Documentation ¶
Index ¶
Constants ¶
const ( PolicyScopeVhost = "listener" PolicyScopeAPIProduct = "apiproduct" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Chain ¶
type Chain struct { // Request information Request *request.Request // contains filtered or unexported fields }
Chain holds the input to evaluating a series of policies
func NewChain ¶
func NewChain(r *request.Request, scope string, config *ChainConfig) *Chain
NewChain returns a new Chain object
func (Chain) Evaluate ¶
func (p Chain) Evaluate() *ChainOutcome
Evaluate invokes all policy functions one by one, to: - check whether call should be allowed or reject - set HTTP response payload message - set additional upstream headers
type ChainConfig ¶
type ChainConfig struct {
// contains filtered or unexported fields
}
ChainConfig hold chain policy configuration
type ChainOutcome ¶
type ChainOutcome struct { // If true the request was Authenticated, subsequent policies should be evaluated Authenticated bool // If true the request should be Denied, no further policy evaluations required Denied bool // Statuscode to use when denying a request DeniedStatusCode int // Message to return when denying a request DeniedMessage string // Additional HTTP headers to set when forwarding to upstream UpstreamHeaders map[string]string // Dynamic metadata to set when forwarding to subsequent envoyproxy filter UpstreamDynamicMetadata map[string]string }
ChainOutcome holds the output of a policy chain evaluation
type Geoip ¶
type Geoip struct { Database string // contains filtered or unexported fields }
Geoip hold our configuration
func OpenGeoipDatabase ¶
OpenGeoipDatabase opens a Maxmind geoip database
type Policy ¶
type Policy struct { // Request information Request *request.Request // Current state of policy evaluation *ChainOutcome // contains filtered or unexported fields }
Policy holds input to be to evaluate one policy
func NewPolicy ¶
func NewPolicy(config *ChainConfig) *Policy
NewPolicy returns a new Policy instance
func (*Policy) CheckProductEntitlement ¶
CheckProductEntitlement loads developer, dev app, apiproduct details, as input request.apikey must be set
func (*Policy) IsPathAllowed ¶
func (p *Policy) IsPathAllowed( organizationName, requestPath string, key *types.Key) (*types.APIProduct, error)
IsPathAllowed checks whether paths is allowed by apikey, this means the apikey needs to contain a product that matchs the request path
type Response ¶
type Response struct { // If true the request was Authenticated, subsequent policies should be evaluated Authenticated bool // If true the request should be Denied, no further policy evaluations required Denied bool // Statuscode to use when denying a request DeniedStatusCode int // Message to return when denying a request DeniedMessage string // Additional HTTP Headers to set when forwarding to upstream Headers map[string]string // Dynamic Metadata to set when forwarding to subsequent envoyproxy filter Metadata map[string]string }
Response holds output of policy evaluation