transport

package
v0.0.0-...-afb7f6e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 4, 2023 License: AGPL-3.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ImpersonateUserHeader is used to impersonate a particular user during an API server request
	ImpersonateUserHeader = "Impersonate-User"

	// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
	// It can be repeated multiplied times for multiple groups.
	ImpersonateGroupHeader = "Impersonate-Group"

	// ImpersonateUserExtraHeaderPrefix is a prefix for a header used to impersonate an entry in the
	// extra map[string][]string for user.Info.  The key for the `extra` map is suffix.
	// The same key can be repeated multiple times to have multiple elements in the slice under a single key.
	// For instance:
	// Impersonate-Extra-Foo: one
	// Impersonate-Extra-Foo: two
	// results in extra["Foo"] = []string{"one", "two"}
	ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
)

These correspond to the headers used in pkg/apis/authentication. We don't want the package dependency, but you must not change the values.

View Source 
const HeaderKeyDone = "Done"

Variables

View Source 
var CertCallbackRefreshDuration = 5 * time.Minute

CertCallbackRefreshDuration is exposed so that integration tests can crank up the reload speed.

Functions

func DebugWrappers 

func DebugWrappers(rt http.RoundTripper) http.RoundTripper

DebugWrappers wraps a round tripper and logs based on the current log level.

func HTTPWrappersForConfig 

func HTTPWrappersForConfig(config *transport.Config, rt http.RoundTripper) (http.RoundTripper, error)

HTTPWrappersForConfig wraps a round tripper with any relevant layered behavior from the config. Exposed to allow more clients that need HTTP-like behavior but then must hijack the underlying connection (like WebSocket or HTTP2 clients). Pure HTTP clients should use the RoundTripper returned from New.

func New 

func New(config *transport.Config, nc *nats.Conn, sub string, timeout time.Duration) (http.RoundTripper, error)

New returns an http.RoundTripper that will provide the authentication or transport level security defined by the provided Config.

func NewAuthProxyRoundTripper 

func NewAuthProxyRoundTripper(username string, groups []string, extra map[string][]string, rt http.RoundTripper) http.RoundTripper

NewAuthProxyRoundTripper provides a roundtripper which will add auth proxy fields to requests for authentication terminating proxy cases assuming you pull the user from the context: username is the user.Info.GetName() of the user groups is the user.Info.GetGroups() of the user extra is the user.Info.GetExtra() of the user extra can contain any additional information that the authenticator thought was interesting, for example authorization scopes. In order to faithfully round-trip through an impersonation flow, these keys MUST be lowercase.

func NewBasicAuthRoundTripper 

func NewBasicAuthRoundTripper(username, password string, rt http.RoundTripper) http.RoundTripper

NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has already been set.

func NewBearerAuthRoundTripper 

func NewBearerAuthRoundTripper(bearer string, rt http.RoundTripper) http.RoundTripper

NewBearerAuthRoundTripper adds the provided bearer token to a request unless the authorization header has already been set.

func NewBearerAuthWithRefreshRoundTripper 

func NewBearerAuthWithRefreshRoundTripper(bearer string, tokenFile string, rt http.RoundTripper) (http.RoundTripper, error)

NewBearerAuthWithRefreshRoundTripper adds the provided bearer token to a request unless the authorization header has already been set. If tokenFile is non-empty, it is periodically read, and the last successfully read content is used as the bearer token. If tokenFile is non-empty and bearer is empty, the tokenFile is read immediately to populate the initial bearer token.

func NewCachedFileTokenSource 

func NewCachedFileTokenSource(path string) *cachingTokenSource

NewCachedFileTokenSource returns a resettable token source which reads a token from a file at a specified path and periodically reloads it.

func NewCachedTokenSource 

func NewCachedTokenSource(ts oauth2.TokenSource) *cachingTokenSource

NewCachedTokenSource returns resettable token source with caching. It reads a token from a designed TokenSource if not in cache or expired.

func NewDebuggingRoundTripper 

func NewDebuggingRoundTripper(rt http.RoundTripper, levels ...DebugLevel) http.RoundTripper

NewDebuggingRoundTripper allows to display in the logs output debug information on the API requests performed by the client.

func NewImpersonatingRoundTripper 

func NewImpersonatingRoundTripper(impersonate transport.ImpersonationConfig, delegate http.RoundTripper) http.RoundTripper

NewImpersonatingRoundTripper will add an Act-As header to a request unless it has already been set.

func NewUserAgentRoundTripper 

func NewUserAgentRoundTripper(agent string, rt http.RoundTripper) http.RoundTripper

NewUserAgentRoundTripper will add User-Agent header to a request unless it has already been set.

func Proxy 

func Proxy(req *http.Request, nc *nats.Conn, reSubj string, data []byte, timeout time.Duration) (*http.Response, error)

SEE: https://github.com/nats-io/nats.docs/blob/master/using-nats/developing-with-nats/sending/replyto.md#including-a-reply-subject

func RESTClientFor 

func RESTClientFor(config *rest.Config) (*rest.RESTClient, error)

RESTClientFor returns a RESTClient that satisfies the requested attributes on a client Config object. Note that a RESTClient may require fields that are optional when initializing a Client. A RESTClient created by this method is generic - it expects to operate on an API that follows the Kubernetes conventions, but may not be the Kubernetes API.

func ResettableTokenSourceWrapTransport 

func ResettableTokenSourceWrapTransport(ts ResettableTokenSource) func(http.RoundTripper) http.RoundTripper

ResettableTokenSourceWrapTransport returns a WrapTransport that injects bearer tokens authentication from an ResettableTokenSource.

func SetAuthProxyHeaders 

func SetAuthProxyHeaders(req *http.Request, username string, groups []string, extra map[string][]string)

SetAuthProxyHeaders stomps the auth proxy header fields. It mutates its argument.

func TLSConfigFor 

func TLSConfigFor(c *transport.Config) (*tls.Config, error)

TLSConfigFor returns a tls.Config that will provide the transport level security defined by the provided Config. Will return nil if no transport level security is requested.

func TokenSourceWrapTransport 

func TokenSourceWrapTransport(ts oauth2.TokenSource) func(http.RoundTripper) http.RoundTripper

TokenSourceWrapTransport returns a WrapTransport that injects bearer tokens authentication from an oauth2.TokenSource.

Types

type DebugLevel 

type DebugLevel int

DebugLevel is used to enable debugging of certain HTTP requests and responses fields via the debuggingRoundTripper. 

const (
	// DebugJustURL will add to the debug output HTTP requests method and url.
	DebugJustURL DebugLevel = iota
	// DebugURLTiming will add to the debug output the duration of HTTP requests.
	DebugURLTiming
	// DebugCurlCommand will add to the debug output the curl command equivalent to the
	// HTTP request.
	DebugCurlCommand
	// DebugRequestHeaders will add to the debug output the HTTP requests headers.
	DebugRequestHeaders
	// DebugResponseStatus will add to the debug output the HTTP response status.
	DebugResponseStatus
	// DebugResponseHeaders will add to the debug output the HTTP response headers.
	DebugResponseHeaders
)

type NatsTransport 

type NatsTransport struct {
	Conn    *nats.Conn
	Subject string
	Timeout time.Duration
	// DisableCompression bypasses automatic GZip compression requests to the
	// server.
	DisableCompression bool
	TLS                *PersistableTLSConfig
}

func (*NatsTransport) RoundTrip 

func (rt *NatsTransport) RoundTrip(r *http.Request) (*http.Response, error)

type PersistableTLSConfig 

type PersistableTLSConfig struct {
	Insecure   bool   `json:"insecure,omitempty"`   // Server should be accessed without verifying the certificate. For testing only.
	ServerName string `json:"serverName,omitempty"` // Override for the server name passed to the server for SNI and used to verify certificates.

	CAData   []byte `json:"caData,omitempty"`   // Bytes of the PEM-encoded server trusted root certificates. Supercedes CAFile.
	CertData []byte `json:"certData,omitempty"` // Bytes of the PEM-encoded client certificate. Supercedes CertFile.
	KeyData  []byte `json:"keyData,omitempty"`  // Bytes of the PEM-encoded client key. Supercedes KeyFile.

	// NextProtos is a list of supported application level protocols, in order of preference.
	// Used to populate tls.Config.NextProtos.
	// To indicate to the server http/1.1 is preferred over http/2, set to ["http/1.1", "h2"] (though the server is free to ignore that preference).
	// To use only http/1.1, set to ["http/1.1"].
	NextProtos []string `json:"nextProtos,omitempty"`
}

PersistableTLSConfig holds the information needed to set up a TLS transport.

func PersistableTLSConfigFor 

func PersistableTLSConfigFor(c *transport.Config) (*PersistableTLSConfig, error)

TLSConfigFor returns a tls.Config that will provide the transport level security defined by the provided Config. Will return nil if no transport level security is requested.

func (*PersistableTLSConfig) HasCA 

func (c *PersistableTLSConfig) HasCA() bool

HasCA returns whether the configuration has a certificate authority or not.

func (*PersistableTLSConfig) HasCertAuth 

func (c *PersistableTLSConfig) HasCertAuth() bool

HasCertAuth returns whether the configuration has certificate authentication or not.

func (*PersistableTLSConfig) TLSConfigFor 

func (c *PersistableTLSConfig) TLSConfigFor() (*tls.Config, error)

TLSConfigFor returns a tls.Config that will provide the transport level security defined by the provided Config. Will return nil if no transport level security is requested.

type R 

type R struct {
	Request []byte
	TLS     *PersistableTLSConfig
	Timeout time.Duration
	// DisableCompression bypasses automatic GZip compression requests to the
	// server.
	DisableCompression bool
}

type ResettableTokenSource 

type ResettableTokenSource interface {
	oauth2.TokenSource
	ResetTokenOlderThan(time.Time)
}

type WrapperFunc 

type WrapperFunc func(rt http.RoundTripper) http.RoundTripper

WrapperFunc wraps an http.RoundTripper when a new transport is created for a client, allowing per connection behavior to be injected.

func ContextCanceller 

func ContextCanceller(ctx context.Context, err error) WrapperFunc

ContextCanceller prevents new requests after the provided context is finished. err is returned when the context is closed, allowing the caller to provide a context appropriate error.

func Wrappers 

func Wrappers(fns ...WrapperFunc) WrapperFunc

Wrappers accepts any number of wrappers and returns a wrapper function that is the equivalent of calling each of them in order. Nil values are ignored, which makes this function convenient for incrementally wrapping a function.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.