service

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package service manages the main logic of Authorization Proxy. It contains a token updater to periodically update the N-token for communicating with Athenz, and policy updater to periodically update Athenz policy, and athenz config updater to periodically updater Athenz Data.

Index

Constants

View Source 
const (
	// ContentType represents a HTTP header name "Content-Type"
	ContentType = "Content-Type"

	// TextPlain represents a HTTP content type "text/plain"
	TextPlain = "text/plain"

	// CharsetUTF8 represents a UTF-8 charset for HTTP response "charset=UTF-8"
	CharsetUTF8 = "charset=UTF-8"
)

Variables

View Source 
var ErrContextClosed = errors.New("context Closed")

ErrContextClosed represents a error that the context is closed

Functions

func NewTLSConfig 

func NewTLSConfig(cfg config.TLS) (*tls.Config, error)

NewTLSConfig returns a *tls.Config struct or error. It reads TLS configuration and initializes *tls.Config struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will read from files from file paths defined in environment variables.

func NewX509CertPool 

func NewX509CertPool(path string) (*x509.CertPool, error)

NewX509CertPool returns *x509.CertPool struct or error. The CertPool will read the certificate from the path, and append the content to the system certificate pool.

Types

type Authorizationd 

type Authorizationd interface {
	authorizer.Authorizerd
}

Authorizationd represents the authorization daemon to do the authorization check.

type AuthorizerdMock 

type AuthorizerdMock struct {
	InitFunc              func(context.Context) error
	StartFunc             func(context.Context) <-chan error
	VerifyFunc            func(r *http.Request, act, res string) (authorizerd.Principal, error)
	VerifyAccessTokenFunc func(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)
	VerifyRoleTokenFunc   func(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)
	VerifyRoleJWTFunc     func(ctx context.Context, tok, act, res string) error
	VerifyRoleCertFunc    func(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)
	GetPolicyCacheFunc    func(ctx context.Context) map[string]interface{}
}

AuthorizerdMock is a mock of Authorizerd

func (*AuthorizerdMock) Authorize 

func (am *AuthorizerdMock) Authorize(r *http.Request, act, res string) (authorizerd.Principal, error)

Authorize is a mock implementation of Authorizerd.Authorize

func (*AuthorizerdMock) AuthorizeAccessToken 

func (am *AuthorizerdMock) AuthorizeAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)

AuthorizeAccessToken is a mock implementation of Authorizerd.AuthorizeAccessToken

func (*AuthorizerdMock) AuthorizeRoleCert 

func (am *AuthorizerdMock) AuthorizeRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)

AuthorizeRoleCert is a mock implementation of Authorizerd.AuthorizeRoleCert

func (*AuthorizerdMock) AuthorizeRoleToken 

func (am *AuthorizerdMock) AuthorizeRoleToken(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)

AuthorizeRoleToken is a mock implementation of Authorizerd.AuthorizeRoleToken

func (*AuthorizerdMock) GetPolicyCache 

func (am *AuthorizerdMock) GetPolicyCache(ctx context.Context) map[string]interface{}

GetPolicyCache is a mock implementation of Authorizerd.GetPolicyCache

func (*AuthorizerdMock) Init 

func (am *AuthorizerdMock) Init(ctx context.Context) error

Init is a mock implementation of Authorizerd.Init

func (*AuthorizerdMock) Start 

func (am *AuthorizerdMock) Start(ctx context.Context) <-chan error

Start is a mock implementation of Authorizerd.Start

func (*AuthorizerdMock) Verify 

func (am *AuthorizerdMock) Verify(r *http.Request, act, res string) error

Verify is a mock implementation of Authorizerd.Verify

func (*AuthorizerdMock) VerifyAccessToken 

func (am *AuthorizerdMock) VerifyAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) error

VerifyAccessToken is a mock implementation of Authorizerd.VerifyAccessToken

func (*AuthorizerdMock) VerifyRoleCert 

func (am *AuthorizerdMock) VerifyRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error

VerifyRoleCert is a mock implementation of Authorizerd.VerifyRoleCert

func (*AuthorizerdMock) VerifyRoleJWT 

func (am *AuthorizerdMock) VerifyRoleJWT(ctx context.Context, tok, act, res string) error

VerifyRoleJWT is a mock implementation of Authorizerd.VerifyRoleJWT

func (*AuthorizerdMock) VerifyRoleToken 

func (am *AuthorizerdMock) VerifyRoleToken(ctx context.Context, tok, act, res string) error

VerifyRoleToken is a mock implementation of Authorizerd.VerifyRoleToken

type Option 

type Option func(*server)

Option represents a functional option

func WithDebugHandler 

func WithDebugHandler(h http.Handler) Option

WithDebugHandler returns a DebugHandler functional option

func WithGRPCCloser added in v4.6.0 

func WithGRPCCloser(c io.Closer) Option

WithGRPCCloser returns a gRPC closer functional option

func WithGRPCHandler added in v4.6.0 

func WithGRPCHandler(h grpc.StreamHandler) Option

WithGRPCHandler returns a gRPC Handler functional option

func WithGRPCServer added in v4.6.0 

func WithGRPCServer(srv *grpc.Server) Option

WithGRPCServer returns a gRPC Server functional option

func WithRestHandler added in v4.6.0 

func WithRestHandler(h http.Handler) Option

WithRestHandler returns a Rest Handler functional option

func WithServerConfig 

func WithServerConfig(cfg config.Server) Option

WithServerConfig returns a ServerConfig functional option

type ResponseWriterMock added in v4.1.2 

type ResponseWriterMock struct {
	// contains filtered or unexported fields
}

ResponseWriterMock is a mock of ResponseWriter

func (*ResponseWriterMock) Header added in v4.1.2 

func (rw *ResponseWriterMock) Header() http.Header

Header is a mock implementation of ResponseWriter.Header

func (*ResponseWriterMock) Write added in v4.1.2 

func (rw *ResponseWriterMock) Write(buf []byte) (int, error)

Write is a mock implementation of ResponseWriter.Write

func (*ResponseWriterMock) WriteHeader added in v4.1.2 

func (rw *ResponseWriterMock) WriteHeader(code int)

WriteHeader is a mock implementation of ResponseWriter.WriteHeader

type Server 

type Server interface {
	ListenAndServe(context.Context) <-chan []error
}

Server represents a authorization proxy server behavior

func NewServer 

func NewServer(opts ...Option) (Server, error)

NewServer returns a Server interface, which includes authorization proxy server and health check server structs. The authorization proxy server is a http.Server instance, which the port number is read from "config.Server.Port" , and set the handler as this function argument "handler".

The health check server is a http.Server instance, which the port number is read from "config.Server.HealthCheck.Port" , and the handler is as follow - Handle HTTP GET request and always return HTTP Status OK (200) response.

type ServerMock 

type ServerMock struct {
	ListenAndServeFunc func(context.Context) <-chan []error
}

ServerMock is a mock of Server

func (*ServerMock) ListenAndServe 

func (sm *ServerMock) ListenAndServe(ctx context.Context) <-chan []error

ListenAndServe is a mock implementation of Server.ListenAndServe

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.