authz

package
v0.0.0-...-89399d3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2025 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const (
	XExtAuthz                         = "X-Ext-Authz"
	XExtAuthzAllow                    = "allow"
	XExtAuthzCheckReceived            = "X-Ext-Authz-Check-Received"
	XExtAuthzAdditionalHeaderOverride = "X-Ext-Authz-Additional-Header-Override"
	GRPCAdditionalHeaderOverrideValue = "grpc-additional-header-override-value"
)

Variables

This section is empty.

Functions

func Setup

func Setup(server *Server, ns namespace.Getter) resource.SetupFn

Setup is a utility function for configuring a global authz Server.

func SetupLocal

func SetupLocal(server *Server, ns namespace.Getter) resource.SetupFn

SetupLocal is a utility function for setting a global variable for a local Server.

Types

type API

type API string

API used by a Provider. Either HTTP or GRPC.

const (
	HTTP API = "http"
	GRPC API = "grpc"
)

type Provider

type Provider interface {
	Name() string

	// API used by this provider.
	API() API

	// IsProtocolSupported returns true if the given request protocol is supported by this provider.
	IsProtocolSupported(protocol.Instance) bool

	// IsTargetSupported returns true if the given target is supported by this provider.
	IsTargetSupported(target echo.Target) bool

	// MatchSupportedTargets returns a Matcher for filtering unsupported targets.
	MatchSupportedTargets() match.Matcher

	// Check returns an echo.Checker for validating response based on the request information.
	Check(opts echo.CallOptions, expectAllowed bool) echo.Checker
}

Provider for authz requests.

type Server

type Server interface {
	Namespace() namespace.Instance

	// Providers returns the list of Provider instances.
	Providers() []Provider
}

Server for custom authz.

func New

New creates a new authz Server.

func NewLocal

func NewLocal(ctx resource.Context, ns namespace.Instance) (Server, error)

NewLocal does not deploy a new server, but instead configures Istio to allow calls to a local authz server running as a sidecar to the echo app.

func NewLocalOrFail

func NewLocalOrFail(t framework.TestContext, ns namespace.Instance) Server

NewLocalOrFail calls NewLocal and fails if an error occurs.

func NewOrFail

NewOrFail calls New and fails if an error occurs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL