authz

package

v0.1.0 Latest Latest Go to latest Published: Apr 1, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

This section is empty.

This section is empty.

func CreateControllers(mgr *Manager, controllerManager ctrl.Manager, crdMode bool) error

CreateControllers creates the various k8s controllers used to update the xDS manager.

func RegisterHandlers(manager *Manager, srv *utilhttp.Server)

RegisterHandlers registers the HTTP handlers for dataplane authz requests.

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages the authorization dataplane connections.

func NewManager(peerTLS *tls.ParsedCertData) (*Manager, error)

NewManager returns a new authorization manager.

func (m *Manager) AddAccessPolicy(policy *api.Policy) error

AddAccessPolicy adds an access policy to allow/deny specific connections. TODO: switch from api.Policy to v1alpha1.Policy.

func (m *Manager) AddExport(export *v1alpha1.Export)

AddExport defines a new route target for ingress dataplane connections.

func (m *Manager) AddImport(imp *v1alpha1.Import)

AddImport adds a listening socket for an imported remote service.

func (m *Manager) AddLBPolicy(policy *api.Policy) error

AddLBPolicy adds a load-balancing policy to set a load-balancing scheme for specific connections. TODO: merge this with AddImport.

func (m *Manager) AddPeer(pr *v1alpha1.Peer)

AddPeer defines a new route target for egress dataplane connections.

func (m *Manager) DeleteAccessPolicy(policy *api.Policy) error

DeleteAccessPolicy removes an access policy to allow/deny specific connections. TODO: switch from api.Policy to v1alpha1.Policy.

func (m *Manager) DeleteExport(name types.NamespacedName)

DeleteExport removes the possibility for ingress dataplane connections to access a given service.

func (m *Manager) DeleteImport(name types.NamespacedName) error

DeleteImport removes the listening socket of a previously imported service.

func (m *Manager) DeleteLBPolicy(policy *api.Policy) error

DeleteLBPolicy removes a load-balancing policy. TODO: merge this with DeleteImport.

func (m *Manager) DeletePeer(name string)

DeletePeer removes the possibility for egress dataplane connections to be routed to a given peer.