Documentation ¶
Overview ¶
Package authorizerd represents the policy updater daemon.
Index ¶
- Variables
- type ATProcessorParam
- type Authorizerd
- type Option
- func WithATProcessorParams(atpParams ...ATProcessorParam) Option
- func WithAthenzDomains(domains ...string) Option
- func WithAthenzURL(url string) Option
- func WithCacheExp(exp time.Duration) Option
- func WithDisableJwkd() Option
- func WithDisablePolicyd() Option
- func WithDisablePubkeyd() Option
- func WithEnableJwkd() Option
- func WithEnablePolicyd() Option
- func WithEnablePubkeyd() Option
- func WithJwkErrRetryInterval(i string) Option
- func WithJwkRefreshDuration(t string) Option
- func WithPolicyErrRetryInterval(i string) Option
- func WithPolicyExpireMargin(t string) Option
- func WithPolicyRefreshDuration(t string) Option
- func WithPubkeyErrRetryInterval(i string) Option
- func WithPubkeyEtagExpTime(t string) Option
- func WithPubkeyEtagFlushDuration(t string) Option
- func WithPubkeyRefreshDuration(t string) Option
- func WithPubkeySysAuthDomain(domain string) Option
- func WithRCVerifyRoleCert(b bool) Option
- func WithRTHeader(h string) Option
- func WithRTVerifyRoleToken(b bool) Option
- func WithRoleCertURIPrefix(t string) Option
- func WithTransport(t *http.Transport) Option
Constants ¶
This section is empty.
Variables ¶
var ( // ErrRoleTokenInvalid "Access denied due to invalid RoleToken" ErrRoleTokenInvalid = role.ErrRoleTokenInvalid // ErrRoleTokenExpired "Access denied due to expired RoleToken" ErrRoleTokenExpired = role.ErrRoleTokenExpired // ErrDomainMismatch "Access denied due to domain mismatch between Resource and RoleToken" ErrDomainMismatch = policy.ErrDomainMismatch // ErrDomainNotFound "Access denied due to domain not found in library cache" ErrDomainNotFound = policy.ErrDomainNotFound // ErrDomainExpired "Access denied due to expired domain policy file" ErrDomainExpired = policy.ErrDomainExpired // ErrNoMatch "Access denied due to no match to any of the assertions defined in domain policy file" ErrNoMatch = policy.ErrNoMatch // ErrInvalidPolicyResource "Access denied due to invalid/empty policy resources" ErrInvalidPolicyResource = policy.ErrInvalidPolicyResource // ErrDenyByPolicy "Access Check was explicitly denied" ErrDenyByPolicy = policy.ErrDenyByPolicy // ErrFetchPolicy "Error fetching athenz policy" ErrFetchPolicy = policy.ErrFetchPolicy // ErrInvalidParameters "Access denied due to invalid/empty action/resource values" ErrInvalidParameters = errors.New("Access denied due to invalid/empty action/resource values") // ErrInvalidCredentials "Access denied due to invalid credentials" ErrInvalidCredentials = errors.New("Access denied due to invalid credentials") )
Functions ¶
This section is empty.
Types ¶
type ATProcessorParam ¶ added in v2.2.0
type ATProcessorParam struct {
// contains filtered or unexported fields
}
func NewATProcessorParam ¶ added in v2.2.0
func NewATProcessorParam(verifyCertThumbprint bool, certBackdateDur, certOffsetDur string) ATProcessorParam
NewATProcessorParam returns a new access token processor parameters
type Authorizerd ¶
type Authorizerd interface { Init(ctx context.Context) error Start(ctx context.Context) <-chan error Verify(r *http.Request, act, res string) error VerifyAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) error VerifyRoleToken(ctx context.Context, tok, act, res string) error VerifyRoleJWT(ctx context.Context, tok, act, res string) error VerifyRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error GetPolicyCache(ctx context.Context) map[string]interface{} }
Authorizerd represents a daemon for user to verify the role token
func New ¶
func New(opts ...Option) (Authorizerd, error)
New return Authorizerd This function will initialize the Authorizerd object with the options
type Option ¶
type Option func(*authorizer) error
Option represents a functional option
func WithATProcessorParams ¶ added in v2.2.0
func WithATProcessorParams(atpParams ...ATProcessorParam) Option
WithATProcessorParams returns a functional option that new access token processor parameters slice
func WithAthenzDomains ¶
WithAthenzDomains returns an AthenzDomains functional option
func WithAthenzURL ¶
WithAthenzURL returns an AthenzURL functional option
func WithCacheExp ¶
WithCacheExp returns a CacheExp functional option
func WithDisableJwkd ¶
func WithDisableJwkd() Option
WithDisableJwkd returns a DisableJwkd functional option
func WithDisablePolicyd ¶
func WithDisablePolicyd() Option
WithDisablePolicyd returns a DisablePolicyd functional option
func WithDisablePubkeyd ¶
func WithDisablePubkeyd() Option
WithDisablePubkeyd returns a DisablePubkey functional option
func WithEnableJwkd ¶
func WithEnableJwkd() Option
WithEnableJwkd returns an EnableJwkd functional option
func WithEnablePolicyd ¶
func WithEnablePolicyd() Option
WithEnablePolicyd returns an EnablePolicyd functional option
func WithEnablePubkeyd ¶
func WithEnablePubkeyd() Option
WithEnablePubkeyd returns an EnablePubkey functional option
func WithJwkErrRetryInterval ¶
WithJwkErrRetryInterval returns a JwkErrRetryInterval functional option
func WithJwkRefreshDuration ¶
WithJwkRefreshDuration returns a JwkRefreshDuration functional option
func WithPolicyErrRetryInterval ¶
WithPolicyErrRetryInterval returns a PolicyErrRetryInterval functional option
func WithPolicyExpireMargin ¶
WithPolicyExpireMargin returns a PolicyExpireMargin functional option
func WithPolicyRefreshDuration ¶
WithPolicyRefreshDuration returns a PolicyRefreshDuration functional option
func WithPubkeyErrRetryInterval ¶
WithPubkeyErrRetryInterval returns a PubkeyErrRetryInterval functional option
func WithPubkeyEtagExpTime ¶
WithPubkeyEtagExpTime returns a PubkeyEtagExpTime functional option
func WithPubkeyEtagFlushDuration ¶
WithPubkeyEtagFlushDuration returns a PubkeyEtagFlushDur functional option
func WithPubkeyRefreshDuration ¶
WithPubkeyRefreshDuration returns a PubkeyRefreshDuration functional option
func WithPubkeySysAuthDomain ¶
WithPubkeySysAuthDomain returns a PubkeySysAuthDomain functional option
func WithRCVerifyRoleCert ¶ added in v2.2.0
WithRCVerifyRoleCert returns a VerifyRoleCert functional option
func WithRTHeader ¶ added in v2.2.0
WithRTHeader returns a RTHeader functional option
func WithRTVerifyRoleToken ¶ added in v2.2.0
WithRTVerifyRoleToken returns a VerifyRoleToken functional option
func WithRoleCertURIPrefix ¶
WithRoleCertURIPrefix returns a RoleCertURIPrefix functional option
func WithTransport ¶
WithTransport returns a Transport functional option
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
url
Package url contains the utility functions for URL processing
|
Package url contains the utility functions for URL processing |
Package jwk represents the jwk daemon fetching logic and the interface
|
Package jwk represents the jwk daemon fetching logic and the interface |
Package policy represents the athenz policy updater fetching and verify logic and provide an interface to verify the policy data.
|
Package policy represents the athenz policy updater fetching and verify logic and provide an interface to verify the policy data. |
Package pubkey represents the public key updater fetching logic and the interface
|
Package pubkey represents the public key updater fetching logic and the interface |
Package role represents the processing logic of role token.
|
Package role represents the processing logic of role token. |