extauth

package

v1.8.0-beta21 Latest Latest Go to latest Published: Jun 15, 2021 License: Apache-2.0 Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/solo-io/gloo

Documentation ¶

Index ¶

Constants
Variables
func BuildStagedHttpFilters(configurationGenerator func() ([]*envoyauth.ExtAuthz, error), ...) ([]plugins.StagedHttpFilter, error)
func GenerateEnvoyConfigForFilter(settings *extauthv1.Settings, upstreams v1.UpstreamList) (*envoyauth.ExtAuthz, error)
func GetDisabledAuth() *envoyauth.ExtAuthzPerRoute
type DefaultConfigGenerator
- func NewDefaultConfigGenerator(defaultSettings *extauthv1.Settings) *DefaultConfigGenerator
type ExtAuthzConfigGenerator
type MultiConfigGenerator
- func NewMultiConfigGenerator() *MultiConfigGenerator
- func (m *MultiConfigGenerator) GenerateListenerExtAuthzConfig(listener *v1.HttpListener, upstreams v1.UpstreamList) ([]*envoyauth.ExtAuthz, error)
- func (m *MultiConfigGenerator) IsMulti() bool
type Plugin
- func NewCustomAuthPlugin() *Plugin

Constants ¶

View Source

const (
	DefaultAuthHeader = "x-user-id"
	HttpServerUri     = "http://not-used.example.com/"
	ExtensionName     = "ext_authz"
)

View Source

const JWTFilterName = "envoy.filters.http.jwt_authn"

Variables ¶

View Source

var (
	DefaultTimeout = prototime.DurationToProto(200 * time.Millisecond)
	NoServerRefErr = eris.New("no extauth server reference configured")
	ServerNotFound = func(usRef *core.ResourceRef) error {
		return eris.Errorf("extauth server upstream not found %s", usRef.String())
	}
	InvalidStatusOnErrorErr = func(code uint32) error {
		return eris.Errorf("invalid statusOnError code: %d", code)
	}
)

View Source

var FilterStage = plugins.DuringStage(plugins.AuthNStage)

Note that although this configures the "envoy.filters.http.ext_authz" filter, we still want the ordering to be within the AuthNStage because we are using this filter for authentication purposes

Functions ¶

func BuildStagedHttpFilters ¶ added in v1.8.0

func BuildStagedHttpFilters(configurationGenerator func() ([]*envoyauth.ExtAuthz, error), stage plugins.FilterStage) ([]plugins.StagedHttpFilter, error)

func GenerateEnvoyConfigForFilter ¶ added in v1.8.0

func GenerateEnvoyConfigForFilter(settings *extauthv1.Settings, upstreams v1.UpstreamList) (*envoyauth.ExtAuthz, error)

func GetDisabledAuth ¶ added in v1.8.0

func GetDisabledAuth() *envoyauth.ExtAuthzPerRoute

Types ¶

type DefaultConfigGenerator ¶ added in v1.8.0

type DefaultConfigGenerator struct {
	// contains filtered or unexported fields
}

func NewDefaultConfigGenerator ¶ added in v1.8.0

func NewDefaultConfigGenerator(defaultSettings *extauthv1.Settings) *DefaultConfigGenerator

func (*DefaultConfigGenerator) GenerateListenerExtAuthzConfig ¶ added in v1.8.0

func (d *DefaultConfigGenerator) GenerateListenerExtAuthzConfig(listener *v1.HttpListener, upstreams v1.UpstreamList) ([]*envoyauth.ExtAuthz, error)

func (*DefaultConfigGenerator) GenerateRouteExtAuthzConfig ¶ added in v1.8.0

func (d *DefaultConfigGenerator) GenerateRouteExtAuthzConfig(route *v1.Route) (*envoyauth.ExtAuthzPerRoute, error)

func (*DefaultConfigGenerator) GenerateVirtualHostExtAuthzConfig ¶ added in v1.8.0

func (d *DefaultConfigGenerator) GenerateVirtualHostExtAuthzConfig(virtualHost *v1.VirtualHost, params plugins.VirtualHostParams) (*envoyauth.ExtAuthzPerRoute, error)

func (*DefaultConfigGenerator) GenerateWeightedDestinationExtAuthzConfig ¶ added in v1.8.0

func (d *DefaultConfigGenerator) GenerateWeightedDestinationExtAuthzConfig(weightedDestination *v1.WeightedDestination) (*envoyauth.ExtAuthzPerRoute, error)

func (*DefaultConfigGenerator) IsMulti ¶ added in v1.8.0

func (d *DefaultConfigGenerator) IsMulti() bool

type ExtAuthzConfigGenerator ¶ added in v1.8.0

type ExtAuthzConfigGenerator interface {
	IsMulti() bool
	GenerateListenerExtAuthzConfig(listener *v1.HttpListener, upstreams v1.UpstreamList) ([]*envoyauth.ExtAuthz, error)
	GenerateVirtualHostExtAuthzConfig(virtualHost *v1.VirtualHost, params plugins.VirtualHostParams) (*envoyauth.ExtAuthzPerRoute, error)
	GenerateRouteExtAuthzConfig(route *v1.Route) (*envoyauth.ExtAuthzPerRoute, error)
	GenerateWeightedDestinationExtAuthzConfig(weightedDestination *v1.WeightedDestination) (*envoyauth.ExtAuthzPerRoute, error)
}

type MultiConfigGenerator ¶ added in v1.8.0

type MultiConfigGenerator struct {
	*DefaultConfigGenerator
}

func NewMultiConfigGenerator ¶ added in v1.8.0

func NewMultiConfigGenerator() *MultiConfigGenerator

func (*MultiConfigGenerator) GenerateListenerExtAuthzConfig ¶ added in v1.8.0

func (m *MultiConfigGenerator) GenerateListenerExtAuthzConfig(listener *v1.HttpListener, upstreams v1.UpstreamList) ([]*envoyauth.ExtAuthz, error)

func (*MultiConfigGenerator) IsMulti ¶ added in v1.8.0

func (m *MultiConfigGenerator) IsMulti() bool

type Plugin ¶

type Plugin struct {
	// contains filtered or unexported fields
}

func NewCustomAuthPlugin ¶

func NewCustomAuthPlugin() *Plugin

func (*Plugin) HttpFilters ¶

func (p *Plugin) HttpFilters(params plugins.Params, listener *v1.HttpListener) ([]plugins.StagedHttpFilter, error)

func (*Plugin) Init ¶

func (p *Plugin) Init(params plugins.InitParams) error

func (*Plugin) IsUpgrade ¶ added in v1.8.0

func (p *Plugin) IsUpgrade() bool

func (*Plugin) PluginName ¶ added in v1.8.0

func (p *Plugin) PluginName() string

func (*Plugin) ProcessRoute ¶

func (p *Plugin) ProcessRoute(params plugins.RouteParams, in *v1.Route, out *envoy_config_route_v3.Route) error

This function generates the ext_authz TypedPerFilterConfig for this route: - if the route defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter (will apply by default also to WeightedDestinations); - else, do nothing (will inherit config from parent virtual host).

func (*Plugin) ProcessVirtualHost ¶

func (p *Plugin) ProcessVirtualHost(
	params plugins.VirtualHostParams,
	in *v1.VirtualHost,
	out *envoy_config_route_v3.VirtualHost,
) error

This function generates the ext_authz TypedPerFilterConfig for this virtual host. If the ext_authz filter was not configured on the listener, do nothing. If the filter is configured and the virtual host does not define an extauth configuration OR explicitly disables extauth, we disable the ext_authz filter. This is done to disable authentication by default on a virtual host and its child resources (routes, weighted destinations). Extauth is currently opt-in.

func (*Plugin) ProcessWeightedDestination ¶

func (p *Plugin) ProcessWeightedDestination(
	params plugins.RouteParams,
	in *v1.WeightedDestination,
	out *envoy_config_route_v3.WeightedCluster_ClusterWeight,
) error

This function generates the ext_authz TypedPerFilterConfig for this weightedDestination: - if the weightedDestination defines custom auth configuration, set the filter correspondingly; - if auth is explicitly disabled, disable the filter; - else, do nothing (will inherit config from parent virtual host and/or route).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL