github.com/google/fleetspeak@v0.1.15-0.20240426164851-4f31f62c1aea/fleetspeak/src/server/components/authorizer/authorizer.go (about) 1 // Copyright 2019 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package authorizer provide generic implementations and utility methods 16 // for Fleetspeak's authorizer component type. 17 package authorizer 18 19 import ( 20 "net" 21 22 "github.com/google/fleetspeak/fleetspeak/src/server/authorizer" 23 24 fspb "github.com/google/fleetspeak/fleetspeak/src/common/proto/fleetspeak" 25 ) 26 27 // LabelFilter is an authorizer.Authorizer which refuses connections from 28 // clients that do not have a specific label. 29 type LabelFilter struct { 30 Label string 31 } 32 33 // Allow1 implements Authorizer. 34 func (f LabelFilter) Allow1(net.Addr) bool { return true } 35 36 // Allow2 implements Authorizer. 37 func (f LabelFilter) Allow2(_ net.Addr, i authorizer.ContactInfo) bool { 38 if f.Label == "" { 39 return true 40 } 41 for _, l := range i.ClientLabels { 42 if l == f.Label { 43 return true 44 } 45 } 46 return false 47 } 48 49 // Allow3 implements Authorizer. 50 func (f LabelFilter) Allow3(net.Addr, authorizer.ContactInfo, authorizer.ClientInfo) bool { 51 return true 52 } 53 54 // Allow4 implements Authorizer. 55 func (f LabelFilter) Allow4(net.Addr, authorizer.ContactInfo, authorizer.ClientInfo, []authorizer.SignatureInfo) (bool, *fspb.ValidationInfo) { 56 return true, nil 57 }