Documentation
¶
Index ¶
Constants ¶
const ( // StatusHealthy is used to indicate a healthy response StatusHealthy = "healthy" // StatusUnhealthy is used to indicate an unhealthy response StatusUnhealthy = "unhealthy" )
const ( // V1Prefix is the API prefix for the v1 API V1Prefix = "/api/v1/auth_proxy" // LoginPath is the authentication endpoint on the proxy LoginPath = V1Prefix + "/login/" // HealthCheckPath is the health check endpoint on the proxy HealthCheckPath = V1Prefix + "/health/" // VersionPath is the version endpoint on the proxy VersionPath = V1Prefix + "/version/" // DefaultNetmasterRequestTimeout is the default value for proxy.Config's NetmasterRequestTimeout DefaultNetmasterRequestTimeout = 10 // DefaultClientReadTimeout is the default value for proxy.Config's ClientReadTimeout DefaultClientReadTimeout = 5 // DefaultClientWriteTimeout is the default value for proxy.Config's ClientWriteTimeout DefaultClientWriteTimeout = 11 // DefaultNetmasterRequestTimeout + 1 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddAuthorizationRequest ¶
type AddAuthorizationRequest struct {
PrincipalName string `json:"principalName"`
Local bool `json:"local"`
Role string `json:"role"`
TenantName string `json:"tenantName"`
}
AddAuthorizationRequest message is sent for AddAuthorization operation.
Fields:
PrincipalName: name of a security principal for whom an authorization needs to be added. This can be a local user or an LDAP group Local: true if the name corresponds to a local user, false if it's an LDAP group. Role: Level of access granted to principal TenantName: Tenant name that the above principal will have access to. Based on role type, this may not be set. For example, a tenant name is ignored if role is admin.
type Config ¶
type Config struct {
// Name and Version are used in the X-Forwarded request header
Name string
Version string
// NetmasterAddress is the address of the netmaster we talk to
NetmasterAddress string
// ListenAddress is the interface and port the proxy binds to and listens on
ListenAddress string
// TLSCertificate and TLSKeyFile are the cert and key we use to expose the HTTPS server
TLSCertificate string
TLSKeyFile string
// NetmasterRequestTimeout is how long we allow for the whole request cycle when talking to
// out upstream netmaster.
NetmasterRequestTimeout int64
// ClientReadTimeout is how long we allow for the client to send its request to us.
// Increase this if you want to support clients on extremely slow/flaky connections.
ClientReadTimeout int64
// ClientWriteTimeout is how long we allow for us to send a request to netmaster, get the
// response, and write it back to the client socket. This must be longer than the
// NetmasterRequestTimeout (default is 1 second longer).
ClientWriteTimeout int64
}
Config holds all the configuration options for an instance of the proxy server.
type GetAuthorizationReply ¶
type GetAuthorizationReply struct {
AuthzUUID string
PrincipalName string
Local bool
Role string
TenantName string
}
GetAuthorizationReply structure is used for Get*Authorization operation.
Fields:
AuthzUUID: An unique identifier for each authorization PrincipalName: name of the user for whom an authorization needs to be added. This can be a local user or an LDAP group Local: true if the name corresponds to a local user, false if it's an LDAP group. Role: Level of access to the tenant specified by TenantName TenantName: Tenant name that the above user will have access to
type HealthCheckResponse ¶
type HealthCheckResponse struct {
NetmasterHealth *NetmasterHealthCheckResponse `json:"netmaster"`
Status string `json:"status"`
Version string `json:"version"`
}
HealthCheckResponse represents a response from the /health endpoint. It contains our health status + the health status of our netmaster
func (*HealthCheckResponse) MarkUnhealthy ¶
func (hcr *HealthCheckResponse) MarkUnhealthy()
MarkUnhealthy marks the proxy as being unhealthy
type ListAuthorizationsReply ¶
type ListAuthorizationsReply struct {
AuthList []GetAuthorizationReply
}
ListAuthorizationsReply message is received from List*Authorizations operation.
Fields:
AuthList: slice of GetAuthorizationReply structures Error: error encountered during operation, if any
type LoginResponse ¶
type LoginResponse struct {
Token string `json:"token"`
}
LoginResponse holds the token returned upon successful login.
type NetmasterHealthCheckResponse ¶
type NetmasterHealthCheckResponse struct {
Status string `json:"status"`
// if netmaster is up and working, there's no "reason" for it to be unhealthy
Reason string `json:"reason,omitempty"`
// if we can't reach netmaster, we won't have a version
Version string `json:"version,omitempty"`
}
NetmasterHealthCheckResponse represents our netmaster's health and version info.
func (*NetmasterHealthCheckResponse) MarkHealthy ¶
func (nhcr *NetmasterHealthCheckResponse) MarkHealthy(version string)
MarkHealthy marks netmaster as being healthy and running the specified version
func (*NetmasterHealthCheckResponse) MarkUnhealthy ¶
func (nhcr *NetmasterHealthCheckResponse) MarkUnhealthy(reason string)
MarkUnhealthy marks netmaster as being unhealthy
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server represents a proxy server which can be running.
func (*Server) DisableKeepalives ¶
func (s *Server) DisableKeepalives()
DisableKeepalives turns off keepalives for the proxy. This should only be needed for testing because of the tight constraints around start/stopping and the problems that hanging connections can cause.
func (*Server) Init ¶
func (s *Server) Init()
Init initializes anything the server requires before it can be used.
func (*Server) ProxyRequest ¶
func (s *Server) ProxyRequest(w http.ResponseWriter, req *http.Request) (*http.Response, []byte, error)
ProxyRequest takes a HTTP request we've received, duplicates it, adds a few request headers, and sends the duplicated request to netmaster. It returns the response + the response's body.
type VersionResponse ¶
type VersionResponse struct {
Version string `json:"version"`
}
VersionResponse represents a response from the /version endpoint
Source Files