Oathkeeper

  • Identity Charmers
Channel Revision Published Runs on
latest/stable 39 24 Apr 2024
Ubuntu 22.04
latest/edge 70 09 Dec 2024
Ubuntu 22.04
0.3/edge 63 07 Nov 2024
Ubuntu 22.04
0.2/stable 41 25 Apr 2024
Ubuntu 22.04
0.2/edge 41 25 Apr 2024
Ubuntu 22.04
juju deploy oathkeeper
Show information

Platform:

charms.oathkeeper.v0.auth_proxy

Interface library for providing Oathkeeper with downstream charms' auth-proxy information.

It is required to integrate a charm into an Identity and Access Proxy (IAP).

Getting Started

To get started using the library, you need to fetch the library using charmcraft. Note that you also need to add jsonschema to your charm's requirements.txt.

cd some-charm
charmcraft fetch-lib charms.oathkeeper.v0.auth_proxy

To use the library from the requirer side, add the following to the metadata.yaml of the charm:

requires:
  auth-proxy:
    interface: auth_proxy
    limit: 1

Then, to initialise the library:

from charms.oathkeeper.v0.auth_proxy import AuthProxyConfig, AuthProxyRequirer

AUTH_PROXY_ALLOWED_ENDPOINTS = ["welcome", "about/app"]
AUTH_PROXY_HEADERS = ["X-User", "X-Some-Header"]

class SomeCharm(CharmBase):
    def __init__(self, *args):
        # ...
        self.auth_proxy = AuthProxyRequirer(self, self._auth_proxy_config)

        @property
        def external_urls(self) -> list:
            # Get ingress-per-unit or externally-configured web urls
            # ...
            return ["https://example.com/unit-0", "https://example.com/unit-1"]

        @property
        def _auth_proxy_config(self) -> AuthProxyConfig:
            return AuthProxyConfig(
                protected_urls=self.external_urls,
                allowed_endpoints=AUTH_PROXY_ALLOWED_ENDPOINTS,
                headers=AUTH_PROXY_HEADERS
            )

        def _on_ingress_ready(self, event):
            self._configure_auth_proxy()

        def _configure_auth_proxy(self):
            self.auth_proxy.update_auth_proxy_config(auth_proxy_config=self._auth_proxy_config)

class AuthProxyConfigError

Description

Emitted when invalid auth proxy config is provided. None

class DataValidationError

Description

Raised when data validation fails on relation data. None

class AuthProxyRelation

Description

A class containing helper methods for auth-proxy relation. None

Methods

class AuthProxyConfig

Description

Helper class containing a configuration for the charm related with Oathkeeper. None

Methods

AuthProxyConfig. validate( self )

Description

Validate the auth proxy configuration. None

AuthProxyConfig. to_dict( self )

Description

Convert object to dict. None

class AuthProxyConfigChangedEvent

Description

Event to notify the Provider charm that the auth proxy config has changed. None

Methods

AuthProxyConfigChangedEvent. __init__( self , handle: Handle , protected_urls , headers , allowed_endpoints , relation_id: int , relation_app_name: str )

AuthProxyConfigChangedEvent. snapshot( self )

Description

Save event. None

AuthProxyConfigChangedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

AuthProxyConfigChangedEvent. to_auth_proxy_config( self )

Description

Convert the event information to an AuthProxyConfig object. None

class AuthProxyConfigRemovedEvent

Description

Event to notify the provider charm that the auth proxy config was removed. None

Methods

AuthProxyConfigRemovedEvent. __init__( self , handle: Handle , relation_id: int )

AuthProxyConfigRemovedEvent. snapshot( self )

Description

Save event. None

AuthProxyConfigRemovedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class AuthProxyProviderEvents

Description

Event descriptor for events raised by AuthProxyProvider. None

class AuthProxyProvider

Description

Provider side of the auth-proxy relation. None

Methods

AuthProxyProvider. __init__( self , charm: CharmBase , relation_name: str )

AuthProxyProvider. get_headers( self )

Description

Returns the list of headers from all relations. None

AuthProxyProvider. get_app_names( self )

Description

Returns the list of all related app names. None

class InvalidAuthProxyConfigEvent

Description

Event to notify the charm that the auth proxy configuration is invalid. None

Methods

InvalidAuthProxyConfigEvent. __init__( self , handle: Handle , error: str )

InvalidAuthProxyConfigEvent. snapshot( self )

Description

Save event. None

InvalidAuthProxyConfigEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class AuthProxyRelationRemovedEvent

Description

Custom event to notify the charm that the relation was removed. None

Methods

AuthProxyRelationRemovedEvent. snapshot( self )

Description

Save event. None

AuthProxyRelationRemovedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class AuthProxyRequirerEvents

Description

Event descriptor for events raised by AuthProxyRequirer. None

class AuthProxyRequirer

Description

Requirer side of the auth-proxy relation. None

Methods

AuthProxyRequirer. __init__( self , charm: CharmBase , auth_proxy_config , relation_name: str )

AuthProxyRequirer. update_auth_proxy_config( self , auth_proxy_config: AuthProxyConfig , relation_id )

Description

Update the auth proxy config stored in the object. None