-
Notifications
You must be signed in to change notification settings - Fork 51
/
types.go
131 lines (104 loc) · 3.14 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package apiauth
import (
"crypto/tls"
"net"
"net/http"
"net/url"
"go.aporeto.io/enforcerd/trireme-lib/collector"
"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/pucontext"
"go.aporeto.io/enforcerd/trireme-lib/policy"
)
// Request captures all the important items of request that are needed
// for processing the authorization decision.
type Request struct {
// SourceAddress, only required for network authorization requests.
SourceAddress *net.TCPAddr
// OriginalDestination required for all requests.
OriginalDestination *net.TCPAddr
// HTTP header information.
Method string
URL *url.URL
RequestURI string
Header http.Header
Cookie *http.Cookie
// TLS information. This is optional if mutual TLS based authorization
// must be supported.
TLS *tls.ConnectionState
}
// NetworkAuthResponse is the decision of the authorization process.
type NetworkAuthResponse struct {
// Discovered service context and associated information.
PUContext *pucontext.PUContext
ServiceID string
Namespace string
// Network policy ID and service that affect the call.
NetworkPolicyID string
NetworkServiceID string
ObservedPolicyID string
ObservedAction policy.ActionType
// Definition of the source.
SourceType collector.EndPointType
SourcePUID string
// Action associated with the response and DropReason if dropped.
Action policy.ActionType
DropReason string
// Redirect information that should be used by the responder.
Redirect bool
RedirectURI string
Cookie *http.Cookie
Data string
Header http.Header
// UserAttrbutes discovered from the tokens.
UserAttributes []string
// TLSListener determines that TLS must be re-initiated towards
// the listener.
TLSListener bool
// Fields used when ping is enabled.
PingConfig *PingConfig
}
// PingConfig holds config specific for ping traffic.
type PingConfig struct {
PingID string
IterationID int
Claims []string
PayloadSize int
}
// AppAuthResponse is the decision of the authorization process.
type AppAuthResponse struct {
// Discovered context and service information
PUContext *pucontext.PUContext
ServiceID string
External bool
// Network policy ID and service ID that affect the response.
NetworkPolicyID string
NetworkServiceID string
// Action of the response and DropReason if the call must be dropped.
Action policy.ActionType
DropReason string
// Resolved token
Token string
// HookMethod is the corresponding HTTP rule hook method
HookMethod string
// TLSListener indicates that the external entity is a TLS listener,
// and we must start a TLS session. Only applies to External connections.
TLSListener bool
}
// AuthError implements the error interface, but provides additional information
// for the types of errors discovered.
type AuthError struct {
status int
message string
err error
}
// Error implement the string interface of error.
func (a *AuthError) Error() string {
return a.message
}
// Message returns the message of the error.
func (a *AuthError) Message() string {
return a.message
}
// Status returns the status of the message.
func (a *AuthError) Status() int {
return a.status
}