authentication

package

v0.0.0-...-2608902 Latest Latest Go to latest Published: Apr 25, 2016 License: AGPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/makyo/juju

Documentation ¶

Index ¶

type AgentAuthenticator
- func (*AgentAuthenticator) Authenticate(entityFinder EntityFinder, tag names.Tag, req params.LoginRequest) (state.Entity, error)
type BakeryService
type EntityAuthenticator
type EntityFinder
type ExpirableStorageBakeryService
type ExternalMacaroonAuthenticator
- func (m *ExternalMacaroonAuthenticator) Authenticate(entityFinder EntityFinder, _ names.Tag, req params.LoginRequest) (state.Entity, error)
type UserAuthenticator
- func (u *UserAuthenticator) Authenticate(entityFinder EntityFinder, tag names.Tag, req params.LoginRequest) (state.Entity, error)
- func (u *UserAuthenticator) CreateLocalLoginMacaroon(tag names.UserTag) (*macaroon.Macaroon, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AgentAuthenticator ¶

type AgentAuthenticator struct{}

AgentIdentityProvider performs authentication for machine and unit agents.

func (*AgentAuthenticator) Authenticate ¶

func (*AgentAuthenticator) Authenticate(entityFinder EntityFinder, tag names.Tag, req params.LoginRequest) (state.Entity, error)

Authenticate authenticates the provided entity. It takes an entityfinder and the tag used to find the entity that requires authentication.

type BakeryService ¶

type BakeryService interface {
	AddCaveat(*macaroon.Macaroon, checkers.Caveat) error
	CheckAny([]macaroon.Slice, map[string]string, checkers.Checker) (map[string]string, error)
	NewMacaroon(string, []byte, []checkers.Caveat) (*macaroon.Macaroon, error)
}

BakeryService defines the subset of bakery.Service that we require for authentication.

type EntityAuthenticator ¶

type EntityAuthenticator interface {
	// Authenticate authenticates the given entity
	Authenticate(entityFinder EntityFinder, tag names.Tag, req params.LoginRequest) (state.Entity, error)
}

EntityAuthenticator is the interface all entity authenticators need to implement to authenticate juju entities.

type EntityFinder ¶

type EntityFinder interface {
	FindEntity(tag names.Tag) (state.Entity, error)
}

EntityFinder finds the entity described by the tag.

type ExpirableStorageBakeryService ¶

type ExpirableStorageBakeryService interface {
	BakeryService

	// ExpireStorageAt returns a new ExpirableStorageBakeryService with
	// a store that will expire items added to it at the specified time.
	ExpireStorageAt(time.Time) (ExpirableStorageBakeryService, error)
}

ExpirableStorageBakeryService extends BakeryService with the ExpireStorageAt method so that root keys are removed from storage at that time.

type ExternalMacaroonAuthenticator ¶

type ExternalMacaroonAuthenticator struct {
	// Service holds the service that is
	// used to verify macaroon authorization.
	Service BakeryService

	// Macaroon guards macaroon-authentication-based access
	// to the APIs. Appropriate caveats will be added before
	// sending it to a client.
	Macaroon *macaroon.Macaroon

	// IdentityLocation holds the URL of the trusted third party
	// that is used to address the is-authenticated-user
	// third party caveat to.
	IdentityLocation string
}

ExternalMacaroonAuthenticator performs authentication for external users using macaroons. If the authentication fails because provided macaroons are invalid, and macaroon authentiction is enabled, it will return a *common.DischargeRequiredError holding a macaroon to be discharged.

func (*ExternalMacaroonAuthenticator) Authenticate ¶

func (m *ExternalMacaroonAuthenticator) Authenticate(entityFinder EntityFinder, _ names.Tag, req params.LoginRequest) (state.Entity, error)

Authenticate authenticates the provided entity. If there is no macaroon provided, it will return a *DischargeRequiredError containing a macaroon that can be used to grant access.

type UserAuthenticator ¶

type UserAuthenticator struct {
	AgentAuthenticator

	// Service holds the service that is used to mint and verify macaroons.
	Service ExpirableStorageBakeryService

	// Clock is used to calculate the expiry time for macaroons.
	Clock clock.Clock
}

UserAuthenticator performs authentication for local users. If a password

func (*UserAuthenticator) Authenticate ¶

func (u *UserAuthenticator) Authenticate(
	entityFinder EntityFinder, tag names.Tag, req params.LoginRequest,
) (state.Entity, error)

Authenticate authenticates the entity with the specified tag, and returns an error on authentication failure.

If and only if no password is supplied, then Authenticate will check for any valid macaroons. Otherwise, password authentication will be performed.

func (*UserAuthenticator) CreateLocalLoginMacaroon ¶

func (u *UserAuthenticator) CreateLocalLoginMacaroon(tag names.UserTag) (*macaroon.Macaroon, error)

CreateLocalLoginMacaroon creates a time-limited macaroon for a local user to log into the controller with. The macaroon will be valid for use with UserAuthenticator.Authenticate until the time limit expires, or the Juju controller agent restarts.

NOTE(axw) this method will generate a key for a previously unseen user, and store it in the bakery.Service's storage. Callers should first ensure the user is valid before calling this, to avoid filling storage with keys for invalid users.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL