config

package
v1.0.1-0...-f351835 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2021 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AllowAccess        = "allow"
	DenyAccess         = "deny"
	DefaultTrustDomain = "public"
	DefaultNamespace   = "default"
	ActionPolicyApp    = "app"
	ActionPolicyGlobal = "global"
	SpiffeIDPrefix     = "spiffe://"
	HTTPProtocol       = "http"
	GRPCProtocol       = "grpc"
)

Variables

This section is empty.

Functions

func IsOperationAllowedByAccessControlPolicy 

func IsOperationAllowedByAccessControlPolicy(spiffeID *SpiffeID, srcAppID string, inputOperation string, httpVerb common.HTTPExtension_Verb, appProtocol string, accessControlList *AccessControlList) (bool, string)

IsOperationAllowedByAccessControlPolicy determines if access control policies allow the operation on the target app

Types

type AccessControlList 

type AccessControlList struct {
	DefaultAction string
	TrustDomain   string
	PolicySpec    map[string]AccessControlListPolicySpec
}

AccessControlList is an in-memory access control list config for fast lookup

func ParseAccessControlSpec 

func ParseAccessControlSpec(accessControlSpec AccessControlSpec, protocol string) (*AccessControlList, error)

ParseAccessControlSpec creates an in-memory copy of the Access Control Spec for fast lookup

type AccessControlListOperationAction 

type AccessControlListOperationAction struct {
	VerbAction       map[string]string
	OperationPostFix string
	OperationAction  string
}

AccessControlListOperationAction is an in-memory access control list config per operation for fast lookup

type AccessControlListPolicySpec 

type AccessControlListPolicySpec struct {
	AppName             string
	DefaultAction       string
	TrustDomain         string
	Namespace           string
	AppOperationActions map[string]AccessControlListOperationAction
}

AccessControlListPolicySpec is an in-memory access control list config per app for fast lookup

type AccessControlSpec 

type AccessControlSpec struct {
	DefaultAction string          `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain   string          `json:"trustDomain" yaml:"trustDomain"`
	AppPolicies   []AppPolicySpec `json:"policies" yaml:"policies"`
}

AccessControlSpec is the spec object in ConfigurationSpec

type AppOperation 

type AppOperation struct {
	Operation string   `json:"name" yaml:"name"`
	HTTPVerb  []string `json:"httpVerb" yaml:"httpVerb"`
	Action    string   `json:"action" yaml:"action"`
}

AppOperation defines the data structure for each app operation

type AppPolicySpec 

type AppPolicySpec struct {
	AppName             string         `json:"appId" yaml:"appId"`
	DefaultAction       string         `json:"defaultAction" yaml:"defaultAction"`
	TrustDomain         string         `json:"trustDomain" yaml:"trustDomain"`
	Namespace           string         `json:"namespace" yaml:"namespace"`
	AppOperationActions []AppOperation `json:"operations" yaml:"operations"`
}

AppPolicySpec defines the policy data structure for each app

type ApplicationConfig 

type ApplicationConfig struct {
	Entities []string `json:"entities"`
	// Duration. example: "1h"
	ActorIdleTimeout string `json:"actorIdleTimeout"`
	// Duration. example: "30s"
	ActorScanInterval string `json:"actorScanInterval"`
	// Duration. example: "30s"
	DrainOngoingCallTimeout string `json:"drainOngoingCallTimeout"`
	DrainRebalancedActors   bool   `json:"drainRebalancedActors"`
}

ApplicationConfig is an optional config supplied by user code.

type Configuration 

type Configuration struct {
	metav1.TypeMeta `json:",inline" yaml:",inline"`
	// See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`
	// See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
	Spec ConfigurationSpec `json:"spec" yaml:"spec"`
}

Configuration is an internal (and duplicate) representation of Dapr's Configuration CRD.

func LoadDefaultConfiguration 

func LoadDefaultConfiguration() *Configuration

LoadDefaultConfiguration returns the default config

func LoadKubernetesConfiguration 

func LoadKubernetesConfiguration(config, namespace string, operatorClient operatorv1pb.OperatorClient) (*Configuration, error)

LoadKubernetesConfiguration gets configuration from the Kubernetes operator with a given name

func LoadStandaloneConfiguration 

func LoadStandaloneConfiguration(config string) (*Configuration, string, error)

LoadStandaloneConfiguration gets the path to a config file and loads it into a configuration

type ConfigurationSpec 

type ConfigurationSpec struct {
	HTTPPipelineSpec  PipelineSpec      `json:"httpPipeline,omitempty" yaml:"httpPipeline,omitempty"`
	TracingSpec       TracingSpec       `json:"tracing,omitempty" yaml:"tracing,omitempty"`
	MTLSSpec          MTLSSpec          `json:"mtls,omitempty"`
	MetricSpec        MetricSpec        `json:"metric,omitempty" yaml:"metric,omitempty"`
	Secrets           SecretsSpec       `json:"secrets,omitempty" yaml:"secrets,omitempty"`
	AccessControlSpec AccessControlSpec `json:"accessControl,omitempty" yaml:"accessControl,omitempty"`
}

type HandlerSpec 

type HandlerSpec struct {
	Name         string       `json:"name" yaml:"name"`
	Type         string       `json:"type" yaml:"type"`
	Version      string       `json:"version" yaml:"version"`
	SelectorSpec SelectorSpec `json:"selector,omitempty" yaml:"selector,omitempty"`
}

type MTLSSpec 

type MTLSSpec struct {
	Enabled          bool   `json:"enabled"`
	WorkloadCertTTL  string `json:"workloadCertTTL"`
	AllowedClockSkew string `json:"allowedClockSkew"`
}

type MetricSpec 

type MetricSpec struct {
	Enabled bool `json:"enabled" yaml:"enabled"`
}

MetricSpec configuration for metrics

type PipelineSpec 

type PipelineSpec struct {
	Handlers []HandlerSpec `json:"handlers" yaml:"handlers"`
}

type SecretsScope 

type SecretsScope struct {
	DefaultAccess  string   `json:"defaultAccess,omitempty" yaml:"defaultAccess,omitempty"`
	StoreName      string   `json:"storeName" yaml:"storeName"`
	AllowedSecrets []string `json:"allowedSecrets,omitempty" yaml:"allowedSecrets,omitempty"`
	DeniedSecrets  []string `json:"deniedSecrets,omitempty" yaml:"deniedSecrets,omitempty"`
}

SecretsScope defines the scope for secrets

func (SecretsScope) IsSecretAllowed 

func (c SecretsScope) IsSecretAllowed(key string) bool

Check if the secret is allowed to be accessed.

type SecretsSpec 

type SecretsSpec struct {
	Scopes []SecretsScope `json:"scopes"`
}

type SelectorField 

type SelectorField struct {
	Field string `json:"field" yaml:"field"`
	Value string `json:"value" yaml:"value"`
}

type SelectorSpec 

type SelectorSpec struct {
	Fields []SelectorField `json:"fields" yaml:"fields"`
}

type SpiffeID 

type SpiffeID struct {
	TrustDomain string
	Namespace   string
	AppID       string
}

SpiffeID represents the separated fields in a spiffe id

func GetAndParseSpiffeID 

func GetAndParseSpiffeID(ctx context.Context) (*SpiffeID, error)

GetAndParseSpiffeID retrieves the SPIFFE Id from the cert and parses it

type TracingSpec 

type TracingSpec struct {
	SamplingRate string     `json:"samplingRate" yaml:"samplingRate"`
	Stdout       bool       `json:"stdout" yaml:"stdout"`
	Zipkin       ZipkinSpec `json:"zipkin" yaml:"zipkin"`
}

type ZipkinSpec 

type ZipkinSpec struct {
	EndpointAddress string `json:"endpointAddress" yaml:"endpointAddress"`
}

ZipkinSpec defines Zipkin trace configurations

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.