auth

package

v0.17.2 Latest Latest Go to latest Published: Mar 25, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kuadrant/authorino

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthConfigCleaner
type AuthConfigEvaluator
type AuthCredential
- func NewAuthCredential(selector string, location string) *AuthCredential
type AuthCredentials
type AuthPipeline
type AuthResult
- func (result *AuthResult) Success() bool
type ConditionalEvaluator
type IdentityConfigEvaluator
type K8sSecretBasedIdentityConfigEvaluator
type NamedEvaluator
type Prioritizable
type ResponseConfigEvaluator
type TypedEvaluator
type WristbandIssuer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthConfigCleaner ¶

type AuthConfigCleaner interface {
	// Clean is used to give the different auth configs chance to clean up anything internal to that config
	Clean(context.Context) error
}

type AuthConfigEvaluator ¶

type AuthConfigEvaluator interface {
	Call(AuthPipeline, context.Context) (interface{}, error)
}

AuthConfigEvaluator interface represents the configuration pieces of Identity, Metadata and Authorization

type AuthCredential ¶

type AuthCredential struct {
	KeySelector string `yaml:"keySelector"`
	In          string `yaml:"in"`
}

AuthCredential struct implements the AuthCredentials interface

func NewAuthCredential ¶

func NewAuthCredential(selector string, location string) *AuthCredential

NewAuthCredential creates a new instance of AuthCredential

func (*AuthCredential) BuildRequestWithCredentials ¶

func (c *AuthCredential) BuildRequestWithCredentials(ctx context.Context, endpoint string, method string, credentialValue string, body io.Reader) (*http.Request, error)

func (*AuthCredential) GetCredentialsFromReq ¶

func (c *AuthCredential) GetCredentialsFromReq(httpReq *envoy_auth.AttributeContext_HttpRequest) (string, error)

GetCredentialsFromReq will retrieve the secrets from a given location

func (*AuthCredential) GetCredentialsIn ¶

func (c *AuthCredential) GetCredentialsIn() string

func (*AuthCredential) GetCredentialsKeySelector ¶

func (c *AuthCredential) GetCredentialsKeySelector() string

type AuthCredentials ¶

type AuthCredentials interface {
	GetCredentialsFromReq(*envoy_auth.AttributeContext_HttpRequest) (string, error)
	GetCredentialsKeySelector() string
	GetCredentialsIn() string
	BuildRequestWithCredentials(ctx context.Context, endpoint string, method string, credentialValue string, body io.Reader) (*http.Request, error)
}

AuthCredentials interface represents the methods needed to fetch credentials from input

type AuthPipeline ¶

type AuthPipeline interface {
	Evaluate() AuthResult
	GetRequest() *envoy_auth.CheckRequest
	GetHttp() *envoy_auth.AttributeContext_HttpRequest
	GetAPI() interface{}
	GetResolvedIdentity() (interface{}, interface{})
	GetAuthorizationJSON() string
}

type AuthResult ¶

type AuthResult struct {
	// Code is gRPC response code to the auth check
	Code rpc.Code `json:"code,omitempty"`
	// Status is HTTP status code to override the default mapping between gRPC response codes and HTTP status messages
	// for auth
	Status envoy_type.StatusCode `json:"status,omitempty"`
	// Message is X-Ext-Auth-Reason message returned in an injected HTTP response header, to explain the reason of the
	// auth check result
	Message string `json:"message,omitempty"`
	// Headers are other HTTP headers to inject in the response
	Headers []map[string]string `json:"headers,omitempty"`
	// Metadata are Envoy dynamic metadata content
	Metadata map[string]interface{} `json:"metadata,omitempty"`
	// Body in the response of the request
	// auth check result
	Body string `json:"body,omitempty"`
}

AuthResult holds the result data for building the response to an auth check

func (*AuthResult) Success ¶

func (result *AuthResult) Success() bool

Success tells whether the auth check result was successful and therefore access can be granted to the requested resource or it has failed (deny access)

type ConditionalEvaluator ¶

type ConditionalEvaluator interface {
	GetConditions() jsonexp.Expression
}

type IdentityConfigEvaluator ¶

type IdentityConfigEvaluator interface {
	GetAuthCredentials() AuthCredentials
	GetOIDC() interface{}
	ResolveExtendedProperties(AuthPipeline) (interface{}, error)
}

type K8sSecretBasedIdentityConfigEvaluator ¶ added in v0.9.0

type K8sSecretBasedIdentityConfigEvaluator interface {
	GetK8sSecretLabelSelectors() labels.Selector
	AddK8sSecretBasedIdentity(context.Context, v1.Secret)
	RevokeK8sSecretBasedIdentity(context.Context, types.NamespacedName)
}

type NamedEvaluator ¶

type NamedEvaluator interface {
	GetName() string
}

type Prioritizable ¶

type Prioritizable interface {
	GetPriority() int
}

type ResponseConfigEvaluator ¶

type ResponseConfigEvaluator interface {
	NamedEvaluator
	GetWristbandIssuer() WristbandIssuer
}

type TypedEvaluator ¶

type TypedEvaluator interface {
	GetType() string
}

type WristbandIssuer ¶

type WristbandIssuer interface {
	AuthConfigEvaluator
	GetIssuer() string
	OpenIDConfig() (string, error)
	JWKS() (string, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mock_auth is a generated GoMock package.	Package mock_auth is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL