-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
auth: introduce hive cell (modularization)
The auth manager itself is defined as cell which gets registered in the cell "control plane". This way, the daemon cell doesn't need to know about the details how to initialize the auth manager and its internal components. Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
- Loading branch information
1 parent
6821a82
commit 60ba1cf
Showing
5 changed files
with
50 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// Copyright Authors of Cilium | ||
|
||
package auth | ||
|
||
import ( | ||
"github.com/cilium/cilium/pkg/auth/monitor" | ||
"github.com/cilium/cilium/pkg/endpointmanager" | ||
"github.com/cilium/cilium/pkg/hive/cell" | ||
"github.com/cilium/cilium/pkg/monitor/agent/consumer" | ||
) | ||
|
||
// Cell provides the auth.Manager which is responsible for request authentication. | ||
// It does this, by implementing consumer.MonitorConsumer and reacting upon | ||
// monitor.DropNotify events with reason flow.DropReason_AUTH_REQUIRED. | ||
// The actual authentication gets performed by an auth handler which is | ||
// responsible for the configured auth type on the corresponding policy. | ||
var Cell = cell.Module( | ||
"auth-manager", | ||
"Authenticates requests as demanded by policy", | ||
|
||
cell.Provide(newManager), | ||
) | ||
|
||
type authManagerParams struct { | ||
cell.In | ||
|
||
EndpointManager endpointmanager.EndpointManager | ||
} | ||
|
||
type Manager interface { | ||
consumer.MonitorConsumer | ||
} | ||
|
||
func newManager(params authManagerParams) Manager { | ||
return monitor.AddAuthManager(NewAuthManager(params.EndpointManager)) | ||
} |