authorization

package

v0.0.0-...-0000b31 Latest Latest Go to latest Published: Dec 7, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/solo-io/istio

Documentation ¶

Overview ¶

Package authorization is a generated protocol buffer package.

It is generated from these files:

bazel-out/local-fastbuild/genfiles/mixer/template/authorization/go_default_library_tmpl.proto

It has these top-level messages:

Type
SubjectType
ActionType
InstanceParam
SubjectInstanceParam
ActionInstanceParam

Constants ¶

View Source

const TemplateName = "authorization"

Fully qualified name of the template

Variables ¶

View Source

var (
	ErrInvalidLengthGoDefaultLibraryTmpl = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGoDefaultLibraryTmpl   = fmt.Errorf("proto: integer overflow")
)

Functions ¶

This section is empty.

Types ¶

type Action ¶

type Action struct {

	// Namespace the target action is taking place in.
	Namespace string

	// The Service the action is being taken on.
	Service string

	// What action is being taken.
	Method string

	// HTTP REST path within the service
	Path string

	// Additional data about the action for use in policy.
	Properties map[string]interface{}
}

An action defines "how a resource is accessed".

type ActionInstanceParam ¶

type ActionInstanceParam struct {
	Namespace  string            `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"`
	Service    string            `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"`
	Method     string            `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
	Path       string            `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"`
	Properties map[string]string `` /* 154-byte string literal not displayed */
}

func (*ActionInstanceParam) Descriptor ¶

func (*ActionInstanceParam) Descriptor() ([]byte, []int)

func (*ActionInstanceParam) Equal ¶

func (this *ActionInstanceParam) Equal(that interface{}) bool

func (*ActionInstanceParam) GetMethod ¶

func (m *ActionInstanceParam) GetMethod() string

func (*ActionInstanceParam) GetNamespace ¶

func (m *ActionInstanceParam) GetNamespace() string

func (*ActionInstanceParam) GetPath ¶

func (m *ActionInstanceParam) GetPath() string

func (*ActionInstanceParam) GetProperties ¶

func (m *ActionInstanceParam) GetProperties() map[string]string

func (*ActionInstanceParam) GetService ¶

func (m *ActionInstanceParam) GetService() string

func (*ActionInstanceParam) GoString ¶

func (this *ActionInstanceParam) GoString() string

func (*ActionInstanceParam) Marshal ¶

func (m *ActionInstanceParam) Marshal() (dAtA []byte, err error)

func (*ActionInstanceParam) MarshalTo ¶

func (m *ActionInstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*ActionInstanceParam) ProtoMessage ¶

func (*ActionInstanceParam) ProtoMessage()

func (*ActionInstanceParam) Reset ¶

func (m *ActionInstanceParam) Reset()

func (*ActionInstanceParam) Size ¶

func (m *ActionInstanceParam) Size() (n int)

func (*ActionInstanceParam) String ¶

func (this *ActionInstanceParam) String() string

func (*ActionInstanceParam) Unmarshal ¶

func (m *ActionInstanceParam) Unmarshal(dAtA []byte) error

type ActionType ¶

type ActionType struct {
	// Additional data about the action for use in policy.
	Properties map[string]istio_mixer_v1_config_descriptor.ValueType `` /* 203-byte string literal not displayed */
}

An action defines "how a resource is accessed".

func (*ActionType) Descriptor ¶

func (*ActionType) Descriptor() ([]byte, []int)

func (*ActionType) Equal ¶

func (this *ActionType) Equal(that interface{}) bool

func (*ActionType) GetProperties ¶

func (m *ActionType) GetProperties() map[string]istio_mixer_v1_config_descriptor.ValueType

func (*ActionType) GoString ¶

func (this *ActionType) GoString() string

func (*ActionType) Marshal ¶

func (m *ActionType) Marshal() (dAtA []byte, err error)

func (*ActionType) MarshalTo ¶

func (m *ActionType) MarshalTo(dAtA []byte) (int, error)

func (*ActionType) ProtoMessage ¶

func (*ActionType) ProtoMessage()

func (*ActionType) Reset ¶

func (m *ActionType) Reset()

func (*ActionType) Size ¶

func (m *ActionType) Size() (n int)

func (*ActionType) String ¶

func (this *ActionType) String() string

func (*ActionType) Unmarshal ¶

func (m *ActionType) Unmarshal(dAtA []byte) error

type Handler ¶

type Handler interface {
	adapter.Handler

	// HandleAuthorization is called by Mixer at request time to deliver instances to
	// to an adapter.
	HandleAuthorization(context.Context, *Instance) (adapter.CheckResult, error)
}

Handler must be implemented by adapter code if it wants to process data associated with the 'authorization' template.

Mixer uses this interface to call into the adapter at request time in order to dispatch created instances to the adapter. Adapters take the incoming instances and do what they need to achieve their primary function.

The name of each instance can be used as a key into the Type map supplied to the adapter at configuration time via the method 'SetAuthorizationTypes'. These Type associated with an instance describes the shape of the instance

type HandlerBuilder ¶

type HandlerBuilder interface {
	adapter.HandlerBuilder

	// SetAuthorizationTypes is invoked by Mixer to pass the template-specific Type information for instances that an adapter
	// may receive at runtime. The type information describes the shape of the instance.
	SetAuthorizationTypes(map[string]*Type)
}

HandlerBuilder must be implemented by adapters if they want to process data associated with the 'authorization' template.

Mixer uses this interface to call into the adapter at configuration time to configure it with adapter-specific configuration as well as all template-specific type information.

type Instance ¶

type Instance struct {
	// Name of the instance as specified in configuration.
	Name string

	// A subject contains a list of attributes that identify
	// the caller identity.
	Subject *Subject

	// An action defines "how a resource is accessed".
	Action *Action
}

Instance is constructed by Mixer for the 'authorization' template.

The authorization template defines parameters for performing policy enforcement within Istio. It is primarily concerned with enabling Mixer adapters to make decisions about who is allowed to do what. In this template, the "who" is defined in a Subject message. The "what" is defined in an Action message. During a Mixer Check call, these values will be populated based on configuration from request attributes and passed to individual authorization adapters to adjudicate.

Example config: ``` apiVersion: "config.istio.io/v1alpha2" kind: authorization metadata:

name: authinfo
namespace: istio-system

spec:

subject:
  user: source.user | request.auth.token[user] | ""
  groups: request.auth.token[groups]
  properties:
   iss: request.auth.token["iss"]
action:
  namespace: target.namespace | "default"
  service: target.service | ""
  path: request.path | "/"
  method: request.method | "post"
  properties:
    version: destination.labels[version] | ""
```

type InstanceParam ¶

type InstanceParam struct {
	Subject *SubjectInstanceParam `protobuf:"bytes,1,opt,name=subject" json:"subject,omitempty"`
	Action  *ActionInstanceParam  `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
}

func (*InstanceParam) Descriptor ¶

func (*InstanceParam) Descriptor() ([]byte, []int)

func (*InstanceParam) Equal ¶

func (this *InstanceParam) Equal(that interface{}) bool

func (*InstanceParam) GetAction ¶

func (m *InstanceParam) GetAction() *ActionInstanceParam

func (*InstanceParam) GetSubject ¶

func (m *InstanceParam) GetSubject() *SubjectInstanceParam

func (*InstanceParam) GoString ¶

func (this *InstanceParam) GoString() string

func (*InstanceParam) Marshal ¶

func (m *InstanceParam) Marshal() (dAtA []byte, err error)

func (*InstanceParam) MarshalTo ¶

func (m *InstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*InstanceParam) ProtoMessage ¶

func (*InstanceParam) ProtoMessage()

func (*InstanceParam) Reset ¶

func (m *InstanceParam) Reset()

func (*InstanceParam) Size ¶

func (m *InstanceParam) Size() (n int)

func (*InstanceParam) String ¶

func (this *InstanceParam) String() string

func (*InstanceParam) Unmarshal ¶

func (m *InstanceParam) Unmarshal(dAtA []byte) error

type Subject ¶

type Subject struct {

	// The user name/ID that the subject represents.
	User string

	// Groups the subject belongs to depending on the authentication mechanism,
	// "groups" are normally populated from JWT claim or client certificate.
	// The operator can define how it is populated when creating an instance of
	// the template.
	Groups []string

	// Additional attributes about the subject.
	Properties map[string]interface{}
}

A subject contains a list of attributes that identify the caller identity.

type SubjectInstanceParam ¶

type SubjectInstanceParam struct {
	User       string            `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"`
	Groups     string            `protobuf:"bytes,2,opt,name=groups,proto3" json:"groups,omitempty"`
	Properties map[string]string `` /* 154-byte string literal not displayed */
}

func (*SubjectInstanceParam) Descriptor ¶

func (*SubjectInstanceParam) Descriptor() ([]byte, []int)

func (*SubjectInstanceParam) Equal ¶

func (this *SubjectInstanceParam) Equal(that interface{}) bool

func (*SubjectInstanceParam) GetGroups ¶

func (m *SubjectInstanceParam) GetGroups() string

func (*SubjectInstanceParam) GetProperties ¶

func (m *SubjectInstanceParam) GetProperties() map[string]string

func (*SubjectInstanceParam) GetUser ¶

func (m *SubjectInstanceParam) GetUser() string

func (*SubjectInstanceParam) GoString ¶

func (this *SubjectInstanceParam) GoString() string

func (*SubjectInstanceParam) Marshal ¶

func (m *SubjectInstanceParam) Marshal() (dAtA []byte, err error)

func (*SubjectInstanceParam) MarshalTo ¶

func (m *SubjectInstanceParam) MarshalTo(dAtA []byte) (int, error)

func (*SubjectInstanceParam) ProtoMessage ¶

func (*SubjectInstanceParam) ProtoMessage()

func (*SubjectInstanceParam) Reset ¶

func (m *SubjectInstanceParam) Reset()

func (*SubjectInstanceParam) Size ¶

func (m *SubjectInstanceParam) Size() (n int)

func (*SubjectInstanceParam) String ¶

func (this *SubjectInstanceParam) String() string

func (*SubjectInstanceParam) Unmarshal ¶

func (m *SubjectInstanceParam) Unmarshal(dAtA []byte) error

type SubjectType ¶

type SubjectType struct {
	// Additional attributes about the subject.
	Properties map[string]istio_mixer_v1_config_descriptor.ValueType `` /* 203-byte string literal not displayed */
}

A subject contains a list of attributes that identify the caller identity.

func (*SubjectType) Descriptor ¶

func (*SubjectType) Descriptor() ([]byte, []int)

func (*SubjectType) Equal ¶

func (this *SubjectType) Equal(that interface{}) bool

func (*SubjectType) GetProperties ¶

func (m *SubjectType) GetProperties() map[string]istio_mixer_v1_config_descriptor.ValueType

func (*SubjectType) GoString ¶

func (this *SubjectType) GoString() string

func (*SubjectType) Marshal ¶

func (m *SubjectType) Marshal() (dAtA []byte, err error)

func (*SubjectType) MarshalTo ¶

func (m *SubjectType) MarshalTo(dAtA []byte) (int, error)

func (*SubjectType) ProtoMessage ¶

func (*SubjectType) ProtoMessage()

func (*SubjectType) Reset ¶

func (m *SubjectType) Reset()

func (*SubjectType) Size ¶

func (m *SubjectType) Size() (n int)

func (*SubjectType) String ¶

func (this *SubjectType) String() string

func (*SubjectType) Unmarshal ¶

func (m *SubjectType) Unmarshal(dAtA []byte) error

type Type ¶

type Type struct {
	// A subject contains a list of attributes that identify
	// the caller identity.
	Subject *SubjectType `protobuf:"bytes,1,opt,name=subject" json:"subject,omitempty"`
	// An action defines "how a resource is accessed".
	Action *ActionType `protobuf:"bytes,2,opt,name=action" json:"action,omitempty"`
}

The authorization template defines parameters for performing policy enforcement within Istio. It is primarily concerned with enabling Mixer adapters to make decisions about who is allowed to do what. In this template, the "who" is defined in a Subject message. The "what" is defined in an Action message. During a Mixer Check call, these values will be populated based on configuration from request attributes and passed to individual authorization adapters to adjudicate.

Example config: ``` apiVersion: "config.istio.io/v1alpha2" kind: authorization metadata:

name: authinfo
namespace: istio-system

spec:

subject:
  user: source.user | request.auth.token[user] | ""
  groups: request.auth.token[groups]
  properties:
   iss: request.auth.token["iss"]
action:
  namespace: target.namespace | "default"
  service: target.service | ""
  path: request.path | "/"
  method: request.method | "post"
  properties:
    version: destination.labels[version] | ""
```

func (*Type) Descriptor ¶

func (*Type) Descriptor() ([]byte, []int)

func (*Type) Equal ¶

func (this *Type) Equal(that interface{}) bool

func (*Type) GetAction ¶

func (m *Type) GetAction() *ActionType

func (*Type) GetSubject ¶

func (m *Type) GetSubject() *SubjectType

func (*Type) GoString ¶

func (this *Type) GoString() string

func (*Type) Marshal ¶

func (m *Type) Marshal() (dAtA []byte, err error)

func (*Type) MarshalTo ¶

func (m *Type) MarshalTo(dAtA []byte) (int, error)

func (*Type) ProtoMessage ¶

func (*Type) ProtoMessage()

func (*Type) Reset ¶

func (m *Type) Reset()

func (*Type) Size ¶

func (m *Type) Size() (n int)

func (*Type) String ¶

func (this *Type) String() string

func (*Type) Unmarshal ¶

func (m *Type) Unmarshal(dAtA []byte) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL