authn

package
v0.0.0-...-865e90e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2018 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// JwtFilterName is the name for the Jwt filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/http_filter_factory.cc#L50
	JwtFilterName = "jwt-auth"

	// AuthnFilterName is the name for the Istio AuthN filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/authn/http_filter_factory.cc#L30
	AuthnFilterName = "istio_authn"

	// EnvoyTLSInspectorFilterName is the name for Envoy TLS sniffing listener filter.
	EnvoyTLSInspectorFilterName = "envoy.listener.tls_inspector"
	// EnvoyRawBufferMatch is the transport protocol name when tls multiplexed is used.
	EnvoyRawBufferMatch = "raw_buffer"
	// EnvoyTLSMatch is the transport protocol name when tls multiplexed is used.
	EnvoyTLSMatch = "tls"
)

Variables

This section is empty.

Functions

func BuildAuthNFilter

func BuildAuthNFilter(policy *authn.Policy, proxyType model.NodeType) *http_conn.HttpFilter

BuildAuthNFilter returns authn filter for the given policy. If policy is nil, returns nil.

func BuildJwtFilter

func BuildJwtFilter(policy *authn.Policy) *http_conn.HttpFilter

BuildJwtFilter returns a Jwt filter for all Jwt specs in the policy.

func CollectJwtSpecs

func CollectJwtSpecs(policy *authn.Policy) []*authn.Jwt

CollectJwtSpecs returns a list of all JWT specs (ponters) defined the policy. This provides a convenient way to iterate all Jwt specs.

func ConvertPolicyToAuthNFilterConfig

func ConvertPolicyToAuthNFilterConfig(policy *authn.Policy, proxyType model.NodeType) *authn_filter.FilterConfig

ConvertPolicyToAuthNFilterConfig returns an authn filter config corresponding for the input policy.

func ConvertPolicyToJwtConfig

func ConvertPolicyToJwtConfig(policy *authn.Policy, useInlinePublicKey bool) *jwtfilter.JwtAuthentication

ConvertPolicyToJwtConfig converts policy into Jwt filter config for envoy.

func JwksURIClusterName

func JwksURIClusterName(hostname string, port *model.Port) string

JwksURIClusterName returns cluster name for the jwks URI. This should be used to override the name for outbound cluster that are added for Jwks URI so that they can be referred correctly in the JWT filter config.

func NewPlugin

func NewPlugin() plugin.Plugin

NewPlugin returns an instance of the authn plugin

func OutputLocationForJwtIssuer

func OutputLocationForJwtIssuer(issuer string) string

OutputLocationForJwtIssuer returns the header location that should be used to output payload if authentication succeeds.

func RequireTLS

func RequireTLS(policy *authn.Policy, proxyType model.NodeType) (bool, *authn.MutualTls)

RequireTLS returns true and pointer to mTLS params if the policy use mTLS for (peer) authentication. (note that mTLS params can still be nil). Otherwise, return (false, nil).

Types

type Plugin

type Plugin struct{}

Plugin implements Istio mTLS auth

func (Plugin) OnInboundCluster

func (Plugin) OnInboundCluster(env model.Environment, node model.Proxy, service *model.Service,
	servicePort *model.Port, cluster *xdsapi.Cluster)

OnInboundCluster implements the Plugin interface method.

func (Plugin) OnInboundListener

func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path

func (Plugin) OnInboundRouteConfiguration

func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnInboundRouteConfiguration implements the Plugin interface method.

func (Plugin) OnOutboundCluster

func (Plugin) OnOutboundCluster(env model.Environment, node model.Proxy, service *model.Service,
	servicePort *model.Port, cluster *xdsapi.Cluster)

OnOutboundCluster implements the Plugin interface method.

func (Plugin) OnOutboundListener

func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path

func (Plugin) OnOutboundRouteConfiguration

func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnOutboundRouteConfiguration implements the Plugin interface method.

func (Plugin) RequireTLSMultiplexing

func (Plugin) RequireTLSMultiplexing(mesh *meshconfig.MeshConfig, store model.IstioConfigStore, hostname model.Hostname, port *model.Port) bool

RequireTLSMultiplexing returns true if any one of MTLS mode is `PERMISSIVE`.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL