server

package

v2.9.4 Latest Latest Go to latest Published: Apr 8, 2024 License: Apache-2.0 Imports: 44 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pachyderm/pachyderm

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func LocalhostRewriteClient(expected string) (*http.Client, error)
func NewAuthServer(env Env, public, requireNoncriticalServers, watchesEnabled bool) (*apiServer, error)
type APIServer
type ActivationScope
- func (s ActivationScope) String() string
type Env
type IDTokenClaims
type RewriteRoundTripper
- func (rt RewriteRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var DefaultOIDCConfig = auth.OIDCConfig{}

DefaultOIDCConfig is the default config for the auth API server

Functions ¶

func LocalhostRewriteClient ¶

func LocalhostRewriteClient(expected string) (*http.Client, error)

LocalhostRewriteClient returns an http.Client which replaces the host and scheme from `expected` with `localhostIdentityServerAddress`

This helps us work around the case where we are running in hairpin mode. (see https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/#a-pod-fails-to-reach-itself-via-the-service-ip) We're able to use this to cleverly rewrite requests from pachd -> http://pachd:1658/... as http://localhost:1658/ so that pachd can talk to the dex server running on the same pod while still making requests to 'http://pachd:1658/' which is the configured OIDC Issuer, which preserves OIDC Client-side validation requirements

func NewAuthServer ¶

func NewAuthServer(env Env, public, requireNoncriticalServers, watchesEnabled bool) (*apiServer, error)

NewAuthServer returns an implementation of auth.APIServer.

Types ¶

type APIServer ¶ added in v2.8.0

type APIServer = *apiServer

type ActivationScope ¶

type ActivationScope int

ActivationScope is an additional service to activate auth for.

const (
	ActivationScopePFS ActivationScope = iota // Activate auth for PFS.
	ActivationScopePPS                        // Activate auth for PPS.
)

func (ActivationScope) String ¶

func (s ActivationScope) String() string

String implements fmt.Stringer.

type Env ¶

type Env struct {
	DB         *pachsql.DB
	EtcdClient *etcd.Client
	Listener   col.PostgresListener
	TxnEnv     *txnenv.TransactionEnv

	// circular dependency
	GetEnterpriseServer func() enterprise.APIServer
	GetIdentityServer   func() identity.APIServer
	GetPfsServer        func() pfs.APIServer
	GetPpsServer        func() pps.APIServer

	BackgroundContext context.Context
	Config            pachconfig.Configuration
}

Env is the environment required for an apiServer

type IDTokenClaims ¶

type IDTokenClaims struct {
	Email         string   `json:"email"`
	EmailVerified bool     `json:"email_verified"`
	Groups        []string `json:"groups"`
}

IDTokenClaims represents the set of claims in an OIDC ID token that we're concerned with

type RewriteRoundTripper ¶

type RewriteRoundTripper struct {
	Expected *url.URL
	Rewrite  *url.URL
}

RewriteRoundTripper replaces the expected hostname with a new hostname. If a scheme is specified it's also replaced.

func (RewriteRoundTripper) RoundTrip ¶

func (rt RewriteRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip fulfills the http RoundTripper interface

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL