auth

package
v0.22.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 15 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator

type Authenticator interface {
	AddAuth(ctx context.Context, req *http.Request) error
}

Authenticator is an interface for types that can add HTTP basic auth to a request.

var DefaultAuthenticators Authenticator = multiAuthenticator{

	EnvAuth{},

	NewK8sAuth(os.Getenv("K8S_TOKEN_PATH"), os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),

	NewChainguardIdentityAuth(os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"),

	CGRAuth{},
}

DefaultAuthenticators is a list of authenticators that are used by default.

func MultiAuthenticator

func MultiAuthenticator(auths ...Authenticator) Authenticator

MultiAuthenticator returns an Authenticator that tries each of the given authenticators in order until one of them adds auth to the request.

If any of the authenticators returns an error, the request will not be modified and the error will be returned.

func NewChainguardIdentityAuth added in v0.18.0

func NewChainguardIdentityAuth(identity, issuer, audience string) Authenticator

NewChainguardIdentityAuth returns an Authenticator that authorizes requests as the given assumeable identity.

The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.

func NewK8sAuth added in v0.18.0

func NewK8sAuth(tokenPath, identity, issuer, audience string) Authenticator

NewK8sAuth returns an Authenticator that authorizes requests as the given assumeable identity, given a projected K8s SA token.

The token path is the path to the projected K8s SA token. The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.

func StaticAuth

func StaticAuth(domain, user, pass string) Authenticator

StaticAuth is an Authenticator that adds HTTP basic auth to the request if the request URL matches the given domain.

type CGRAuth

type CGRAuth struct{}

CGRAuth adds HTTP basic auth to the request if the request URL matches apk.cgr.dev and the `chainctl` command is available.

It executes `chainctl` to get a token. If you need to assume an identity then you should use NewChainguardIdentityAuth instead.

func (CGRAuth) AddAuth

func (c CGRAuth) AddAuth(ctx context.Context, req *http.Request) error

type EnvAuth

type EnvAuth struct{}

EnvAuth adds HTTP basic auth to the request if the request URL matches the HTTP_AUTH environment variable.

func (EnvAuth) AddAuth

func (e EnvAuth) AddAuth(_ context.Context, req *http.Request) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL