authz

package
v1.0.47 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2024 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Gatekeeper

type Gatekeeper struct {
	// contains filtered or unexported fields
}

Gatekeeper is an auth.

func NewGatekeeper

func NewGatekeeper(cfg *PolicyConfig, logger *zap.Logger) (*Gatekeeper, error)

NewGatekeeper returns an instance of Gatekeeper.

func (*Gatekeeper) AddAuthenticators

func (g *Gatekeeper) AddAuthenticators(authenticators []authproxy.Authenticator) error

AddAuthenticators adds authproxy.Authenticator instances to Gatekeeper.

func (*Gatekeeper) Authenticate

Authenticate authorizes HTTP requests.

type PolicyConfig

type PolicyConfig struct {
	Name                       string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
	AuthURLPath                string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"`
	AuthRedirectDisabled       bool   `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"`
	AuthRedirectQueryDisabled  bool   `` /* 133-byte string literal not displayed */
	AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */
	// The status code for the HTTP redirect for non-authorized users.
	AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */
	// Enable the redirect with Javascript, as opposed to HTTP redirect.
	RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"`
	// The list of URI prefixes which bypass authorization.
	BypassConfigs []*bypass.Config `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"`
	// The list of mappings between header names and field names.
	HeaderInjectionConfigs []*injector.Config       `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"`
	AccessListRules        []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"`
	CryptoKeyConfigs       []*kms.CryptoKeyConfig   `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"`
	// CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.
	CryptoKeyStoreConfig map[string]interface{} `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"`
	AuthProxyConfig      *authproxy.Config      `json:"auth_proxy_config,omitempty" xml:"auth_proxy_config,omitempty" yaml:"auth_proxy_config,omitempty"`
	AllowedTokenSources  []string               `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"`
	StripTokenEnabled    bool                   `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"`
	ForbiddenURL         string                 `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"`
	UserIdentityField    string                 `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"`
	// Validate HTTP Authorization header.
	ValidateBearerHeader bool `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"`
	// Validate HTTP method and path.
	ValidateMethodPath bool `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"`
	// Validate HTTP path derived from JWT token.
	ValidateAccessListPathClaim bool `` /* 145-byte string literal not displayed */
	// Validate source address matches between HTTP request and JWT token.
	ValidateSourceAddress bool `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"`
	// Pass claims from JWT token via HTTP X- headers.
	PassClaimsWithHeaders bool `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"`
	// Validate the login hint which can be passed to the auth provider
	LoginHintValidators []string `json:"login_hint_validators,omitempty" xml:"login_hint_validators,omitempty" yaml:"login_hint_validators,omitempty"`
	// Allow to append scopes that come from the query parameter 'additionalScopes'
	AdditionalScopes bool `json:"additional_scopes,omitempty" xml:"additional_scopes,omitempty" yaml:"additional_scopes,omitempty"`
	// contains filtered or unexported fields
}

PolicyConfig is Gatekeeper configuration.

func (*PolicyConfig) AddRawCryptoConfigs

func (cfg *PolicyConfig) AddRawCryptoConfigs(s string)

AddRawCryptoConfigs adds raw crypto configs.

func (*PolicyConfig) AddRawIdpConfig

func (cfg *PolicyConfig) AddRawIdpConfig(s string)

AddRawIdpConfig add raw identity provider configs.

func (*PolicyConfig) Validate

func (cfg *PolicyConfig) Validate() error

Validate validates PolicyConfig.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL