Documentation
¶
Overview ¶
Package controller provides various access controllers for use in socket-based and HTTP-based services.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInvalidVerifier = errors.New("verifier is invalid")
ErrInvalidVerifier may be returned when creating a new TokenController.
var ( // ErrNoDevice is returned when device is empty or not found in procfs. ErrNoDevice = errors.New("no device found") )
Functions ¶
func AllowPathLabel ¶ added in v0.0.6
func AllowPathLabel(path string)
AllowPathLabel specifies a resource path that we will use to label prometheus metrics at runtime. Any path not allowed will be counted as "unknown".
func IsMonitoring ¶
IsMonitoring reports whether (possibly nil) claim is from a monitoring issuer.
Types ¶
type Controller ¶
Controller is the interface that all access control types should implement.
type TokenController ¶
type TokenController struct {
// Public is a public key access token verifier.
Public Verifier
// When access tokens are required, then clients without tokens are
// rejected. When tokens are not required and clients do not provide an
// access token the connection wil be allowed. In either case, when an
// access token is provided it must be valid to be accepted.
Required bool
// Expected JWT fields are used to validate access token claims.
// Client-provided claims are only valid if each non-empty expected field
// matches the corresponding claims field.
Expected jwt.Expected
}
TokenController manages access control for clients providing access_token parameters in HTTP requests.
func NewTokenController ¶
func NewTokenController(verifier Verifier, required bool, exp jwt.Expected) (*TokenController, error)
NewTokenController creates a new token controller that requires tokens (or not) and the default expected claims. An audience must be specified. The issuer should be provided.
type TxController ¶
type TxController struct {
// contains filtered or unexported fields
}
TxController calculates the bytes transmitted every period from the named device.
func NewTxController ¶
func NewTxController(ctx context.Context) (*TxController, error)
NewTxController creates a new instance and runs TxController.Watch in a goroutine to observe the current rate every 100 msec. When the given context is canceled or expires, Watch will return and the TxController will no longer be updated until Watch is started again.
func Setup ¶
func Setup(ctx context.Context, v Verifier, tokenRequired bool, machine string) (alice.Chain, *TxController)
Setup creates a sequence of access control http.Handlers. When the verifier is nil then the token controller will be excluded from the returned handler chain. When the tx controller is unconfigured then the tx controller will be excluded from the returned handler chain. Setup returns the TxController because it provides the Accepter interface for use by servers accepting raw TCP connections. See TxController.Accept for more information. When tokenRequired is true, then the token controller requires valid access tokens for the named machine.
func (*TxController) Accept ¶
Accept wraps the call to listener's Accept. If the TxController is limited, then Accept immediately closes the connection and returns an error.
func (*TxController) Current ¶
func (tx *TxController) Current() uint64
Current exports the current rate. Useful for diagnostics.
func (*TxController) Limit ¶
func (tx *TxController) Limit(next http.Handler) http.Handler
Limit enforces that the TxController rate limit is respected before running the next handler. If the rate is unspecified (zero), all requests are accepted.
func (*TxController) Watch ¶
func (tx *TxController) Watch(ctx context.Context) error
Watch updates the current rate every period. If the context is cancelled, the context error is returned. If the TxController rate is zero, Watch returns immediately. Callers should typically run Watch in a goroutine.
Source Files