service

package
v2.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 14, 2021 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package service defines the service interface used in Athenz client sidecar. It also contains implementation of standalone, self-maintaining modules to co-operate with third-party services.

Index

Constants

View Source 
const (
	// ContentType represents a HTTP header name "Content-Type"
	ContentType = "Content-Type"

	// TextPlain represents a HTTP content type "text/plain"
	TextPlain = "text/plain"

	// CharsetUTF8 represents a UTF-8 charset for HTTP response "charset=UTF-8"
	CharsetUTF8 = "charset=UTF-8"
)

Variables

View Source 
var (
	// ErrRoleTokenRequestFailed represents an error when failed to fetch the role token from RoleProvider.
	ErrRoleTokenRequestFailed = errors.New("Failed to fetch RoleToken")

	// ErrInvalidSetting represents an error when the config file is invalid.
	ErrInvalidSetting = errors.New("Invalid config")

	// ErrDisabled represents an error when the service is disabled
	ErrDisabled = errors.New("Disabled")

	// ErrNoCredentials represents an error when there are no Athenz credentials are set
	ErrNoCredentials = errors.New("No credentials")
)
View Source 
var (

	// ErrCertNotFound represents an error when failed to fetch the svccert from SvcCertProvider.
	ErrCertNotFound = errors.New("Failed to fetch service cert")

	// ErrInvalidCert represents an error when failed to parse the svccert from SvcCertProvider.
	ErrInvalidCert = errors.New("Failed to parse service cert")

	// ErrLoadPrivateKey represents an error when failed to load privatekey.
	ErrLoadPrivateKey = errors.New("PrivateKey does not exist")

	// ErrFailedToInitialize represents an error when failed to initialize a service.
	ErrFailedToInitialize = errors.New("Failed to initialize a service")

	// ErrInvalidParameter represents an error when the invalid parameter is contained in config
	ErrInvalidParameter = errors.New("Invalid parameter")
)
View Source 
var (
	// ErrAccessTokenRequestFailed represents the error when failed to fetch the access token from Athenz server.
	ErrAccessTokenRequestFailed = errors.New("Failed to fetch AccessToken")
)
View Source 
var (
	// ErrContextClosed represents a error that the context is closed
	ErrContextClosed = errors.New("context Closed")
)
View Source 
var (
	// ErrTLSCertOrKeyNotFound represents an error that TLS cert or key is not found on the specified file path.
	ErrTLSCertOrKeyNotFound = errors.New("Cert/Key path not found")
)

Functions

func NewTLSClientConfig added in v2.1.0 

func NewTLSClientConfig(rootCAs *x509.CertPool, certPath, certKeyPath string) (*tls.Config, error)

NewTLSClientConfig returns a client *tls.Config struct or error.

func NewTLSConfig 

func NewTLSConfig(cfg config.TLS) (*tls.Config, error)

NewTLSConfig returns a *tls.Config struct or error. It reads TLS configuration and initializes *tls.Config struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will be read from files from file paths defined in environment variables.

func NewX509CertPool 

func NewX509CertPool(path string) (*x509.CertPool, error)

NewX509CertPool returns *x509.CertPool struct or error. The CertPool will read the certificate from the path, and append the content to the system certificate pool.

Types

type AccessProvider 

type AccessProvider func(ctx context.Context, domain string, role string, proxyForPrincipal string, expiresIn int64) (*AccessTokenResponse, error)

AccessProvider represents a function pointer to retrieve the access token.

type AccessService 

type AccessService interface {
	StartAccessUpdater(context.Context) <-chan error
	RefreshAccessTokenCache(ctx context.Context) <-chan error
	GetAccessProvider() AccessProvider
}

AccessService represents an interface to automatically refresh the access token, and an access token provider function pointer.

func NewAccessService 

func NewAccessService(cfg config.AccessToken, token ntokend.TokenProvider) (AccessService, error)

NewAccessService returns a AccessService to update and fetch the access token from Athenz.

type AccessTokenResponse 

type AccessTokenResponse struct {
	// AccessToken
	AccessToken string `json:"access_token"`

	// TokenType e.g. Bearer
	TokenType string `json:"token_type"`

	// Expiry in seconds
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// Scope of the access token e.g. openid (delimited by space)
	Scope string `json:"scope,omitempty"`

	// RefreshToken
	RefreshToken string `json:"refresh_token,omitempty"`

	// IDToken
	IDToken string `json:"id_token,omitempty"`
}

AccessTokenResponse represents the AccessTokenResponse from postAccessTokenRequest.

type Option 

type Option func(*server)

Option represents the functional option implementation for server.

func WithServerConfig 

func WithServerConfig(cfg config.Server) Option

WithServerConfig set the service configuration to server.

func WithServerHandler 

func WithServerHandler(h http.Handler) Option

WithServerHandler set the handler to server.

type RoleProvider 

type RoleProvider func(ctx context.Context, domain string, role string, proxyForPrincipal string, minExpiry int64, maxExpiry int64) (*RoleToken, error)

RoleProvider represents a function pointer to get the role token.

type RoleService 

type RoleService interface {
	StartRoleUpdater(context.Context) <-chan error
	RefreshRoleTokenCache(ctx context.Context) <-chan error
	GetRoleProvider() RoleProvider
}

RoleService represents an interface to automatically refresh the role token, and a role token provider function pointer.

func NewRoleService 

func NewRoleService(cfg config.RoleToken, token ntokend.TokenProvider) (RoleService, error)

NewRoleService returns a RoleService to update and get the role token from Athenz.

type RoleToken 

type RoleToken struct {
	Token      string `json:"token"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleToken represents the basic information of the role token.

type Server 

type Server interface {
	ListenAndServe(context.Context) chan []error
}

Server represents a client sidecar server behavior

func NewServer 

func NewServer(opts ...Option) Server

NewServer returns a Server interface, which includes client sidecar server and health check server structs. The client sidecar server is a http.Server instance, which the port number is read from "config.Server.Port" , and set the handler as this function argument "handler".

The health check server is a http.Server instance, which the port number is read from "config.Server.HealthCheck.Port" , and the handler is as follow - Handle HTTP GET request and always return HTTP Status OK (200) response.

type SvcCertProvider 

type SvcCertProvider func() ([]byte, error)

SvcCertProvider represents a function pointer to get the svccert.

type SvcCertService 

type SvcCertService interface {
	StartSvcCertUpdater(context.Context) SvcCertService
	GetSvcCertProvider() SvcCertProvider
	RefreshSvcCert() ([]byte, error)
}

SvcCertService represents an interface to automatically refresh the certificate.

func NewSvcCertService 

func NewSvcCertService(cfg config.Config, token ntokend.TokenProvider) (SvcCertService, error)

NewSvcCertService returns a SvcCertService to update and get the svccert from Athenz.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.