auth

package
v0.0.0-...-097916a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CanAccessOPA 

func CanAccessOPA(principal knox.Principal, authenticator *authz_utils.Authenticator, path, action, partition, service string) bool

func GetURINamesFromExtensions 

func GetURINamesFromExtensions(extensions *[]pkix.Extension) (uris []string, err error)

GetURINamesFromExtensions retrieves URIs from the SAN extension of a slice of extensions

func IsService 

func IsService(p knox.Principal) bool

IsService returns true if the principal, or first principal in the case of mux, is a service.

func IsUser 

func IsUser(p knox.Principal) bool

IsUser returns true if the principal, or first principal in the case of mux, is a user.

func NewKubernetesClient 

func NewKubernetesClient() *k8s

func NewMachine 

func NewMachine(id string) knox.Principal

NewMachine creates a machine principal with the given auth Provider.

func NewService 

func NewService(domain string, path string) knox.Principal

NewService creates a service principal with the given auth Provider.

func NewUser 

func NewUser(id string, groups []string) knox.Principal

NewUser creates a user principal with the given auth Provider.

Types

type JWTProvider 

type JWTProvider struct {
	RSAPubKey *rsa.PublicKey
}

JWT provider implements user authentication through signed JWT tokens

func MockJWTProvider 

func MockJWTProvider() *JWTProvider

MockJWTProvider returns a mocked out authentication header with a simple mock "server". If there exists an authorization header with user token that does not equal 'notvalid', it will log in as 'testuser'.

func NewJWTProvider 

func NewJWTProvider(RSAPubKey string) (*JWTProvider, error)

NewJWTProvider initializes JWTProvider

func (*JWTProvider) Authenticate 

func (p *JWTProvider) Authenticate(r *http.Request) (knox.Principal, error)

Authenticate uses the token to get user data from github.com

func (*JWTProvider) Name 

func (p *JWTProvider) Name() string

Name is the name of the provider for logging

func (*JWTProvider) Type 

func (p *JWTProvider) Type() byte

Type is set to u for JWTProvider since it authenticates users

func (*JWTProvider) Version 

func (p *JWTProvider) Version() byte

Version is set to 0 for GitHubProvider

type MTLSAuthProvider 

type MTLSAuthProvider struct {
	CAs *x509.CertPool
	// contains filtered or unexported fields
}

MTLSAuthProvider does authentication by verifying TLS certs against a collection of root CAs

func NewMTLSAuthProvider 

func NewMTLSAuthProvider(CAs *x509.CertPool) *MTLSAuthProvider

NewMTLSAuthProvider initializes a chain of trust with given CA certificates

func (*MTLSAuthProvider) Authenticate 

func (p *MTLSAuthProvider) Authenticate(r *http.Request) (knox.Principal, error)

Authenticate performs TLS based Authentication for the MTLSAuthProvider

func (*MTLSAuthProvider) Name 

func (p *MTLSAuthProvider) Name() string

Name is the name of the provider for logging

func (*MTLSAuthProvider) Type 

func (p *MTLSAuthProvider) Type() byte

Type is set to t for MTLSAuthProvider

func (*MTLSAuthProvider) Version 

func (p *MTLSAuthProvider) Version() byte

Version is set to 0 for MTLSAuthProvider

type Provider 

type Provider interface {
	Name() string
	Authenticate(r *http.Request) (knox.Principal, error)
	Version() byte
	Type() byte
}

Provider is used for authenticating requests via the authentication decorator.

type SpiffeFallbackProvider 

type SpiffeFallbackProvider struct {
	SpiffeProvider
}

SpiffeFallbackProvider is a SpiffeProvider that uses the same Type byte as the MTLSAuthProvider. The use case for this is to allow a client that specifies MTLSAuth to also transparently be given Spiffe based access as well. For more predictable results, ensure that the MTLSAuthProvider is registered before the SpiffeFallbackProvider so that MTLSAuthProvider is always used if it succeeds. Note that this is only possible with the SpiffeProvider because there is no use of the token from the AuthorizationHeader in this Provider.

func NewSpiffeAuthFallbackProvider 

func NewSpiffeAuthFallbackProvider(CAs *x509.CertPool) *SpiffeFallbackProvider

NewSpiffeAuthFallbackProvider initializes a chain of trust with given CA certificates, identical to the SpiffeProvider except the Type is defined as the MTLSAuthProvider Type().

func (*SpiffeFallbackProvider) Name 

func (p *SpiffeFallbackProvider) Name() string

Name is the name of the provider for logging

func (*SpiffeFallbackProvider) Type 

func (s *SpiffeFallbackProvider) Type() byte

Type is set to be identical to the Type of the MTLSAuthProvider

type SpiffeProvider 

type SpiffeProvider struct {
	CAs *x509.CertPool
	// contains filtered or unexported fields
}

SpiffeProvider does authentication by verifying TLS certs against a collection of root CAs

func NewSpiffeAuthProvider 

func NewSpiffeAuthProvider(isDevServer bool, spiffeCAPath string) *SpiffeProvider

NewSpiffeAuthProvider initializes a chain of trust with given CA certificates, identical to the MTLS provider except the principal is a Spiffe ID instead of a hostname and the CN of the cert is ignored.

func (*SpiffeProvider) Authenticate 

func (p *SpiffeProvider) Authenticate(r *http.Request) (knox.Principal, error)

Authenticate performs TLS based Authentication and extracts the Spiffe URI extension

func (*SpiffeProvider) Name 

func (p *SpiffeProvider) Name() string

Name is the name of the provider for logging

func (*SpiffeProvider) ReloadCerts 

func (p *SpiffeProvider) ReloadCerts() error

func (*SpiffeProvider) Type 

func (p *SpiffeProvider) Type() byte

Type is set to s for SpiffeProvider

func (*SpiffeProvider) Version 

func (p *SpiffeProvider) Version() byte

Version is set to 0 for SpiffeProvider

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.