Documentation
¶
Overview ¶
Package token defines tokens that serve as credentials in RBAC authorization.
Package token provides primitives to interact with the openapi HTTP API.
Code generated by github.com/deepmap/oapi-codegen version v1.13.0 DO NOT EDIT.
Index ¶
- Constants
- Variables
- func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, ... string, ...) string
- func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, error)
- func NewTLSConfig(ca, cert, key string) (*tls.Config, error)
- func NewX509CertPool(extraCA string) (pool *x509.CertPool, err error)
- type AccessToken
- type AccessTokenRequestBody
- type AccessTokenResponse
- type AtRequestBody
- type AtResponse
- type CacheKey
- type FetchAccessTokenJSONRequestBody
- type FetchRoleTokenJSONRequestBody
- type GroupDoResult
- type LockedTokenCache
- func (c *LockedTokenCache) Clear()
- func (c *LockedTokenCache) Collect(ch chan<- prometheus.Metric)
- func (c *LockedTokenCache) Describe(ch chan<- *prometheus.Desc)
- func (c *LockedTokenCache) Keys() []CacheKey
- func (c *LockedTokenCache) Len() int
- func (c *LockedTokenCache) Load(k CacheKey) Token
- func (c *LockedTokenCache) Range(f func(k CacheKey, t Token) error) error
- func (c *LockedTokenCache) Search(k CacheKey) (CacheKey, Token)
- func (c *LockedTokenCache) Size() int64
- func (c *LockedTokenCache) Store(k CacheKey, t Token)
- type RoleToken
- type RoleTokenRequestBody
- type RoleTokenResponse
- type RtRequestBody
- type RtResponse
- type Token
- type TokenCache
Constants ¶
const ( DOMAIN_HEADER = "X-Athenz-Domain" ROLE_HEADER = "X-Athenz-Role" )
Variables ¶
var (
ClientError = fmt.Errorf("Client error") // error should be fixed by the client-side, log as warning, response 4xx status code
)
Functions ¶
func GenerateAccessTokenRequestString ¶
func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, proxyForPrincipal string, expiryTime int) string
GenerateAccessTokenRequestString generates and urlencodes an access token string. TODO: fix the original method: https://github.com/AthenZ/athenz/blob/a85f48666763759ee28fda114acc4c8d2cafc28e/libs/go/athenzutils/ztsclient.go#L68
func NewTLSConfig ¶
NewTLSConfig returns a *tls.Config with provided certificate and key. If ca != "", client authentication is enabled.
Types ¶
type AccessToken ¶
type AccessToken struct {
// contains filtered or unexported fields
}
AccessToken stores access token
func (*AccessToken) Domain ¶
func (t *AccessToken) Domain() string
func (*AccessToken) Expiry ¶
func (t *AccessToken) Expiry() int64
func (*AccessToken) Raw ¶
func (t *AccessToken) Raw() string
func (*AccessToken) Role ¶
func (t *AccessToken) Role() string
func (*AccessToken) Scope ¶
func (t *AccessToken) Scope() string
func (*AccessToken) Size ¶
func (t *AccessToken) Size() uint
type AccessTokenRequestBody ¶
type AccessTokenRequestBody struct {
// Domain Access token domain name
Domain string `json:"domain"`
// Expiry Access token expiry time (in second)
Expiry *int `json:"expiry,omitempty"`
// ProxyForPrincipal Access token proxyForPrincipal name
ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"`
// Role Access token role name (comma separated list)
Role *string `json:"role,omitempty"`
}
AccessTokenRequestBody defines model for AccessTokenRequestBody.
type AccessTokenResponse ¶
type AccessTokenResponse struct {
// AccessToken Access token string
AccessToken string `json:"access_token"`
// ExpiresIn Access token expiry time (in second)
ExpiresIn int `json:"expires_in"`
// Scope Access token scope (Only added if role is not specified, space separated)
Scope *string `json:"scope,omitempty"`
// TokenType Access token token type
TokenType string `json:"token_type"`
}
AccessTokenResponse defines model for AccessTokenResponse.
type AtRequestBody ¶
type AtRequestBody = AccessTokenRequestBody
AtRequestBody defines model for atRequestBody.
type CacheKey ¶
type CacheKey struct {
Domain string
MaxExpiry int
MinExpiry int
ProxyForPrincipal string
Role string
WriteFileRequired bool
}
func (CacheKey) String ¶
String returns CacheKey's information in a string format, usually for logging purpose.
func (CacheKey) UniqueId ¶
UniqueId returns a unique id of this token, ensuring that the id stays unique with Athenz naming rules. Athenz domain naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*") Athenz role naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*" and therefore delimiter "|" is used to separate domain and role for uniqueness.
type FetchAccessTokenJSONRequestBody ¶
type FetchAccessTokenJSONRequestBody = AccessTokenRequestBody
FetchAccessTokenJSONRequestBody defines body for FetchAccessToken for application/json ContentType.
type FetchRoleTokenJSONRequestBody ¶
type FetchRoleTokenJSONRequestBody = RoleTokenRequestBody
FetchRoleTokenJSONRequestBody defines body for FetchRoleToken for application/json ContentType.
type GroupDoResult ¶
type GroupDoResult struct {
// contains filtered or unexported fields
}
GroupDoResult contains token and its requestID after singleFlight.group.Do()
type LockedTokenCache ¶
type LockedTokenCache struct {
// contains filtered or unexported fields
}
func NewLockedTokenCache ¶
func NewLockedTokenCache(tokenType, namespace, podName string) *LockedTokenCache
func (*LockedTokenCache) Clear ¶
func (c *LockedTokenCache) Clear()
func (*LockedTokenCache) Collect ¶
func (c *LockedTokenCache) Collect(ch chan<- prometheus.Metric)
func (*LockedTokenCache) Describe ¶
func (c *LockedTokenCache) Describe(ch chan<- *prometheus.Desc)
func (*LockedTokenCache) Keys ¶
func (c *LockedTokenCache) Keys() []CacheKey
func (*LockedTokenCache) Len ¶
func (c *LockedTokenCache) Len() int
func (*LockedTokenCache) Load ¶
func (c *LockedTokenCache) Load(k CacheKey) Token
func (*LockedTokenCache) Range ¶
func (c *LockedTokenCache) Range(f func(k CacheKey, t Token) error) error
func (*LockedTokenCache) Search ¶ added in v3.3.0
func (c *LockedTokenCache) Search(k CacheKey) (CacheKey, Token)
Search searches for tokens in the cache for the specified domain and role in the cache key, regardless of whether they are subject to file output. If the cache is hit, it returns the cache key and token used at that time. If there is no cache hit, it returns the cache key specified in the arguments and nil as the token.
func (*LockedTokenCache) Size ¶
func (c *LockedTokenCache) Size() int64
func (*LockedTokenCache) Store ¶
func (c *LockedTokenCache) Store(k CacheKey, t Token)
type RoleToken ¶
type RoleToken struct {
// contains filtered or unexported fields
}
RoleToken stores role token
type RoleTokenRequestBody ¶
type RoleTokenRequestBody struct {
// Domain Role token domain name
Domain string `json:"domain"`
// MaxExpiry Role token maximum expiry time (in second)
MaxExpiry *int `json:"max_expiry,omitempty"`
// MinExpiry Role token minimum expiry time (in second)
MinExpiry *int `json:"min_expiry,omitempty"`
// ProxyForPrincipal Role token proxyForPrincipal name
ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"`
// Role Role token role name (comma separated list)
Role *string `json:"role,omitempty"`
}
RoleTokenRequestBody defines model for RoleTokenRequestBody.
type RoleTokenResponse ¶
type RoleTokenResponse struct {
// ExpiryTime Role token expiry time (Unix timestamp in second)
ExpiryTime int64 `json:"expiryTime"`
// Token Role token string
Token string `json:"token"`
}
RoleTokenResponse defines model for RoleTokenResponse.
type RtRequestBody ¶
type RtRequestBody = RoleTokenRequestBody
RtRequestBody defines model for rtRequestBody.
Source Files