Documentation ¶
Index ¶
- Constants
- type AuthPipeline
- func (pipeline *AuthPipeline) Evaluate() AuthResult
- func (pipeline *AuthPipeline) GetAPI() interface{}
- func (pipeline *AuthPipeline) GetDataForAuthorization() interface{}
- func (pipeline *AuthPipeline) GetHttp() *envoy_auth.AttributeContext_HttpRequest
- func (pipeline *AuthPipeline) GetParentContext() *context.Context
- func (pipeline *AuthPipeline) GetRequest() *envoy_auth.CheckRequest
- func (pipeline *AuthPipeline) GetResolvedIdentity() (interface{}, interface{})
- func (pipeline *AuthPipeline) GetResolvedMetadata() map[interface{}]interface{}
- type AuthResult
- type AuthService
- type EvaluationResponse
- type HealthService
Constants ¶
const ( X_EXT_AUTH_REASON_HEADER = "X-Ext-Auth-Reason" RESPONSE_MESSAGE_INVALID_REQUEST = "Invalid request" RESPONSE_MESSAGE_SERVICE_NOT_FOUND = "Service not found" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthPipeline ¶
type AuthPipeline struct { ParentContext *context.Context Request *envoy_auth.CheckRequest API *config.APIConfig Identity map[*config.IdentityConfig]interface{} Metadata map[*config.MetadataConfig]interface{} Authorization map[*config.AuthorizationConfig]interface{} }
AuthPipeline evaluates the context of an auth request upon the auth configs defined for the requested API Throughout the pipeline, user identity, adhoc metadata and authorization policies are evaluated and their corresponding resulting objects stored in the respective maps.
func NewAuthPipeline ¶
func NewAuthPipeline(parentCtx context.Context, req *envoy_auth.CheckRequest, apiConfig config.APIConfig) AuthPipeline
NewAuthPipeline creates an AuthPipeline instance
func (*AuthPipeline) Evaluate ¶
func (pipeline *AuthPipeline) Evaluate() AuthResult
Evaluate evaluates all steps of the auth pipeline (identity → metadata → policy enforcement)
func (*AuthPipeline) GetAPI ¶
func (pipeline *AuthPipeline) GetAPI() interface{}
func (*AuthPipeline) GetDataForAuthorization ¶
func (pipeline *AuthPipeline) GetDataForAuthorization() interface{}
func (*AuthPipeline) GetHttp ¶
func (pipeline *AuthPipeline) GetHttp() *envoy_auth.AttributeContext_HttpRequest
func (*AuthPipeline) GetParentContext ¶
func (pipeline *AuthPipeline) GetParentContext() *context.Context
func (*AuthPipeline) GetRequest ¶
func (pipeline *AuthPipeline) GetRequest() *envoy_auth.CheckRequest
func (*AuthPipeline) GetResolvedIdentity ¶
func (pipeline *AuthPipeline) GetResolvedIdentity() (interface{}, interface{})
func (*AuthPipeline) GetResolvedMetadata ¶
func (pipeline *AuthPipeline) GetResolvedMetadata() map[interface{}]interface{}
type AuthResult ¶
func (*AuthResult) Success ¶
func (result *AuthResult) Success() bool
type AuthService ¶
AuthService is the server API for the authorization service.
func (*AuthService) Check ¶
func (self *AuthService) Check(ctx context.Context, req *envoy_auth.CheckRequest) (*envoy_auth.CheckResponse, error)
Check performs authorization check based on the attributes associated with the incoming request, and returns status `OK` or not `OK`.
type EvaluationResponse ¶
type EvaluationResponse struct { Evaluator common.AuthConfigEvaluator Object interface{} Error error }
func (*EvaluationResponse) GetErrorMessage ¶
func (evresp *EvaluationResponse) GetErrorMessage() string
func (*EvaluationResponse) Success ¶
func (evresp *EvaluationResponse) Success() bool
type HealthService ¶
type HealthService struct{}
HealthService is the server API for the gRPC health service
func (*HealthService) Check ¶
func (self *HealthService) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error)
Check performs a health of the gRPC service
func (*HealthService) Watch ¶
func (self *HealthService) Watch(in *healthpb.HealthCheckRequest, srv healthpb.Health_WatchServer) error
Watch is for streaming health-check (not yet implemented)