config

package
v0.11.0-rc.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2020 License: MIT Imports: 18 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	AllowAccess        = "allow"
	DenyAccess         = "deny"
	DefaultTrustDomain = "public"
	DefaultNamespace   = "default"
	ActionPolicyApp    = "app"
	ActionPolicyGlobal = "global"
	SpiffeIDPrefix     = "spiffe://"
	HTTPProtocol       = "http"
	GRPCProtocol       = "grpc"
)

Variables

This section is empty.

Functions

func IsOperationAllowedByAccessControlPolicy added in v0.11.0 

func IsOperationAllowedByAccessControlPolicy(spiffeID *SpiffeID, srcAppID string, inputOperation string, httpVerb common.HTTPExtension_Verb, appProtocol string, accessControlList *AccessControlList) (bool, string)

IsOperationAllowedByAccessControlPolicy determines if access control policies allow the operation on the target app

Types

type AccessControlList added in v0.11.0 

type AccessControlList struct {
	DefaultAction string
	TrustDomain   string
	PolicySpec    map[string]AccessControlListPolicySpec
}

AccessControlList is an in-memory access control list config for fast lookup

func ParseAccessControlSpec added in v0.11.0 

func ParseAccessControlSpec(accessControlSpec AccessControlSpec) (*AccessControlList, error)

ParseAccessControlSpec creates an in-memory copy of the Access Control Spec for fast lookup

type AccessControlListOperationAction added in v0.11.0 

type AccessControlListOperationAction struct {
	VerbAction       map[string]string
	OperationPostFix string
	OperationAction  string
}

AccessControlListOperationAction is an in-memory access control list config per operation for fast lookup

type AccessControlListPolicySpec added in v0.11.0 

type AccessControlListPolicySpec struct {
	AppName             string
	DefaultAction       string
	TrustDomain         string
	Namespace           string
	AppOperationActions map[string]AccessControlListOperationAction
}

AccessControlListPolicySpec is an in-memory access control list config per app for fast lookup

type AccessControlSpec added in v0.11.0 

type AccessControlSpec struct {
	DefaultAction string          `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain   string          `json:"trustDomain" yaml:"trustDomain"`
	AppPolicies   []AppPolicySpec `json:"policies" yaml:"policies"`
}

AccessControlSpec is the spec object in ConfigurationSpec

type AppOperation added in v0.11.0 

type AppOperation struct {
	Operation string   `json:"name" yaml:"name"`
	HTTPVerb  []string `json:"httpVerb" yaml:"httpVerb"`
	Action    string   `json:"action" yaml:"action"`
}

AppOperation defines the data structure for each app operation

type AppPolicySpec added in v0.11.0 

type AppPolicySpec struct {
	AppName             string         `json:"appId" yaml:"appId"`
	DefaultAction       string         `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain         string         `json:"trustDomain" yaml:"trustDomain"`
	Namespace           string         `json:"namespace" yaml:"namespace"`
	AppOperationActions []AppOperation `json:"operations" yaml:"operations"`
}

AppPolicySpec defines the policy data structure for each app

type ApplicationConfig 

type ApplicationConfig struct {
	Entities []string `json:"entities"`
	// Duration. example: "1h"
	ActorIdleTimeout string `json:"actorIdleTimeout"`
	// Duration. example: "30s"
	ActorScanInterval string `json:"actorScanInterval"`
	// Duration. example: "30s"
	DrainOngoingCallTimeout string `json:"drainOngoingCallTimeout"`
	DrainRebalancedActors   bool   `json:"drainRebalancedActors"`
}

ApplicationConfig is an optional config supplied by user code.

type Configuration 

type Configuration struct {
	Spec ConfigurationSpec `json:"spec" yaml:"spec"`
}

func LoadDefaultConfiguration 

func LoadDefaultConfiguration() *Configuration

LoadDefaultConfiguration returns the default config

func LoadKubernetesConfiguration 

func LoadKubernetesConfiguration(config, namespace string, operatorClient operatorv1pb.OperatorClient) (*Configuration, error)

LoadKubernetesConfiguration gets configuration from the Kubernetes operator with a given name

func LoadStandaloneConfiguration 

func LoadStandaloneConfiguration(config string) (*Configuration, error)

LoadStandaloneConfiguration gets the path to a config file and loads it into a configuration

type ConfigurationSpec 

type ConfigurationSpec struct {
	HTTPPipelineSpec  PipelineSpec      `json:"httpPipeline,omitempty" yaml:"httpPipeline,omitempty"`
	TracingSpec       TracingSpec       `json:"tracing,omitempty" yaml:"tracing,omitempty"`
	MTLSSpec          MTLSSpec          `json:"mtls,omitempty"`
	MetricSpec        MetricSpec        `json:"metric,omitempty" yaml:"metric,omitempty"`
	Secrets           SecretsSpec       `json:"secrets,omitempty" yaml:"secrets,omitempty"`
	AccessControlSpec AccessControlSpec `json:"accessControl,omitempty" yaml:"accessControl,omitempty"`
}

type HandlerSpec added in v0.4.0 

type HandlerSpec struct {
	Name         string       `json:"name" yaml:"name"`
	Type         string       `json:"type" yaml:"type"`
	SelectorSpec SelectorSpec `json:"selector,omitempty" yaml:"selector,omitempty"`
}

type MTLSSpec added in v0.4.0 

type MTLSSpec struct {
	Enabled          bool   `json:"enabled"`
	WorkloadCertTTL  string `json:"workloadCertTTL"`
	AllowedClockSkew string `json:"allowedClockSkew"`
}

type MetricSpec added in v0.11.0 

type MetricSpec struct {
	Enabled bool `json:"enabled" yaml:"enabled"`
}

MetricSpec configuration for metrics

type PipelineSpec added in v0.4.0 

type PipelineSpec struct {
	Handlers []HandlerSpec `json:"handlers" yaml:"handlers"`
}

type SecretsScope added in v0.11.0 

type SecretsScope struct {
	DefaultAccess  string   `json:"defaultAccess,omitempty" yaml:"defaultAccess,omitempty"`
	StoreName      string   `json:"storeName" yaml:"storeName"`
	AllowedSecrets []string `json:"allowedSecrets,omitempty" yaml:"allowedSecrets,omitempty"`
	DeniedSecrets  []string `json:"deniedSecrets,omitempty" yaml:"deniedSecrets,omitempty"`
}

SecretsScope defines the scope for secrets

func (SecretsScope) IsSecretAllowed added in v0.11.0 

func (c SecretsScope) IsSecretAllowed(key string) bool

Check if the secret is allowed to be accessed.

type SecretsSpec added in v0.11.0 

type SecretsSpec struct {
	Scopes []SecretsScope `json:"scopes"`
}

type SelectorField added in v0.4.0 

type SelectorField struct {
	Field string `json:"field" yaml:"field"`
	Value string `json:"value" yaml:"value"`
}

type SelectorSpec added in v0.4.0 

type SelectorSpec struct {
	Fields []SelectorField `json:"fields" yaml:"fields"`
}

type SpiffeID added in v0.11.0 

type SpiffeID struct {
	TrustDomain string
	Namespace   string
	AppID       string
}

SpiffeID represents the separated fields in a spiffe id

func GetAndParseSpiffeID added in v0.11.0 

func GetAndParseSpiffeID(ctx context.Context) (*SpiffeID, error)

GetAndParseSpiffeID retrieves the SPIFFE Id from the cert and parses it

type TracingSpec 

type TracingSpec struct {
	SamplingRate string `json:"samplingRate" yaml:"samplingRate"`
	Stdout       bool   `json:"stdout" yaml:"stdout"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.