Documentation
¶
Index ¶
Constants ¶
const ( //DefaultApiKeyAttribute string for a 3scale adapter instance - Api Key pattern DefaultApiKeyAttribute = `request.query_params["user_key"] | request.headers["user_key"] | ""` //DefaultAppIDAttribute string for a 3scale adapter instance - App ID pattern DefaultAppIDAttribute = `request.query_params["app_id"] | request.headers["app_id"] | ""` //DefaultAppKeyAttribute string for a 3scale adapter instance - App ID/OIDC pattern DefaultAppKeyAttribute = `request.query_params["app_key"] | request.headers["app_key"] | ""` //DefaultOIDCAttribute string for a 3scale adapter instance - OIDC pattern DefaultOIDCAttribute = `request.auth.claims["azp"] | ""` )
const DefaultNamespace = "istio-system"
DefaultNamespace to generate configuration for
const ( // Optional output formatting for configuration YAML = iota )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BaseInstance ¶
type BaseInstance struct {
// Template name - a template defines parameters for performing policy enforcement within Istio.
Template string `json:"template"`
Params InstanceParams `json:"params"`
}
BaseInstance that all 3scale authorization methods build from
func NewApiKeyInstance ¶
func NewApiKeyInstance(userIdentifier string) *BaseInstance
NewApiKeyInstance - new base instance supporting Api Key authentication
func NewAppIDAppKeyInstance ¶
func NewAppIDAppKeyInstance(appIdentifier, appKeyIdentifier string) *BaseInstance
NewAppIDAppKeyInstance - new base instance supporting AppID/App Key authentication
func NewDefaultHybridInstance ¶
func NewDefaultHybridInstance() *BaseInstance
NewDefaultHybridInstance - new base instance supporting all authentication methods with default values
func NewOIDCInstance ¶
func NewOIDCInstance(appIdentifier, appKeyIdentifier string) *BaseInstance
NewOIDCInstance - new base instance supporting config required by OIDC integration
type ConfigGenerator ¶
type ConfigGenerator struct {
// contains filtered or unexported fields
}
ConfigGenerator - Used to expose and generate the desired config as Kubernetes resources
func NewConfigGenerator ¶
func NewConfigGenerator(name string, handler HandlerSpec, instance BaseInstance, rule Rule) (*ConfigGenerator, error)
NewConfigGenerator constructs and validate a ConfigGenerator. Setting sensible defaults which can be overridden later
func (*ConfigGenerator) OutputAll ¶
func (cg *ConfigGenerator) OutputAll(w io.Writer) error
OutputAll required manifests(instance, handler,rule) to provided writer
func (*ConfigGenerator) SetNamespace ¶
func (cg *ConfigGenerator) SetNamespace(ns string) *ConfigGenerator
SetNamespace the configuration should be generated for
type HandlerSpec ¶
type HandlerSpec struct {
// Adapter name which this handler should use
Adapter string `json:"adapter"`
// Params to pass to adapter configuration
Params config.Params `json:"params"`
// Connection allows the operator to specify the endpoint for out-of-process infrastructure backend.
Connection v1beta1.Connection `json:"connection"`
}
HandlerSpec - encapsulates the logic necessary to interface Mixer with OOP adapter
func NewThreescaleHandlerSpec ¶
func NewThreescaleHandlerSpec(accessToken, systemURL, svcID string) (*HandlerSpec, error)
NewThreescaleHandlerSpec returns a handler spec as per 3scale config
type InstanceAction ¶
type InstanceAction struct {
Path string `json:"path,omitempty"`
Method string `json:"method,omitempty"`
Service string `json:"service,omitempty"`
}
InstanceAction defines how a resource is accessed
type InstanceParams ¶
type InstanceParams struct {
Subject InstanceSubject `json:"subject"`
Action InstanceAction `json:"action"`
}
InstanceParams subset of authorization fields required by 3scale
type InstanceSubject ¶
type InstanceSubject struct {
// The user name/ID that the subject represents.
User string `json:"user,omitempty"`
// Additional attributes about the subject.
Properties map[string]interface{} `json:"properties,omitempty"`
}
InstanceSubject contains information that identifies the caller
type IstioClient ¶
type IstioClient interface {
CreateHandler(name string, inNamespace string, spec HandlerSpec) (*IstioResource, error)
}
IstioClient provides access to a specific set of Istio resources on Kubernetes These resources are currently specific to the out-of-process adapters
type IstioClientImpl ¶
type IstioClientImpl struct {
// contains filtered or unexported fields
}
IstioClientImpl provides access to a specific set of Istio resources on Kubernetes These resources are currently specific to the out-of-process adapters
func NewIstioClient ¶
func NewIstioClient(confPath string, conf *rest.Config) (*IstioClientImpl, error)
NewIstioClient creates a new client from the provided configuration path capable of manipulating known custom resources handler, instance and rule. It does not take care of creating the CRD for these extensions
func (*IstioClientImpl) CreateHandler ¶
func (c *IstioClientImpl) CreateHandler(name string, inNamespace string, spec HandlerSpec) (*IstioResource, error)
CreateHandler for Istio adapter
type IstioResource ¶
type IstioResource struct {
metav1.TypeMeta `json:",inline,omitempty"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec interface{} `json:"spec"`
}
IstioResource represents a generic Istio resource of interest (handler,instance,rule)
func (*IstioResource) DeepCopy ¶
func (in *IstioResource) DeepCopy() *IstioResource
DeepCopy copies the receiver, creating a new IstioResource.
func (*IstioResource) DeepCopyInto ¶
func (in *IstioResource) DeepCopyInto(out *IstioResource)
DeepCopyInto copies all properties of this object into another object of the same type that is provided as a pointer. in must be non-nil.
func (*IstioResource) DeepCopyObject ¶
func (in *IstioResource) DeepCopyObject() runtime.Object
DeepCopyObject copies the receiver, creating a new runtime.Object.
type K8sClient ¶
type K8sClient struct {
// contains filtered or unexported fields
}
K8sClient provides access to core Kubernetes resources
func NewK8Client ¶
NewK8Client creates a new Kubernetes client from the provided configuration path or existing configuration. If no configuration is provided confPath will be used to generate one. This is a wrapper supporting both out-of-cluster and in-cluster configs
func (*K8sClient) DiscoverManagedServices ¶
func (c *K8sClient) DiscoverManagedServices(namespace string, filterByLabels ...string) (*v1.DeploymentList, error)
DiscoverManagedServices for deployments whose labels match the provided filter If provided namespace is empty string, all readable namespaces as authorised by the receivers config will be read
func (*K8sClient) GetSecret ¶
func (c *K8sClient) GetSecret(name, namespace string, filterByLabels ...string) (*corev1.Secret, error)
GetSecret by name from the provided namespace If no name is provided search is done by provided filter. Name and filters are mutually exclusive with provided name taking precedence. If search by filter is done and multiple or no secrets are found then an error is returned.
func (*K8sClient) NewIstioClient ¶
func (c *K8sClient) NewIstioClient() (*IstioClientImpl, error)
NewIstioClient creates a new client from an existing kubernetes client capable of manipulating known custom resources handler, instance and rule. It does not take care of creating the CRD for these extensions
type MatchConditions ¶
type MatchConditions []string
MatchConditions - A list of conditions that must be through for a request to match
func GetDefaultMatchConditions ¶
func GetDefaultMatchConditions(credentialsName string) MatchConditions
GetDefaultMatchConditions for a 3scale adapter rule, formatted for the provided credentials(handler)
type ThreescaleCredentials ¶
type ThreescaleCredentials struct {
// contains filtered or unexported fields
}
ThreescaleCredentials required to call 3scale APIs
Source Files