ingress

package

v0.4.1 Latest Latest Go to latest Published: May 6, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.com/av1o/cap10

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type DomainFilter
type EscapedCertFilter
- func NewEscapedCertFilter(header string) *EscapedCertFilter
- func (f *EscapedCertFilter) Filter(r *http.Request) *UserInfo
type FilterMode
type HAProxyFilter
- func (f *HAProxyFilter) Filter(r *http.Request) *UserInfo
type NGINXFilter
- func (f *NGINXFilter) Filter(r *http.Request) *UserInfo
type TLSFilter
- func (f *TLSFilter) Filter(r *http.Request) *UserInfo
type UserInfo
- func (ui *UserInfo) AsUsername() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	HAHeaderCert   = http.CanonicalHeaderKey("X-SSL-Client-Cert")
	HAHeaderVerify = http.CanonicalHeaderKey("X-SSL-Client-Verify")
	HAHeaderSub    = http.CanonicalHeaderKey("X-SSL-Client-DN")
	HAHeaderIss    = http.CanonicalHeaderKey("X-SSL-Issuer")
)

View Source

var (
	NGINXHeaderVerify = http.CanonicalHeaderKey("ssl-client-verify")
	NGINXHeaderSub    = http.CanonicalHeaderKey("ssl-client-subject-dn")
	NGINXHeaderIss    = http.CanonicalHeaderKey("ssl-client-issuer-dn")
)

Functions ¶

This section is empty.

Types ¶

type DomainFilter ¶

type DomainFilter interface {
	Filter(r *http.Request) *UserInfo
}

type EscapedCertFilter ¶ added in v0.1.6

type EscapedCertFilter struct {
	// contains filtered or unexported fields
}

EscapedCertFilter retrieves user information from a full client certificate in PEM format

func NewEscapedCertFilter ¶ added in v0.3.0

func NewEscapedCertFilter(header string) *EscapedCertFilter

func (*EscapedCertFilter) Filter ¶ added in v0.1.6

func (f *EscapedCertFilter) Filter(r *http.Request) *UserInfo

type FilterMode ¶ added in v0.3.0

type FilterMode string

const (
	FilterNGINX       FilterMode = "nginx"
	FilterHAProxy     FilterMode = "haproxy"
	FilterEscapedCert FilterMode = "x509_escaped"
	FilterTLS         FilterMode = "x509"
)

type HAProxyFilter ¶

type HAProxyFilter struct{}

HAProxyFilter retrieves user information from headers provided by the OpenShift/HAProxy Ingress Controller

func (*HAProxyFilter) Filter ¶

func (f *HAProxyFilter) Filter(r *http.Request) *UserInfo

type NGINXFilter ¶

type NGINXFilter struct{}

NGINXFilter retrieves user information from headers provided by the NGINX Ingress Controller

func (*NGINXFilter) Filter ¶

func (f *NGINXFilter) Filter(r *http.Request) *UserInfo

type TLSFilter ¶ added in v0.1.6

type TLSFilter struct{}

TLSFilter retrieves user information from a TLS handshake - requires the application to be running using TLS

func (*TLSFilter) Filter ¶ added in v0.1.6

func (f *TLSFilter) Filter(r *http.Request) *UserInfo

type UserInfo ¶

type UserInfo struct {
	// Sub is the Subject of the user (e.g. CN or username)
	Sub string
	// Iss is the Issuer of the user (e.g. Certificate Authority or OIDC provider)
	Iss string
	// Claims are bits of arbitrary information about a user
	Claims map[string]interface{}
}

UserInfo is the base amount of information required to uniquely identify a user

func (*UserInfo) AsUsername ¶

func (ui *UserInfo) AsUsername() string

AsUsername returns the user in a storable string format of Iss/Sub

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL