controllers

package

v0.8.1 Latest Latest Go to latest Published: Oct 5, 2022 License: Apache-2.0 Imports: 36 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/redhat-appstudio/service-provider-integration-oauth

Links

Open Source Insights

Documentation ¶

Index ¶

func AuditLog(ctx context.Context) logr.Logger
func AuditLogWithTokenInfo(ctx context.Context, msg string, namespace string, token string, ...)
func AugmentConfiguration(config *rest.Config)
func CallbackErrorHandler(w http.ResponseWriter, r *http.Request)
func CallbackSuccessHandler(w http.ResponseWriter, r *http.Request)
func ExtractTokenFromAuthorizationHeader(authHeader string) string
func HandleUpload(uploader TokenUploader) func(http.ResponseWriter, *http.Request)
func LogDebugAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, ...)
func LogErrorAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, err error)
func MiddlewareHandler(allowedOrigins []string, h http.Handler) http.Handler
func OkHandler(w http.ResponseWriter, _ *http.Request)
func WithAuthFromRequestIntoContext(r *http.Request, ctx context.Context) (context.Context, error)
func WithAuthIntoContext(bearerToken string, ctx context.Context) context.Context
type AuthenticatingClient
- func CreateClient(cfg *rest.Config, options client.Options) (AuthenticatingClient, error)
type Authenticator
- func NewAuthenticator(sessionManager *scs.SessionManager, cl AuthenticatingClient) *Authenticator
- func (a *Authenticator) GetToken(r *http.Request) (string, error)
- func (a Authenticator) Login(w http.ResponseWriter, r *http.Request)
type Controller
- func FromConfiguration(fullConfig OAuthServiceConfiguration, ...) (Controller, error)
type OAuthServiceCliArgs
type OAuthServiceConfiguration
- func LoadOAuthServiceConfiguration(args OAuthServiceCliArgs) (OAuthServiceConfiguration, error)
type SpiTokenUploader
- func (u *SpiTokenUploader) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, ...) error
type StateStorage
- func NewStateStorage(sessionManager *scs.SessionManager) *StateStorage
- func (s StateStorage) UnveilState(ctx context.Context, req *http.Request) (string, error)
- func (s StateStorage) VeilRealState(req *http.Request) (string, error)
type TokenUploader
type UploadFunc
- func (u UploadFunc) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuditLog ¶ added in v0.8.0

func AuditLog(ctx context.Context) logr.Logger

AuditLog returns logger prepared with audit markers

func AuditLogWithTokenInfo ¶ added in v0.8.0

func AuditLogWithTokenInfo(ctx context.Context, msg string, namespace string, token string, keysAndValues ...interface{})

AuditLogWithTokenInfo logs message related to particular SPIAccessToken into audit logger

func AugmentConfiguration ¶ added in v0.4.3

func AugmentConfiguration(config *rest.Config)

AugmentConfiguration modifies the provided Kubernetes client configuration such that it uses bearer tokens stored in the context using the WithAuthFromRequestIntoContext or WithAuthIntoContext functions.

func CallbackErrorHandler ¶ added in v0.6.5

func CallbackErrorHandler(w http.ResponseWriter, r *http.Request)

CallbackErrorHandler is a Handler implementation that responds with HTML page This page is a landing page after unsuccessfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func CallbackSuccessHandler ¶ added in v0.6.5

func CallbackSuccessHandler(w http.ResponseWriter, r *http.Request)

CallbackSuccessHandler is a Handler implementation that responds with HTML page This page is a landing page after successfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func ExtractTokenFromAuthorizationHeader ¶ added in v0.4.3

func ExtractTokenFromAuthorizationHeader(authHeader string) string

ExtractTokenFromAuthorizationHeader extracts the token value from the authorization header assumed to be formatted as a bearer token.

func HandleUpload ¶ added in v0.6.5

func HandleUpload(uploader TokenUploader) func(http.ResponseWriter, *http.Request)

HandleUpload returns Handler implementation that is relied on provided TokenUploader to persist provided credentials for some concrete SPIAccessToken.

func LogDebugAndWriteResponse ¶ added in v0.6.5

func LogDebugAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, keysAndValues ...interface{})

func LogErrorAndWriteResponse ¶ added in v0.6.5

func LogErrorAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, err error)

func MiddlewareHandler ¶ added in v0.6.5

func MiddlewareHandler(allowedOrigins []string, h http.Handler) http.Handler

MiddlewareHandler is a Handler that composed couple of different responsibilities. Like: - Request logging - CORS processing

func OkHandler ¶ added in v0.6.5

func OkHandler(w http.ResponseWriter, _ *http.Request)

OkHandler is a Handler implementation that responds only with http.StatusOK. Typically, used for liveness and readiness probes

func WithAuthFromRequestIntoContext ¶ added in v0.4.3

func WithAuthFromRequestIntoContext(r *http.Request, ctx context.Context) (context.Context, error)

WithAuthFromRequestIntoContext looks into the provided HTTP request and stores the bearer token from that request's Authorization header into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

To link the contexts, you can reuse the context of the provided request: WithAuthFromRequestIntoContext(req, req.Context())

func WithAuthIntoContext ¶ added in v0.4.3

func WithAuthIntoContext(bearerToken string, ctx context.Context) context.Context

WithAuthIntoContext stores the provided bearer token into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

Types ¶

type AuthenticatingClient ¶ added in v0.4.3

type AuthenticatingClient client.Client

AuthenticatingClient is just a typedef that advertises that it is safe to use the WithAuthIntoContext or WithAuthFromRequestIntoContext functions with clients having this type.

func CreateClient ¶ added in v0.4.3

func CreateClient(cfg *rest.Config, options client.Options) (AuthenticatingClient, error)

CreateClient creates a new client based on the provided configuration. Note that configuration is potentially modified during the call.

type Authenticator ¶ added in v0.5.2

type Authenticator struct {
	K8sClient      AuthenticatingClient
	SessionManager *scs.SessionManager
}

func NewAuthenticator ¶ added in v0.5.2

func NewAuthenticator(sessionManager *scs.SessionManager, cl AuthenticatingClient) *Authenticator

func (*Authenticator) GetToken ¶ added in v0.5.2

func (a *Authenticator) GetToken(r *http.Request) (string, error)

func (a Authenticator) Login(w http.ResponseWriter, r *http.Request)

type Controller ¶

type Controller interface {
	// Authenticate handles the initial OAuth request. It should validate that the request is authenticated in Kubernetes
	// compose the authenticated OAuth state and return a redirect to the service-provider OAuth endpoint with the state.
	Authenticate(w http.ResponseWriter, r *http.Request)

	// Callback finishes the OAuth flow. It handles the final redirect from the OAuth flow of the service provider.
	Callback(ctx context.Context, w http.ResponseWriter, r *http.Request)
}

Controller implements the OAuth flow. There are specific implementations for each service provider type. These are usually instances of the commonController with service-provider-specific configuration.

func FromConfiguration ¶

func FromConfiguration(fullConfig OAuthServiceConfiguration, spConfig config.ServiceProviderConfiguration, authenticator *Authenticator, stateStorage *StateStorage, cl AuthenticatingClient, storage tokenstorage.TokenStorage, redirectTemplate *template.Template) (Controller, error)

FromConfiguration is a factory function to create instances of the Controller based on the service provider configuration.

type OAuthServiceCliArgs ¶ added in v0.7.3

type OAuthServiceCliArgs struct {
	config.CommonCliArgs
	config.LoggingCliArgs
	tokenstorage.VaultCliArgs
	ServiceAddr     string `arg:"--service-addr, env" default:"0.0.0.0:8000" help:"Service address to listen on"`
	AllowedOrigins  string `` /* 175-byte string literal not displayed */
	KubeConfig      string `arg:"--kubeconfig, env" default:"" help:""`
	KubeInsecureTLS bool   `arg:"--kube-insecure-tls, env" default:"false" help:"Whether is allowed or not insecure kubernetes tls connection."`
	ApiServer       string `` /* 126-byte string literal not displayed */
	ApiServerCAPath string `` /* 140-byte string literal not displayed */
}

type OAuthServiceConfiguration ¶ added in v0.7.3

type OAuthServiceConfiguration struct {
	config.SharedConfiguration
}

func LoadOAuthServiceConfiguration ¶ added in v0.7.3

func LoadOAuthServiceConfiguration(args OAuthServiceCliArgs) (OAuthServiceConfiguration, error)

type SpiTokenUploader ¶ added in v0.6.5

type SpiTokenUploader struct {
	K8sClient client.Client
	Storage   tokenstorage.TokenStorage
}

func (*SpiTokenUploader) Upload ¶ added in v0.6.5

func (u *SpiTokenUploader) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

type StateStorage ¶ added in v0.6.8

type StateStorage struct {
	// contains filtered or unexported fields
}

func NewStateStorage ¶ added in v0.6.8

func NewStateStorage(sessionManager *scs.SessionManager) *StateStorage

func (StateStorage) UnveilState ¶ added in v0.6.8

func (s StateStorage) UnveilState(ctx context.Context, req *http.Request) (string, error)

func (StateStorage) VeilRealState ¶ added in v0.6.8

func (s StateStorage) VeilRealState(req *http.Request) (string, error)

type TokenUploader ¶ added in v0.4.4

type TokenUploader interface {
	Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error
}

TokenUploader is used to permanently persist credentials for the given token.

type UploadFunc ¶ added in v0.6.5

type UploadFunc func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

UploadFunc used to provide anonymous implementation of TokenUploader. Example:

 uploader := UploadFunc(func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error {
		return fmt.Errorf("failed to store the token data into storage")
	})

func (UploadFunc) Upload ¶ added in v0.6.5

func (u UploadFunc) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL