envoyproxy

package
v10.351.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// IngressSocketPath is the unix socket path where the authz server will be listening on for the ingress authz server
	//IngressSocketPath = "@aporeto_envoy_authz_ingress"
	IngressSocketPath = "127.0.0.1:1999"

	// EgressSocketPath is the unix socket path where the authz server will be listening on for the egress authz server
	EgressSocketPath = "127.0.0.1:1998"
)
View Source 
const (
	// SdsSocketpath is the socket path on which the envoy will talk to the remoteEnforcer.
	//SdsSocketpath = "@aporeto_envoy_sds"
	SdsSocketpath = "127.0.0.1:2999"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthServer 

type AuthServer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

AuthServer struct, the server to hold the envoy External Auth.

func NewExtAuthzServer 

func NewExtAuthzServer(puID string, puContexts cache.DataStore, collector collector.EventCollector, direction Direction, secrets secrets.Secrets, tokenIssuer common.ServiceTokenIssuer) (*AuthServer, error)

NewExtAuthzServer creates a new envoy ext_authz server

func (*AuthServer) Check 

func (s *AuthServer) Check(ctx context.Context, checkRequest *ext_auth.CheckRequest) (*ext_auth.CheckResponse, error)

Check implements the AuthorizationServer interface

func (*AuthServer) GracefulStop 

func (s *AuthServer) GracefulStop()

GracefulStop calls the function with the same name on the backing gRPC server

func (*AuthServer) Stop 

func (s *AuthServer) Stop()

Stop calls the function with the same name on the backing gRPC server

func (*AuthServer) UpdateSecrets 

func (s *AuthServer) UpdateSecrets(cert *tls.Certificate, caPool *x509.CertPool, secrets secrets.Secrets, certPEM, keyPEM string)

UpdateSecrets updates the secrets Whenever the Envoy makes a request for certificate, the certs and keys are fetched from the Proxy.

type Direction 

type Direction uint8

Direction is used to indicate if the authorization server is ingress or egress. NOTE: the type is currently set to uint8 and not bool because in Istio there are 3 types: - SIDECAR_INBOUND - SIDECAR_OUTBOUND - GATEWAY And we are not sure yet if we need an extra authz server for GATEWAY. 

const (
	// UnknownDirection is only used to denote uninitialized variables
	UnknownDirection Direction = 0

	// IngressDirection refers to inbound / ingress traffic.
	// NOTE: for Istio use this in conjunction with SIDECAR_INBOUND
	IngressDirection Direction = 1

	// EgressDirection refers to outbound / egress traffic.
	// NOTE: for Istio use this in conjunction with SIDECAR_OUTBOUND
	EgressDirection Direction = 2
)

func (Direction) String 

func (d Direction) String() string

String overwrites the string interface

type Options 

type Options struct {
	SocketPath string
}

Options to create a SDS server to task to envoy

type SdsDiscoveryStream 

type SdsDiscoveryStream interface {
	Send(*v2.DiscoveryResponse) error
	Recv() (*v2.DiscoveryRequest, error)
	grpc.ServerStream
}

SdsDiscoveryStream is the same as the sds.SecretDiscoveryService_StreamSecretsServer

type SdsServer 

type SdsServer struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

SdsServer to talk with envoy for sds.

func NewSdsServer 

func NewSdsServer(contextID string, puInfo *policy.PUInfo, caPool *x509.CertPool, secrets secrets.Secrets) (*SdsServer, error)

NewSdsServer creates a instance of a server.

func (*SdsServer) CreateSdsService 

func (s *SdsServer) CreateSdsService(options *Options) error

CreateSdsService does the following 1. create grpc server. 2. create a listener on the Unix Domain Socket. 3.

func (*SdsServer) DeltaSecrets 

func (s *SdsServer) DeltaSecrets(stream sds.SecretDiscoveryService_DeltaSecretsServer) error

DeltaSecrets checks for the delta and sends the changes.

func (*SdsServer) FetchSecrets 

func (s *SdsServer) FetchSecrets(ctx context.Context, req *v2.DiscoveryRequest) (*v2.DiscoveryResponse, error)

FetchSecrets gets the discovery request and call the Aporeto backend to fetch the certs. 1. parse the discovery request. 2. track the request. 3. call the Aporeto api to generate the secret

func (*SdsServer) GracefulStop 

func (s *SdsServer) GracefulStop()

GracefulStop calls the function with the same name on the backing gRPC server

func (*SdsServer) Run 

func (s *SdsServer) Run()

Run starts the sdsGrpcServer to serve

func (*SdsServer) Stop 

func (s *SdsServer) Stop()

Stop stops all the listeners and the grpc servers.

func (*SdsServer) StreamSecrets 

func (s *SdsServer) StreamSecrets(stream sds.SecretDiscoveryService_StreamSecretsServer) error

StreamSecrets is the function invoked by the envoy in-order to pull the certs, this also sends the response back to the envoy. It does the following: 1. create a receiver thread to stream the requests. 2. parse the discovery request. 3. track the request. 4. call the Aporeto api to generate the secret

func (*SdsServer) UpdateSecrets 

func (s *SdsServer) UpdateSecrets(cert *tls.Certificate, caPool *x509.CertPool, secrets secrets.Secrets, certPEM, keyPEM string)

UpdateSecrets updates the secrets Whenever the Envoy makes a request for certificate, the certs and keys are fetched from the Proxy.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.