auth

package

v0.19.2 Latest Latest Go to latest Published: Sep 20, 2024 License: Apache-2.0 Imports: 14 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chainguard-dev/apko

Links

Open Source Insights

Documentation ¶

Index ¶

type Authenticator
type CGRAuth
- func (c CGRAuth) AddAuth(ctx context.Context, req *http.Request) error
type EnvAuth
- func (e EnvAuth) AddAuth(_ context.Context, req *http.Request) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authenticator ¶

type Authenticator interface {
	AddAuth(ctx context.Context, req *http.Request) error
}

Authenticator is an interface for types that can add HTTP basic auth to a request.

var DefaultAuthenticators Authenticator = multiAuthenticator{

	EnvAuth{},

	NewK8sAuth(os.Getenv("K8S_TOKEN_PATH"), os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),

	NewChainguardIdentityAuth(os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),

	CGRAuth{},
}

DefaultAuthenticators is a list of authenticators that are used by default.

func MultiAuthenticator ¶

func MultiAuthenticator(auths ...Authenticator) Authenticator

MultiAuthenticator returns an Authenticator that tries each of the given authenticators in order until one of them adds auth to the request.

If any of the authenticators returns an error, the request will not be modified and the error will be returned.

func NewChainguardIdentityAuth ¶ added in v0.18.0

func NewChainguardIdentityAuth(identity, issuer, audience string) Authenticator

NewChainguardIdentityAuth returns an Authenticator that authorizes requests as the given assumeable identity.

The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.

func NewK8sAuth ¶ added in v0.18.0

func NewK8sAuth(tokenPath, identity, issuer, audience string) Authenticator

NewK8sAuth returns an Authenticator that authorizes requests as the given assumeable identity, given a projected K8s SA token.

The token path is the path to the projected K8s SA token. The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.

func StaticAuth ¶

func StaticAuth(domain, user, pass string) Authenticator

StaticAuth is an Authenticator that adds HTTP basic auth to the request if the request URL matches the given domain.

type CGRAuth ¶

type CGRAuth struct{}

CGRAuth adds HTTP basic auth to the request if the request URL matches apk.cgr.dev and the `chainctl` command is available.

It executes `chainctl` to get a token. If you need to assume an identity then you should use NewChainguardIdentityAuth instead.

func (CGRAuth) AddAuth ¶

func (c CGRAuth) AddAuth(ctx context.Context, req *http.Request) error

type EnvAuth ¶

type EnvAuth struct{}

EnvAuth adds HTTP basic auth to the request if the request URL matches the HTTP_AUTH environment variable.

func (EnvAuth) AddAuth ¶

func (e EnvAuth) AddAuth(_ context.Context, req *http.Request) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL