Documentation
¶
Index ¶
- type AESKeys
- type Certificate
- type HTPasswd
- type Loader
- type Profiles
- type SAMLProvider
- func (s *SAMLProvider) AuthenticationRequest(ctx context.Context) (*saml.AuthnRequest, error)
- func (s *SAMLProvider) MetaData(ctx context.Context) (*saml.EntityDescriptor, error)
- func (s *SAMLProvider) ParseResponse(ctx context.Context, r *http.Request, id string) (*saml.Assertion, error)
- func (s *SAMLProvider) PreLoad(ctx context.Context) error
- func (s *SAMLProvider) StartRefresher(ctx context.Context)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AESKeys ¶
type AESKeys struct {
// The source for AES key data.
Source Loader
// All logging for the certificate manager will be done via this Logger
// object.
Logger *slog.Logger
// contains filtered or unexported fields
}
An AES Key loader implementation.
func (*AESKeys) StartRefresher ¶
Starts the cache refresher.
type Certificate ¶
type Certificate struct {
// The Loader that will fetch the bytes needed for the public portion of
// the certificate.
Certificate Loader
// The loader that will fetch the bytes needed for the private portion
// of the certificate.
Private Loader
// All logging for the certificate manager will be done via this Logger
// object.
Logger *slog.Logger
// contains filtered or unexported fields
}
A Generic interface around certificate loading.
func (*Certificate) Cert ¶
func (c *Certificate) Cert(ctx context.Context) (*tls.Certificate, error)
Returns the certificate loaded via the Load() call.
func (*Certificate) PreLoad ¶
func (c *Certificate) PreLoad(ctx context.Context) error
Returns true if this secret is expected to be pre-loaded at startup.
func (*Certificate) StartRefresher ¶
func (c *Certificate) StartRefresher(ctx context.Context)
Starts a goroutine that will periodically refresh the data in the secret if configured to do so. This routine will stop processing if the passed in context is canceled.
type HTPasswd ¶
type HTPasswd struct {
// The source for htpasswd data.
Source Loader
// All logging for this loader will be done via this logger.
Logger *slog.Logger
// contains filtered or unexported fields
}
Loads an .htpasswd file style file from the secret.
func (*HTPasswd) HasTags ¶
Verifies that the given user name has the tags given. The return values represent true if the user exists, true if the user exists and has the given tags, and an error if something goes wrong during the secret fetching process.
func (*HTPasswd) StartRefresher ¶
Starts the cache refresher.
type Loader ¶
type Loader interface {
// How long the data in the cache should be kept before its refreshed.
CacheDuration() time.Duration
// Fetches the secret from the underlying store.
Fetch(context.Context) ([]byte, error)
// Returns true if the data in the secret is stale and needs to be
// refreshed before the next use.
IsStale(context.Context) bool
// True if the data should be preloaded on startup.
PreLoad(context.Context) bool
// True if the data is allowed to be stale.
Stale(context.Context) bool
// A string representing the URL that was used to load this secret.
URL(context.Context) string
}
type SAMLProvider ¶
type SAMLProvider struct {
// The URL of the Entity MetaData resources.
IDPMetaDataURL string
// The IDP URL that is used to direct a caller to a login page
// if needed.
IDPURL string
// The URL of the MetaData server for this SAML Service Provider. This
// is the URL that will be used to fetch MetaData resources to manage
// the IDP -> SP relationship.
MetaDataURL string
// The URL of the ACS resource for this SAML provider.
ACSURL string
// The URL of the SLO resource for this SAML resource.
SLOURL string
// SAML Provider is a wrapper around the Certificate implementation
// as it uses a certificate's public and private key for SAML
// configuration.
Certificate
// contains filtered or unexported fields
}
Loads SAML secrets from the secret sources and provides it as an interface to callers. This will automatically update the provider if the underlying certificate changes so that the caller does not need to be aware of the update.
func (*SAMLProvider) AuthenticationRequest ¶
func (s *SAMLProvider) AuthenticationRequest( ctx context.Context, ) ( *saml.AuthnRequest, error, )
Makes an authentication request that can be used against the SAML provider in order to start the authentication process.
func (*SAMLProvider) MetaData ¶
func (s *SAMLProvider) MetaData(ctx context.Context) (*saml.EntityDescriptor, error)
Returns the Meta Data object for this ServicePRovider.
func (*SAMLProvider) ParseResponse ¶
func (s *SAMLProvider) ParseResponse( ctx context.Context, r *http.Request, id string, ) ( *saml.Assertion, error, )
Parses a HTTP response received after the user returns from the SAML Identity Provider to ensure that it is valid. This requires a "id" string that was generated when the request to authenticate was started and a http.Request object that can be used for form reading.
func (*SAMLProvider) PreLoad ¶
func (s *SAMLProvider) PreLoad(ctx context.Context) error
If the SAML Provider uses a secret URL that is configured to preload then this will automatically load the SAML Provider, otherwise this does nothing and returns nil.
func (*SAMLProvider) StartRefresher ¶
func (s *SAMLProvider) StartRefresher(ctx context.Context)
Starts a background goroutine that will automatically refresh the SAML ServiceProvider as configured by the parameters in the secret loaders used. This will continue to run until the provided context is canceled.
Source Files