gitlab

package

v0.0.0-...-5c79d48 Latest Latest Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juser0719/teleport

Documentation ¶

Index ¶

type IDTokenClaims
- func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
type IDTokenSource
- func NewIDTokenSource(getEnv envGetter) *IDTokenSource
- func (its *IDTokenSource) GetIDToken() (string, error)
type IDTokenValidator
- func NewIDTokenValidator(cfg IDTokenValidatorConfig) (*IDTokenValidator, error)
- func (id *IDTokenValidator) Validate(ctx context.Context, domain string, token string) (*IDTokenClaims, error)
type IDTokenValidatorConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IDTokenClaims ¶

type IDTokenClaims struct {
	// Sub roughly uniquely identifies the workload. Example:
	// `project_path:mygroup/my-project:ref_type:branch:ref:main`
	// project_path:{group}/{project}:ref_type:{type}:ref:{branch_name}
	Sub string `json:"sub"`
	// Git ref for this job
	Ref string `json:"ref"`
	// Git ref type. Example:
	// `branch` or `tag`
	RefType string `json:"ref_type"`
	// 	true if the Git ref is protected, false otherwise.
	RefProtected string `json:"ref_protected"`
	// Use this to scope to group or user level namespace by path. Example:
	// `mygroup`
	NamespacePath string `json:"namespace_path"`
	// Use this to scope to group or user level namespace by ID.
	NamespaceID string `json:"namespace_id"`
	// Use this to scope to project by path. Example:
	// `mygroup/myproject`
	ProjectPath string `json:"project_path"`
	// Use this to scope to project by ID.
	ProjectID string `json:"project_id"`
	// ID of the user executing the job
	UserID string `json:"user_id"`
	// Username of the user executing the job
	UserLogin string `json:"user_login"`
	// Email of the user executing the job
	UserEmail string `json:"user_email"`
	// Pipeline source.
	// https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules
	// Example: `web`
	PipelineSource string `json:"pipeline_source"`
	// ID of the pipeline.
	PipelineID string `json:"pipeline_id"`
	// Environment this job deploys to (if one is associated)
	Environment string `json:"environment"`
	// 	true if deployed environment is protected, false otherwise
	EnvironmentProtected string `json:"environment_protected"`
	// 	Environment action (environment:action) specified in the job.
	EnvironmentAction string `json:"environment_action"`
	// The ref path to the top-level pipeline definition, for example, gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main.
	CIConfigRefURI string `json:"ci_config_ref_uri"`
	// Git commit SHA for the ci_config_ref_uri.
	CIConfigSHA string `json:"ci_config_sha"`
	// 	The commit SHA for the job.
	SHA string `json:"sha"`
	// ID of the runner executing the job.
	RunnerID int `json:"runner_id"`
	// The type of runner used by the job. Can be either gitlab-hosted or self-hosted
	RunnerEnvironment string `json:"runner_environment"`
	// Deployment tier of the environment the job specifies
	DeploymentTier string `json:"deployment_tier"`
	// The visibility of the project where the pipeline is running. Can be internal, private, or public.
	ProjectVisibility string `json:"project_visibility"`
}

IDTokenClaims is the structure of claims contained within a GitLab issued ID token.

See the following for the structure: https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#id-tokens

func (*IDTokenClaims) JoinAuditAttributes ¶

func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)

JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.

type IDTokenSource ¶

type IDTokenSource struct {
	// contains filtered or unexported fields
}

IDTokenSource allows a GitLab ID token to be fetched whilst executing within the context of a GitLab actions workflow.

func NewIDTokenSource ¶

func NewIDTokenSource(getEnv envGetter) *IDTokenSource

func (*IDTokenSource) GetIDToken ¶

func (its *IDTokenSource) GetIDToken() (string, error)

type IDTokenValidator ¶

type IDTokenValidator struct {
	IDTokenValidatorConfig
}

func NewIDTokenValidator ¶

func NewIDTokenValidator(
	cfg IDTokenValidatorConfig,
) (*IDTokenValidator, error)

func (*IDTokenValidator) Validate ¶

func (id *IDTokenValidator) Validate(
	ctx context.Context, domain string, token string,
) (*IDTokenClaims, error)

type IDTokenValidatorConfig ¶

type IDTokenValidatorConfig struct {
	// Clock is used by the validator when checking expiry and issuer times of
	// tokens. If omitted, a real clock will be used.
	Clock clockwork.Clock
	// ClusterNameGetter is used to get the cluster name in order to identify
	// the correct audience for the token.
	ClusterNameGetter clusterNameGetter
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL