reviewer

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2023 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const AnnotationHubAuth = "hub.traefik.io/access-control-policy"

AnnotationHubAuth is the annotation to add to an Ingress resource in order to enable Hub authentication.

Variables

View Source 
var ErrPolicyNotFound = errors.New("policy not found")

ErrPolicyNotFound indicates that the requested policy does not exist.

Functions

This section is empty.

Types

type FwdAuthMiddlewares 

type FwdAuthMiddlewares struct {
	// contains filtered or unexported fields
}

FwdAuthMiddlewares manages Traefik forwardAuth middlewares.

func NewFwdAuthMiddlewares 

func NewFwdAuthMiddlewares(agentAddr string, policies PolicyGetter, traefikClientSet v1alpha1.TraefikV1alpha1Interface) FwdAuthMiddlewares

NewFwdAuthMiddlewares returns a new FwdAuthMiddlewares.

func (FwdAuthMiddlewares) Setup 

func (m FwdAuthMiddlewares) Setup(ctx context.Context, polName, namespace string) (string, error)

Setup creates or updates the ACP middleware. If there's no ACP matching the given policy name, the middleware won't be created but its name will be returned. This will have the effect of disabling routers referencing this middleware and requesters will receive a 404. It allows to untie ACP creation from ACP reference and remove ordering constraints while still not exposing publicly a protected resource. NOTE: forward auth middlewares deletion is to be done elsewhere, when ACPs are deleted.

type IngressClasses 

type IngressClasses interface {
	GetController(name string) (string, error)
	GetDefaultController() (string, error)
}

IngressClasses allows to get the ingress controller type given an ingress class desc or the default ingress controller type.

type NginxIngress added in v0.6.0 

type NginxIngress struct {
	// contains filtered or unexported fields
}

NginxIngress is a reviewer that handles Nginx Ingress resources.

func NewNginxIngress added in v0.6.0 

func NewNginxIngress(authServerAddr string, ingClasses IngressClasses, policies PolicyGetter) *NginxIngress

NewNginxIngress returns an Nginx ingress reviewer.

func (NginxIngress) CanReview added in v0.6.0 

func (r NginxIngress) CanReview(ar admv1.AdmissionReview) (bool, error)

CanReview returns whether this reviewer can handle the given admission review request.

func (NginxIngress) Review added in v0.6.0 

func (r NginxIngress) Review(ctx context.Context, ar admv1.AdmissionReview) (map[string]interface{}, error)

Review reviews the given admission review request and optionally returns the required patch.

type PolGetter 

type PolGetter struct {
	// contains filtered or unexported fields
}

PolGetter implementation the PolicyGetter interface.

func NewPolGetter 

func NewPolGetter(informer hubinformer.SharedInformerFactory) *PolGetter

NewPolGetter creates new PolGetter.

func (PolGetter) GetConfig 

func (p PolGetter) GetConfig(canonicalName string) (*acp.Config, error)

GetConfig gets ACP configuration. Note this method does not resolve secret references.

type PolicyGetter 

type PolicyGetter interface {
	GetConfig(canonicalName string) (*acp.Config, error)
}

PolicyGetter allow to get an access control policy configuration.

type TraefikIngress 

type TraefikIngress struct {
	// contains filtered or unexported fields
}

TraefikIngress is a reviewer that can handle Traefik ingress resources. Note that this reviewer requires Traefik middleware CRD to be defined in the cluster. It also requires Traefik to have the Kubernetes CRD provider enabled.

func NewTraefikIngress 

func NewTraefikIngress(ingClasses IngressClasses, fwdAuthMiddlewares FwdAuthMiddlewares) *TraefikIngress

NewTraefikIngress returns a Traefik ingress reviewer.

func (TraefikIngress) CanReview 

func (r TraefikIngress) CanReview(ar admv1.AdmissionReview) (bool, error)

CanReview returns whether this reviewer can handle the given admission review request.

func (TraefikIngress) Review 

func (r TraefikIngress) Review(ctx context.Context, ar admv1.AdmissionReview) (map[string]interface{}, error)

Review reviews the given admission review request and optionally returns the required patch.

type TraefikIngressRoute 

type TraefikIngressRoute struct {
	// contains filtered or unexported fields
}

TraefikIngressRoute is a reviewer that can handle Traefik IngressRoute resources.

func NewTraefikIngressRoute 

func NewTraefikIngressRoute(fwdAuthMiddlewares FwdAuthMiddlewares) *TraefikIngressRoute

NewTraefikIngressRoute returns a Traefik IngressRoute reviewer.

func (TraefikIngressRoute) CanReview 

func (r TraefikIngressRoute) CanReview(ar admv1.AdmissionReview) (bool, error)

CanReview returns whether this reviewer can handle the given admission review request.

func (TraefikIngressRoute) Review 

func (r TraefikIngressRoute) Review(ctx context.Context, ar admv1.AdmissionReview) (map[string]interface{}, error)

Review reviews the given admission review request and optionally returns the required patch.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.