Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authorizer ¶
type Authorizer struct {
Name string `json:"-"`
Context string `json:"context,omitempty" xml:"context,omitempty" yaml:"context,omitempty"`
PrimaryInstance bool `json:"primary,omitempty" xml:"primary,omitempty" yaml:"primary,omitempty"`
AuthURLPath string `json:"auth_url_path,omitempty" xml:"auth_url_path,omitempty" yaml:"auth_url_path,omitempty"`
AuthRedirectDisabled bool `json:"disable_auth_redirect,omitempty" xml:"disable_auth_redirect,omitempty" yaml:"disable_auth_redirect,omitempty"`
AuthRedirectQueryDisabled bool `` /* 133-byte string literal not displayed */
AuthRedirectQueryParameter string `` /* 127-byte string literal not displayed */
// The status code for the HTTP redirect for non-authorized users.
AuthRedirectStatusCode int `` /* 127-byte string literal not displayed */
// Enable the redirect with Javascript, as opposed to HTTP redirect.
RedirectWithJavascript bool `json:"redirect_with_javascript,omitempty" xml:"redirect_with_javascript,omitempty" yaml:"redirect_with_javascript,omitempty"`
// The list of URI prefixes which bypass authorization.
BypassConfigs []*BypassConfig `json:"bypass_configs,omitempty" xml:"bypass_configs,omitempty" yaml:"bypass_configs,omitempty"`
// The list of mappings between header names and field names.
HeaderInjectionConfigs []*HeaderInjectionConfig `json:"header_injection_configs,omitempty" xml:"header_injection_configs,omitempty" yaml:"header_injection_configs,omitempty"`
AccessListRules []*acl.RuleConfiguration `json:"access_list_rules,omitempty" xml:"access_list_rules,omitempty" yaml:"access_list_rules,omitempty"`
CryptoKeyConfigs []*kms.CryptoKeyConfig `json:"crypto_key_configs,omitempty" xml:"crypto_key_configs,omitempty" yaml:"crypto_key_configs,omitempty"`
// CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.
CryptoKeyStoreConfig map[string]interface{} `json:"crypto_key_store_config,omitempty" xml:"crypto_key_store_config,omitempty" yaml:"crypto_key_store_config,omitempty"`
IdentityProviderConfig *idp.IdentityProviderConfig `json:"identity_provider_config,omitempty" xml:"identity_provider_config,omitempty" yaml:"identity_provider_config,omitempty"`
AllowedTokenSources []string `json:"allowed_token_sources,omitempty" xml:"allowed_token_sources,omitempty" yaml:"allowed_token_sources,omitempty"`
StripTokenEnabled bool `json:"strip_token_enabled,omitempty" xml:"strip_token_enabled,omitempty" yaml:"strip_token_enabled,omitempty"`
ForbiddenURL string `json:"forbidden_url,omitempty" xml:"forbidden_url,omitempty" yaml:"forbidden_url,omitempty"`
UserIdentityField string `json:"user_identity_field,omitempty" xml:"user_identity_field,omitempty" yaml:"user_identity_field,omitempty"`
ValidateBearerHeader bool `json:"validate_bearer_header,omitempty" xml:"validate_bearer_header,omitempty" yaml:"validate_bearer_header,omitempty"`
ValidateMethodPath bool `json:"validate_method_path,omitempty" xml:"validate_method_path,omitempty" yaml:"validate_method_path,omitempty"`
ValidateAccessListPathClaim bool `` /* 145-byte string literal not displayed */
ValidateSourceAddress bool `json:"validate_source_address,omitempty" xml:"validate_source_address,omitempty" yaml:"validate_source_address,omitempty"`
PassClaimsWithHeaders bool `json:"pass_claims_with_headers,omitempty" xml:"pass_claims_with_headers,omitempty" yaml:"pass_claims_with_headers,omitempty"`
// contains filtered or unexported fields
}
Authorizer authorizes access to endpoints based on the presense and content of JWT token.
func (Authorizer) Authenticate ¶
func (m Authorizer) Authenticate(w http.ResponseWriter, r *http.Request, upstreamOptions map[string]interface{}) (map[string]interface{}, bool, error)
Authenticate authorizes access based on the presense and content of JWT token.
func (*Authorizer) Provision ¶
func (m *Authorizer) Provision(upstreamOptions map[string]interface{}) error
Provision provisions JWT authorization provider instances.
func (*Authorizer) Validate ¶
func (m *Authorizer) Validate() error
Validate implements caddy.Validator.
type BypassConfig ¶
type BypassConfig struct {
MatchType string `json:"match_type,omitempty" xml:"match_type,omitempty" yaml:"match_type,omitempty"`
URI string `json:"uri,omitempty" xml:"uri,omitempty" yaml:"uri,omitempty"`
// contains filtered or unexported fields
}
BypassConfig contains the entry for the authorization bypass.
func (*BypassConfig) Validate ¶
func (b *BypassConfig) Validate() error
Validate validates BypassConfig
type HeaderInjectionConfig ¶
type HeaderInjectionConfig struct {
Header string `json:"header,omitempty" xml:"header,omitempty" yaml:"header,omitempty"`
Field string `json:"field,omitempty" xml:"field,omitempty" yaml:"field,omitempty"`
}
HeaderInjectionConfig contains the entry for the authorization bypass.
func (*HeaderInjectionConfig) Validate ¶
func (c *HeaderInjectionConfig) Validate() error
Validate validates HeaderInjectionConfig
type InstanceManager ¶
type InstanceManager struct {
Members map[string]*Authorizer `json:"members,omitempty" xml:"members,omitempty" yaml:"members,omitempty"`
PrimaryInstances map[string]*Authorizer `json:"primary_instances,omitempty" xml:"primary_instances,omitempty" yaml:"primary_instances,omitempty"`
MemberCount map[string]int `json:"member_count,omitempty" xml:"member_count,omitempty" yaml:"member_count,omitempty"`
// contains filtered or unexported fields
}
InstanceManager provides access to all instances of the plugin.
var AuthManager *InstanceManager
AuthManager is the global authorization provider pool. It provides access to all instances of JWT plugin.
func NewInstanceManager ¶
func NewInstanceManager() *InstanceManager
NewInstanceManager returns a new instance of InstanceManager.
func (*InstanceManager) Register ¶
func (mgr *InstanceManager) Register(ctx context.Context, m *Authorizer) error
Register registers authorization provider instance with the pool.
func (*InstanceManager) Validate ¶
func (mgr *InstanceManager) Validate(ctx context.Context, m *Authorizer) error
Validate validates the provisioning of an Authorizer instance.
type InstanceStatus ¶
type InstanceStatus int
InstanceStatus is the state of an Instance.
const ( // Unknown is indeterminate state. Unknown InstanceStatus = iota // BootstrapPrimary is primary instance is ready for bootstrapping. BootstrapPrimary // BootstrapSecondary is non-primary instance is ready for bootstrapping. BootstrapSecondary // DelaySecondary is non-primary instance is not ready for bootstrapping. DelaySecondary // DuplicatePrimary is a dumplicate primary instance. DuplicatePrimary )
Source Files
Click to show internal directories.
Click to hide internal directories.