extauth

package
v1.7.0-beta4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2021 License: Apache-2.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

View Source
const (
	DefaultAuthHeader = "x-user-id"
	HttpServerUri     = "http://not-used.example.com/"
)
View Source
const JWTFilterName = "envoy.filters.http.jwt_authn"

Variables

View Source
var (
	DefaultTimeout = prototime.DurationToProto(200 * time.Millisecond)
	NoServerRefErr = eris.New("no extauth server reference configured")
	ServerNotFound = func(usRef *core.ResourceRef) error {
		return eris.Errorf("extauth server upstream not found %s", usRef.String())
	}
	InvalidStatusOnErrorErr = func(code uint32) error {
		return eris.Errorf("invalid statusOnError code: %d", code)
	}
)

Note that although this configures the "envoy.filters.http.ext_authz" filter, we still want the ordering to be within the AuthNStage because we are using this filter for authentication purposes

Functions

func BuildHttpFilters

func BuildHttpFilters(
	globalSettings *extauthv1.Settings,
	listener *v1.HttpListener,
	upstreams v1.UpstreamList,
) ([]plugins.StagedHttpFilter, error)

Types

type Plugin

type Plugin struct {
	// contains filtered or unexported fields
}

func NewCustomAuthPlugin

func NewCustomAuthPlugin() *Plugin

func (*Plugin) HttpFilters

func (p *Plugin) HttpFilters(params plugins.Params, listener *v1.HttpListener) ([]plugins.StagedHttpFilter, error)

func (*Plugin) Init

func (p *Plugin) Init(params plugins.InitParams) error

func (*Plugin) ProcessRoute

func (p *Plugin) ProcessRoute(params plugins.RouteParams, in *v1.Route, out *envoy_config_route_v3.Route) error

This function generates the ext_authz TypedPerFilterConfig for this route: - if the route defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter (will apply by default also to WeightedDestinations); - else, do nothing (will inherit config from parent virtual host).

func (*Plugin) ProcessVirtualHost

func (p *Plugin) ProcessVirtualHost(
	params plugins.VirtualHostParams,
	in *v1.VirtualHost,
	out *envoy_config_route_v3.VirtualHost,
) error

This function generates the ext_authz TypedPerFilterConfig for this virtual host. If the ext_authz filter was not configured on the listener, do nothing. If the filter is configured and the virtual host does not define an extauth configuration OR explicitly disables extauth, we disable the ext_authz filter. This is done to disable authentication by default on a virtual host and its child resources (routes, weighted destinations). Extauth is currently opt-in.

func (*Plugin) ProcessWeightedDestination

func (p *Plugin) ProcessWeightedDestination(
	params plugins.RouteParams,
	in *v1.WeightedDestination,
	out *envoy_config_route_v3.WeightedCluster_ClusterWeight,
) error

This function generates the ext_authz TypedPerFilterConfig for this weightedDestination: - if the weightedDestination defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter; - else, do nothing (will inherit config from parent virtual host and/or route).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL