authproxy

package
v0.0.0-...-57b1569 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2024 License: BSD-3-Clause Imports: 29 Imported by: 0

Documentation

Overview

Package authproxy is a reverse proxy that runs in front of applications and takes care of authentication.

This is useful for applications like Promentheus that doesn't handle authentication itself, so we can run it behind auth-proxy to restrict access.

The auth-proxy application also adds the X-WEBAUTH-USER header to each authenticated request and gives it the value of the logged in users email address, which can be used for audit logging. The application running behind auth-proxy should then use: 

https://pkg.go.dev/go.skia.org/infra/go/alogin/proxylogin

When using --cria_group this application should be run using work-load identity with a service account that as read access to CRIA, such as: 

skia-auth-proxy-cria-reader@skia-public.iam.gserviceaccount.com

See also: 

https://chrome-infra-auth.appspot.com/auth/groups/project-skia-auth-service-access

https://grafana.com/blog/2015/12/07/grafana-authproxy-have-it-your-way/

Index

Constants

View Source 
const (

	// WebAuthHeaderName is the name of the header sent to the application that
	// contains the users email address.
	WebAuthHeaderName = "X-WEBAUTH-USER"

	// WebAuthRoleHeaderName is the name of the header sent to the application
	// that contains the users Roles.
	WebAuthRoleHeaderName = "X-WEBAUTH-ROLES"
)

Variables

View Source 
var AllValidAuthTypes = []AuthType{OAuth2, ProtoHeader, Mocked}

AllValidAuthTypes is a list of all valid AuthTypes.

Functions

func Main 

func Main() error

Main constructs and runs the application. This function will only return on failure.

Types

type App 

type App struct {
	// contains filtered or unexported fields
}

App is the auth-proxy application.

func New 

func New(ctx context.Context) (*App, error)

New returns a new *App.

func (*App) Flagset 

func (a *App) Flagset() *flag.FlagSet

Flagset constructs a flag.FlagSet for the App.

func (*App) Run 

func (a *App) Run(ctx context.Context) error

Run starts the application serving, it does not return unless there is an error or the passed in context is cancelled.

type AuthType 

type AuthType string

AuthType represents the types of authentication auth-proxy can handle. 

const (
	// OAuth2 uses the legacy OAuth 2.0 flow.
	OAuth2 AuthType = "oauth2"

	// ProtoHeader uses an incoming HTTP header with a serialized proto.
	ProtoHeader AuthType = "protoheader"

	// Mocked uses a string provided on the command line for the user identity
	Mocked AuthType = "mocked"

	// Invalid represents an invalid authentication scheme.
	Invalid AuthType = ""
)

func ToAuthType 

func ToAuthType(s string) AuthType

ToAuthType converts a string to AuthType, returning Invalid if it is not a valid type.

Source Files

View all Source files

Directories

Path Synopsis
Package auth provides an interface for handling authenticated users.
 Package auth provides an interface for handling authenticated users.
mocks
package mockedauth is intended for use with local development use cases.
 package mockedauth is intended for use with local development use cases.
Package header supports extracting the email of an authorized user from a protobuf in an HTTP Header.
 Package header supports extracting the email of an authorized user from a protobuf in an HTTP Header.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.