The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
const ( // DefaultValidity is default service token validity. DefaultValidity = 60 * time.Second // TriremeOIDCCallbackURI is the callback URI that must be presented by // any OIDC provider. TriremeOIDCCallbackURI = "/aporeto/oidc/callback" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppAuthResponse ¶
type AppAuthResponse struct {
// Discovered context and service information
PUContext *pucontext.PUContext
ServiceID string
External bool
// Network policy ID and service ID that affect the response.
NetworkPolicyID string
NetworkServiceID string
// Action of the response and DropReason if the call must be dropped.
Action policy.ActionType
DropReason string
// Resolved token
Token string
// HookMethod is the corresponding HTTP rule hook method
HookMethod string
// TLSListener indicates that the external entity is a TLS listener,
// and we must start a TLS session. Only applies to External connections.
TLSListener bool
}
AppAuthResponse is the decision of the authorization process.
type AuthError ¶
type AuthError struct {
// contains filtered or unexported fields
}
AuthError implements the error interface, but provides additional information for the types of errors discovered.
type NetworkAuthResponse ¶
type NetworkAuthResponse struct {
// Discovered service context and associated information.
PUContext *pucontext.PUContext
ServiceID string
Namespace string
// Network policy ID and service that affect the call.
NetworkPolicyID string
NetworkServiceID string
ObservedPolicyID string
ObservedAction policy.ActionType
// Definition of the source.
SourceType collector.EndPointType
SourcePUID string
// Action associated with the response and DropReason if dropped.
Action policy.ActionType
DropReason string
// Redirect information that should be used by the responder.
Redirect bool
RedirectURI string
Cookie *http.Cookie
Data string
Header http.Header
// UserAttrbutes discovered from the tokens.
UserAttributes []string
// TLSListener determines that TLS must be re-initiated towards
// the listener.
TLSListener bool
// Fields used when ping is enabled.
PingConfig *PingConfig
}
NetworkAuthResponse is the decision of the authorization process.
type PingConfig ¶
PingConfig holds config specific for ping traffic.
type Processor ¶
Processor is an API Authorization processor.
func (*Processor) ApplicationRequest ¶
func (p *Processor) ApplicationRequest(r *Request) (*AppAuthResponse, error)
ApplicationRequest processes an application side request and returns the token that is associated with this application, together with an error if the request must be rejected.
func (*Processor) NetworkRequest ¶
NetworkRequest authorizes a network request and either accepts the request or potentially issues a redirect.
func (*Processor) UpdateSecrets ¶
UpdateSecrets is called to update the authorizer secrets.
type Request ¶
type Request struct {
// SourceAddress, only required for network authorization requests.
SourceAddress *net.TCPAddr
// OriginalDestination required for all requests.
OriginalDestination *net.TCPAddr
// HTTP header information.
Method string
URL *url.URL
RequestURI string
Header http.Header
Cookie *http.Cookie
// TLS information. This is optional if mutual TLS based authorization
// must be supported.
TLS *tls.ConnectionState
}
Request captures all the important items of request that are needed for processing the authorization decision.
Source Files