Oathkeeper

  • Identity Charmers
Channel Revision Published Runs on
latest/stable 39 24 Apr 2024
Ubuntu 22.04
latest/edge 70 09 Dec 2024
Ubuntu 22.04
0.3/edge 63 07 Nov 2024
Ubuntu 22.04
0.2/stable 41 25 Apr 2024
Ubuntu 22.04
0.2/edge 41 25 Apr 2024
Ubuntu 22.04
juju deploy oathkeeper
Show information

Platform:

charms.oathkeeper.v0.forward_auth

Interface library for providing API Gateways with Identity and Access Proxy information.

It is required to integrate with Oathkeeper (Policy Decision Point).

Getting Started

To get started using the library, you need to fetch the library using charmcraft. Note that you also need to add jsonschema to your charm's requirements.txt.

cd some-charm
charmcraft fetch-lib charms.oathkeeper.v0.forward_auth

To use the library from the requirer side, add the following to the metadata.yaml of the charm:

requires:
  forward-auth:
    interface: forward_auth
    limit: 1

Then, to initialise the library:

from charms.oathkeeper.v0.forward_auth import AuthConfigChangedEvent, ForwardAuthRequirer

class ApiGatewayCharm(CharmBase):
    def __init__(self, *args):
        # ...
        self.forward_auth = ForwardAuthRequirer(self)
        self.framework.observe(
            self.forward_auth.on.auth_config_changed,
            self.some_event_function
            )

    def some_event_function(self, event: AuthConfigChangedEvent):
        if self.forward_auth.is_ready():
            # Fetch the relation info
            forward_auth_data = self.forward_auth.get_forward_auth_data()
            # update ingress configuration
            # ...

class ForwardAuthConfigError

Description

Emitted when invalid forward auth config is provided. None

class DataValidationError

Description

Raised when data validation fails on relation data. None

class ForwardAuthRelation

Description

A class containing helper methods for forward-auth relation. None

Methods

class ForwardAuthConfig

Description

Helper class containing configuration required by API Gateway to set up the proxy. None

Methods

ForwardAuthConfig. from_dict( cls , dic: Dict )

Description

Generate ForwardAuthConfig instance from dict. None

ForwardAuthConfig. to_dict( self )

Description

Convert object to dict. None

class ForwardAuthRequirerConfig

Helper class containing configuration required by Oathkeeper.

Description

Its purpose is to evaluate whether apps can be protected by IAP.

Methods

ForwardAuthRequirerConfig. to_dict( self )

Description

Convert object to dict. None

class AuthConfigChangedEvent

Description

Event to notify the requirer charm that the forward-auth config has changed. None

Methods

AuthConfigChangedEvent. __init__( self , handle: Handle , decisions_address: str , app_names , headers , relation_id: int , relation_app_name: str )

AuthConfigChangedEvent. snapshot( self )

Description

Save event. None

AuthConfigChangedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class AuthConfigRemovedEvent

Description

Event to notify the requirer charm that the forward-auth config was removed. None

Methods

AuthConfigRemovedEvent. __init__( self , handle: Handle , relation_id: int )

AuthConfigRemovedEvent. snapshot( self )

Description

Save event. None

AuthConfigRemovedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class ForwardAuthRequirerEvents

Description

Event descriptor for events raised by ForwardAuthRequirer. None

class ForwardAuthRequirer

Description

Requirer side of the forward-auth relation. None

Methods

ForwardAuthRequirer. __init__( self , charm: CharmBase )

ForwardAuthRequirer. update_requirer_relation_data( self , ingress_app_names , relation_id )

Description

Update the relation databag with app names that can get IAP protection. None

ForwardAuthRequirer. get_provider_info( self , relation_id )

Description

Get the provider information from the databag. None

ForwardAuthRequirer. get_remote_app_name( self , relation_id )

Description

Get the remote app name. None

ForwardAuthRequirer. is_ready( self , relation_id )

Checks whether ForwardAuth is ready on this relation.

Description

Returns True when Oathkeeper shared the config; False otherwise.

ForwardAuthRequirer. is_protected_app( self , app )

Description

Checks whether a given app requested to be protected by IAP. None

class ForwardAuthProxySet

Description

Event to notify the charm that the proxy was set successfully. None

Methods

ForwardAuthProxySet. snapshot( self )

Description

Save event. None

ForwardAuthProxySet. restore( self , snapshot: Dict )

Description

Restore event. None

class InvalidForwardAuthConfigEvent

Description

Event to notify the charm that the forward-auth configuration is invalid. None

Methods

InvalidForwardAuthConfigEvent. __init__( self , handle: Handle , error: str )

InvalidForwardAuthConfigEvent. snapshot( self )

Description

Save event. None

InvalidForwardAuthConfigEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class ForwardAuthRelationRemovedEvent

Description

Event to notify the charm that the relation was removed. None

Methods

ForwardAuthRelationRemovedEvent. __init__( self , handle: Handle , relation_id: int )

ForwardAuthRelationRemovedEvent. snapshot( self )

Description

Save event. None

ForwardAuthRelationRemovedEvent. restore( self , snapshot: Dict )

Description

Restore event. None

class ForwardAuthProviderEvents

Description

Event descriptor for events raised by ForwardAuthProvider. None

class ForwardAuthProvider

Description

Provider side of the forward-auth relation. None

Methods

ForwardAuthProvider. __init__( self , charm: CharmBase , relation_name: str , forward_auth_config )

ForwardAuthProvider. update_forward_auth_config( self , forward_auth_config: ForwardAuthConfig , relation_id )

Description

Update the forward-auth config stored in the object. None