auth

package

v0.0.0-...-402a3ac Latest Latest Go to latest Published: May 1, 2024 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/minio/minio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExpToInt64(expI interface{}) (expAt int64, err error)
func ExtractClaims(token, secretKey string) (*jwt.MapClaims, error)
func GenerateAccessKey(length int, random io.Reader) (string, error)
func GenerateCredentials() (accessKey, secretKey string, err error)
func GenerateSecretKey(length int, random io.Reader) (string, error)
func IsAccessKeyValid(accessKey string) bool
func IsSecretKeyValid(secretKey string) bool
func JWTSignWithAccessKey(accessKey string, m map[string]interface{}, tokenSecret string) (string, error)
type Credentials

Constants ¶

View Source

const (
	DefaultAccessKey = "minioadmin"
	DefaultSecretKey = "minioadmin"
)

Default access and secret keys.

View Source

const (
	// AccountOn indicates that credentials are enabled
	AccountOn = "on"
	// AccountOff indicates that credentials are disabled
	AccountOff = "off"
)

Variables ¶

View Source

var (
	ErrInvalidAccessKeyLength   = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen)
	ErrInvalidSecretKeyLength   = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen)
	ErrNoAccessKeyWithSecretKey = fmt.Errorf("access key must be specified if secret key is specified")
	ErrNoSecretKeyWithAccessKey = fmt.Errorf("secret key must be specified if access key is specified")
)

Common errors generated for access and secret key validation.

View Source

var AnonymousCredentials = Credentials{}

AnonymousCredentials simply points to empty credentials

View Source

var (
	DefaultCredentials = Credentials{
		AccessKey: DefaultAccessKey,
		SecretKey: DefaultSecretKey,
	}
)

Default access credentials

View Source

var ErrInvalidDuration = errors.New("invalid token expiry")

ErrInvalidDuration invalid token expiry

Functions ¶

func ExpToInt64 ¶

func ExpToInt64(expI interface{}) (expAt int64, err error)

ExpToInt64 - convert input interface value to int64.

func ExtractClaims ¶

func ExtractClaims(token, secretKey string) (*jwt.MapClaims, error)

ExtractClaims extracts JWT claims from a security token using a secret key

func GenerateAccessKey ¶

func GenerateAccessKey(length int, random io.Reader) (string, error)

GenerateAccessKey returns a new access key generated randomly using the given io.Reader. If random is nil, crypto/rand.Reader is used. If length <= 0, the access key length is chosen automatically.

GenerateAccessKey returns an error if length is too small for a valid access key.

func GenerateCredentials ¶

func GenerateCredentials() (accessKey, secretKey string, err error)

GenerateCredentials - creates randomly generated credentials of maximum allowed length.

func GenerateSecretKey ¶

func GenerateSecretKey(length int, random io.Reader) (string, error)

GenerateSecretKey returns a new secret key generated randomly using the given io.Reader. If random is nil, crypto/rand.Reader is used. If length <= 0, the secret key length is chosen automatically.

GenerateSecretKey returns an error if length is too small for a valid secret key.

func IsAccessKeyValid ¶

func IsAccessKeyValid(accessKey string) bool

IsAccessKeyValid - validate access key for right length.

func IsSecretKeyValid ¶

func IsSecretKeyValid(secretKey string) bool

IsSecretKeyValid - validate secret key for right length.

func JWTSignWithAccessKey ¶

func JWTSignWithAccessKey(accessKey string, m map[string]interface{}, tokenSecret string) (string, error)

JWTSignWithAccessKey - generates a session token.

Types ¶

type Credentials ¶

type Credentials struct {
	AccessKey    string                 `xml:"AccessKeyId" json:"accessKey,omitempty" yaml:"accessKey"`
	SecretKey    string                 `xml:"SecretAccessKey" json:"secretKey,omitempty" yaml:"secretKey"`
	SessionToken string                 `xml:"SessionToken" json:"sessionToken,omitempty" yaml:"sessionToken"`
	Expiration   time.Time              `xml:"Expiration" json:"expiration,omitempty" yaml:"-"`
	Status       string                 `xml:"-" json:"status,omitempty"`
	ParentUser   string                 `xml:"-" json:"parentUser,omitempty"`
	Groups       []string               `xml:"-" json:"groups,omitempty"`
	Claims       map[string]interface{} `xml:"-" json:"claims,omitempty"`
	Name         string                 `xml:"-" json:"name,omitempty"`
	Description  string                 `xml:"-" json:"description,omitempty"`

	// Deprecated: In favor of Description - when reading credentials from
	// storage the value of this field is placed in the Description field above
	// if the existing Description from storage is empty.
	Comment string `xml:"-" json:"comment,omitempty"`
}

Credentials holds access and secret keys.

func CreateCredentials ¶

func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error)

CreateCredentials returns new credential with the given access key and secret key. Error is returned if given access key or secret key are invalid length.

func CreateNewCredentialsWithMetadata ¶

func CreateNewCredentialsWithMetadata(accessKey, secretKey string, m map[string]interface{}, tokenSecret string) (cred Credentials, err error)

CreateNewCredentialsWithMetadata - creates new credentials using the specified access & secret keys and generate a session token if a secret token is provided.

func GetNewCredentials ¶

func GetNewCredentials() (cred Credentials, err error)

GetNewCredentials generates and returns new credential.

func GetNewCredentialsWithMetadata ¶

func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string) (Credentials, error)

GetNewCredentialsWithMetadata generates and returns new credential with expiry.

func (Credentials) Equal ¶

func (cred Credentials) Equal(ccred Credentials) bool

Equal - returns whether two credentials are equal or not.

func (Credentials) IsExpired ¶

func (cred Credentials) IsExpired() bool

IsExpired - returns whether Credential is expired or not.

func (Credentials) IsImpliedPolicy ¶

func (cred Credentials) IsImpliedPolicy() bool

IsImpliedPolicy - returns if the policy is implied via ParentUser or not.

func (Credentials) IsServiceAccount ¶

func (cred Credentials) IsServiceAccount() bool

IsServiceAccount - returns whether credential is a service account or not

func (Credentials) IsTemp ¶

func (cred Credentials) IsTemp() bool

IsTemp - returns whether credential is temporary or not.

func (Credentials) IsValid ¶

func (cred Credentials) IsValid() bool

IsValid - returns whether credential is valid or not.

func (Credentials) String ¶

func (cred Credentials) String() string

Source Files ¶

View all Source files

credentials.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL