Documentation ¶
Index ¶
- func AddFlags(set *pflag.FlagSet)
- type HandlerWrapperBuilder
- func (b *HandlerWrapperBuilder) AddACLFile(value string) *HandlerWrapperBuilder
- func (b *HandlerWrapperBuilder) AddPublicPath(value string) *HandlerWrapperBuilder
- func (b *HandlerWrapperBuilder) Build() (result func(http.Handler) http.Handler, err error)
- func (b *HandlerWrapperBuilder) SetFlags(flags *pflag.FlagSet) *HandlerWrapperBuilder
- func (b *HandlerWrapperBuilder) SetLogger(value *slog.Logger) *HandlerWrapperBuilder
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type HandlerWrapperBuilder ¶
type HandlerWrapperBuilder struct {
// contains filtered or unexported fields
}
HandlerWrapperBuilder contains the data and logic needed to create a wrapper that knows how to convert an HTTP handler into another one that also performs authorization using the claims of the authenticated subject.
Don't create instances of this object directly, use the NewHandlerWrapper function instead.
func NewHandlerWrapper ¶
func NewHandlerWrapper() *HandlerWrapperBuilder
NewHandlerWrapper creates a builder that can then be configured and used to create authorization handler wrappers. This wrapper is a function that transforms an HTTP handler into another that performs authorization using the claims of the authenticated subject.
func (*HandlerWrapperBuilder) AddACLFile ¶
func (b *HandlerWrapperBuilder) AddACLFile(value string) *HandlerWrapperBuilder
AddACLFile adds a file that contains items of the access control list. This should be a YAML file with the following format:
claim: email pattern: ^.*@redhat\.com$
claim: sub pattern: ^f:b3f7b485-7184-43c8-8169-37bd6d1fe4aa:myuser$
The claim field is the name of the claim of the subject that will be checked. The pattern field is a regular expression. If the claim matches the regular expression then access will be allowed.
If the ACL is empty then access will be allowed to all subjects.
If the ACL has at least one item then access will be allowed only to subjects that match at least one of the items.
func (*HandlerWrapperBuilder) AddPublicPath ¶
func (b *HandlerWrapperBuilder) AddPublicPath(value string) *HandlerWrapperBuilder
AddPublicPath adds a regular expression that defines parts of the URL space that considered public, and therefore require no authorization. This method may be called multiple times and then all the given regular expressions will be used to check what parts of the URL space are public.
func (*HandlerWrapperBuilder) Build ¶
Build uses the data stored in the builder to create a new authentication handler.
func (*HandlerWrapperBuilder) SetFlags ¶
func (b *HandlerWrapperBuilder) SetFlags(flags *pflag.FlagSet) *HandlerWrapperBuilder
SetFlags sets the command line flags that should be used to configure the wrapper. This is optional.
func (*HandlerWrapperBuilder) SetLogger ¶
func (b *HandlerWrapperBuilder) SetLogger(value *slog.Logger) *HandlerWrapperBuilder
SetLogger sets the logger that the handlers will use to send messages to the log. This is mandatory.