apiauth

package
v10.299.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 27, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultValidity is default service token validity.
	DefaultValidity = 60 * time.Second

	// TriremeOIDCCallbackURI is the callback URI that must be presented by
	// any OIDC provider.
	TriremeOIDCCallbackURI = "/aporeto/oidc/callback"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AppAuthResponse

type AppAuthResponse struct {
	// Discovered context and service information
	PUContext *pucontext.PUContext
	ServiceID string
	External  bool

	// Network policy ID and service ID that affect the response.
	NetworkPolicyID  string
	NetworkServiceID string

	// Action of the response and DropReason if the call must be dropped.
	Action     policy.ActionType
	DropReason string

	// Resolved token
	Token string

	// HookMethod is the corresponding HTTP rule hook method
	HookMethod string

	// TLSListener indicates that the external entity is a TLS listener,
	// and we must start a TLS session. Only applies to External connections.
	TLSListener bool
}

AppAuthResponse is the decision of the authorization process.

type AuthError

type AuthError struct {
	// contains filtered or unexported fields
}

AuthError implements the error interface, but provides additional information for the types of errors discovered.

func (*AuthError) Error

func (a *AuthError) Error() string

Error implement the string interface of error.

func (*AuthError) Message

func (a *AuthError) Message() string

Message returns the message of the error.

func (*AuthError) Status

func (a *AuthError) Status() int

Status returns the status of the message.

type NetworkAuthResponse

type NetworkAuthResponse struct {

	// Discovered service context and associated information.
	PUContext *pucontext.PUContext
	ServiceID string
	Namespace string

	// Network policy ID and service that affect the call.
	NetworkPolicyID  string
	NetworkServiceID string
	ObservedPolicyID string
	ObservedAction   policy.ActionType

	// Definition of the source.
	SourceType collector.EndPointType
	SourcePUID string

	// Action associated with the response and DropReason if dropped.
	Action     policy.ActionType
	DropReason string

	// Redirect information that should be used by the responder.
	Redirect    bool
	RedirectURI string
	Cookie      *http.Cookie
	Data        string
	Header      http.Header

	// UserAttrbutes discovered from the tokens.
	UserAttributes []string

	// TLSListener determines that TLS must be re-initiated towards
	// the listener.
	TLSListener bool

	// Fields used when ping is enabled.
	PingConfig *PingConfig
}

NetworkAuthResponse is the decision of the authorization process.

type PingConfig

type PingConfig struct {
	PingID      string
	IterationID int
	Claims      []string
	PayloadSize int
}

PingConfig holds config specific for ping traffic.

type Processor

type Processor struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Processor is an API Authorization processor.

func New

func New(contextID string, s secrets.Secrets) *Processor

New will create a new authorization processor.

func (*Processor) ApplicationRequest

func (p *Processor) ApplicationRequest(r *Request) (*AppAuthResponse, error)

ApplicationRequest processes an application side request and returns the token that is associated with this application, together with an error if the request must be rejected.

func (*Processor) NetworkRequest

func (p *Processor) NetworkRequest(ctx context.Context, r *Request) (*NetworkAuthResponse, error)

NetworkRequest authorizes a network request and either accepts the request or potentially issues a redirect.

func (*Processor) UpdateSecrets

func (p *Processor) UpdateSecrets(s secrets.Secrets)

UpdateSecrets is called to update the authorizer secrets.

type Request

type Request struct {

	// SourceAddress, only required for network authorization requests.
	SourceAddress *net.TCPAddr

	// OriginalDestination required for all requests.
	OriginalDestination *net.TCPAddr

	// HTTP header information.
	Method     string
	URL        *url.URL
	RequestURI string
	Header     http.Header
	Cookie     *http.Cookie

	// TLS information. This is optional if mutual TLS based authorization
	// must be supported.
	TLS *tls.ConnectionState
}

Request captures all the important items of request that are needed for processing the authorization decision.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL