auth

package
v0.18.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2024 License: Apache-2.0 Imports: 25 Imported by: 55

Documentation

Overview

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Index

Constants

View Source 
const (
	ClientTokenName       = ".token"
	ClientCertName        = "wssd.pem"
	ClientTokenPath       = "WSSD_CLIENT_TOKEN"
	WssdConfigPath        = "WSSD_CONFIG_PATH"
	AccessFileDirPath     = "ACCESSFILE_DIR_PATH"
	DefaultWSSDFolder     = ".wssd"
	AccessFileDefaultName = "cloudconfig"
)
View Source 
const (
	CloudAgentServerPort         int     = 55000
	CertificateValidityThreshold float64 = (30.0 / 100.0)
	DefaultServerContextTimeout          = 10 * time.Minute
)
View Source 
const (
	ServerName = "ServerName"
)

Variables

This section is empty.

Functions

func AccessFileToTls 

func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error)

func CertCheck added in v0.10.32 

func CertCheck(pemCert []byte) error

func GetCertificateDirPath added in v0.10.29 

func GetCertificateDirPath() string

GetCertificateDirPath will return the directory path where the client certificate will be stored

func GetCertificateFilePath added in v0.10.29 

func GetCertificateFilePath() string

GetCertificateFilePath will return the file path where the client certificate will be stored

func GetLoginTokenPath added in v0.10.29 

func GetLoginTokenPath() string

GetLoginTokenPath will return the file path where the login yaml will be stored

func GetMocConfigLocationName added in v0.10.7 

func GetMocConfigLocationName(subfolder, filename string) string

GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName

func GetWssdConfigLocation 

func GetWssdConfigLocation() string

GetWssdConfigLocation gets the path for access file from environment

func Hash added in v0.10.6 

func Hash(certificate *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow).

func LoginTypeToAuthType added in v0.10.8 

func LoginTypeToAuthType(authType string) common.AuthenticationType

func NewPublicKeyVerifier added in v0.10.6 

func NewPublicKeyVerifier() *publicKeyVerifier

func PrintAccessFile 

func PrintAccessFile(accessFile WssdConfig) error

PrintAccessFile stores wssdConfig in WssdConfigLocation

func PrintAccessFileByName added in v0.10.7 

func PrintAccessFileByName(accessFile WssdConfig, subfolder, filename string) error

PrintAccessFileByName stores wssdConfig in GetWssdConfigLocationName

func ReadAccessFileToTls added in v0.10.5 

func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, error)

func RenewCertificates added in v0.10.8 

func RenewCertificates(server string, wssdConfigLocation string) error

renewCertificates picks the wssdconfig from the location performs a renewal if close to expiry and stores the same back to the location

func SaveToken 

func SaveToken(tokenStr string) error

func SetCertificateDirPath added in v0.10.29 

func SetCertificateDirPath(certificateDirPath string) error

SetCertificateDirPath sets the directory path where the client certificate will be stored This is achieved by setting ACCESSFILE_DIR_PATH environment variable The path is appended with the executable name before the certificate is stored

func SetCertificateFilePath added in v0.10.29 

func SetCertificateFilePath(certificateFilePath string) error

SetCertificateFilePath sets the file path where the client certificate will be stored This is achieved by setting WSSD_CONFIG_PATH environment variable

func SetLoginTokenPath added in v0.10.29 

func SetLoginTokenPath(loginConfigPath string) error

SetLoginTokenPath sets the path where the login yaml will be stored This is achieved by setting WSSD_CLIENT_TOKEN environment variable The path is appended with the executable name before the certificate is stored

func TransportCredentialsFromFile 

func TransportCredentialsFromFile(wssdConfigLocation string, server string) credentials.TransportCredentials

func TransportCredentialsFromNode 

func TransportCredentialsFromNode(tlsCert tls.Certificate, serverCertificate []byte, server string) credentials.TransportCredentials

Types

type Authorizer 

type Authorizer interface {
	WithTransportAuthorization() credentials.TransportCredentials
	WithRPCAuthorization() credentials.PerRPCCredentials
}

func NewAuthorizerForAuth 

func NewAuthorizerForAuth(tokenString string, certificate string, server string) (Authorizer, error)

func NewAuthorizerFromEnvironment 

func NewAuthorizerFromEnvironment(serverName string) (Authorizer, error)

func NewAuthorizerFromEnvironmentByName added in v0.10.7 

func NewAuthorizerFromEnvironmentByName(serverName, subfolder, filename string) (Authorizer, error)

func NewAuthorizerFromInput 

func NewAuthorizerFromInput(tlsCert tls.Certificate, serverCertificate []byte, server string) (Authorizer, error)

type BearerAuthorizer 

type BearerAuthorizer struct {
	// contains filtered or unexported fields
}

BearerAuthorizer implements the bearer authorization

func NewBearerAuthorizer 

func NewBearerAuthorizer(tp JwtTokenProvider, tc credentials.TransportCredentials) *BearerAuthorizer

NewBearerAuthorizer crates a BearerAuthorizer using the given token provider

func NewEmptyBearerAuthorizer added in v0.10.29 

func NewEmptyBearerAuthorizer() *BearerAuthorizer

func (*BearerAuthorizer) WithRPCAuthorization 

func (ba *BearerAuthorizer) WithRPCAuthorization() credentials.PerRPCCredentials

func (*BearerAuthorizer) WithTransportAuthorization 

func (ba *BearerAuthorizer) WithTransportAuthorization() credentials.TransportCredentials

type ClientType added in v0.10.9 

type ClientType string
const (
	Admin          ClientType = "Admin"
	BareMetal      ClientType = "BareMetal"
	ControlPlane   ClientType = "ControlPlane"
	ExternalClient ClientType = "ExternalClient"
	LoadBalancer   ClientType = "LoadBalancer"
	Node           ClientType = "Node"
)

type EnvironmentSettings 

type EnvironmentSettings struct {
	Values map[string]string
}

EnvironmentSettings contains the available authentication settings.

func GetSettingsFromEnvironment 

func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings)

GetSettingsFromEnvironment Read settings from WssdConfigLocation

func GetSettingsFromEnvironmentByName added in v0.10.7 

func GetSettingsFromEnvironmentByName(serverName, subfolder, filename string) (s EnvironmentSettings, err error)

GetSettingsFromEnvironmentByName Read settings from GetWssdConfigLocationName

func (EnvironmentSettings) GetAuthorizer 

func (settings EnvironmentSettings) GetAuthorizer() (Authorizer, error)

func (EnvironmentSettings) GetManagedIdentityConfig 

func (settings EnvironmentSettings) GetManagedIdentityConfig() ManagedIdentityConfig

type JwtTokenProvider 

type JwtTokenProvider struct {
	RawData string `json:"rawdata"`
}

func NewEmptyTokenCredentialProvider added in v0.10.29 

func NewEmptyTokenCredentialProvider() JwtTokenProvider

func NewTokenCredentialProvider added in v0.10.29 

func NewTokenCredentialProvider(token string) JwtTokenProvider

func TokenProviderFromFile 

func TokenProviderFromFile(tokenLocation string) (JwtTokenProvider, error)

func (JwtTokenProvider) GetRequestMetadata 

func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)

func (JwtTokenProvider) RequireTransportSecurity 

func (c JwtTokenProvider) RequireTransportSecurity() bool

type LoginConfig 

type LoginConfig struct {
	Name          string     `json:"name,omitempty"`
	Token         string     `json:"token,omitempty"`
	Certificate   string     `json:"certificate,omitempty"`
	ClientType    ClientType `json:"clienttype,omitempty"`
	CloudFqdn     string     `json:"cloudfqdn,omitempty"`
	CloudPort     int32      `json:"cloudport,omitempty"`
	CloudAuthPort int32      `json:"cloudauthport,omitempty"`
	Location      string     `json:"location,omitempty"`
	Type          LoginType  `json:"type,omitempty"` //Depricated : Needs to cleaned up after removing references
}

type LoginType added in v0.10.7 

type LoginType string

LoginType [Depricated : Needs to cleaned up after removing references] 

const (
	// SelfSigned ...
	SelfSigned LoginType = "Self-Signed"
	// CASigned ...
	CASigned LoginType = "CA-Signed"
)

func AuthTypeToLoginType added in v0.10.8 

func AuthTypeToLoginType(authType common.AuthenticationType) LoginType

type ManagedIdentityConfig 

type ManagedIdentityConfig struct {
	ClientTokenPath string
	WssdConfigPath  string
	ServerName      string
}

func (ManagedIdentityConfig) Authorizer 

func (mc ManagedIdentityConfig) Authorizer() (Authorizer, error)

type Set added in v0.10.6 

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of pinned x509 public keys.

func NewSet added in v0.10.6 

func NewSet() *Set

NewSet returns a new, empty PubKeyPinSet

func (*Set) Allow added in v0.10.6 

func (s *Set) Allow(pubKeyHashes ...string) error

Allow adds an allowed public key hash to the Set

func (*Set) CheckAny added in v0.10.6 

func (s *Set) CheckAny(certificates []*x509.Certificate) error

CheckAny checks if at least one certificate matches one of the public keys in the set

type TransportCredentialsProvider added in v0.10.29 

type TransportCredentialsProvider struct {
	// contains filtered or unexported fields
}

func NewEmptyTransportCredential added in v0.10.29 

func NewEmptyTransportCredential() *TransportCredentialsProvider

func NewTransportCredentialFromAccessFile added in v0.10.29 

func NewTransportCredentialFromAccessFile(serverName string, accessFile WssdConfig) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAccessFileLocation added in v0.10.29 

func NewTransportCredentialFromAccessFileLocation(serverName, accessFileLocation string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAuthBase64 added in v0.10.29 

func NewTransportCredentialFromAuthBase64(serverName string, rootCACertsBase64 string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAuthFromPem added in v0.10.29 

func NewTransportCredentialFromAuthFromPem(serverName string, caCertPem []byte) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromBase64 added in v0.10.29 

func NewTransportCredentialFromBase64(serverName, clientCertificateBase64, clientKeyBase64 string, rootCACertsBase64 string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromTlsCerts added in v0.10.29 

func NewTransportCredentialFromTlsCerts(serverName string, tlsCerts []tls.Certificate, rootCACertsPem []byte) (*TransportCredentialsProvider, error)

func (*TransportCredentialsProvider) GetTransportCredentials added in v0.10.29 

func (transportCredentials *TransportCredentialsProvider) GetTransportCredentials() credentials.TransportCredentials

type WssdConfig 

type WssdConfig struct {
	CloudCertificate      string
	ClientCertificate     string
	ClientKey             string
	IdentityName          string
	ClientCertificateType LoginType //Depricated : Needs to cleaned up after removing references
}

func GenerateClientCsr added in v0.10.7 

func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error)

func GenerateClientKey 

func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error)

GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation If the file exists the values from the fie is returned

func GenerateClientKeyWithName added in v0.10.7 

func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error)

GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName If the file exists the values from the fie is returned

Source Files

View all Source files

Directories

Path Synopsis
Package mock_auth is a generated GoMock package.
 Package mock_auth is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.