elastic_guardian

README

Elastic Guardian

Elastic Guardian is a tiny reverse proxy that can offer authentication (using HTTP Basic Auth) as well as authorization.

While it was originally meant as a thin layer between Elasticsearch (which has no builtin authentication/authorization) and the World, there is nothing specific to Elasticsearch (other than a few defaults which can be changed via command line flags).

The generic use case for Elastic Guardian is to restrict access to a HTTP API with HTTP Basic Auth and authorization rules.

TODO

1. implement graceful shutdown.

Documentation

Overview

Elastic Guardian is a tiny reverse proxy that can offer authentication (using HTTP Basic Auth) as well as authorization.

While it was originally meant as a thin layer between Elasticsearch (which has no builtin authentication/authorization) and the World, there is nothing specific to Elasticsearch (other than a few defaults which can be changed via command line flags).

The generic use case for Elastic Guardian is to restrict access to a HTTP API with HTTP Basic Auth and authorization rules.

It currently offers:

authentication (using HTTP Basic Auth);
authorization (based on the {user, HTTP verb, HTTP path}).

It currently supports loading the authentication and authorization data from two different backends:

inline variables (see settings.go) or
external files (filenames passed via commandline flags)

Whether the external files are used or not can be controled (at compile time) via AllowAuthFromFiles constant. See that constant definition for further details.

Please see authentication and authorization packages for further details.

Commandline help can be accessed with:

elastic_guardian -h

That will also display the default values for all flags. Log output will go to console (stdout) by default.