Documentation
¶
Index ¶
- Constants
- func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)
- func DecodeToMap(s *pb.Struct) map[string]interface{}
- func LoadPrivateKey(privateKeyBytes []byte) (*rsa.PrivateKey, error)
- func NewToken(jwtExpiration time.Duration) (jwt.Token, error)
- func NoAuthPUTRoundTripper() http.RoundTripper
- func ReadProperties(reader io.Reader) (map[string]string, error)
- func SignJWT(t jwt.Token, method jwa.SignatureAlgorithm, key interface{}, kid string) ([]byte, error)
- func WriteProperties(writer io.Writer, props map[string]string) error
- type AccessLogServer
- type AnalyticsConfig
- type AuthConfig
- type AuthManager
- type AuthorizationServer
- type Config
- type ConfigMapCRD
- type GlobalConfig
- type Handler
- type JWTAuthManager
- type KubeHealth
- type Metadata
- type ProductsConfig
- type SecretCRD
- type StaticAuthManager
- type TLSClientConfig
- type TLSListenerConfig
- type TenantConfig
Constants ¶
View Source
const ( // LegacySaaSInternalBase is the internal API used for auth and analytics LegacySaaSInternalBase = "https://istioservices.apigee.net/edgemicro" // GCPExperienceBase is the default management API URL for GCP Experience GCPExperienceBase = "https://apigee.googleapis.com" // ServiceAccount is the json file with application credentials ServiceAccount = "client_secret.json" // DefaultAnalyticsSecretPath is the default path the analytics credentials directory DefaultAnalyticsSecretPath = "/analytics-secret" ApigeeAPIScope = "https://www.googleapis.com/auth/cloud-platform" // scope Apigee API needs )
View Source
const ( SecretJWKSKey = "remote-service.crt" // hybrid treats .crt as blob SecretPrivateKey = "remote-service.key" // private key SecretPropsKey = "remote-service.properties" // java properties format: %s=%s SecretPropsKIDKey = "kid" )
note: hybrid forces these specific file extensions! https://docs.apigee.com/hybrid/v1.2/k8s-secrets
View Source
const (
// PEMKeyType is the type of privateKey in the PEM file
PEMKeyType = "RSA PRIVATE KEY"
)
Variables ¶
This section is empty.
Functions ¶
func AuthorizationRoundTripper ¶
func AuthorizationRoundTripper(config *Config, next http.RoundTripper) (http.RoundTripper, error)
AuthorizationRoundTripper adds an authorization header to any handled request
func DecodeToMap ¶
DecodeToMap converts a pb.Struct to a map from strings to Go types. DecodeToMap panics if s is invalid.
func LoadPrivateKey ¶
func LoadPrivateKey(privateKeyBytes []byte) (*rsa.PrivateKey, error)
func NoAuthPUTRoundTripper ¶
func NoAuthPUTRoundTripper() http.RoundTripper
NoAuthPUTRoundTripper enables a http client to get rid of the authorization header in any PUT request, specifically used by the GCP managed analytics client to remove the header generated by the token source, which would otherwise interfere with the PUT request to the signed URL.
func ReadProperties ¶
ReadProperties reads Java-style %s=%s properties (no escaping)
Types ¶
type AccessLogServer ¶
type AccessLogServer struct {
// contains filtered or unexported fields
}
AccessLogServer server
func (*AccessLogServer) StreamAccessLogs ¶
func (a *AccessLogServer) StreamAccessLogs(srv als.AccessLogService_StreamAccessLogsServer) error
StreamAccessLogs streams
type AnalyticsConfig ¶
type AnalyticsConfig struct {
LegacyEndpoint bool `yaml:"legacy_endpoint,omitempty" json:"legacy_endpoint,omitempty"`
FileLimit int `yaml:"file_limit,omitempty" json:"file_limit,omitempty"`
SendChannelSize int `yaml:"send_channel_size,omitempty" json:"send_channel_size,omitempty"`
CollectionInterval time.Duration `yaml:"collection_interval,omitempty" json:"collection_interval,omitempty"`
CredentialsJSON []byte `yaml:"-" json:"-"`
Credentials *google.Credentials `yaml:"-" json:"-"`
}
AnalyticsConfig is analytics-related config
type AuthConfig ¶
type AuthConfig struct {
APIKeyClaim string `yaml:"api_key_claim,omitempty" json:"api_key_claim,omitempty"`
APIKeyCacheDuration time.Duration `yaml:"api_key_cache_duration,omitempty" json:"api_key_cache_duration,omitempty"`
APIKeyHeader string `yaml:"api_key_header,omitempty" json:"api_key_header,omitempty"`
APIHeader string `yaml:"api_header,omitempty" json:"api_header,omitempty"`
JWTProviderKey string `yaml:"jwt_provider_key,omitempty" json:"jwt_provider_key,omitempty"`
AppendMetadataHeaders bool `yaml:"append_metadata_headers,omitempty" json:"append_metadata_headers,omitempty"`
}
AuthConfig is auth-related config
type AuthManager ¶
type AuthManager interface {
// contains filtered or unexported methods
}
AuthManager maintains an authorization header value
func NewAuthManager ¶
func NewAuthManager(config *Config) (AuthManager, error)
NewAuthManager creates an auth manager
type AuthorizationServer ¶
type AuthorizationServer struct {
// contains filtered or unexported fields
}
AuthorizationServer server
func (*AuthorizationServer) Check ¶
func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.CheckRequest) (*envoy_auth.CheckResponse, error)
Check does check
type Config ¶
type Config struct {
Global GlobalConfig `yaml:"global,omitempty" json:"global,omitempty"`
Tenant TenantConfig `yaml:"tenant,omitempty" json:"tenant,omitempty"`
Products ProductsConfig `yaml:"products,omitempty" json:"products,omitempty"`
Analytics AnalyticsConfig `yaml:"analytics,omitempty" json:"analytics,omitempty"`
Auth AuthConfig `yaml:"auth,omitempty" json:"auth,omitempty"`
}
Config is all config
func (*Config) IsApigeeManaged ¶
IsApigeeManaged is true for legacy SaaS
func (*Config) IsGCPManaged ¶
IsGCPManaged is true for hybrid and NG SaaS
type ConfigMapCRD ¶
type ConfigMapCRD struct {
APIVersion string `yaml:"apiVersion"`
Kind string `yaml:"kind"`
Metadata Metadata `yaml:"metadata"`
Data map[string]string `yaml:"data"`
}
ConfigMapCRD is a CRD for ConfigMap
type GlobalConfig ¶
type GlobalConfig struct {
APIAddress string `yaml:"api_address,omitempty" json:"api_address,omitempty"`
MetricsAddress string `yaml:"metrics_address,omitempty" json:"metrics_address,omitempty"`
TempDir string `yaml:"temp_dir,omitempty" json:"temp_dir,omitempty"`
KeepAliveMaxConnectionAge time.Duration `yaml:"keep_alive_max_connection_age,omitempty" json:"keep_alive_max_connection_age,omitempty"`
TLS TLSListenerConfig `yaml:"tls,omitempty" json:"tls,omitempty"`
Namespace string `yaml:"-" json:"-"`
}
GlobalConfig is global configuration for the server
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
A Handler is the main entry
func (*Handler) Environment ¶
Environment is the tenant environment (or "*" for multitenant)
func (*Handler) InternalAPI ¶
InternalAPI is the internal api base (legacy)
func (*Handler) Organization ¶
Organization is the tenant organization
func (*Handler) RemoteServiceAPI ¶
RemoteServiceAPI is the remote service base
type JWTAuthManager ¶
type JWTAuthManager struct {
// contains filtered or unexported fields
}
JWTAuthManager creates and maintains a current JWT token
type KubeHealth ¶
type KubeHealth struct {
Handler *Handler
Health *health.Server
// contains filtered or unexported fields
}
func NewKubeHealth ¶
func NewKubeHealth(handler *Handler, health *health.Server) *KubeHealth
func (*KubeHealth) HandlerFunc ¶
func (h *KubeHealth) HandlerFunc() http.HandlerFunc
KubeHealth returns http.HandlerFunc for endpoint
type ProductsConfig ¶
type ProductsConfig struct {
RefreshRate time.Duration `yaml:"refresh_rate,omitempty" json:"refresh_rate,omitempty"`
}
ProductsConfig is products-related config
type SecretCRD ¶
type SecretCRD struct {
APIVersion string `yaml:"apiVersion"`
Kind string `yaml:"kind"`
Metadata Metadata `yaml:"metadata"`
Type string `yaml:"type,omitempty"`
Data map[string]string `yaml:"data"`
}
SecretCRD is a CRD for Secret
type StaticAuthManager ¶
type StaticAuthManager struct {
// contains filtered or unexported fields
}
StaticAuthManager just returns a static auth
type TLSClientConfig ¶
type TLSClientConfig struct {
CAFile string `yaml:"ca_file,omitempty" json:"ca_file,omitempty"`
KeyFile string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
CertFile string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
AllowUnverifiedSSLCert bool `yaml:"allow_unverified_ssl_cert,omitempty" json:"allow_unverified_ssl_cert,omitempty"`
}
TLSClientConfig is mtls configuration
type TLSListenerConfig ¶
type TLSListenerConfig struct {
KeyFile string `yaml:"key_file,omitempty" json:"key_file,omitempty"`
CertFile string `yaml:"cert_file,omitempty" json:"cert_file,omitempty"`
}
TLSListenerConfig is tls configuration
type TenantConfig ¶
type TenantConfig struct {
InternalAPI string `yaml:"internal_api,omitempty" json:"internal_api,omitempty"`
RemoteServiceAPI string `yaml:"remote_service_api" json:"remote_service_api"`
OrgName string `yaml:"org_name" json:"org_name"`
EnvName string `yaml:"env_name" json:"env_name"`
Key string `yaml:"key,omitempty" json:"key,omitempty"`
Secret string `yaml:"secret,omitempty" json:"secret,omitempty"`
ClientTimeout time.Duration `yaml:"client_timeout,omitempty" json:"client_timeout,omitempty"`
TLS TLSClientConfig `yaml:"tls,omitempty" json:"tls,omitempty"`
PrivateKey *rsa.PrivateKey `yaml:"-" json:"-"`
PrivateKeyID string `yaml:"-" json:"-"`
JWKS jwk.Set `yaml:"-" json:"-"`
InternalJWTDuration time.Duration `yaml:"-" json:"-"`
InternalJWTRefresh time.Duration `yaml:"-" json:"-"`
}
TenantConfig is config relating to an Apigee tentant
func (*TenantConfig) IsMultitenant ¶
func (t *TenantConfig) IsMultitenant() bool
Source Files
Click to show internal directories.
Click to hide internal directories.