From 201ffdf9328aaccd104dc8688d033681e74acf57 Mon Sep 17 00:00:00 2001 From: Saman Mahdanian Date: Mon, 28 Aug 2023 16:05:47 +0330 Subject: [PATCH] added some doc files --- Makefile | 7 + api/v1alpha1/README.md | 569 +++++++++++++++++++++++++++++++++++++++++ controllers/README.md | 133 ++++++++++ pkg/auth/README.md | 294 +++++++++++++++++++++ 4 files changed, 1003 insertions(+) create mode 100644 api/v1alpha1/README.md create mode 100644 controllers/README.md create mode 100644 pkg/auth/README.md diff --git a/Makefile b/Makefile index 9e100d6..be49654 100644 --- a/Makefile +++ b/Makefile @@ -279,3 +279,10 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) + +.PHONY: gen-doc +gen-doc: + go install github.com/princjef/gomarkdoc/cmd/gomarkdoc@latest + mv README.md README.md.bck + ~/go/bin/gomarkdoc --output '{{.Dir}}/README.md' ./... + mv README.md.bck README.md diff --git a/api/v1alpha1/README.md b/api/v1alpha1/README.md new file mode 100644 index 0000000..c9058bc --- /dev/null +++ b/api/v1alpha1/README.md @@ -0,0 +1,569 @@ + + +# v1alpha1 + +```go +import "github.com/snapp-incubator/Cerberus/api/v1alpha1" +``` + +Package v1alpha1 contains API Schema definitions for the cerberus v1alpha1 API group \+kubebuilder:object:generate=true \+groupName=cerberus.snappcloud.io + +## Index + +- [Variables](<#variables>) +- [type AccessToken](<#AccessToken>) + - [func \(in \*AccessToken\) DeepCopy\(\) \*AccessToken](<#AccessToken.DeepCopy>) + - [func \(in \*AccessToken\) DeepCopyInto\(out \*AccessToken\)](<#AccessToken.DeepCopyInto>) + - [func \(in \*AccessToken\) DeepCopyObject\(\) runtime.Object](<#AccessToken.DeepCopyObject>) +- [type AccessTokenList](<#AccessTokenList>) + - [func \(in \*AccessTokenList\) DeepCopy\(\) \*AccessTokenList](<#AccessTokenList.DeepCopy>) + - [func \(in \*AccessTokenList\) DeepCopyInto\(out \*AccessTokenList\)](<#AccessTokenList.DeepCopyInto>) + - [func \(in \*AccessTokenList\) DeepCopyObject\(\) runtime.Object](<#AccessTokenList.DeepCopyObject>) +- [type AccessTokenSpec](<#AccessTokenSpec>) + - [func \(in \*AccessTokenSpec\) DeepCopy\(\) \*AccessTokenSpec](<#AccessTokenSpec.DeepCopy>) + - [func \(in \*AccessTokenSpec\) DeepCopyInto\(out \*AccessTokenSpec\)](<#AccessTokenSpec.DeepCopyInto>) +- [type AccessTokenState](<#AccessTokenState>) +- [type AccessTokenStatus](<#AccessTokenStatus>) + - [func \(in \*AccessTokenStatus\) DeepCopy\(\) \*AccessTokenStatus](<#AccessTokenStatus.DeepCopy>) + - [func \(in \*AccessTokenStatus\) DeepCopyInto\(out \*AccessTokenStatus\)](<#AccessTokenStatus.DeepCopyInto>) +- [type UpstreamHttpAuthService](<#UpstreamHttpAuthService>) +- [type WebService](<#WebService>) + - [func \(in \*WebService\) DeepCopy\(\) \*WebService](<#WebService.DeepCopy>) + - [func \(in \*WebService\) DeepCopyInto\(out \*WebService\)](<#WebService.DeepCopyInto>) + - [func \(in \*WebService\) DeepCopyObject\(\) runtime.Object](<#WebService.DeepCopyObject>) +- [type WebServiceList](<#WebServiceList>) + - [func \(in \*WebServiceList\) DeepCopy\(\) \*WebServiceList](<#WebServiceList.DeepCopy>) + - [func \(in \*WebServiceList\) DeepCopyInto\(out \*WebServiceList\)](<#WebServiceList.DeepCopyInto>) + - [func \(in \*WebServiceList\) DeepCopyObject\(\) runtime.Object](<#WebServiceList.DeepCopyObject>) +- [type WebServiceSpec](<#WebServiceSpec>) + - [func \(in \*WebServiceSpec\) DeepCopy\(\) \*WebServiceSpec](<#WebServiceSpec.DeepCopy>) + - [func \(in \*WebServiceSpec\) DeepCopyInto\(out \*WebServiceSpec\)](<#WebServiceSpec.DeepCopyInto>) +- [type WebServiceStatus](<#WebServiceStatus>) + - [func \(in \*WebServiceStatus\) DeepCopy\(\) \*WebServiceStatus](<#WebServiceStatus.DeepCopy>) + - [func \(in \*WebServiceStatus\) DeepCopyInto\(out \*WebServiceStatus\)](<#WebServiceStatus.DeepCopyInto>) +- [type WebserviceAccessBinding](<#WebserviceAccessBinding>) + - [func \(in \*WebserviceAccessBinding\) DeepCopy\(\) \*WebserviceAccessBinding](<#WebserviceAccessBinding.DeepCopy>) + - [func \(in \*WebserviceAccessBinding\) DeepCopyInto\(out \*WebserviceAccessBinding\)](<#WebserviceAccessBinding.DeepCopyInto>) + - [func \(in \*WebserviceAccessBinding\) DeepCopyObject\(\) runtime.Object](<#WebserviceAccessBinding.DeepCopyObject>) +- [type WebserviceAccessBindingList](<#WebserviceAccessBindingList>) + - [func \(in \*WebserviceAccessBindingList\) DeepCopy\(\) \*WebserviceAccessBindingList](<#WebserviceAccessBindingList.DeepCopy>) + - [func \(in \*WebserviceAccessBindingList\) DeepCopyInto\(out \*WebserviceAccessBindingList\)](<#WebserviceAccessBindingList.DeepCopyInto>) + - [func \(in \*WebserviceAccessBindingList\) DeepCopyObject\(\) runtime.Object](<#WebserviceAccessBindingList.DeepCopyObject>) +- [type WebserviceAccessBindingSpec](<#WebserviceAccessBindingSpec>) + - [func \(in \*WebserviceAccessBindingSpec\) DeepCopy\(\) \*WebserviceAccessBindingSpec](<#WebserviceAccessBindingSpec.DeepCopy>) + - [func \(in \*WebserviceAccessBindingSpec\) DeepCopyInto\(out \*WebserviceAccessBindingSpec\)](<#WebserviceAccessBindingSpec.DeepCopyInto>) +- [type WebserviceAccessBindingStatus](<#WebserviceAccessBindingStatus>) + - [func \(in \*WebserviceAccessBindingStatus\) DeepCopy\(\) \*WebserviceAccessBindingStatus](<#WebserviceAccessBindingStatus.DeepCopy>) + - [func \(in \*WebserviceAccessBindingStatus\) DeepCopyInto\(out \*WebserviceAccessBindingStatus\)](<#WebserviceAccessBindingStatus.DeepCopyInto>) + + +## Variables + + + +```go +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "cerberus.snappcloud.io", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) +``` + + +## type [AccessToken]() + +AccessToken is the Schema for the accesstokens API + +```go +type AccessToken struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AccessTokenSpec `json:"spec,omitempty"` + Status AccessTokenStatus `json:"status,omitempty"` +} +``` + + +### func \(\*AccessToken\) [DeepCopy]() + +```go +func (in *AccessToken) DeepCopy() *AccessToken +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessToken. + + +### func \(\*AccessToken\) [DeepCopyInto]() + +```go +func (in *AccessToken) DeepCopyInto(out *AccessToken) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*AccessToken\) [DeepCopyObject]() + +```go +func (in *AccessToken) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [AccessTokenList]() + +AccessTokenList contains a list of AccessToken + +```go +type AccessTokenList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AccessToken `json:"items"` +} +``` + + +### func \(\*AccessTokenList\) [DeepCopy]() + +```go +func (in *AccessTokenList) DeepCopy() *AccessTokenList +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenList. + + +### func \(\*AccessTokenList\) [DeepCopyInto]() + +```go +func (in *AccessTokenList) DeepCopyInto(out *AccessTokenList) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*AccessTokenList\) [DeepCopyObject]() + +```go +func (in *AccessTokenList) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [AccessTokenSpec]() + +AccessTokenSpec defines the desired state of AccessToken + +```go +type AccessTokenSpec struct { + + // State shows the state of the token (whether use token or it's just a draft) + // Valid values are: + // - "Active" (default): uses token in authorization procedure + // - "Expired": won't include token in authorization procedure + // - "Suspended": shows that the token is currently not usable but it may become Active later + // +optional + State AccessTokenState `json:"active,omitempty"` + + // IP Allow List is a list of IP and IP CIDRs that will be tested against X-Forwarded-For + // +optional + IpAllowList []string `json:"ipAllowList,omitempty"` + + // Domain Allow list is a list of Domain glob patterns that will be tested against Referer header + // +optional + DomainAllowList []string `json:"domainAllowList,omitempty"` + + // Secret Ref points to secret containing the API Key secret + // if it exists it will use the token value in it and will create a new secret if not exists + TokenSecretRef *corev1.LocalObjectReference `json:"secretRef,omitempty"` +} +``` + + +### func \(\*AccessTokenSpec\) [DeepCopy]() + +```go +func (in *AccessTokenSpec) DeepCopy() *AccessTokenSpec +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenSpec. + + +### func \(\*AccessTokenSpec\) [DeepCopyInto]() + +```go +func (in *AccessTokenSpec) DeepCopyInto(out *AccessTokenSpec) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +## type [AccessTokenState]() + +AccessTokenState describes the state of the token and shows if it should be included in authorization or not \+kubebuilder:validation:Enum=Active;Expired;Suspended + +```go +type AccessTokenState string +``` + + + +```go +const ( + // Cerberus will allow access to the token + ActiveState AccessTokenState = "Active" + + // Cerberus won't include the token and user needs to generate new one + ExpiredState AccessTokenState = "Expired" + + // Cerberus won't include the token but it may become Active again + SuspendedState AccessTokenState = "Suspended" +) +``` + + +## type [AccessTokenStatus]() + +AccessTokenStatus defines the observed state of AccessToken + +```go +type AccessTokenStatus struct { +} +``` + + +### func \(\*AccessTokenStatus\) [DeepCopy]() + +```go +func (in *AccessTokenStatus) DeepCopy() *AccessTokenStatus +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessTokenStatus. + + +### func \(\*AccessTokenStatus\) [DeepCopyInto]() + +```go +func (in *AccessTokenStatus) DeepCopyInto(out *AccessTokenStatus) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +## type [UpstreamHttpAuthService]() + + + +```go +type UpstreamHttpAuthService struct { + // Address of the upstream authentication service + Address string `json:"address,omitempty"` + + // +kubebuilder:default=Authorization + // ReadTokenFrom specifies which header contains the upstream Auth token in the request + ReadTokenFrom string `json:"readTokenFrom"` + + // +kubebuilder:default=Authorization + // WriteTokenTo specifies which header should carry token to upstream service + WriteTokenTo string `json:"writeTokenTo"` +} +``` + + +## type [WebService]() + +WebService is the Schema for the webservices API + +```go +type WebService struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WebServiceSpec `json:"spec,omitempty"` + Status WebServiceStatus `json:"status,omitempty"` +} +``` + + +### func \(\*WebService\) [DeepCopy]() + +```go +func (in *WebService) DeepCopy() *WebService +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebService. + + +### func \(\*WebService\) [DeepCopyInto]() + +```go +func (in *WebService) DeepCopyInto(out *WebService) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*WebService\) [DeepCopyObject]() + +```go +func (in *WebService) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [WebServiceList]() + +WebServiceList contains a list of WebService + +```go +type WebServiceList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []WebService `json:"items"` +} +``` + + +### func \(\*WebServiceList\) [DeepCopy]() + +```go +func (in *WebServiceList) DeepCopy() *WebServiceList +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebServiceList. + + +### func \(\*WebServiceList\) [DeepCopyInto]() + +```go +func (in *WebServiceList) DeepCopyInto(out *WebServiceList) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*WebServiceList\) [DeepCopyObject]() + +```go +func (in *WebServiceList) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [WebServiceSpec]() + +WebServiceSpec defines the desired state of WebService + +```go +type WebServiceSpec struct { + + // LookupHeader tells Cerberus which header should be used as Webservice name for the authentication + LookupHeader string `json:"lookupHeader,omitempty"` + + // UpstreamHttpAuth tells Cerberus whether it needs to forward + // authentication to another (HTTP) service or not + // +optional + UpstreamHttpAuth UpstreamHttpAuthService `json:"upstreamHttpAuth"` +} +``` + + +### func \(\*WebServiceSpec\) [DeepCopy]() + +```go +func (in *WebServiceSpec) DeepCopy() *WebServiceSpec +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebServiceSpec. + + +### func \(\*WebServiceSpec\) [DeepCopyInto]() + +```go +func (in *WebServiceSpec) DeepCopyInto(out *WebServiceSpec) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +## type [WebServiceStatus]() + +WebServiceStatus defines the observed state of WebService + +```go +type WebServiceStatus struct { +} +``` + + +### func \(\*WebServiceStatus\) [DeepCopy]() + +```go +func (in *WebServiceStatus) DeepCopy() *WebServiceStatus +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebServiceStatus. + + +### func \(\*WebServiceStatus\) [DeepCopyInto]() + +```go +func (in *WebServiceStatus) DeepCopyInto(out *WebServiceStatus) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +## type [WebserviceAccessBinding]() + +WebserviceAccessBinding is the Schema for the webserviceaccessbindings API + +```go +type WebserviceAccessBinding struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec WebserviceAccessBindingSpec `json:"spec,omitempty"` + Status WebserviceAccessBindingStatus `json:"status,omitempty"` +} +``` + + +### func \(\*WebserviceAccessBinding\) [DeepCopy]() + +```go +func (in *WebserviceAccessBinding) DeepCopy() *WebserviceAccessBinding +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebserviceAccessBinding. + + +### func \(\*WebserviceAccessBinding\) [DeepCopyInto]() + +```go +func (in *WebserviceAccessBinding) DeepCopyInto(out *WebserviceAccessBinding) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*WebserviceAccessBinding\) [DeepCopyObject]() + +```go +func (in *WebserviceAccessBinding) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [WebserviceAccessBindingList]() + +WebserviceAccessBindingList contains a list of WebserviceAccessBinding + +```go +type WebserviceAccessBindingList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []WebserviceAccessBinding `json:"items"` +} +``` + + +### func \(\*WebserviceAccessBindingList\) [DeepCopy]() + +```go +func (in *WebserviceAccessBindingList) DeepCopy() *WebserviceAccessBindingList +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebserviceAccessBindingList. + + +### func \(\*WebserviceAccessBindingList\) [DeepCopyInto]() + +```go +func (in *WebserviceAccessBindingList) DeepCopyInto(out *WebserviceAccessBindingList) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +### func \(\*WebserviceAccessBindingList\) [DeepCopyObject]() + +```go +func (in *WebserviceAccessBindingList) DeepCopyObject() runtime.Object +``` + +DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. + + +## type [WebserviceAccessBindingSpec]() + +WebserviceAccessBindingSpec defines the desired state of WebserviceAccessBinding + +```go +type WebserviceAccessBindingSpec struct { + + // Subjects are the name of AccessTokens which the access will be granted to + Subjects []string `json:"subjects,omitempty"` + + // WebServices are the target service accesses + Webservices []string `json:"webservices,omitempty"` +} +``` + + +### func \(\*WebserviceAccessBindingSpec\) [DeepCopy]() + +```go +func (in *WebserviceAccessBindingSpec) DeepCopy() *WebserviceAccessBindingSpec +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebserviceAccessBindingSpec. + + +### func \(\*WebserviceAccessBindingSpec\) [DeepCopyInto]() + +```go +func (in *WebserviceAccessBindingSpec) DeepCopyInto(out *WebserviceAccessBindingSpec) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + + +## type [WebserviceAccessBindingStatus]() + +WebserviceAccessBindingStatus defines the observed state of WebserviceAccessBinding + +```go +type WebserviceAccessBindingStatus struct { +} +``` + + +### func \(\*WebserviceAccessBindingStatus\) [DeepCopy]() + +```go +func (in *WebserviceAccessBindingStatus) DeepCopy() *WebserviceAccessBindingStatus +``` + +DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebserviceAccessBindingStatus. + + +### func \(\*WebserviceAccessBindingStatus\) [DeepCopyInto]() + +```go +func (in *WebserviceAccessBindingStatus) DeepCopyInto(out *WebserviceAccessBindingStatus) +``` + +DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non\-nil. + +Generated by [gomarkdoc]() diff --git a/controllers/README.md b/controllers/README.md new file mode 100644 index 0000000..10f0e31 --- /dev/null +++ b/controllers/README.md @@ -0,0 +1,133 @@ + + +# controllers + +```go +import "github.com/snapp-incubator/Cerberus/controllers" +``` + +## Index + +- [type AccessTokenReconciler](<#AccessTokenReconciler>) + - [func \(r \*AccessTokenReconciler\) Reconcile\(ctx context.Context, req ctrl.Request\) \(ctrl.Result, error\)](<#AccessTokenReconciler.Reconcile>) + - [func \(r \*AccessTokenReconciler\) SetupWithManager\(mgr ctrl.Manager\) error](<#AccessTokenReconciler.SetupWithManager>) +- [type ProcessCache](<#ProcessCache>) +- [type WebServiceReconciler](<#WebServiceReconciler>) + - [func \(r \*WebServiceReconciler\) Reconcile\(ctx context.Context, req ctrl.Request\) \(ctrl.Result, error\)](<#WebServiceReconciler.Reconcile>) + - [func \(r \*WebServiceReconciler\) SetupWithManager\(mgr ctrl.Manager\) error](<#WebServiceReconciler.SetupWithManager>) +- [type WebserviceAccessBindingReconciler](<#WebserviceAccessBindingReconciler>) + - [func \(r \*WebserviceAccessBindingReconciler\) Reconcile\(ctx context.Context, req ctrl.Request\) \(ctrl.Result, error\)](<#WebserviceAccessBindingReconciler.Reconcile>) + - [func \(r \*WebserviceAccessBindingReconciler\) SetupWithManager\(mgr ctrl.Manager\) error](<#WebserviceAccessBindingReconciler.SetupWithManager>) + + + +## type [AccessTokenReconciler]() + +AccessTokenReconciler reconciles a AccessToken object + +```go +type AccessTokenReconciler struct { + client.Client + Scheme *runtime.Scheme + Cache ProcessCache +} +``` + + +### func \(\*AccessTokenReconciler\) [Reconcile]() + +```go +func (r *AccessTokenReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) +``` + +Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO\(user\): Modify the Reconcile function to compare the state specified by the AccessToken object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user. + +For more details, check Reconcile and its Result here: \- https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile + + +### func \(\*AccessTokenReconciler\) [SetupWithManager]() + +```go +func (r *AccessTokenReconciler) SetupWithManager(mgr ctrl.Manager) error +``` + +SetupWithManager sets up the controller with the Manager. + + +## type [ProcessCache]() + + + +```go +type ProcessCache interface { + UpdateCache(client.Client, context.Context) error +} +``` + + +## type [WebServiceReconciler]() + +WebServiceReconciler reconciles a WebService object + +```go +type WebServiceReconciler struct { + client.Client + Scheme *runtime.Scheme + Cache ProcessCache +} +``` + + +### func \(\*WebServiceReconciler\) [Reconcile]() + +```go +func (r *WebServiceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) +``` + +Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO\(user\): Modify the Reconcile function to compare the state specified by the WebService object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user. + +For more details, check Reconcile and its Result here: \- https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile + + +### func \(\*WebServiceReconciler\) [SetupWithManager]() + +```go +func (r *WebServiceReconciler) SetupWithManager(mgr ctrl.Manager) error +``` + +SetupWithManager sets up the controller with the Manager. + + +## type [WebserviceAccessBindingReconciler]() + +WebserviceAccessBindingReconciler reconciles a WebserviceAccessBinding object + +```go +type WebserviceAccessBindingReconciler struct { + client.Client + Scheme *runtime.Scheme + Cache ProcessCache +} +``` + + +### func \(\*WebserviceAccessBindingReconciler\) [Reconcile]() + +```go +func (r *WebserviceAccessBindingReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) +``` + +Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state. TODO\(user\): Modify the Reconcile function to compare the state specified by the WebserviceAccessBinding object against the actual cluster state, and then perform operations to make the cluster state reflect the state specified by the user. + +For more details, check Reconcile and its Result here: \- https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile + + +### func \(\*WebserviceAccessBindingReconciler\) [SetupWithManager]() + +```go +func (r *WebserviceAccessBindingReconciler) SetupWithManager(mgr ctrl.Manager) error +``` + +SetupWithManager sets up the controller with the Manager. + +Generated by [gomarkdoc]() diff --git a/pkg/auth/README.md b/pkg/auth/README.md new file mode 100644 index 0000000..20cda72 --- /dev/null +++ b/pkg/auth/README.md @@ -0,0 +1,294 @@ + + +# auth + +```go +import "github.com/snapp-incubator/Cerberus/pkg/auth" +``` + +## Index + +- [func NewServerCredentials\(certPath string, keyPath string, caPath string\) \(credentials.TransportCredentials, error\)](<#NewServerCredentials>) +- [func RegisterServer\(srv \*grpc.Server, c Checker\)](<#RegisterServer>) +- [func RunServer\(ctx context.Context, listener net.Listener, srv \*grpc.Server\) error](<#RunServer>) +- [type AccessCache](<#AccessCache>) +- [type AccessCacheEntry](<#AccessCacheEntry>) +- [type Authenticator](<#Authenticator>) + - [func NewAuthenticator\(logger logr.Logger\) \(\*Authenticator, error\)](<#NewAuthenticator>) + - [func \(a \*Authenticator\) Check\(ctx context.Context, request \*Request\) \(\*Response, error\)](<#Authenticator.Check>) + - [func \(a \*Authenticator\) TestAccess\(wsvc string, token string\) \(bool, CerberusReason\)](<#Authenticator.TestAccess>) + - [func \(a \*Authenticator\) UpdateCache\(c client.Client, ctx context.Context\) error](<#Authenticator.UpdateCache>) +- [type CerberusReason](<#CerberusReason>) +- [type CheckRequestV2](<#CheckRequestV2>) +- [type CheckRequestV3](<#CheckRequestV3>) +- [type CheckResponseV2](<#CheckResponseV2>) +- [type CheckResponseV3](<#CheckResponseV3>) +- [type Checker](<#Checker>) +- [type Request](<#Request>) + - [func \(r \*Request\) FromV2\(c \*CheckRequestV2\) \*Request](<#Request.FromV2>) + - [func \(r \*Request\) FromV3\(c \*CheckRequestV3\) \*Request](<#Request.FromV3>) +- [type Response](<#Response>) + - [func \(r \*Response\) AsV2\(\) \*CheckResponseV2](<#Response.AsV2>) + - [func \(r \*Response\) AsV3\(\) \*CheckResponseV3](<#Response.AsV3>) +- [type ServicesCache](<#ServicesCache>) +- [type Testserver](<#Testserver>) + - [func \(t \*Testserver\) Check\(xts context.Context, request \*Request\) \(\*Response, error\)](<#Testserver.Check>) + + + +## func [NewServerCredentials]() + +```go +func NewServerCredentials(certPath string, keyPath string, caPath string) (credentials.TransportCredentials, error) +``` + +NewServerCredentials loads TLS transport credentials for the GRPC server. + + +## func [RegisterServer]() + +```go +func RegisterServer(srv *grpc.Server, c Checker) +``` + +RegisterServer registers the Checker with the external authorization GRPC server. + + +## func [RunServer]() + +```go +func RunServer(ctx context.Context, listener net.Listener, srv *grpc.Server) error +``` + +RunServer runs the server until signaled by stopChan. + + +## type [AccessCache]() + + + +```go +type AccessCache map[string]AccessCacheEntry +``` + + +## type [AccessCacheEntry]() + + + +```go +type AccessCacheEntry struct { + cerberusv1alpha1.AccessToken + // contains filtered or unexported fields +} +``` + + +## type [Authenticator]() + + + +```go +type Authenticator struct { + // contains filtered or unexported fields +} +``` + + +### func [NewAuthenticator]() + +```go +func NewAuthenticator(logger logr.Logger) (*Authenticator, error) +``` + + + + +### func \(\*Authenticator\) [Check]() + +```go +func (a *Authenticator) Check(ctx context.Context, request *Request) (*Response, error) +``` + + + + +### func \(\*Authenticator\) [TestAccess]() + +```go +func (a *Authenticator) TestAccess(wsvc string, token string) (bool, CerberusReason) +``` + + + + +### func \(\*Authenticator\) [UpdateCache]() + +```go +func (a *Authenticator) UpdateCache(c client.Client, ctx context.Context) error +``` + +TODO add Secrets to be watched + + +## type [CerberusReason]() + + + +```go +type CerberusReason string +``` + + + +```go +const ( + CerberusReasonOK CerberusReason = "ok" + CerberusReasonUnauthorized CerberusReason = "unauthorized" + CerberusReasonTokenEmpty CerberusReason = "token-empty" + CerberusReasonLookupEmpty CerberusReason = "lookup-empty" + CerberusReasonTokenNotFound CerberusReason = "token-notfound" + CerberusReasonWebserviceNotFound CerberusReason = "webservice-notfound" +) +``` + + +## type [CheckRequestV2]() + + + +```go +type CheckRequestV2 = envoy_service_auth_v2.CheckRequest //nolint:golint +``` + + +## type [CheckRequestV3]() + + + +```go +type CheckRequestV3 = envoy_service_auth_v3.CheckRequest //nolint:golint +``` + + +## type [CheckResponseV2]() + + + +```go +type CheckResponseV2 = envoy_service_auth_v2.CheckResponse //nolint:golint +``` + + +## type [CheckResponseV3]() + + + +```go +type CheckResponseV3 = envoy_service_auth_v3.CheckResponse //nolint:golint +``` + + +## type [Checker]() + +Checker is an implementation of the Envoy External Auth API. + +https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v3/external_auth.proto https://github.com/envoyproxy/envoy/blob/release/v1.14/api/envoy/service/auth/v2/external_auth.proto + +```go +type Checker interface { + Check(context.Context, *Request) (*Response, error) +} +``` + + +## type [Request]() + +Request captures the information needed to process a CheckRequest. + +```go +type Request struct { + Context map[string]string + Request http.Request + ID string +} +``` + + +### func \(\*Request\) [FromV2]() + +```go +func (r *Request) FromV2(c *CheckRequestV2) *Request +``` + +FromV2 initializes a Request from a v2 CheckRequest. + + +### func \(\*Request\) [FromV3]() + +```go +func (r *Request) FromV3(c *CheckRequestV3) *Request +``` + +FromV3 initializes a Request from a v3 CheckRequest. + + +## type [Response]() + +Response captures the information needed to generate a CheckResponse. + +```go +type Response struct { + Allow bool + Response http.Response +} +``` + + +### func \(\*Response\) [AsV2]() + +```go +func (r *Response) AsV2() *CheckResponseV2 +``` + +AsV2 converts to a v2 CheckResponse. + + +### func \(\*Response\) [AsV3]() + +```go +func (r *Response) AsV3() *CheckResponseV3 +``` + +AsV3 converts to a v3 CheckResponse. + + +## type [ServicesCache]() + + + +```go +type ServicesCache map[string]struct{} +``` + + +## type [Testserver]() + +Testserver is a no\-op implementation of the Checker interface. For testing only. + +```go +type Testserver struct { + Log logr.Logger +} +``` + + +### func \(\*Testserver\) [Check]() + +```go +func (t *Testserver) Check(xts context.Context, request *Request) (*Response, error) +``` + +Check ... + +Generated by [gomarkdoc]()