vault: Index | Files

package jwtauth

import ""

A minimal UI for simple testing via a UI without Vault


Package Files

backend.go claims.go cli.go cli_responses.go path_config.go path_login.go path_oidc.go path_role.go path_ui.go provider_azure.go provider_config.go provider_gsuite.go


const (
    StaticKeys = iota

func Factory Uses

func Factory(ctx context.Context, c *logical.BackendConfig) (logical.Backend, error)

Factory is used by framework

func ProviderMap Uses

func ProviderMap() map[string]CustomProvider

ProviderMap returns a map of provider names to custom types

type AzureProvider Uses

type AzureProvider struct {
    // contains filtered or unexported fields

AzureProvider is used for Azure-specific configuration

func (*AzureProvider) FetchGroups Uses

func (a *AzureProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole) (interface{}, error)

FetchGroups - custom groups fetching for azure - satisfying GroupsFetcher interface

func (*AzureProvider) Initialize Uses

func (a *AzureProvider) Initialize(_ context.Context, _ *jwtConfig) error

Initialize anything in the AzureProvider struct - satisfying the CustomProvider interface

func (*AzureProvider) SensitiveKeys Uses

func (a *AzureProvider) SensitiveKeys() []string

SensitiveKeys - satisfying the CustomProvider interface

type CLIHandler Uses

type CLIHandler struct{}

func (*CLIHandler) Auth Uses

func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, error)

func (*CLIHandler) Help Uses

func (h *CLIHandler) Help() string

Help method for OIDC cli

type CustomProvider Uses

type CustomProvider interface {
    // Initialize should validate jwtConfig.ProviderConfig, set internal values
    // and run any initialization necessary for subsequent calls to interface
    // functions the provider implements
    Initialize(context.Context, *jwtConfig) error

    // SensitiveKeys returns any fields in a provider's jwtConfig.ProviderConfig
    // that should be masked or omitted when output
    SensitiveKeys() []string

CustomProvider - Any custom provider must implement this interface

func NewProviderConfig Uses

func NewProviderConfig(ctx context.Context, jc *jwtConfig, providerMap map[string]CustomProvider) (CustomProvider, error)

NewProviderConfig - returns appropriate provider struct if provider_config is specified in jwtConfig. The provider map is provider name -to- instance of a CustomProvider.

type GSuiteProvider Uses

type GSuiteProvider struct {
    // contains filtered or unexported fields

GSuiteProvider provides G Suite-specific configuration and behavior.

func (*GSuiteProvider) FetchGroups Uses

func (g *GSuiteProvider) FetchGroups(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole) (interface{}, error)

FetchGroups fetches and returns groups from G Suite.

func (*GSuiteProvider) FetchUserInfo Uses

func (g *GSuiteProvider) FetchUserInfo(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole) error

FetchUserInfo fetches additional user information from G Suite using custom schemas.

func (*GSuiteProvider) Initialize Uses

func (g *GSuiteProvider) Initialize(ctx context.Context, jc *jwtConfig) error

Initialize initializes the GSuiteProvider by validating and creating configuration.

func (*GSuiteProvider) SensitiveKeys Uses

func (g *GSuiteProvider) SensitiveKeys() []string

SensitiveKeys returns keys that should be redacted when reading the config of this provider

type GSuiteProviderConfig Uses

type GSuiteProviderConfig struct {
    // Path to a Google service account key file. Required.
    ServiceAccountFilePath string `mapstructure:"gsuite_service_account"`

    // Email address of a G Suite admin to impersonate. Required.
    AdminImpersonateEmail string `mapstructure:"gsuite_admin_impersonate"`

    // If set to true, groups will be fetched from G Suite.
    FetchGroups bool `mapstructure:"fetch_groups"`

    // If set to true, user info will be fetched from G Suite using UserCustomSchemas.
    FetchUserInfo bool `mapstructure:"fetch_user_info"`

    // Group membership recursion max depth (0 = do not recurse).
    GroupsRecurseMaxDepth int `mapstructure:"groups_recurse_max_depth"`

    // Comma-separated list of G Suite custom schemas to fetch as claims.
    UserCustomSchemas string `mapstructure:"user_custom_schemas"`
    // contains filtered or unexported fields

GSuiteProviderConfig represents the configuration for a GSuiteProvider.

type GroupsFetcher Uses

type GroupsFetcher interface {
    // FetchGroups queries for groups claims during login
    FetchGroups(context.Context, *jwtAuthBackend, map[string]interface{}, *jwtRole) (interface{}, error)

GroupsFetcher - Optional support for custom groups handling

type UserInfoFetcher Uses

type UserInfoFetcher interface {
    FetchUserInfo(context.Context, *jwtAuthBackend, map[string]interface{}, *jwtRole) error

UserInfoFetcher - Optional support for custom user info handling

Package jwtauth imports 45 packages (graph). Updated 2021-01-13. Refresh now. Tools for package owners.