields
}

OIDCConnect defines parameters for an OIDC auth provider.

func (*OIDCConnect) Check ¶

func (o *OIDCConnect) Check(ctx context.Context, req *Request) (*Response, error)

Check entry point for authentication. it accepts incoming request and redirects un-authenticated requests to IDP. Otherwise, it will route user to the intended url.

type Request ¶

type Request struct {
	Context map[string]string
	Request http.Request
	ID      string
}

Request captures the information needed to process a CheckRequest.

func (*Request) FromV2 ¶

func (r *Request) FromV2(c *CheckRequestV2) *Request

FromV2 initializes a Request from a v2 CheckRequest.

func (*Request) FromV3 ¶

func (r *Request) FromV3(c *CheckRequestV3) *Request

FromV3 initializes a Request from a v3 CheckRequest.

type Response ¶

type Response struct {
	Allow    bool
	Response http.Response
}

Response captures the information needed to generate a CheckResponse.

func (*Response) AsV2 ¶

func (r *Response) AsV2() *CheckResponseV2

AsV2 converts to a v2 CheckResponse.

func (*Response) AsV3 ¶

func (r *Response) AsV3() *CheckResponseV3

AsV3 converts to a v3 CheckResponse.

type Testserver ¶

type Testserver struct {
	Log logr.Logger
}

Testserver is a no-op implementation of the Checker interface. For testing only.

func (*Testserver) Check ¶

func (t *Testserver) Check(xts context.Context, request *Request) (*Response, error)

Check ...

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL