policy

package

v0.0.0-...-cd00529 Latest Latest Go to latest Published: Jul 9, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/erikbos/gatekeeper

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type Chain
- func NewChain(r *request.Request, scope string, config *ChainConfig) *Chain
- func (p Chain) Evaluate() *ChainOutcome
type ChainConfig
- func NewChainConfig(db *db.Database, oauth *oauth.Server, geo *Geoip, metrics *metrics.Metrics, ...) *ChainConfig
type ChainOutcome
type Geoip
- func OpenGeoipDatabase(filename string) (*Geoip, error)
- func (g *Geoip) GetCountryAndState(ipaddress net.IP) (string, string)
type Policy
- func NewPolicy(config *ChainConfig) *Policy
type Response

Constants ¶

View Source

const (
	PolicyScopeVhost      = "listener"
	PolicyScopeAPIProduct = "apiproduct"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Chain ¶

type Chain struct {

	// Request information
	Request *request.Request
	// contains filtered or unexported fields
}

Chain holds the input to evaluating a series of policies

func NewChain ¶

func NewChain(r *request.Request, scope string, config *ChainConfig) *Chain

NewChain returns a new Chain object

func (Chain) Evaluate ¶

func (p Chain) Evaluate() *ChainOutcome

Evaluate invokes all policy functions one by one, to: - check whether call should be allowed or reject - set HTTP response payload message - set additional upstream headers

type ChainConfig ¶

type ChainConfig struct {
	// contains filtered or unexported fields
}

ChainConfig hold chain policy configuration

func NewChainConfig ¶

func NewChainConfig(db *db.Database, oauth *oauth.Server, geo *Geoip,
	metrics *metrics.Metrics, logger *zap.Logger) *ChainConfig

NewChainConfig returns a ChainConfig object holding policy configuration

type ChainOutcome ¶

type ChainOutcome struct {
	// If true the request was Authenticated, subsequent policies should be evaluated
	Authenticated bool
	// If true the request should be Denied, no further policy evaluations required
	Denied bool
	// Statuscode to use when denying a request
	DeniedStatusCode int
	// Message to return when denying a request
	DeniedMessage string
	// Additional HTTP headers to set when forwarding to upstream
	UpstreamHeaders map[string]string
	// Dynamic metadata to set when forwarding to subsequent envoyproxy filter
	UpstreamDynamicMetadata map[string]string
}

ChainOutcome holds the output of a policy chain evaluation

type Geoip ¶

type Geoip struct {
	Database string
	// contains filtered or unexported fields
}

Geoip hold our configuration

func OpenGeoipDatabase ¶

func OpenGeoipDatabase(filename string) (*Geoip, error)

OpenGeoipDatabase opens a Maxmind geoip database

func (*Geoip) GetCountryAndState ¶

func (g *Geoip) GetCountryAndState(ipaddress net.IP) (string, string)

GetCountryAndState returns country and state of the location of an ip address

type Policy ¶

type Policy struct {

	// Request information
	Request *request.Request

	// Current state of policy evaluation
	*ChainOutcome
	// contains filtered or unexported fields
}

Policy holds input to be to evaluate one policy

func NewPolicy ¶

func NewPolicy(config *ChainConfig) *Policy

NewPolicy returns a new Policy instance

func (*Policy) CheckProductEntitlement ¶

func (p *Policy) CheckProductEntitlement(request *request.Request) error

CheckProductEntitlement loads developer, dev app, apiproduct details, as input request.apikey must be set

func (*Policy) Evaluate ¶

func (p *Policy) Evaluate(policy string, request *request.Request) *Response

Evaluate executes single policy statement

func (*Policy) IsPathAllowed ¶

func (p *Policy) IsPathAllowed(
	organizationName, requestPath string, key *types.Key) (*types.APIProduct, error)

IsPathAllowed checks whether paths is allowed by apikey, this means the apikey needs to contain a product that matchs the request path

type Response ¶

type Response struct {
	// If true the request was Authenticated, subsequent policies should be evaluated
	Authenticated bool
	// If true the request should be Denied, no further policy evaluations required
	Denied bool
	// Statuscode to use when denying a request
	DeniedStatusCode int
	// Message to return when denying a request
	DeniedMessage string
	// Additional HTTP Headers to set when forwarding to upstream
	Headers map[string]string
	// Dynamic Metadata to set when forwarding to subsequent envoyproxy filter
	Metadata map[string]string
}

Response holds output of policy evaluation

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL