authentication

package

v0.38.0 Latest Latest Go to latest Published: Sep 16, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/radius-project/radius

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

Constants
Variables
func ClientCertValidator(armCertMgr *ArmCertManager) func(http.Handler) http.Handler
func IsValidThumbprint(thumbprint string) bool
type ArmCertManager
- func NewArmCertManager(armMetaEndpoint string, log logr.Logger) *ArmCertManager
- func (acm *ArmCertManager) Start(ctx context.Context) error
type Certificate

Constants ¶

View Source

const (
	IngressCertThumbprintHeader = "X-SSL-Client-Thumbprint"
	ArmCertificateRefreshRate   = 1 * time.Hour
)

Variables ¶

View Source

var ArmCertStore sync.Map

ArmCertStore stores active client certificates fetched from arm metadata endpoint

View Source

var (
	ErrClientCertFetch = errors.New("failed to fetch client certificate from arm metadata endpoint - ")
)

Functions ¶

func ClientCertValidator ¶

func ClientCertValidator(armCertMgr *ArmCertManager) func(http.Handler) http.Handler

ClientCertValidator validates the thumbprint received in the request header with the active thumbprints fetched from ARM Metadata endpoint

func IsValidThumbprint ¶

func IsValidThumbprint(thumbprint string) bool

IsValidThumbprint verifies the thumbprint received in the request header against the list of thumbprints fetched from arm metadata endpoint

Types ¶

type ArmCertManager ¶

type ArmCertManager struct {
	// contains filtered or unexported fields
}

ArmCertManager defines the arm client manager for fetching the client cert from arm metadata endpoint

func NewArmCertManager ¶

func NewArmCertManager(armMetaEndpoint string, log logr.Logger) *ArmCertManager

NewArmCertManager creates a new ArmCertManager

func (*ArmCertManager) Start ¶

func (acm *ArmCertManager) Start(ctx context.Context) error

Start fetches the client certificates from the arm metadata endpoint during service start up and runs in the background the periodic certificate refresher.

type Certificate ¶

type Certificate struct {
	Certificate string    `json:"certificate"`
	NotAfter    time.Time `json:"notAfter"`
	NotBefore   time.Time `json:"notBefore"`
	Thumbprint  string    `json:"thumbprint"`
}

Certificate represents the client certificate fetched from arm metadata endpoint

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL