Documentation
¶
Index ¶
- Constants
- func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)
- func RegisterServer(srv *grpc.Server, c Checker)
- func RunServer(listener net.Listener, srv *grpc.Server, stopChan <-chan struct{}) error
- type CheckRequestV2
- type CheckRequestV3
- type CheckResponseV2
- type CheckResponseV3
- type Checker
- type Htpasswd
- func (h *Htpasswd) Check(ctx context.Context, request *Request) (*Response, error)
- func (h *Htpasswd) Match(user string, pass string) bool
- func (h *Htpasswd) Reconcile(ctrl.Request) (ctrl.Result, error)
- func (h *Htpasswd) RegisterWithManager(mgr ctrl.Manager) error
- func (h *Htpasswd) Set(passwd *htpasswd.File)
- type Request
- type Response
- type Testserver
Constants ¶
const (
// AnnotationAuthType labels Secrets that can be used for basic Auth.
AnnotationAuthType = "tbncloud.org/auth-type"
// AnnotationAuthRealm labels Secrets that match our authentication realm
AnnotationAuthRealm = "tbncloud.org/auth-realm"
)
Variables ¶
This section is empty.
Functions ¶
func NewServerCredentials ¶
func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error)
NewServerCredentials loads TLS transport credentials for the GRPC server.
func RegisterServer ¶
func RegisterServer(srv *grpc.Server, c Checker)
RegisterServer registers the Checker with the external authorization GRPC server.
Types ¶
type CheckRequestV2 ¶
type CheckRequestV2 = envoy_service_auth_v2.CheckRequest //nolint(golint)
type CheckRequestV3 ¶
type CheckRequestV3 = envoy_service_auth_v3.CheckRequest //nolint(golint)
type CheckResponseV2 ¶
type CheckResponseV2 = envoy_service_auth_v2.CheckResponse //nolint(golint)
type CheckResponseV3 ¶
type CheckResponseV3 = envoy_service_auth_v3.CheckResponse //nolint(golint)
type Checker ¶
type Checker interface {
Check(context.Context, *Request) (*Response, error)
}
Checker is an implementation of the Envoy External Auth API.
https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v3/external_auth.proto https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v2/external_auth.proto
type Htpasswd ¶
type Htpasswd struct {
Log logr.Logger
Realm string
Client client.Client
Passwords *htpasswd.File
Selector labels.Selector
Lock sync.Mutex
}
Htpasswd watches Secrets for htpasswd files and uses them for HTTP Basic Authentication.
func (*Htpasswd) Check ¶
func (h *Htpasswd) Check(ctx context.Context, request *Request) (*Response, error)
Check ...
func (*Htpasswd) Match ¶
func (h *Htpasswd) Match(user string, pass string) bool
Match authenticates the credential against the htpasswd file.
func (*Htpasswd) Reconcile ¶
func (h *Htpasswd) Reconcile(ctrl.Request) (ctrl.Result, error)
Reconcile ...
func (*Htpasswd) RegisterWithManager ¶
func (h *Htpasswd) RegisterWithManager(mgr ctrl.Manager) error
RegisterWithManager ...
type Request ¶
type Request struct {
Context map[string]string
Request http.Request
ID string
}
Request captures the information needed to process a CheckRequest.
type Response ¶
type Response struct {
Allow bool
Response http.Response
}
Response captures the information needed to generate a CheckResponse.
type Testserver ¶
type Testserver struct {
Log logr.Logger
}
Testserver is a no-op implementation of the Checker interface. For testing only.
Source Files