Documentation ¶
Index ¶
Constants ¶
const ( // StatusHealthy is used to indicate a healthy response StatusHealthy = "healthy" // StatusUnhealthy is used to indicate an unhealthy response StatusUnhealthy = "unhealthy" )
const ( // V1Prefix is the API prefix for the v1 API V1Prefix = "/api/v1/auth_proxy" // LoginPath is the authentication endpoint on the proxy LoginPath = V1Prefix + "/login/" // HealthCheckPath is the health check endpoint on the proxy HealthCheckPath = V1Prefix + "/health/" // VersionPath is the version endpoint on the proxy VersionPath = V1Prefix + "/version/" // DefaultNetmasterRequestTimeout is the default value for proxy.Config's NetmasterRequestTimeout DefaultNetmasterRequestTimeout = 10 // DefaultClientReadTimeout is the default value for proxy.Config's ClientReadTimeout DefaultClientReadTimeout = 5 // DefaultClientWriteTimeout is the default value for proxy.Config's ClientWriteTimeout DefaultClientWriteTimeout = 11 // DefaultNetmasterRequestTimeout + 1 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddAuthorizationRequest ¶
type AddAuthorizationRequest struct { PrincipalName string `json:"principalName"` Local bool `json:"local"` Role string `json:"role"` TenantName string `json:"tenantName"` }
AddAuthorizationRequest message is sent for AddAuthorization operation.
Fields:
PrincipalName: name of a security principal for whom an authorization needs to be added. This can be a local user or an LDAP group Local: true if the name corresponds to a local user, false if it's an LDAP group. Role: Level of access granted to principal TenantName: Tenant name that the above principal will have access to. Based on role type, this may not be set. For example, a tenant name is ignored if role is admin.
type Config ¶
type Config struct { // Name and Version are used in the X-Forwarded request header Name string Version string // NetmasterAddress is the address of the netmaster we talk to NetmasterAddress string // ListenAddress is the interface and port the proxy binds to and listens on ListenAddress string // TLSCertificate and TLSKeyFile are the cert and key we use to expose the HTTPS server TLSCertificate string TLSKeyFile string // NetmasterRequestTimeout is how long we allow for the whole request cycle when talking to // out upstream netmaster. NetmasterRequestTimeout int64 // ClientReadTimeout is how long we allow for the client to send its request to us. // Increase this if you want to support clients on extremely slow/flaky connections. ClientReadTimeout int64 // ClientWriteTimeout is how long we allow for us to send a request to netmaster, get the // response, and write it back to the client socket. This must be longer than the // NetmasterRequestTimeout (default is 1 second longer). ClientWriteTimeout int64 }
Config holds all the configuration options for an instance of the proxy server.
type GetAuthorizationReply ¶
type GetAuthorizationReply struct { AuthzUUID string PrincipalName string Local bool Role string TenantName string }
GetAuthorizationReply structure is used for Get*Authorization operation.
Fields:
AuthzUUID: An unique identifier for each authorization PrincipalName: name of the user for whom an authorization needs to be added. This can be a local user or an LDAP group Local: true if the name corresponds to a local user, false if it's an LDAP group. Role: Level of access to the tenant specified by TenantName TenantName: Tenant name that the above user will have access to
type HealthCheckResponse ¶
type HealthCheckResponse struct { NetmasterHealth *NetmasterHealthCheckResponse `json:"netmaster"` Status string `json:"status"` Version string `json:"version"` }
HealthCheckResponse represents a response from the /health endpoint. It contains our health status + the health status of our netmaster
func (*HealthCheckResponse) MarkUnhealthy ¶
func (hcr *HealthCheckResponse) MarkUnhealthy()
MarkUnhealthy marks the proxy as being unhealthy
type ListAuthorizationsReply ¶
type ListAuthorizationsReply struct {
AuthList []GetAuthorizationReply
}
ListAuthorizationsReply message is received from List*Authorizations operation.
Fields:
AuthList: slice of GetAuthorizationReply structures Error: error encountered during operation, if any
type LoginResponse ¶
type LoginResponse struct {
Token string `json:"token"`
}
LoginResponse holds the token returned upon successful login.
type NetmasterHealthCheckResponse ¶
type NetmasterHealthCheckResponse struct { Status string `json:"status"` // if netmaster is up and working, there's no "reason" for it to be unhealthy Reason string `json:"reason,omitempty"` // if we can't reach netmaster, we won't have a version Version string `json:"version,omitempty"` }
NetmasterHealthCheckResponse represents our netmaster's health and version info.
func (*NetmasterHealthCheckResponse) MarkHealthy ¶
func (nhcr *NetmasterHealthCheckResponse) MarkHealthy(version string)
MarkHealthy marks netmaster as being healthy and running the specified version
func (*NetmasterHealthCheckResponse) MarkUnhealthy ¶
func (nhcr *NetmasterHealthCheckResponse) MarkUnhealthy(reason string)
MarkUnhealthy marks netmaster as being unhealthy
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server represents a proxy server which can be running.
func (*Server) DisableKeepalives ¶
func (s *Server) DisableKeepalives()
DisableKeepalives turns off keepalives for the proxy. This should only be needed for testing because of the tight constraints around start/stopping and the problems that hanging connections can cause.
func (*Server) Init ¶
func (s *Server) Init()
Init initializes anything the server requires before it can be used.
func (*Server) ProxyRequest ¶
func (s *Server) ProxyRequest(w http.ResponseWriter, req *http.Request) (*http.Response, []byte, error)
ProxyRequest takes a HTTP request we've received, duplicates it, adds a few request headers, and sends the duplicated request to netmaster. It returns the response + the response's body.
type VersionResponse ¶
type VersionResponse struct {
Version string `json:"version"`
}
VersionResponse represents a response from the /version endpoint