tokencmd

package
v4.1.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2019 License: Apache-2.0 Imports: 24 Imported by: 23

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GSSAPIEnabled 

func GSSAPIEnabled() bool

func RequestToken 

func RequestToken(clientCfg *restclient.Config, reader io.Reader, defaultUsername string, defaultPassword string) (string, error)

RequestToken uses the cmd arguments to locate an openshift oauth server and attempts to authenticate via an OAuth code flow and challenge handling. It returns the access token if it gets one or an error if it does not.

func SSPIEnabled 

func SSPIEnabled() bool

Types

type BasicChallengeHandler 

type BasicChallengeHandler struct {
	// Host is the server being authenticated to. Used only for displaying messages when prompting for username/password
	Host string

	// Reader is used to prompt for username/password. If nil, no prompting is done
	Reader io.Reader
	// Writer is used to output prompts. If nil, stdout is used
	Writer io.Writer

	// Username is the username to use when challenged. If empty, a prompt is issued to a non-nil Reader
	Username string
	// Password is the password to use when challenged. If empty, a prompt is issued to a non-nil Reader
	Password string
	// contains filtered or unexported fields
}

func (*BasicChallengeHandler) CanHandle 

func (c *BasicChallengeHandler) CanHandle(headers http.Header) bool

func (*BasicChallengeHandler) CompleteChallenge 

func (c *BasicChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*BasicChallengeHandler) HandleChallenge 

func (c *BasicChallengeHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*BasicChallengeHandler) Release 

func (c *BasicChallengeHandler) Release() error

type ChallengeHandler 

type ChallengeHandler interface {
	// CanHandle returns true if the handler recognizes a challenge it thinks it can handle.
	CanHandle(headers http.Header) bool
	// HandleChallenge lets the handler attempt to handle a challenge.
	// It is only invoked if CanHandle() returned true for the given headers.
	// Returns response headers and true if the challenge is successfully handled.
	// Returns false if the challenge was not handled, and an optional error in error cases.
	HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)
	// CompleteChallenge is invoked with the headers from a successful server response
	// received after having handled one or more challenges.
	// Returns an error if the handler does not consider the challenge/response interaction complete.
	CompleteChallenge(requestURL string, headers http.Header) error
	// Release gives the handler a chance to release any resources held during a challenge/response sequence.
	// It is always invoked, even in cases where no challenges were received or handled.
	Release() error
}

ChallengeHandler handles responses to WWW-Authenticate challenges.

func NewMultiHandler 

func NewMultiHandler(handlers ...ChallengeHandler) ChallengeHandler

func NewNegotiateChallengeHandler 

func NewNegotiateChallengeHandler(negotiator Negotiator) ChallengeHandler

type MultiHandler 

type MultiHandler struct {
	// contains filtered or unexported fields
}

MultiHandler manages a series of authentication challenges it is single-use only, and not thread-safe

func (*MultiHandler) CanHandle 

func (h *MultiHandler) CanHandle(headers http.Header) bool

func (*MultiHandler) CompleteChallenge 

func (h *MultiHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*MultiHandler) HandleChallenge 

func (h *MultiHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*MultiHandler) Release 

func (h *MultiHandler) Release() error

type NegotiateChallengeHandler 

type NegotiateChallengeHandler struct {
	// contains filtered or unexported fields
}

NegotiateChallengeHandler manages a challenge negotiation session it is single-host, single-use only, and not thread-safe

func (*NegotiateChallengeHandler) CanHandle 

func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool

func (*NegotiateChallengeHandler) CompleteChallenge 

func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*NegotiateChallengeHandler) HandleChallenge 

func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*NegotiateChallengeHandler) Release 

func (c *NegotiateChallengeHandler) Release() error

type Negotiator 

type Negotiator interface {
	// Load gives the negotiator a chance to load any resources needed to handle a challenge/response sequence.
	// It may be invoked multiple times. If an error is returned, InitSecContext and IsComplete are not called, but Release() is.
	Load() error
	// InitSecContext returns the response token for a Negotiate challenge token from a given URL,
	// or an error if no response token could be obtained or the incoming token is invalid.
	InitSecContext(requestURL string, challengeToken []byte) (tokenToSend []byte, err error)
	// IsComplete returns true if the negotiator is satisfied with the negotiation.
	// This typically means gssapi returned GSS_S_COMPLETE to an initSecContext call.
	IsComplete() bool
	// Release gives the negotiator a chance to release any resources held during a challenge/response sequence.
	// It is always invoked, even in cases where no challenges were received or handled.
	Release() error
}

Negotiator defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response

func NewGSSAPINegotiator 

func NewGSSAPINegotiator(string) Negotiator

func NewSSPINegotiator 

func NewSSPINegotiator(string, string, string, io.Reader) Negotiator

type RequestTokenOptions 

type RequestTokenOptions struct {
	ClientConfig *restclient.Config
	Handler      ChallengeHandler
	OsinConfig   *osincli.ClientConfig
	Issuer       string
	TokenFlow    bool
}

func NewRequestTokenOptions 

func NewRequestTokenOptions(clientCfg *restclient.Config, reader io.Reader, defaultUsername string, defaultPassword string, tokenFlow bool) *RequestTokenOptions

func (*RequestTokenOptions) RequestToken 

func (o *RequestTokenOptions) RequestToken() (string, error)

RequestToken locates an openshift oauth server and attempts to authenticate. It returns the access token if it gets one, or an error if it does not. It should only be invoked once on a given RequestTokenOptions instance. The Handler held by the options is released as part of this call. If RequestTokenOptions.OsinConfig is nil, it will be defaulted using SetDefaultOsinConfig. The caller is responsible for setting up the entire OsinConfig if the value is not nil.

func (*RequestTokenOptions) SetDefaultOsinConfig 

func (o *RequestTokenOptions) SetDefaultOsinConfig() error

SetDefaultOsinConfig overwrites RequestTokenOptions.OsinConfig with the default CLI OAuth client and PKCE support if the server supports S256 / a code flow is being used

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.