Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
Authenticator is an interface for types that can add HTTP basic auth to a request.
var DefaultAuthenticators Authenticator = multiAuthenticator{ EnvAuth{}, NewK8sAuth(os.Getenv("K8S_TOKEN_PATH"), os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"), NewChainguardIdentityAuth(os.Getenv("CHAINGUARD_IDENTITY"), "https://issuer.enforce.dev", "apk.cgr.dev"), CGRAuth{}, }
DefaultAuthenticators is a list of authenticators that are used by default.
func MultiAuthenticator ¶
func MultiAuthenticator(auths ...Authenticator) Authenticator
MultiAuthenticator returns an Authenticator that tries each of the given authenticators in order until one of them adds auth to the request.
If any of the authenticators returns an error, the request will not be modified and the error will be returned.
func NewChainguardIdentityAuth ¶ added in v0.18.0
func NewChainguardIdentityAuth(identity, issuer, audience string) Authenticator
NewChainguardIdentityAuth returns an Authenticator that authorizes requests as the given assumeable identity.
The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.
func NewK8sAuth ¶ added in v0.18.0
func NewK8sAuth(tokenPath, identity, issuer, audience string) Authenticator
NewK8sAuth returns an Authenticator that authorizes requests as the given assumeable identity, given a projected K8s SA token.
The token path is the path to the projected K8s SA token. The identity is a UIDP of a Chainguard Identity. Issuer is usually https://issuer.enforce.dev. Audience is usually https://apk.cgr.dev.
func StaticAuth ¶
func StaticAuth(domain, user, pass string) Authenticator
StaticAuth is an Authenticator that adds HTTP basic auth to the request if the request URL matches the given domain.