Documentation

Index

• func NoAuth(request *restful.Request, response *restful.Response, ...)
• type AdminAuth
  • func (a *AdminAuth) Validate(request *restful.Request, response *restful.Response, ...)

Constants

This section is empty.

Variables

This section is empty.

Functions

func NoAuth

func NoAuth(request *restful.Request, response *restful.Response, chain *restful.FilterChain)

Types

type AdminAuth

type AdminAuth struct {
	AllowFromLocalhost bool
}

AdminAuth validates that the client can access admin endpoints (like Secrets or Dataplane Token) You can access the endpoint in two cases 1) Request originates from localhost. We assume that if someone has an access to VM/Pod with server, they can do whatever they want. This is also for better UX 2) Request originates from outside of localhost but client certs are configured for HTTPS.

Client certs are essentially self signed CAs (generated by kumactl generate tls-certificate). For now we do not support SAN validation with the same CA that was used to sign server cert

func (*AdminAuth) Validate

func (a *AdminAuth) Validate(request *restful.Request, response *restful.Response, chain *restful.FilterChain)