authn

package
v0.0.0-...-edfa39e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 28, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// JwtFilterName is the name for the Jwt filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/http_filter_factory.cc#L50
	JwtFilterName = "jwt-auth"

	// AuthnFilterName is the name for the Istio AuthN filter. This should be the same
	// as the name defined in
	// https://github.com/istio/proxy/blob/master/src/envoy/http/authn/http_filter_factory.cc#L30
	AuthnFilterName = "istio_authn"

	// EnvoyTLSInspectorFilterName is the name for Envoy TLS sniffing listener filter.
	EnvoyTLSInspectorFilterName = "envoy.listener.tls_inspector"
	// EnvoyRawBufferMatch is the transport protocol name when tls multiplexed is used.
	EnvoyRawBufferMatch = "raw_buffer"
	// EnvoyTLSMatch is the transport protocol name when tls multiplexed is used.
	EnvoyTLSMatch = "tls"
)

Variables

This section is empty.

Functions

func BuildAuthNFilter

func BuildAuthNFilter(policy *authn.Policy, proxyType model.NodeType) *http_conn.HttpFilter

BuildAuthNFilter returns authn filter for the given policy. If policy is nil, returns nil.

func BuildJwtFilter

func BuildJwtFilter(policy *authn.Policy) *http_conn.HttpFilter

BuildJwtFilter returns a Jwt filter for all Jwt specs in the policy.

func CollectJwtSpecs

func CollectJwtSpecs(policy *authn.Policy) []*authn.Jwt

CollectJwtSpecs returns a list of all JWT specs (pointers) defined the policy. This provides a convenient way to iterate all Jwt specs.

func ConvertPolicyToAuthNFilterConfig

func ConvertPolicyToAuthNFilterConfig(policy *authn.Policy, proxyType model.NodeType) *authn_filter.FilterConfig

ConvertPolicyToAuthNFilterConfig returns an authn filter config corresponding for the input policy.

func ConvertPolicyToJwtConfig

func ConvertPolicyToJwtConfig(policy *authn.Policy) *jwtfilter.JwtAuthentication

ConvertPolicyToJwtConfig converts policy into Jwt filter config for envoy.

func GetMutualTLS

func GetMutualTLS(policy *authn.Policy) *authn.MutualTls

GetMutualTLS returns pointer to mTLS params if the policy use mTLS for (peer) authentication. (note that mTLS params can still be nil). Otherwise, return (false, nil). Callers should ensure the proxy is of sidecar type.

func NewPlugin

func NewPlugin() plugin.Plugin

NewPlugin returns an instance of the authn plugin

func OutputLocationForJwtIssuer

func OutputLocationForJwtIssuer(issuer string) string

OutputLocationForJwtIssuer returns the header location that should be used to output payload if authentication succeeds.

Types

type Plugin

type Plugin struct{}

Plugin implements Istio mTLS auth

func (Plugin) OnInboundCluster

func (Plugin) OnInboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnInboundCluster implements the Plugin interface method.

func (Plugin) OnInboundFilterChains

func (Plugin) OnInboundFilterChains(in *plugin.InputParams) []plugin.FilterChain

OnInboundFilterChains setups filter chains based on the authentication policy.

func (Plugin) OnInboundListener

func (Plugin) OnInboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnInboundListener is called whenever a new listener is added to the LDS output for a given service Can be used to add additional filters (e.g., mixer filter) or add more stuff to the HTTP connection manager on the inbound path

func (Plugin) OnInboundRouteConfiguration

func (Plugin) OnInboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnInboundRouteConfiguration implements the Plugin interface method.

func (Plugin) OnOutboundCluster

func (Plugin) OnOutboundCluster(in *plugin.InputParams, cluster *xdsapi.Cluster)

OnOutboundCluster implements the Plugin interface method.

func (Plugin) OnOutboundListener

func (Plugin) OnOutboundListener(in *plugin.InputParams, mutable *plugin.MutableObjects) error

OnOutboundListener is called whenever a new outbound listener is added to the LDS output for a given service Can be used to add additional filters on the outbound path

func (Plugin) OnOutboundRouteConfiguration

func (Plugin) OnOutboundRouteConfiguration(in *plugin.InputParams, route *xdsapi.RouteConfiguration)

OnOutboundRouteConfiguration implements the Plugin interface method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL