trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer/apiauth Index | Files

package apiauth

import "go.aporeto.io/trireme-lib/controller/internal/enforcer/apiauth"

Index

Package Files

apiauth.go types.go

Constants

const (

    // TriremeOIDCCallbackURI is the callback URI that must be presented by
    // any OIDC provider.
    TriremeOIDCCallbackURI = "/aporeto/oidc/callback"
)

type AppAuthResponse Uses

type AppAuthResponse struct {
    // Discovered context and service information
    PUContext *pucontext.PUContext
    ServiceID string
    External  bool

    // Network policy ID and service ID that affect the response.
    NetworkPolicyID  string
    NetworkServiceID string

    // Action of the response and DropReason if the call must be dropped.
    Action     policy.ActionType
    DropReason string

    // Resolved token
    Token string

    // HookMethod is the corresponding HTTP rule hook method
    HookMethod string

    // TLSListener indicates that the external entity is a TLS listener,
    // and we must start a TLS session. Only applies to External connections.
    TLSListener bool
}

AppAuthResponse is the decision of the authorization process.

type AuthError Uses

type AuthError struct {
    // contains filtered or unexported fields
}

AuthError implements the error interface, but provides additional information for the types of errors discovered.

func (*AuthError) Error Uses

func (a *AuthError) Error() string

Error implement the string interface of error.

func (*AuthError) Message Uses

func (a *AuthError) Message() string

Message returns the message of the error.

func (*AuthError) Status Uses

func (a *AuthError) Status() int

Status returns the status of the message.

type NetworkAuthResponse Uses

type NetworkAuthResponse struct {

    // Discovered service context and associated information.
    PUContext *pucontext.PUContext
    ServiceID string
    Namespace string

    // Network policy ID and service that affect the call.
    NetworkPolicyID  string
    NetworkServiceID string

    // Definition of the source.
    SourceType collector.EndPointType
    SourcePUID string

    // Action associated with the response and DropReason if dropped.
    Action     policy.ActionType
    DropReason string

    // Redirect information that should be used by the responder.
    Redirect    bool
    RedirectURI string
    Cookie      *http.Cookie
    Data        string
    Header      http.Header

    // UserAttrbutes discovered from the tokens.
    UserAttributes []string

    // TLSListener determines that TLS must be re-initiated towards
    // the listener.
    TLSListener bool
}

NetworkAuthResponse is the decision of the authorization process.

type Processor Uses

type Processor struct {
    // contains filtered or unexported fields
}

Processor is an API Authorization processor.

func New Uses

func New(contextID string, r *serviceregistry.Registry, s secrets.Secrets) *Processor

New will create a new authorization processor.

func (*Processor) ApplicationRequest Uses

func (p *Processor) ApplicationRequest(r *Request) (*AppAuthResponse, error)

ApplicationRequest processes an application side request and returns the token that is associated with this application, together with an error if the request must be rejected.

func (*Processor) NetworkRequest Uses

func (p *Processor) NetworkRequest(ctx context.Context, r *Request) (*NetworkAuthResponse, error)

NetworkRequest authorizes a network request and either accepts the request or potentially issues a redirect.

type Request Uses

type Request struct {

    // SourceAddress, only required for network authorization requests.
    SourceAddress *net.TCPAddr

    // OriginalDestination required for all requests.
    OriginalDestination *net.TCPAddr

    // HTTP header information.
    Method     string
    URL        *url.URL
    RequestURI string
    Header     http.Header
    Cookie     *http.Cookie

    // TLS information. This is optional if mutual TLS based authorization
    // must be supported.
    TLS *tls.ConnectionState
}

Request captures all the important items of request that are needed for processing the authorization decision.

Package apiauth imports 15 packages (graph) and is imported by 3 packages. Updated 2019-09-10. Refresh now. Tools for package owners.