Documentation
¶
Overview ¶
Package auth provides authentication and authorization functionality.
Index ¶
- Constants
- func APIKeyFromContext(ctx context.Context) (string, bool)
- func ContextWithAPIKey(ctx context.Context, apiKey string) context.Context
- func ContextWithProfileID(ctx context.Context, profileID string) context.Context
- func ContextWithRoles(ctx context.Context, roles []string) context.Context
- func ContextWithUser(ctx context.Context, userID string) context.Context
- func NewPerRPCCredentials(authenticator UpstreamAuthenticator) credentials.PerRPCCredentials
- func ProfileIDFromContext(ctx context.Context) (string, bool)
- func RolesFromContext(ctx context.Context) ([]string, bool)
- func UserFromContext(ctx context.Context) (string, bool)
- func ValidateAuthentication(ctx context.Context, config *configv1.Authentication, r *http.Request) error
- type APIKeyAuth
- type APIKeyAuthenticator
- type Authenticator
- type BasicAuth
- type BasicAuthenticator
- type BearerTokenAuth
- type Manager
- func (am *Manager) AddAuthenticator(serviceID string, authenticator Authenticator) error
- func (am *Manager) AddOAuth2Authenticator(ctx context.Context, serviceID string, config *OAuth2Config) error
- func (am *Manager) Authenticate(ctx context.Context, serviceID string, r *http.Request) (context.Context, error)
- func (am *Manager) GetAuthenticator(serviceID string) (Authenticator, bool)
- func (am *Manager) GetUser(id string) (*configv1.User, bool)
- func (am *Manager) HandleOAuthCallback(ctx context.Context, userID, serviceID, credentialID, code, redirectURL string) error
- func (am *Manager) InitiateOAuth(ctx context.Context, userID, serviceID, credentialID, redirectURL string) (string, string, error)
- func (am *Manager) RemoveAuthenticator(serviceID string)
- func (am *Manager) SetAPIKey(apiKey string)
- func (am *Manager) SetStorage(s storage.Storage)
- func (am *Manager) SetUsers(users []*configv1.User)
- type MockOAuth2Server
- type MockUpstreamAuthenticator
- type OAuth2Auth
- type OAuth2Authenticator
- type OAuth2Config
- type OIDCConfig
- type OIDCProvider
- type PerRPCCredentials
- type RBACEnforcer
- type TrustedHeaderAuthenticator
- type UpstreamAuthenticator
Constants ¶
const ( // UserContextKey is the context key for the user ID. // // Summary: Defines UserContextKey. UserContextKey authContextKey = "user_id" // ProfileIDContextKey is the context key for the profile ID. // // Summary: Defines ProfileIDContextKey. ProfileIDContextKey authContextKey = "profile_id" // APIKeyContextKey is the context key for the API Key. // // Summary: Defines APIKeyContextKey. APIKeyContextKey authContextKey = "api_key" )
const RolesContextKey authContextKey = "user_roles"
RolesContextKey is the context key for the user roles.
Summary: Represents a RolesContextKey.
Variables ¶
This section is empty.
Functions ¶
func APIKeyFromContext ¶
APIKeyFromContext returns the API Key from the context if present.
Summary: Retrieves the API key from the context.
Parameters:
- ctx: context.Context. The context to search.
Returns:
- string: The API key.
- bool: True if found.
func ContextWithAPIKey ¶
ContextWithAPIKey returns a new context with the API Key embedded.
Summary: Embeds an API key into the context.
Parameters:
- ctx: context.Context. The context to extend.
- apiKey: string. The API key to store.
Returns:
- context.Context: A new context containing the API key.
func ContextWithProfileID ¶
ContextWithProfileID returns a new context with the profile ID embedded.
Summary: Embeds a profile ID into the context.
Parameters:
- ctx: context.Context. The context to extend.
- profileID: string. The profile ID to store.
Returns:
- context.Context: A new context containing the profile ID.
func ContextWithRoles ¶
ContextWithRoles returns a new context with the user roles. ctx is the context for the request. roles is the roles. Returns the result.
Parameters:
- ctx (context.Context): The context for the request.
- roles ([]string): The roles parameter.
Returns:
- context.Context: The resulting context.Context.
Errors:
- None
Side Effects:
- None
Summary: Executes ContextWithRoles operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func ContextWithUser ¶
ContextWithUser returns a new context with the user ID embedded.
Summary: Embeds a user ID into the context.
Parameters:
- ctx: context.Context. The context to extend.
- userID: string. The user ID to store.
Returns:
- context.Context: A new context containing the user ID.
func NewPerRPCCredentials ¶
func NewPerRPCCredentials(authenticator UpstreamAuthenticator) credentials.PerRPCCredentials
NewPerRPCCredentials creates a new gRPC PerRPCCredentials from an UpstreamAuthenticator. It returns nil if the provided authenticator is nil. authenticator is the upstream authenticator to be used for generating gRPC request metadata.
Parameters:
- authenticator (UpstreamAuthenticator): The authenticator parameter.
Returns:
- credentials.PerRPCCredentials: The resulting credentials.PerRPCCredentials.
Errors:
- None
Side Effects:
- None
Summary: Initializes NewPerRPCCredentials operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func ProfileIDFromContext ¶
ProfileIDFromContext returns the profile ID from the context if present.
Summary: Retrieves the profile ID from the context.
Parameters:
- ctx: context.Context. The context to search.
Returns:
- string: The profile ID.
- bool: True if found.
func RolesFromContext ¶
RolesFromContext returns the user roles from the context. ctx is the context for the request. Returns the result. Returns true if successful.
Parameters:
- ctx (context.Context): The context for the request.
Returns:
- []string: The resulting []string.
- bool: True if successful, false otherwise.
Errors:
- None
Side Effects:
- None
Summary: Executes RolesFromContext operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func UserFromContext ¶
UserFromContext returns the user ID from the context if present.
Summary: Retrieves the user ID from the context.
Parameters:
- ctx: context.Context. The context to search.
Returns:
- string: The user ID.
- bool: True if found.
func ValidateAuthentication ¶
func ValidateAuthentication(ctx context.Context, config *configv1.Authentication, r *http.Request) error
ValidateAuthentication validates the authentication request against the provided configuration.
Summary: Validates a request against a specific auth configuration.
Parameters:
- ctx: context.Context. The request context.
- config: *configv1.Authentication. The authentication configuration.
- r: *http.Request. The HTTP request.
Returns:
- error: Error if validation fails.
Types ¶
type APIKeyAuth ¶
type APIKeyAuth struct {
ParamName string
Value *configv1.SecretValue
Location configv1.APIKeyAuth_Location
}
APIKeyAuth implements UpstreamAuthenticator for API key-based authentication. It adds a specified header with a static API key value to the request.
Summary: Represents a APIKeyAuth.
func (*APIKeyAuth) Authenticate ¶
func (a *APIKeyAuth) Authenticate(req *http.Request) error
Authenticate adds the configured API key to the request's header, query, or cookie.
Parameters:
- req: The HTTP request to be modified.
Returns:
- nil on success, or an error if the secret cannot be resolved.
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type APIKeyAuthenticator ¶
type APIKeyAuthenticator struct {
ParamName string
In configv1.APIKeyAuth_Location
Value string
}
APIKeyAuthenticator provides an authentication mechanism based on a static API key.
Summary: Authenticates requests using a static API key.
func NewAPIKeyAuthenticator ¶
func NewAPIKeyAuthenticator(config *configv1.APIKeyAuth) *APIKeyAuthenticator
NewAPIKeyAuthenticator creates a new APIKeyAuthenticator instance.
Summary: Initializes an APIKeyAuthenticator.
Parameters:
- config: *configv1.APIKeyAuth. The configuration settings.
Returns:
- *APIKeyAuthenticator: The initialized authenticator, or nil if config is invalid.
func (*APIKeyAuthenticator) Authenticate ¶
func (a *APIKeyAuthenticator) Authenticate(ctx context.Context, r *http.Request) (context.Context, error)
Authenticate verifies the API key in the request.
Summary: Validates the API key from header, query, or cookie.
Parameters:
- ctx: context.Context. The request context.
- r: *http.Request. The HTTP request.
Returns:
- context.Context: Context with API key if valid.
- error: Error if unauthorized.
type Authenticator ¶
type Authenticator interface {
// Authenticate checks if a request is authenticated and returns the updated context.
//
// Summary: Authenticates a request.
//
// Parameters:
// - ctx: context.Context. The request context.
// - r: *http.Request. The HTTP request.
//
// Returns:
// - context.Context: The authenticated context (e.g. with user info).
// - error: An error if authentication fails.
Authenticate(ctx context.Context, r *http.Request) (context.Context, error)
}
Authenticator defines the interface for authentication mechanisms.
Summary: Interface for authenticating HTTP requests.
type BasicAuth ¶
type BasicAuth struct {
Username string
Password *configv1.SecretValue
}
BasicAuth implements UpstreamAuthenticator for basic HTTP authentication. It adds an "Authorization" header with the username and password.
Summary: Represents a BasicAuth.
func (*BasicAuth) Authenticate ¶
Authenticate sets the request's basic authentication credentials.
Parameters:
- req: The HTTP request to be modified.
Returns:
- nil on success, or an error if the secret cannot be resolved.
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type BasicAuthenticator ¶
BasicAuthenticator authenticates using HTTP Basic Auth and bcrypt password hashing.
Summary: Authenticates requests using HTTP Basic Auth.
func NewBasicAuthenticator ¶
func NewBasicAuthenticator(config *configv1.BasicAuth) *BasicAuthenticator
NewBasicAuthenticator creates a new BasicAuthenticator instance.
Summary: Initializes a BasicAuthenticator.
Parameters:
- config: *configv1.BasicAuth. The configuration settings.
Returns:
- *BasicAuthenticator: The initialized authenticator, or nil if config is invalid.
func (*BasicAuthenticator) Authenticate ¶
func (a *BasicAuthenticator) Authenticate(ctx context.Context, r *http.Request) (context.Context, error)
Authenticate validates the basic auth credentials.
Summary: Validates username and password hash.
Parameters:
- ctx: context.Context. The request context.
- r: *http.Request. The HTTP request.
Returns:
- context.Context: Authenticated context.
- error: Error if unauthorized.
type BearerTokenAuth ¶
type BearerTokenAuth struct {
Token *configv1.SecretValue
}
BearerTokenAuth implements UpstreamAuthenticator for bearer token-based authentication. It adds an "Authorization" header with a bearer token.
Summary: Represents a BearerTokenAuth.
func (*BearerTokenAuth) Authenticate ¶
func (b *BearerTokenAuth) Authenticate(req *http.Request) error
Authenticate adds the bearer token to the request's "Authorization" header.
Parameters:
- req: The HTTP request to be modified.
Returns:
- nil on success, or an error if the secret cannot be resolved.
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager oversees the authentication process for the server.
Summary: Manages authentication strategies and user sessions.
func NewManager ¶
func NewManager() *Manager
NewManager creates and initializes a new Manager with an empty authenticator registry.
Summary: Initializes a new Authentication Manager.
Returns:
- *Manager: A new Manager instance.
func (*Manager) AddAuthenticator ¶
func (am *Manager) AddAuthenticator(serviceID string, authenticator Authenticator) error
AddAuthenticator registers an authenticator for a given service ID.
Summary: Registers an authenticator for a service.
Parameters:
- serviceID: string. The service ID.
- authenticator: Authenticator. The authenticator instance.
Returns:
- error: Error if authenticator is nil.
Side Effects:
- Adds or updates an entry in the authenticators map.
func (*Manager) AddOAuth2Authenticator ¶
func (am *Manager) AddOAuth2Authenticator(ctx context.Context, serviceID string, config *OAuth2Config) error
AddOAuth2Authenticator creates and registers a new OAuth2Authenticator for a given service ID.
Summary: Helper to add an OAuth2 authenticator.
Parameters:
- ctx: context.Context. Context for initialization.
- serviceID: string. The service ID.
- config: *OAuth2Config. The OAuth2 configuration.
Returns:
- error: Error if creation fails.
func (*Manager) Authenticate ¶
func (am *Manager) Authenticate(ctx context.Context, serviceID string, r *http.Request) (context.Context, error)
Authenticate authenticates a request for a specific service.
Summary: Authenticates a request, checking service-specific or global rules.
Parameters:
- ctx: context.Context. The request context.
- serviceID: string. The service ID.
- r: *http.Request. The HTTP request.
Returns:
- context.Context: The authenticated context.
- error: Error if unauthorized.
func (*Manager) GetAuthenticator ¶
func (am *Manager) GetAuthenticator(serviceID string) (Authenticator, bool)
GetAuthenticator retrieves the authenticator registered for a specific service.
Summary: Looks up an authenticator by service ID.
Parameters:
- serviceID: string. The service ID.
Returns:
- Authenticator: The authenticator instance.
- bool: True if found.
func (*Manager) GetUser ¶
GetUser retrieves a user configuration by their ID.
Summary: Looks up a user by ID.
Parameters:
- id: string. The user ID.
Returns:
- *configv1.User: The user configuration.
- bool: True if found.
func (*Manager) HandleOAuthCallback ¶
func (am *Manager) HandleOAuthCallback(ctx context.Context, userID, serviceID, credentialID, code, redirectURL string) error
HandleOAuthCallback handles the OAuth2 callback code exchange.
Parameters:
- ctx (context.Context): The context for the request.
- userID (string): The userID parameter.
- serviceID (string): The serviceID parameter.
- credentialID (string): The credentialID parameter.
- code (string): The code parameter.
- redirectURL (string): The redirectURL parameter.
Returns:
- error: An error if the operation fails.
Errors:
- Returns an error if the operation fails or is invalid.
Side Effects:
- None
Summary: Executes HandleOAuthCallback operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*Manager) InitiateOAuth ¶
func (am *Manager) InitiateOAuth(ctx context.Context, userID, serviceID, credentialID, redirectURL string) (string, string, error)
InitiateOAuth starts the OAuth2 flow for a given service or credential. It returns the authorization URL and the state parameter.
Parameters:
- ctx (context.Context): The context for the request.
- userID (string): The userID parameter.
- serviceID (string): The serviceID parameter.
- credentialID (string): The credentialID parameter.
- redirectURL (string): The redirectURL parameter.
Returns:
- string: The resulting string.
- string: The resulting string.
- error: An error if the operation fails.
Errors:
- Returns an error if the operation fails or is invalid.
Side Effects:
- None
Summary: Executes InitiateOAuth operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*Manager) RemoveAuthenticator ¶
RemoveAuthenticator removes the authenticator for a given service ID.
Summary: Removes an authenticator by service ID.
Parameters:
- serviceID: string. The service ID.
Side Effects:
- Removes an entry from the authenticators map.
func (*Manager) SetAPIKey ¶
SetAPIKey sets the global API key for the server.
Summary: Sets the global API key.
Parameters:
- apiKey: string. The API key.
Side Effects:
- Updates the internal API key.
func (*Manager) SetStorage ¶
SetStorage sets the storage backend for the manager.
Summary: Configures the storage backend.
Parameters:
- s: storage.Storage. The storage implementation.
Side Effects:
- Updates the internal storage reference.
type MockOAuth2Server ¶
type MockOAuth2Server struct {
*httptest.Server
PrivateKey *rsa.PrivateKey
ClientID string
}
MockOAuth2Server serves as a mock OIDC/OAuth2 provider.
Summary: Represents a MockOAuth2Server.
func NewMockOAuth2Server ¶
func NewMockOAuth2Server(t *testing.T) *MockOAuth2Server
NewMockOAuth2Server creates a new mock OAuth2 server. t is the t. Returns the result.
Parameters:
- t (*testing.T): The t parameter.
Returns:
- *MockOAuth2Server: The resulting *MockOAuth2Server.
Errors:
- None
Side Effects:
- None
Summary: Initializes NewMockOAuth2Server operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*MockOAuth2Server) NewIDToken ¶
NewIDToken permits generating custom tokens signed by this server. t is the t. claims is the claims. Returns the result.
Parameters:
- t (*testing.T): The t parameter.
- claims (jwt.MapClaims): The claims parameter.
Returns:
- string: The resulting string.
Errors:
- None
Side Effects:
- None
Summary: Initializes NewIDToken operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type MockUpstreamAuthenticator ¶
MockUpstreamAuthenticator is a mock implementation of UpstreamAuthenticator for testing.
Summary: Represents a MockUpstreamAuthenticator.
func (*MockUpstreamAuthenticator) Authenticate ¶
func (m *MockUpstreamAuthenticator) Authenticate(req *http.Request) error
Authenticate executes the mock mock authentication function. req is the request object. Returns an error if the operation fails.
Parameters:
- req (*http.Request): The request object.
Returns:
- error: An error if the operation fails.
Errors:
- Returns an error if the operation fails or is invalid.
Side Effects:
- None
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type OAuth2Auth ¶
type OAuth2Auth struct {
ClientID *configv1.SecretValue
ClientSecret *configv1.SecretValue
TokenURL string
IssuerURL string
Scopes []string
// contains filtered or unexported fields
}
OAuth2Auth implements UpstreamAuthenticator for OAuth2 client credentials flow.
Summary: Represents a OAuth2Auth.
func (*OAuth2Auth) Authenticate ¶
func (o *OAuth2Auth) Authenticate(req *http.Request) error
Authenticate fetches a token and adds it to the request's "Authorization" header.
Parameters:
- req: The HTTP request to be modified.
Returns:
- nil on success, or an error if the token cannot be obtained.
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type OAuth2Authenticator ¶
type OAuth2Authenticator struct {
// contains filtered or unexported fields
}
OAuth2Authenticator implements the Authenticator interface for OAuth2-based authentication using OpenID Connect (OIDC). It validates JWTs (JSON Web Tokens) presented in the HTTP Authorization header.
Summary: Represents a OAuth2Authenticator.
func NewOAuth2Authenticator ¶
func NewOAuth2Authenticator(ctx context.Context, config *OAuth2Config) (*OAuth2Authenticator, error)
NewOAuth2Authenticator creates a new OAuth2Authenticator with the provided configuration. It initializes the OIDC provider and creates a verifier for validating ID tokens.
Parameters:
- ctx: The context for the OIDC provider initialization.
- config: The OAuth2 configuration, including the issuer URL and client ID.
Returns:
- A new OAuth2Authenticator.
- An error if the OIDC provider cannot be initialized.
Summary: Initializes NewOAuth2Authenticator operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*OAuth2Authenticator) Authenticate ¶
func (a *OAuth2Authenticator) Authenticate(ctx context.Context, r *http.Request) (context.Context, error)
Authenticate validates the JWT from the Authorization header of the request. It checks for a "Bearer" token and verifies its signature, expiration, and claims against the OIDC provider.
Parameters:
- ctx: The request context.
- r: The HTTP request to authenticate.
Returns:
- The context with the user's identity (email) on success.
- An error if authentication fails.
Summary: Executes Authenticate operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type OAuth2Config ¶
type OAuth2Config struct {
// IssuerURL is the URL of the OIDC provider's issuer. This is used to
// fetch the provider's public keys for token validation.
IssuerURL string
// verify that the token's 'aud' claim matches this value.
//
// Deprecated: Use Audiences instead.
Audience string
// Audiences is the list of intended audiences of the JWT. The authenticator will
// verify that the token's 'aud' claim matches at least one of these values.
Audiences []string
}
OAuth2Config holds the configuration for OAuth2 authentication. It is used to configure the OAuth2Authenticator with the necessary parameters to validate JWTs against an OIDC provider.
Summary: Represents a OAuth2Config.
type OIDCConfig ¶
OIDCConfig holds the configuration for the OIDC provider.
Summary: Represents a OIDCConfig.
type OIDCProvider ¶
type OIDCProvider struct {
// contains filtered or unexported fields
}
OIDCProvider handles OIDC authentication flow.
Summary: Represents a OIDCProvider.
func NewOIDCProvider ¶
func NewOIDCProvider(ctx context.Context, config OIDCConfig) (*OIDCProvider, error)
NewOIDCProvider creates a new OIDCProvider. ctx is the context for the request. config holds the configuration settings. Returns the result. Returns an error if the operation fails.
Parameters:
- ctx (context.Context): The context for the request.
- config (OIDCConfig): The config parameter.
Returns:
- *OIDCProvider: The resulting *OIDCProvider.
- error: An error if the operation fails.
Errors:
- Returns an error if the operation fails or is invalid.
Side Effects:
- None
Summary: Initializes NewOIDCProvider operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*OIDCProvider) HandleCallback ¶
func (p *OIDCProvider) HandleCallback(w http.ResponseWriter, r *http.Request)
HandleCallback handles the OIDC provider callback. w is the HTTP response writer. r is the HTTP request.
Parameters:
- w (http.ResponseWriter): The w parameter.
- r (*http.Request): The r parameter.
Returns:
- None
Errors:
- None
Side Effects:
- None
Summary: Executes HandleCallback operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*OIDCProvider) HandleLogin ¶
func (p *OIDCProvider) HandleLogin(w http.ResponseWriter, r *http.Request)
HandleLogin initiates the OIDC login flow. w is the HTTP response writer. r is the HTTP request.
Parameters:
- w (http.ResponseWriter): The w parameter.
- r (*http.Request): The r parameter.
Returns:
- None
Errors:
- None
Side Effects:
- None
Summary: Executes HandleLogin operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type PerRPCCredentials ¶
type PerRPCCredentials struct {
// contains filtered or unexported fields
}
PerRPCCredentials adapts an UpstreamAuthenticator to the gRPC credentials.PerRPCCredentials interface. It allows applying upstream authentication headers to outgoing gRPC requests.
Summary: Represents a PerRPCCredentials.
func (*PerRPCCredentials) GetRequestMetadata ¶
func (c *PerRPCCredentials) GetRequestMetadata(ctx context.Context, _ ...string) (map[string]string, error)
GetRequestMetadata retrieves the authentication metadata for an outgoing gRPC request. It uses the wrapped UpstreamAuthenticator to generate the necessary headers and transforms them into gRPC metadata. ctx is the context for the request. uri is the URI of the gRPC service being called.
Parameters:
- ctx (context.Context): The context for the request.
- _ (...string): The _ parameter.
Returns:
- map[string]string: The resulting map[string]string.
- error: An error if the operation fails.
Errors:
- Returns an error if the operation fails or is invalid.
Side Effects:
- None
Summary: Retrieves GetRequestMetadata operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*PerRPCCredentials) RequireTransportSecurity ¶
func (c *PerRPCCredentials) RequireTransportSecurity() bool
RequireTransportSecurity indicates whether a secure transport (e.g., TLS) is required for the credentials. This implementation returns false, but should be updated if TLS is enabled for the gRPC connection.
Parameters:
- None
Returns:
- bool: True if successful, false otherwise.
Errors:
- None
Side Effects:
- None
Summary: Executes RequireTransportSecurity operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type RBACEnforcer ¶
type RBACEnforcer struct {
}
RBACEnforcer handles Role-Based Access Control checks.
Summary: Represents a RBACEnforcer.
func NewRBACEnforcer ¶
func NewRBACEnforcer() *RBACEnforcer
NewRBACEnforcer creates a new RBACEnforcer. Returns the result.
Parameters:
- None
Returns:
- *RBACEnforcer: The resulting *RBACEnforcer.
Errors:
- None
Side Effects:
- None
Summary: Initializes NewRBACEnforcer operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*RBACEnforcer) HasAnyRole ¶
func (e *RBACEnforcer) HasAnyRole(user *configv1.User, roles []string) bool
HasAnyRole checks if the user has at least one of the specified roles. user is the user. roles is the roles. Returns true if successful.
Parameters:
- user (*configv1.User): The user parameter.
- roles ([]string): The roles parameter.
Returns:
- bool: True if successful, false otherwise.
Errors:
- None
Side Effects:
- None
Summary: Checks HasAnyRole operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*RBACEnforcer) HasRole ¶
func (e *RBACEnforcer) HasRole(user *configv1.User, role string) bool
HasRole checks if the given user has the specified role. user is the user. role is the role. Returns true if successful.
Parameters:
- user (*configv1.User): The user parameter.
- role (string): The role parameter.
Returns:
- bool: True if successful, false otherwise.
Errors:
- None
Side Effects:
- None
Summary: Checks HasRole operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
func (*RBACEnforcer) HasRoleInContext ¶
func (e *RBACEnforcer) HasRoleInContext(ctx context.Context, role string) bool
HasRoleInContext checks if the context contains the specified role. ctx is the context for the request. role is the role. Returns true if successful.
Parameters:
- ctx (context.Context): The context for the request.
- role (string): The role parameter.
Returns:
- bool: True if successful, false otherwise.
Errors:
- None
Side Effects:
- None
Summary: Checks HasRoleInContext operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
type TrustedHeaderAuthenticator ¶
type TrustedHeaderAuthenticator struct {
HeaderName string
HeaderValue string // Optional: if empty, just checks presence
}
TrustedHeaderAuthenticator authenticates using a trusted header.
Summary: Authenticates requests based on the presence/value of a specific header.
func NewTrustedHeaderAuthenticator ¶
func NewTrustedHeaderAuthenticator(config *configv1.TrustedHeaderAuth) *TrustedHeaderAuthenticator
NewTrustedHeaderAuthenticator creates a new TrustedHeaderAuthenticator instance.
Summary: Initializes a TrustedHeaderAuthenticator.
Parameters:
- config: *configv1.TrustedHeaderAuth. The configuration settings.
Returns:
- *TrustedHeaderAuthenticator: The initialized authenticator, or nil if config is invalid.
func (*TrustedHeaderAuthenticator) Authenticate ¶
func (a *TrustedHeaderAuthenticator) Authenticate(ctx context.Context, r *http.Request) (context.Context, error)
Authenticate validates the trusted header.
Summary: Checks for the trusted header.
Parameters:
- ctx: context.Context. The request context.
- r: *http.Request. The HTTP request.
Returns:
- context.Context: Authenticated context.
- error: Error if unauthorized.
type UpstreamAuthenticator ¶
type UpstreamAuthenticator interface {
// Authenticate modifies the given HTTP request to add authentication
// information, such as headers or basic auth credentials.
Authenticate(req *http.Request) error
}
UpstreamAuthenticator defines the interface for authentication methods used when communicating with upstream services. Each implementation is responsible for modifying the HTTP request to include the necessary authentication credentials.
Summary: Represents a UpstreamAuthenticator.
func NewUpstreamAuthenticator ¶
func NewUpstreamAuthenticator(authConfig *configv1.Authentication) (UpstreamAuthenticator, error)
NewUpstreamAuthenticator creates an `UpstreamAuthenticator` based on the provided authentication configuration. It supports API key, bearer token, and basic authentication, as well as substitution of environment variables in the authentication parameters.
If the `authConfig` is `nil`, no authenticator is created, and the function returns `nil, nil`. If the configuration is invalid (e.g., missing required fields), an error is returned.
Parameters:
- authConfig: The configuration that specifies the authentication method and its parameters.
Returns:
- An `UpstreamAuthenticator` implementation, or nil if no auth is configured.
- An error if the configuration is invalid.
NewUpstreamAuthenticator creates an `UpstreamAuthenticator` based on the provided authentication configuration. It supports API key, bearer token, and basic authentication, as well as substitution of environment variables in the authentication parameters.
If the `authConfig` is `nil`, no authenticator is created, and the function returns `nil, nil`. If the configuration is invalid (e.g., missing required fields), an error is returned.
Parameters:
- authConfig: The configuration that specifies the authentication method and its parameters.
Returns:
- An `UpstreamAuthenticator` implementation, or nil if no auth is configured.
- An error if the configuration is invalid.
Summary: Initializes NewUpstreamAuthenticator operation.
Parameters:
- TODO: Document parameters.
Returns:
- TODO: Document returns.
Errors:
- TODO: Document errors.
Side Effects:
- None.
Source Files