graph

package

v0.16.0 Latest Latest Go to latest Published: Jul 31, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubeguard/guard

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	MSIEndpointForARC = "http://127.0.0.1:8421/metadata/identity/oauth2/token?api-version=2018-02-01"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthResponse ¶

type AuthResponse struct {
	TokenType string `json:"token_type"`
	Expires   int    `json:"expires_in"`
	Token     string `json:"access_token"`
}

AuthResponse represents a response from the MS Graph auth API

type Group ¶

type Group struct {
	Name string `json:"displayName"`
	ID   string `json:"id"`
}

Group represents the Group object from the MSGraphAPI

type GroupList ¶

type GroupList struct {
	Value []Group `json:"value"`
}

GroupList represents a list of groups returned from the MS Graph API

type ObjectList ¶

type ObjectList struct {
	Value []string `json:"value"`
}

ObjectList represents a list of directory object IDs returned from the MS Graph API

type ObjectQuery ¶

type ObjectQuery struct {
	IDs   []string `json:"ids"`
	Types []string `json:"types"`
}

ObjectQuery represents a query object to the directoryObjects endpoint

type TokenProvider ¶

type TokenProvider interface {
	Name() string
	Acquire(ctx context.Context, token string) (AuthResponse, error)
}

TokenProvider is an interface to obtain token for MS Graph api

func NewAKSTokenProvider ¶

func NewAKSTokenProvider(tokenURL, tenantID string) TokenProvider

NewAKSTokenProvider returns a TokenProvider that implements On-Behalf-Of flow using AKS first party service

func NewClientCredentialTokenProvider ¶

func NewClientCredentialTokenProvider(clientID, clientSecret, loginURL, scope string) TokenProvider

NewClientCredentialTokenProvider returns a TokenProvider that implements OAuth client credential flow on Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token

func NewMSITokenProvider ¶ added in v0.14.0

func NewMSITokenProvider(msiAudience, msiEndpoint string) TokenProvider

NewMSITokenProvider returns a TokenProvider that implements OAuth msi flow on Azure Active Directory

func NewOBOTokenProvider ¶

func NewOBOTokenProvider(clientID, clientSecret, loginURL, scope string) TokenProvider

NewOBOTokenProvider returns a TokenProvider that implements OAuth On-Behalf-Of flow on Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow

type TokenResponse ¶ added in v0.14.0

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	ExpiresIn    string `json:"expires_in"`
	RefreshToken string `json:"refresh_token"`
	ExpiresOn    string `json:"expires_on"`
	NotBefore    string `json:"not_before"`
	Resource     string `json:"resource"`
	TokenType    string `json:"token_type"`
	ErrorMessage string `json:"error_message,omitempty"`
}

type UserInfo ¶

type UserInfo struct {
	// contains filtered or unexported fields
}

UserInfo allows you to get user data from MS Graph

func New ¶

func New(clientID, clientSecret, tenantID string, useGroupUID bool, aadEndpoint, msgraphHost string) (*UserInfo, error)

New returns a new UserInfo object

func NewWithAKS ¶

func NewWithAKS(tokenURL, tenantID, msgraphHost string) (*UserInfo, error)

NewWithAKS returns a new UserInfo object used in AKS

func NewWithARC ¶ added in v0.14.0

func NewWithARC(msiAudience, resourceId, tenantId, region string) (*UserInfo, error)

NewWithARC returns a new UserInfo object used in ARC

func NewWithOBO ¶

func NewWithOBO(clientID, clientSecret, tenantID string, aadEndpoint, msgraphHost string) (*UserInfo, error)

NewWithOBO returns a new UserInfo object

func TestUserInfo ¶

func TestUserInfo(clientID, clientSecret, loginUrl, apiUrl string, useGroupUID bool) (*UserInfo, error)

func (*UserInfo) GetGroups ¶

func (u *UserInfo) GetGroups(ctx context.Context, userPrincipal string, token string) ([]string, error)

GetGroups gets a list of all groups that the given user principal is part of Generally in federated directories the email address is the userPrincipalName

func (*UserInfo) Name ¶

func (u *UserInfo) Name() string

Name returns the name of this getter

func (*UserInfo) RefreshToken ¶

func (u *UserInfo) RefreshToken(ctx context.Context, token string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL