pub struct AppHandler<A, Z = AllowAllAuthorizer> { /* private fields */ }Expand description
Adapts the engine pipeline to the transport’s IngressHandler contract,
authenticating each request with the configured Authenticator and, after
authentication, authorizing it with the configured Authorizer (default
AllowAllAuthorizer, no second policy layer until one is supplied).
Implementations§
Source§impl<A: Authenticator> AppHandler<A, AllowAllAuthorizer>
impl<A: Authenticator> AppHandler<A, AllowAllAuthorizer>
Sourcepub fn new(pipeline: AppPipeline, authenticator: A) -> Self
pub fn new(pipeline: AppPipeline, authenticator: A) -> Self
Wraps a pipeline and an authenticator (no request logging by default, and
the allow-all authorizer until Self::with_authorizer supplies one).
Source§impl<A: Authenticator, Z: Authorizer> AppHandler<A, Z>
impl<A: Authenticator, Z: Authorizer> AppHandler<A, Z>
Sets the post-authentication Authorizer (builder style). Replaces the
default allow-all policy; the principal is already resolved, so the
authorizer decides only whether that principal may perform the action.
Sourcepub fn with_forward_policy(self, policy: ForwardPolicy) -> Self
pub fn with_forward_policy(self, policy: ForwardPolicy) -> Self
Sets the client-to-upstream header forwarding policy (builder style).
Default pass-all (sidecar trust). Restrict it to keep specific headers
(e.g. authorization) off the cluster, or disable forwarding entirely.
Sourcepub fn with_capture(self, capture: Box<dyn Capture>) -> Self
pub fn with_capture(self, capture: Box<dyn Capture>) -> Self
Sets the full-fidelity traffic capture (builder style). Off by default.
Compose redaction with capture::RedactingCapture; the stream carries
bodies and values, so treat it as privileged.
Sourcepub fn with_debug_endpoints(self, enabled: bool) -> Self
pub fn with_debug_endpoints(self, enabled: bool) -> Self
Sets whether the pre-auth /debug/explain and /debug/breakglass
surfaces are served (builder style). Default true; set false in
production so operational metadata is not exposed unauthenticated.
Sourcepub fn with_require_tls_for_mutation(self, require: bool) -> Self
pub fn with_require_tls_for_mutation(self, require: bool) -> Self
Sets whether body-mutating requests are refused over cleartext (NFR-S1).
Builder style; default true (enforce). Pass false only on a trusted
network where the operator accepts mutating over cleartext.
Sourcepub fn pipeline(&self) -> &AppPipeline
pub fn pipeline(&self) -> &AppPipeline
The pipeline this handler serves, a read-only accessor for introspection
(e.g. the perf harness reading upstream pool_stats after a load run).
Sourcepub fn with_request_log(self, request_log: Box<dyn RequestLog>) -> Self
pub fn with_request_log(self, request_log: Box<dyn RequestLog>) -> Self
Sets the structured per-request logger (builder style). Default: no logs.
Sourcepub fn with_directive_admin(
self,
store: Arc<InMemoryDirectiveStore>,
token: String,
clock: Arc<dyn Clock>,
) -> Self
pub fn with_directive_admin( self, store: Arc<InMemoryDirectiveStore>, token: String, clock: Arc<dyn Clock>, ) -> Self
Enables the POST /admin/directives channel (builder style): publishes a
fleet directive set into store when the request carries the bearer
token. Without this, the endpoint reports not_enabled.
Trait Implementations§
Source§impl<A, Z> Debug for AppHandler<A, Z>
impl<A, Z> Debug for AppHandler<A, Z>
Source§impl<A: Authenticator, Z: Authorizer> IngressHandler for AppHandler<A, Z>
impl<A: Authenticator, Z: Authorizer> IngressHandler for AppHandler<A, Z>
Source§async fn handle(&self, req: IngressRequest) -> IngressResponse
async fn handle(&self, req: IngressRequest) -> IngressResponse
Send so connections
can be served on the multi-threaded runtime.Source§fn forward_plan(&self, path: &str, logical_index: &str) -> bool
fn forward_plan(&self, path: &str, logical_index: &str) -> bool
false by default (every
request is buffered and handled by handle). Verbatim
passthrough forwards every method, so the decision is path/index-only.Source§async fn handle_forward(
&self,
req: IngressRequest,
body: Incoming,
) -> StreamingResponse
async fn handle_forward( &self, req: IngressRequest, body: Incoming, ) -> StreamingResponse
body is the downstream request body
piped straight to the upstream, and the returned StreamingResponse’s
body is the upstream response piped straight back, neither buffered.
Called only when forward_plan returned true; req
carries the parsed head (its body field is empty, the body is the body
argument). The default returns 500, so a handler that opts in via
forward_plan must implement it.Source§fn wants_search_stream(
&self,
endpoint: EndpointKind,
query: Option<&str>,
) -> bool
fn wants_search_stream( &self, endpoint: EndpointKind, query: Option<&str>, ) -> bool
_search should have its response streamed back through
the hit transform (ADR-014, final stage) rather than buffered: decided from
the endpoint + query (e.g. a scroll-opening search keeps the buffered path).
The request body is still buffered first (it is small); only the response
streams. false by default.Source§async fn handle_search_stream(&self, req: IngressRequest) -> StreamingResponse
async fn handle_search_stream(&self, req: IngressRequest) -> StreamingResponse
_search: req carries the (buffered) query
body; the returned StreamingResponse’s body is the upstream hits
envelope piped back through the hit transform without buffering. Called only
when wants_search_stream returned true.
Default 500.Source§fn wants_bulk_stream(
&self,
endpoint: EndpointKind,
headers: &[(String, String)],
) -> bool
fn wants_bulk_stream( &self, endpoint: EndpointKind, headers: &[(String, String)], ) -> bool
_bulk request should be stream-demuxed (ADR-014 stage 4)
rather than buffered: decided from the endpoint + headers (e.g. the write
mode) alone, so the transport can avoid buffering the whole batch. false
by default.Source§async fn handle_bulk_stream(
&self,
req: IngressRequest,
body: Incoming,
) -> IngressResponse
async fn handle_bulk_stream( &self, req: IngressRequest, body: Incoming, ) -> IngressResponse
_bulk: body is the NDJSON batch, framed and
dispatched op by op without buffering the whole thing. Called only when
wants_bulk_stream returned true. Default 500.Auto Trait Implementations§
impl<A, Z = AllowAllAuthorizer> !Freeze for AppHandler<A, Z>
impl<A, Z = AllowAllAuthorizer> !RefUnwindSafe for AppHandler<A, Z>
impl<A, Z = AllowAllAuthorizer> !UnwindSafe for AppHandler<A, Z>
impl<A, Z> Send for AppHandler<A, Z>
impl<A, Z> Sync for AppHandler<A, Z>
impl<A, Z> Unpin for AppHandler<A, Z>
impl<A, Z> UnsafeUnpin for AppHandler<A, Z>where
A: UnsafeUnpin,
Z: UnsafeUnpin,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
Source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T in a tonic::Request