auth

package

v1.0.1 Latest Latest Go to latest Published: Oct 24, 2023 License: Apache-2.0 Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/snapp-incubator/contour-auth-multi-tenant

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)
func RegisterServer(srv *grpc.Server, c Checker)
func RunServer(ctx context.Context, listener net.Listener, srv *grpc.Server) error
type CheckRequestV2
type CheckRequestV3
type CheckResponseV2
type CheckResponseV3
type Checker
type Creds
type Htpasswd
type OIDCConnect
- func (o *OIDCConnect) Check(ctx context.Context, req *Request) (*Response, error)
type Request
- func (r *Request) FromV2(c *CheckRequestV2) *Request
- func (r *Request) FromV3(c *CheckRequestV3) *Request
type Response
- func (r *Response) AsV2() *CheckResponseV2
- func (r *Response) AsV3() *CheckResponseV3

Constants ¶

View Source

const (
	// AnnotationAuthRealm marks Secrets that match our authentication realm.
	AnnotationAuthRealm = "auth.contour.snappcloud.io/realm"
)

Variables ¶

This section is empty.

Functions ¶

func NewServerCredentials ¶

func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)

NewServerCredentials loads TLS transport credentials for the GRPC server.

func RegisterServer ¶

func RegisterServer(srv *grpc.Server, c Checker)

RegisterServer registers the Checker with the external authorization GRPC server.

func RunServer ¶

func RunServer(ctx context.Context, listener net.Listener, srv *grpc.Server) error

RunServer runs the server until signaled by stopChan.

Types ¶

type CheckRequestV2 ¶

type CheckRequestV2 = envoy_service_auth_v2.CheckRequest //nolint:golint

type CheckRequestV3 ¶

type CheckRequestV3 = envoy_service_auth_v3.CheckRequest //nolint:golint

type CheckResponseV2 ¶

type CheckResponseV2 = envoy_service_auth_v2.CheckResponse //nolint:golint

type CheckResponseV3 ¶

type CheckResponseV3 = envoy_service_auth_v3.CheckResponse //nolint:golint

type Checker ¶

type Checker interface {
	Check(context.Context, *Request) (*Response, error)
}

Checker is an implementation of the Envoy External Auth API.

https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v3/external_auth.proto https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v2/external_auth.proto

type Creds ¶

type Creds struct {
	Map map[string]map[string]*htpasswd.File
	Mu  *sync.RWMutex
}

type Htpasswd ¶

type Htpasswd struct {
	Log      logr.Logger
	Realm    string
	Client   client.Client
	Creds    *Creds
	Mu       *sync.Mutex
	Selector labels.Selector
}

Htpasswd watches Secrets for htpasswd files and uses them for HTTP Basic Authentication.

func (*Htpasswd) Check ¶

func (h *Htpasswd) Check(ctx context.Context, request *Request) (*Response, error)

Check manages the HTTP basic authentication flow and return a response based on the authentication result.

func (*Htpasswd) Match ¶

func (h *Htpasswd) Match(user, pass, secretRef string) bool

Match authenticates the credential against the htpasswd file.

func (*Htpasswd) Reconcile ¶

func (h *Htpasswd) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.

func (*Htpasswd) RegisterWithManager ¶

func (h *Htpasswd) RegisterWithManager(mgr ctrl.Manager) error

RegisterWithManager sets up the controller with the manager.

type OIDCConnect ¶

type OIDCConnect struct {
	Log        logr.Logger
	OidcConfig *config.OIDCConfig
	Cache      *bigcache.BigCache
	HTTPClient *http.Client
	// contains filtered or unexported fields
}

OIDCConnect defines parameters for an OIDC auth provider.

func (*OIDCConnect) Check ¶

func (o *OIDCConnect) Check(ctx context.Context, req *Request) (*Response, error)

Check entry point for authentication. it accepts incoming request and redirects un-authenticated requests to IDP. Otherwise, it will route user to the intended url.

type Request ¶

type Request struct {
	Context map[string]string
	Request http.Request
	ID      string
}

Request captures the information needed to process a CheckRequest.

func (*Request) FromV2 ¶

func (r *Request) FromV2(c *CheckRequestV2) *Request

FromV2 initializes a Request from a v2 CheckRequest.

func (*Request) FromV3 ¶

func (r *Request) FromV3(c *CheckRequestV3) *Request

FromV3 initializes a Request from a v3 CheckRequest.

type Response ¶

type Response struct {
	Allow    bool
	Response http.Response
}

Response captures the information needed to generate a CheckResponse.

func (*Response) AsV2 ¶

func (r *Response) AsV2() *CheckResponseV2

AsV2 converts to a v2 CheckResponse.

func (*Response) AsV3 ¶

func (r *Response) AsV3() *CheckResponseV3

AsV3 converts to a v3 CheckResponse.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL