Documentation ¶
Overview ¶
Package service manages the main logic of Authorization Proxy. It contains a token updater to periodically update the N-token for communicating with Athenz, and policy updater to periodically update Athenz policy, and athenz config updater to periodically updater Athenz Data.
Index ¶
- Constants
- Variables
- func NewTLSConfig(cfg config.TLS) (*tls.Config, error)
- func NewX509CertPool(path string) (*x509.CertPool, error)
- type Authorizationd
- type AuthorizerdMock
- func (am *AuthorizerdMock) Authorize(r *http.Request, act, res string) (authorizerd.Principal, error)
- func (am *AuthorizerdMock) AuthorizeAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)
- func (am *AuthorizerdMock) AuthorizeRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)
- func (am *AuthorizerdMock) AuthorizeRoleToken(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)
- func (am *AuthorizerdMock) GetPolicyCache(ctx context.Context) map[string]interface{}
- func (am *AuthorizerdMock) Init(ctx context.Context) error
- func (am *AuthorizerdMock) Start(ctx context.Context) <-chan error
- func (am *AuthorizerdMock) Verify(r *http.Request, act, res string) error
- func (am *AuthorizerdMock) VerifyAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) error
- func (am *AuthorizerdMock) VerifyRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error
- func (am *AuthorizerdMock) VerifyRoleJWT(ctx context.Context, tok, act, res string) error
- func (am *AuthorizerdMock) VerifyRoleToken(ctx context.Context, tok, act, res string) error
- type Option
- func WithDebugHandler(h http.Handler) Option
- func WithGRPCCloser(c io.Closer) Option
- func WithGRPCHandler(h grpc.StreamHandler) Option
- func WithGRPCServer(srv *grpc.Server) Option
- func WithRestHandler(h http.Handler) Option
- func WithServerConfig(cfg config.Server) Option
- func WithTLSConfig(t *tls.Config) Option
- type ResponseWriterMock
- type Server
- type ServerMock
- type TLSCertificateCache
Constants ¶
const ( // ContentType represents a HTTP header name "Content-Type" ContentType = "Content-Type" // TextPlain represents a HTTP content type "text/plain" TextPlain = "text/plain" // CharsetUTF8 represents a UTF-8 charset for HTTP response "charset=UTF-8" CharsetUTF8 = "charset=UTF-8" )
Variables ¶
var ErrContextClosed = errors.New("context Closed")
ErrContextClosed represents a error that the context is closed
Functions ¶
func NewTLSConfig ¶
NewTLSConfig returns a *tls.Config struct or error. It reads TLS configuration and initializes *tls.Config struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will read from files from file paths defined in environment variables.
Types ¶
type Authorizationd ¶
type Authorizationd interface { authorizer.Authorizerd }
Authorizationd represents the authorization daemon to do the authorization check.
type AuthorizerdMock ¶
type AuthorizerdMock struct { InitFunc func(context.Context) error StartFunc func(context.Context) <-chan error VerifyFunc func(r *http.Request, act, res string) (authorizerd.Principal, error) VerifyAccessTokenFunc func(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error) VerifyRoleTokenFunc func(ctx context.Context, tok, act, res string) (authorizerd.Principal, error) VerifyRoleJWTFunc func(ctx context.Context, tok, act, res string) error VerifyRoleCertFunc func(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error) GetPolicyCacheFunc func(ctx context.Context) map[string]interface{} }
AuthorizerdMock is a mock of Authorizerd
func (*AuthorizerdMock) Authorize ¶
func (am *AuthorizerdMock) Authorize(r *http.Request, act, res string) (authorizerd.Principal, error)
Authorize is a mock implementation of Authorizerd.Authorize
func (*AuthorizerdMock) AuthorizeAccessToken ¶
func (am *AuthorizerdMock) AuthorizeAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)
AuthorizeAccessToken is a mock implementation of Authorizerd.AuthorizeAccessToken
func (*AuthorizerdMock) AuthorizeRoleCert ¶
func (am *AuthorizerdMock) AuthorizeRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)
AuthorizeRoleCert is a mock implementation of Authorizerd.AuthorizeRoleCert
func (*AuthorizerdMock) AuthorizeRoleToken ¶
func (am *AuthorizerdMock) AuthorizeRoleToken(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)
AuthorizeRoleToken is a mock implementation of Authorizerd.AuthorizeRoleToken
func (*AuthorizerdMock) GetPolicyCache ¶
func (am *AuthorizerdMock) GetPolicyCache(ctx context.Context) map[string]interface{}
GetPolicyCache is a mock implementation of Authorizerd.GetPolicyCache
func (*AuthorizerdMock) Init ¶
func (am *AuthorizerdMock) Init(ctx context.Context) error
Init is a mock implementation of Authorizerd.Init
func (*AuthorizerdMock) Start ¶
func (am *AuthorizerdMock) Start(ctx context.Context) <-chan error
Start is a mock implementation of Authorizerd.Start
func (*AuthorizerdMock) Verify ¶
func (am *AuthorizerdMock) Verify(r *http.Request, act, res string) error
Verify is a mock implementation of Authorizerd.Verify
func (*AuthorizerdMock) VerifyAccessToken ¶
func (am *AuthorizerdMock) VerifyAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) error
VerifyAccessToken is a mock implementation of Authorizerd.VerifyAccessToken
func (*AuthorizerdMock) VerifyRoleCert ¶
func (am *AuthorizerdMock) VerifyRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error
VerifyRoleCert is a mock implementation of Authorizerd.VerifyRoleCert
func (*AuthorizerdMock) VerifyRoleJWT ¶
func (am *AuthorizerdMock) VerifyRoleJWT(ctx context.Context, tok, act, res string) error
VerifyRoleJWT is a mock implementation of Authorizerd.VerifyRoleJWT
func (*AuthorizerdMock) VerifyRoleToken ¶
func (am *AuthorizerdMock) VerifyRoleToken(ctx context.Context, tok, act, res string) error
VerifyRoleToken is a mock implementation of Authorizerd.VerifyRoleToken
type Option ¶
type Option func(*server)
Option represents a functional option
func WithDebugHandler ¶
WithDebugHandler returns a DebugHandler functional option
func WithGRPCCloser ¶
WithGRPCCloser returns a gRPC closer functional option
func WithGRPCHandler ¶
func WithGRPCHandler(h grpc.StreamHandler) Option
WithGRPCHandler returns a gRPC Handler functional option
func WithGRPCServer ¶
WithGRPCServer returns a gRPC Server functional option
func WithRestHandler ¶
WithRestHandler returns a Rest Handler functional option
func WithServerConfig ¶
WithServerConfig returns a ServerConfig functional option
func WithTLSConfig ¶ added in v4.10.0
WithTLSConfig returns a TLS Config functional option
type ResponseWriterMock ¶
type ResponseWriterMock struct {
// contains filtered or unexported fields
}
ResponseWriterMock is a mock of ResponseWriter
func (*ResponseWriterMock) Header ¶
func (rw *ResponseWriterMock) Header() http.Header
Header is a mock implementation of ResponseWriter.Header
func (*ResponseWriterMock) Write ¶
func (rw *ResponseWriterMock) Write(buf []byte) (int, error)
Write is a mock implementation of ResponseWriter.Write
func (*ResponseWriterMock) WriteHeader ¶
func (rw *ResponseWriterMock) WriteHeader(code int)
WriteHeader is a mock implementation of ResponseWriter.WriteHeader
type Server ¶
Server represents a authorization proxy server behavior
func NewServer ¶
NewServer returns a Server interface, which includes authorization proxy server and health check server structs. The authorization proxy server is a http.Server instance, which the port number is read from "config.Server.Port" , and set the handler as this function argument "handler".
The health check server is a http.Server instance, which the port number is read from "config.Server.HealthCheck.Port" , and the handler is as follow - Handle HTTP GET request and always return HTTP Status OK (200) response.
type ServerMock ¶
ServerMock is a mock of Server
func (*ServerMock) ListenAndServe ¶
func (sm *ServerMock) ListenAndServe(ctx context.Context) <-chan []error
ListenAndServe is a mock implementation of Server.ListenAndServe
type TLSCertificateCache ¶ added in v4.10.0
type TLSCertificateCache struct {
// contains filtered or unexported fields
}
TLSCertificateCache caches a certificate
func NewTLSConfigWithTLSCertificateCache ¶ added in v4.10.0
NewTLSConfigWithTLSCertificateCache returns a *tls.Config/*TLSCertificateCache struct or error. cfg.CertRefreshPeriod is set(cert refresh enable), returns TLSCertificateCache: not nil / TLSConfig.GetCertificate: not nil / TLSConfig.Certificates: nil cfg.CertRefreshPeriod is not set(cert refresh disable), returns TLSCertificateCache: nil / TLSConfig.GetCertificate: nil / TLSConfig.Certificates: not nil It uses to enable the certificate auto-reload feature. It reads TLS configuration and initializes *tls.Config / *TLSCertificateCache struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will read from files from file paths defined in environment variables.
func (*TLSCertificateCache) RefreshCertificate ¶ added in v4.10.0
func (tcc *TLSCertificateCache) RefreshCertificate(ctx context.Context) error
RefreshCertificate refreshes the cached certificate asynchronously.