proxyservice

package

v1.7.11 Latest Latest Go to latest Published: Apr 29, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cyberark/secretless-broker

Links

Open Source Insights

Documentation ¶

Overview ¶

Package proxyservice takes a Secretless configuration and available plugins and constructs the requires ProxyServices that Secretless will run.

To put this in context, the complete high-level flow is:

Parse the `secretless.yml` into individual “service” configs, corresponding to each service entry in the yml.
Identify http services that share a `listenOn`, because we know those will all be part of a single “http proxy service” that uses traffic routing within it to delegate to the subservice connectors.
So now we have the http service's `listenOn` and all the “subservices” associated with it.
Each of those subservices needs two things: a connector (which knows how to authenticate requests) and a way to get the current credentials at runtime.
Now note the signature of the connector itself just looks like this:
type Connector func(request *http.Request, secrets plugin.SecretsByID) error
So it is the responsibility of the proxy service to actually fetch the credentials. So what does the proxy service need for each of those subservices? Precisely this:
type HTTPSubService struct { connector http.Connector, retrieveCredentials internal.CredentialsRetriever, }
Putting all the together, here’s what we need to construct a new http proxy service:
func NewProxyService( subservices []HTTPSubService, sharedListener net.Listener, logger log.Logger, ) (internal.Service, error) {

One fine point that’s not be obvious: Each of the subservice connectors gets created with its own custom logger, but those A. those aren’t accessible to the proxy service itself and B. even if they were, we’d want to explicitly pass the logger to be clear about this is a dependency of the proxy service itself and C. the proxy service’s logger should have a different prefix than those of the more specific subservices. So that’s why we’re passing the logger too.

TODO: Add a principled explanation about how logging is working.

Eg, when do we return errors, when is it fatal?  what do we log, everything?

Index ¶

func NewProxyServices(cfg v2.Config, availPlugins plugin2.AvailablePlugins, logger logapi.Logger, ...) internal.Service

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewProxyServices ¶

func NewProxyServices(
	cfg v2.Config,
	availPlugins plugin2.AvailablePlugins,
	logger logapi.Logger,
	evtNotifier v1.EventNotifier,
) internal.Service

NewProxyServices returns a new ProxyServices instance. TODO: Reconsider the Resolver design so it's exactly what we need for the new code. TODO: v1.Provider options should be an interface

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL