hpaas

module

v0.0.32 Latest Latest Go to latest Published: Jan 28, 2021 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/autom8ter/hpaas

Links

Open Source Insights

README ¶

hpaas

A secure platform as a service for easily deploying applications on Kubernetes with Helm charts

API Documentation

Features

Headless
Stateless
gRPC support
- protobuf schema
graphQL support /graphql
- graphQL schema
REST support /
- protobuf schema
Serve gRPC, graphQL, & REST on same port
Authentication - JWT/OAuth with remote JWKS verification
Authorization - Rego based Authorization engine
Direct Helm client integration
Autogenerated Client gRPC SDK's
- Go
- Javascript
- PHP
- Python
- Ruby
- C#
Structured Logging
Metrics Server(prometheus/pprof)

Helpful Links

Helm Docs

Command Line

hpaas -h
Usage of hpaas:
      --config string   path to config file (env: HPAAS_JWKS_URI) (default "hpaas.yaml")

Sample Config

# port to serve on. metrics server is started on this port+1
port: 8820
# enable debug logs
debug: true
# rego policy for authorization. inputs: input.claims(map), input.headers(map), input.request(map), input.method(string)
# caution - this one allows any request
rego_policy: |-
  package hpaas.authz

  default allow = true
# query the allow variable
rego_query: "data.hpaas.authz.allow"
# remote json web keys uri for verifying inbound JWTs
jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
# add list of helm repos to load at startup
repos:
  - name: "stable"
    url: "https://charts.helm.sh/stable"

Notes

graphQL API is served on :8820/graphql by default
gRPC API is served on :8820 by default
metrics server(prometheus/pprof) is served on :8821 by default
intended to be exposed publicly behind an SSL load balancer/ingress as an alternative to exposing your Kubernetes API
jwks uri is used to fetch public keys from a remote source in order to verify inbound JWTs - this is authentication
- if no jwks uri is provided, inbound jwt's will not be verified(insecure)
a rego policy may be added to the hpaas config in order to implement fine-grainded authorization
- if the rego policy is empty, a default allow-all policy will be used(insecure)
input attributes passed to the rego authorization policy on each client request include:
- input.claims(map) - the payload/claims of the inbound jwt
- input.headers(map)- the headers of the inbound request
- input.request(map) - the payload of the inbound request
- input.method(string) - the gRPC method of the inbound request

Directories ¶

Path	Synopsis
cmd
hpaas
gen
gql/go/generated
gql/go/model
grpc/go Package hpaaspb is a reverse proxy.	Package hpaaspb is a reverse proxy.
hpaas-client-go
internal
auth
config
gql
helpers
logger
service
version

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL