extauth

package

v1.4.15 Latest Latest Go to latest Published: Sep 30, 2020 License: Apache-2.0 Imports: 15 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/solo-io/gloo

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func BuildHttpFilters(globalSettings *extauthv1.Settings, listener *v1.HttpListener, ...) ([]plugins.StagedHttpFilter, error)
type Plugin
- func NewCustomAuthPlugin() *Plugin

Constants ¶

View Source

const (
	FilterName        = "envoy.filters.http.ext_authz"
	DefaultAuthHeader = "x-user-id"
	HttpServerUri     = "http://not-used.example.com/"
)

Variables ¶

View Source

var (
	DefaultTimeout = 200 * time.Millisecond
	NoServerRefErr = eris.New("no extauth server reference configured")
	ServerNotFound = func(usRef *core.ResourceRef) error {
		return eris.Errorf("extauth server upstream not found %s", usRef.String())
	}
	InvalidStatusOnErrorErr = func(code uint32) error {
		return eris.Errorf("invalid statusOnError code: %d", code)
	}
)

View Source

var FilterStage = plugins.DuringStage(plugins.AuthNStage)

Note that although this configures the "envoy.filters.http.ext_authz" filter, we still want the ordering to be within the AuthNStage because we are using this filter for authentication purposes

Functions ¶

func BuildHttpFilters ¶

func BuildHttpFilters(globalSettings *extauthv1.Settings, listener *v1.HttpListener, upstreams v1.UpstreamList) ([]plugins.StagedHttpFilter, error)

Types ¶

type Plugin ¶

type Plugin struct {
	// contains filtered or unexported fields
}

func NewCustomAuthPlugin ¶

func NewCustomAuthPlugin() *Plugin

func (*Plugin) HttpFilters ¶

func (p *Plugin) HttpFilters(params plugins.Params, listener *v1.HttpListener) ([]plugins.StagedHttpFilter, error)

func (*Plugin) Init ¶

func (p *Plugin) Init(params plugins.InitParams) error

func (*Plugin) ProcessRoute ¶

func (p *Plugin) ProcessRoute(params plugins.RouteParams, in *v1.Route, out *route.Route) error

This function generates the ext_authz PerFilterConfig for this route: - if the route defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter (will apply by default also to WeightedDestinations); - else, do nothing (will inherit config from parent virtual host).

func (*Plugin) ProcessVirtualHost ¶

func (p *Plugin) ProcessVirtualHost(params plugins.VirtualHostParams, in *v1.VirtualHost, out *route.VirtualHost) error

This function generates the ext_authz PerFilterConfig for this virtual host. If the ext_authz filter was not configured on the listener, do nothing. If the filter is configured and the virtual host does not define an extauth configuration OR explicitly disables extauth, we disable the ext_authz filter. This is done to disable authentication by default on a virtual host and its child resources (routes, weighted destinations). Extauth is currently opt-in.

func (*Plugin) ProcessWeightedDestination ¶

func (p *Plugin) ProcessWeightedDestination(params plugins.RouteParams, in *v1.WeightedDestination, out *route.WeightedCluster_ClusterWeight) error

This function generates the ext_authz PerFilterConfig for this weightedDestination: - if the weightedDestination defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter; - else, do nothing (will inherit config from parent virtual host and/or route).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL