service

package

v4.14.2 Latest Latest Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/AthenZ/authorization-proxy

Links

Open Source Insights

Documentation ¶

Overview ¶

Package service manages the main logic of Authorization Proxy. It contains a token updater to periodically update the N-token for communicating with Athenz, and policy updater to periodically update Athenz policy, and athenz config updater to periodically updater Athenz Data.

Index ¶

Constants
Variables
func NewTLSConfig(cfg config.TLS) (*tls.Config, error)
func NewX509CertPool(path string) (*x509.CertPool, error)
type Authorizationd
type AuthorizerdMock
type Option
type ResponseWriterMock
type Server
- func NewServer(opts ...Option) (Server, error)
type ServerMock
- func (sm *ServerMock) ListenAndServe(ctx context.Context) <-chan []error
type TLSCertificateCache
- func NewTLSConfigWithTLSCertificateCache(cfg config.TLS) (*tls.Config, *TLSCertificateCache, error)
- func (tcc *TLSCertificateCache) RefreshCertificate(ctx context.Context) error

Constants ¶

View Source

const (
	// ContentType represents a HTTP header name "Content-Type"
	ContentType = "Content-Type"

	// TextPlain represents a HTTP content type "text/plain"
	TextPlain = "text/plain"

	// CharsetUTF8 represents a UTF-8 charset for HTTP response "charset=UTF-8"
	CharsetUTF8 = "charset=UTF-8"
)

Variables ¶

View Source

var ErrContextClosed = errors.New("context Closed")

ErrContextClosed represents a error that the context is closed

Functions ¶

func NewTLSConfig ¶

func NewTLSConfig(cfg config.TLS) (*tls.Config, error)

NewTLSConfig returns a *tls.Config struct or error. It reads TLS configuration and initializes *tls.Config struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will read from files from file paths defined in environment variables.

func NewX509CertPool ¶

func NewX509CertPool(path string) (*x509.CertPool, error)

NewX509CertPool returns *x509.CertPool struct or error. The CertPool will read the certificate from the path, and append the content to the system certificate pool.

Types ¶

type Authorizationd ¶

type Authorizationd interface {
	authorizer.Authorizerd
}

Authorizationd represents the authorization daemon to do the authorization check.

type AuthorizerdMock ¶

type AuthorizerdMock struct {
	InitFunc              func(context.Context) error
	StartFunc             func(context.Context) <-chan error
	VerifyFunc            func(r *http.Request, act, res string) (authorizerd.Principal, error)
	VerifyAccessTokenFunc func(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)
	VerifyRoleTokenFunc   func(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)
	VerifyRoleJWTFunc     func(ctx context.Context, tok, act, res string) error
	VerifyRoleCertFunc    func(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)
	GetPolicyCacheFunc    func(ctx context.Context) map[string]interface{}
}

AuthorizerdMock is a mock of Authorizerd

func (*AuthorizerdMock) Authorize ¶

func (am *AuthorizerdMock) Authorize(r *http.Request, act, res string) (authorizerd.Principal, error)

Authorize is a mock implementation of Authorizerd.Authorize

func (*AuthorizerdMock) AuthorizeAccessToken ¶

func (am *AuthorizerdMock) AuthorizeAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) (authorizerd.Principal, error)

AuthorizeAccessToken is a mock implementation of Authorizerd.AuthorizeAccessToken

func (*AuthorizerdMock) AuthorizeRoleCert ¶

func (am *AuthorizerdMock) AuthorizeRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) (authorizerd.Principal, error)

AuthorizeRoleCert is a mock implementation of Authorizerd.AuthorizeRoleCert

func (*AuthorizerdMock) AuthorizeRoleToken ¶

func (am *AuthorizerdMock) AuthorizeRoleToken(ctx context.Context, tok, act, res string) (authorizerd.Principal, error)

AuthorizeRoleToken is a mock implementation of Authorizerd.AuthorizeRoleToken

func (*AuthorizerdMock) GetPolicyCache ¶

func (am *AuthorizerdMock) GetPolicyCache(ctx context.Context) map[string]interface{}

GetPolicyCache is a mock implementation of Authorizerd.GetPolicyCache

func (*AuthorizerdMock) Init ¶

func (am *AuthorizerdMock) Init(ctx context.Context) error

Init is a mock implementation of Authorizerd.Init

func (*AuthorizerdMock) Start ¶

func (am *AuthorizerdMock) Start(ctx context.Context) <-chan error

Start is a mock implementation of Authorizerd.Start

func (*AuthorizerdMock) Verify ¶

func (am *AuthorizerdMock) Verify(r *http.Request, act, res string) error

Verify is a mock implementation of Authorizerd.Verify

func (*AuthorizerdMock) VerifyAccessToken ¶

func (am *AuthorizerdMock) VerifyAccessToken(ctx context.Context, tok, act, res string, cert *x509.Certificate) error

VerifyAccessToken is a mock implementation of Authorizerd.VerifyAccessToken

func (*AuthorizerdMock) VerifyRoleCert ¶

func (am *AuthorizerdMock) VerifyRoleCert(ctx context.Context, peerCerts []*x509.Certificate, act, res string) error

VerifyRoleCert is a mock implementation of Authorizerd.VerifyRoleCert

func (*AuthorizerdMock) VerifyRoleJWT ¶

func (am *AuthorizerdMock) VerifyRoleJWT(ctx context.Context, tok, act, res string) error

VerifyRoleJWT is a mock implementation of Authorizerd.VerifyRoleJWT

func (*AuthorizerdMock) VerifyRoleToken ¶

func (am *AuthorizerdMock) VerifyRoleToken(ctx context.Context, tok, act, res string) error

VerifyRoleToken is a mock implementation of Authorizerd.VerifyRoleToken

type Option ¶

type Option func(*server)

Option represents a functional option

func WithDebugHandler ¶

func WithDebugHandler(h http.Handler) Option

WithDebugHandler returns a DebugHandler functional option

func WithGRPCCloser ¶

func WithGRPCCloser(c io.Closer) Option

WithGRPCCloser returns a gRPC closer functional option

func WithGRPCHandler ¶

func WithGRPCHandler(h grpc.StreamHandler) Option

WithGRPCHandler returns a gRPC Handler functional option

func WithGRPCServer ¶

func WithGRPCServer(srv *grpc.Server) Option

WithGRPCServer returns a gRPC Server functional option

func WithRestHandler ¶

func WithRestHandler(h http.Handler) Option

WithRestHandler returns a Rest Handler functional option

func WithServerConfig ¶

func WithServerConfig(cfg config.Server) Option

WithServerConfig returns a ServerConfig functional option

func WithTLSConfig ¶ added in v4.10.0

func WithTLSConfig(t *tls.Config) Option

WithTLSConfig returns a TLS Config functional option

type ResponseWriterMock ¶

type ResponseWriterMock struct {
	// contains filtered or unexported fields
}

ResponseWriterMock is a mock of ResponseWriter

func (rw *ResponseWriterMock) Header() http.Header

Header is a mock implementation of ResponseWriter.Header

func (*ResponseWriterMock) Write ¶

func (rw *ResponseWriterMock) Write(buf []byte) (int, error)

Write is a mock implementation of ResponseWriter.Write

func (*ResponseWriterMock) WriteHeader ¶

func (rw *ResponseWriterMock) WriteHeader(code int)

WriteHeader is a mock implementation of ResponseWriter.WriteHeader

type Server ¶

type Server interface {
	ListenAndServe(context.Context) <-chan []error
}

Server represents a authorization proxy server behavior

func NewServer ¶

func NewServer(opts ...Option) (Server, error)

NewServer returns a Server interface, which includes authorization proxy server and health check server structs. The authorization proxy server is a http.Server instance, which the port number is read from "config.Server.Port" , and set the handler as this function argument "handler".

The health check server is a http.Server instance, which the port number is read from "config.Server.HealthCheck.Port" , and the handler is as follow - Handle HTTP GET request and always return HTTP Status OK (200) response.

type ServerMock ¶

type ServerMock struct {
	ListenAndServeFunc func(context.Context) <-chan []error
}

ServerMock is a mock of Server

func (*ServerMock) ListenAndServe ¶

func (sm *ServerMock) ListenAndServe(ctx context.Context) <-chan []error

ListenAndServe is a mock implementation of Server.ListenAndServe

type TLSCertificateCache ¶ added in v4.10.0

type TLSCertificateCache struct {
	// contains filtered or unexported fields
}

TLSCertificateCache caches a certificate

func NewTLSConfigWithTLSCertificateCache ¶ added in v4.10.0

func NewTLSConfigWithTLSCertificateCache(cfg config.TLS) (*tls.Config, *TLSCertificateCache, error)

NewTLSConfigWithTLSCertificateCache returns a *tls.Config/*TLSCertificateCache struct or error. cfg.CertRefreshPeriod is set(cert refresh enable), returns TLSCertificateCache: not nil / TLSConfig.GetCertificate: not nil / TLSConfig.Certificates: nil cfg.CertRefreshPeriod is not set(cert refresh disable), returns TLSCertificateCache: nil / TLSConfig.GetCertificate: nil / TLSConfig.Certificates: not nil It uses to enable the certificate auto-reload feature. It reads TLS configuration and initializes *tls.Config / *TLSCertificateCache struct. It initializes TLS configuration, for example the CA certificate and key to start TLS server. Server and CA Certificate, and private key will read from files from file paths defined in environment variables.

func (*TLSCertificateCache) RefreshCertificate ¶ added in v4.10.0

func (tcc *TLSCertificateCache) RefreshCertificate(ctx context.Context) error

RefreshCertificate refreshes the cached certificate asynchronously.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL