Documentation
¶
Index ¶
Constants ¶
const AllowAllTenants = "allow-all"
const TenantLabelKey = "__tenant__"
TenantLabelKey is a label key reserved for tenancy.
Variables ¶
Functions ¶
func NewWriteAuthorizer ¶
func NewWriteAuthorizer(config AuthConfig) *writeAuthorizer
NewWriteAuthorizer returns a new plainWriteAuthorizer.
func ParseFlags ¶
Types ¶
type AllowAllTenantsConfig ¶
type AllowAllTenantsConfig struct {
// contains filtered or unexported fields
}
func (*AllowAllTenantsConfig) AllowAuthorizedTenantsOnly ¶
func (cfg *AllowAllTenantsConfig) AllowAuthorizedTenantsOnly() bool
func (*AllowAllTenantsConfig) IsTenantAllowed ¶
func (cfg *AllowAllTenantsConfig) IsTenantAllowed(tenantName string) bool
IsTenantAllowed returns true if the given tenantName is allowed to be ingested.
func (*AllowAllTenantsConfig) ValidTenants ¶
func (cfg *AllowAllTenantsConfig) ValidTenants() []string
type AuthConfig ¶
type AuthConfig interface {
// IsTenantAllowed returns true if the given tenantName is allowed to be ingested.
IsTenantAllowed(string) bool
// ValidTenants returns a list of tenants that are authorized in the current session of Promscale.
ValidTenants() []string
// AllowAuthorizedTenantsOnly returns true if experimental queries are enabled in CLI configuration in
// multi-tenancy environments.
// Note: AllowAuthorizedTenantsOnly returns false if -allow-non-tenants is enabled.
AllowAuthorizedTenantsOnly() bool
// contains filtered or unexported methods
}
AuthConfig defines configuration type for tenancy.
func NewAllowAllTenantsConfig ¶
func NewAllowAllTenantsConfig(allowNonTenants bool) AuthConfig
NewAllowAllTenantsConfig creates a new config for tenancy where all tenants are allowed.
func NewSelectiveTenancyConfig ¶
func NewSelectiveTenancyConfig(validTenants []string, allowNonTenants bool, useExperimentalLabelQueries bool) AuthConfig
NewSelectiveTenancyConfig creates a new config for tenancy where only valid tenants are allowed.
type Authorizer ¶
type Authorizer interface {
// ReadAuthorizer returns a authorizer that authorizes read operations.
ReadAuthorizer() ReadAuthorizer
// WriteAuthorizer returns a authorizer that authorizes write operations.
WriteAuthorizer() WriteAuthorizer
}
Authorizer authorizes the read/write operations in multi-tenancy.
func NewAuthorizer ¶
func NewAuthorizer(c AuthConfig) (Authorizer, error)
NewAuthorizer returns a new MultiTenancy type.
func NewNoopAuthorizer ¶
func NewNoopAuthorizer() Authorizer
NewNoopAuthorizer returns a No-op tenancy that is used to initialize tenancy types for no operations.
type ReadAuthorizer ¶
type ReadAuthorizer interface {
// AppendTenantMatcher applies a safety matcher to incoming query matchers. This safety matcher is responsible
// from prevent unauthorized query reads from tenants that the incoming query is not supposed to read.
AppendTenantMatcher(ms []*labels.Matcher) []*labels.Matcher
}
ReadAuthorizer tells if a read request is allowed to query via Promscale.
func NewReadAuthorizer ¶
func NewReadAuthorizer(cfg AuthConfig) (ReadAuthorizer, error)
NewReadAuthorizer is a authorizer for performing read operations on valid tenants.
type WriteAuthorizer ¶
type WriteAuthorizer interface {
// Process processes the incoming write requests to be multi-tenancy compatible.
Process(*http.Request, *prompb.WriteRequest) error
}
WriteAuthorizer tells if a write request is authorized to be written.
Source Files