Documentation
¶
Index ¶
Constants ¶
View Source
const ( URL = "url" AuthToken = "auth_token" RolePolicy = "role_policy" RoleID = "role_id" EnvIdentityPluginURL = "MINIO_IDENTITY_PLUGIN_URL" EnvIdentityPluginAuthToken = "MINIO_IDENTITY_PLUGIN_AUTH_TOKEN" EnvIdentityPluginRolePolicy = "MINIO_IDENTITY_PLUGIN_ROLE_POLICY" EnvIdentityPluginRoleID = "MINIO_IDENTITY_PLUGIN_ROLE_ID" )
Authentication Plugin config and env variables
Variables ¶
View Source
var ( // DefaultKVS - default config for AuthN plugin config DefaultKVS = config.KVS{ config.KV{ Key: URL, Value: "", }, config.KV{ Key: AuthToken, Value: "", }, config.KV{ Key: RolePolicy, Value: "", }, config.KV{ Key: RoleID, Value: "", }, } // Help for Identity Plugin Help = config.HelpKVS{ config.HelpKV{ Key: URL, Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/path/to/endpoint"` + defaultHelpPostfix(URL), Type: "url", }, config.HelpKV{ Key: AuthToken, Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken), Optional: true, Type: "string", Sensitive: true, }, config.HelpKV{ Key: RolePolicy, Description: "policies to apply for plugin authorized users" + defaultHelpPostfix(RolePolicy), Type: "string", }, config.HelpKV{ Key: RoleID, Description: "unique ID to generate the ARN" + defaultHelpPostfix(RoleID), Optional: true, Type: "string", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Functions ¶
Types ¶
type Args ¶
type Args struct {
URL *xnet.URL
AuthToken string
Transport http.RoundTripper
CloseRespFn func(r io.ReadCloser)
RolePolicy string
RoleARN arn.ARN
}
Args for authentication plugin.
type AuthNErrorResponse ¶
type AuthNErrorResponse struct {
Reason string `json:"reason"`
}
AuthNErrorResponse - represents an error response from the authN plugin.
type AuthNPlugin ¶
type AuthNPlugin struct {
// contains filtered or unexported fields
}
AuthNPlugin - implements pluggable authentication via webhook.
func (*AuthNPlugin) Authenticate ¶
func (o *AuthNPlugin) Authenticate(roleArn arn.ARN, token string) (AuthNResponse, error)
Authenticate authenticates the token with the external hook endpoint and returns a parent user, max expiry duration for the authentication and a set of claims.
func (*AuthNPlugin) GetRoleInfo ¶
func (o *AuthNPlugin) GetRoleInfo() map[arn.ARN]string
GetRoleInfo - returns ARN to policies map.
type AuthNResponse ¶
type AuthNResponse struct {
Success *AuthNSuccessResponse
Failure *AuthNErrorResponse
}
AuthNResponse - represents a result of the authentication operation.
type AuthNSuccessResponse ¶
type AuthNSuccessResponse struct {
User string `json:"user"`
MaxValiditySeconds int `json:"maxValiditySeconds"`
Claims map[string]interface{} `json:"claims"`
}
AuthNSuccessResponse - represents the response from the authentication plugin service.
Source Files
Click to show internal directories.
Click to hide internal directories.