Documentation
¶
Overview ¶
Package auth provides supporting functions and structs for authentication
Index ¶
- Constants
- Variables
- func InstancePrincipalConfigurationForRegionWithCustomClient(region common.Region, ...) (common.ConfigurationProvider, error)
- func InstancePrincipalConfigurationProvider() (common.ConfigurationProvider, error)
- func InstancePrincipalConfigurationProviderForRegion(region common.Region) (common.ConfigurationProvider, error)
- func InstancePrincipalConfigurationProviderWithCustomClient(...) (common.ConfigurationProvider, error)
- func InstancePrincipalConfigurationWithCerts(region common.Region, leafCertificate, leafPassphrase, leafPrivateKey []byte, ...) (common.ConfigurationProvider, error)
- type ClaimHolder
- type ConfigurationProviderWithClaimAccess
- type Token
- type X509FederationDetails
Constants ¶
const ( //ResourcePrincipalVersion2_2 supported version for resource principals ResourcePrincipalVersion2_2 = "2.2" //ResourcePrincipalVersionEnvVar environment var name for version ResourcePrincipalVersionEnvVar = "OCI_RESOURCE_PRINCIPAL_VERSION" //ResourcePrincipalRPSTEnvVar environment var name holding the token or a path to the token ResourcePrincipalRPSTEnvVar = "OCI_RESOURCE_PRINCIPAL_RPST" //ResourcePrincipalPrivatePEMEnvVar environment var holding a rsa private key in pem format or a path to one ResourcePrincipalPrivatePEMEnvVar = "OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM" //ResourcePrincipalPrivatePEMPassphraseEnvVar environment var holding the passphrase to a key or a path to one ResourcePrincipalPrivatePEMPassphraseEnvVar = "OCI_RESOURCE_PRINCIPAL_PRIVATE_PEM_PASSPHRASE" //ResourcePrincipalRegionEnvVar environment variable holding a region ResourcePrincipalRegionEnvVar = "OCI_RESOURCE_PRINCIPAL_REGION" // TenancyOCIDClaimKey is the key used to look up the resource tenancy in an RPST TenancyOCIDClaimKey = "res_tenant" // CompartmentOCIDClaimKey is the key used to look up the resource compartment in an RPST CompartmentOCIDClaimKey = "res_compartment" )
Variables ¶
var ( // ErrNoSuchClaim is returned when a token does not hold the claim sought ErrNoSuchClaim = errors.New("no such claim") )
var ( // ErrNonStringClaim is returned if the token has a claim for a key, but it's not a string value ErrNonStringClaim = errors.New("claim does not have a string value") )
Functions ¶
func InstancePrincipalConfigurationForRegionWithCustomClient ¶
func InstancePrincipalConfigurationForRegionWithCustomClient(region common.Region, modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (common.ConfigurationProvider, error)
InstancePrincipalConfigurationForRegionWithCustomClient returns a configuration for instance principals with a given region using a modifier function to modify the HTTPRequestDispatcher
func InstancePrincipalConfigurationProvider ¶
func InstancePrincipalConfigurationProvider() (common.ConfigurationProvider, error)
InstancePrincipalConfigurationProvider returns a configuration for instance principals
func InstancePrincipalConfigurationProviderForRegion ¶
func InstancePrincipalConfigurationProviderForRegion(region common.Region) (common.ConfigurationProvider, error)
InstancePrincipalConfigurationProviderForRegion returns a configuration for instance principals with a given region
func InstancePrincipalConfigurationProviderWithCustomClient ¶
func InstancePrincipalConfigurationProviderWithCustomClient(modifier func(common.HTTPRequestDispatcher) (common.HTTPRequestDispatcher, error)) (common.ConfigurationProvider, error)
InstancePrincipalConfigurationProviderWithCustomClient returns a configuration for instance principals using a modifier function to modify the HTTPRequestDispatcher
func InstancePrincipalConfigurationWithCerts ¶
func InstancePrincipalConfigurationWithCerts(region common.Region, leafCertificate, leafPassphrase, leafPrivateKey []byte, intermediateCertificates [][]byte) (common.ConfigurationProvider, error)
InstancePrincipalConfigurationWithCerts returns a configuration for instance principals with a given region and hardcoded certificates in lieu of metadata service certs
Types ¶
type ClaimHolder ¶
ClaimHolder is implemented by any token interface that provides access to the security claims embedded in the token.
type ConfigurationProviderWithClaimAccess ¶
type ConfigurationProviderWithClaimAccess interface {
common.ConfigurationProvider
ClaimHolder
}
ConfigurationProviderWithClaimAccess mixes in a method to access the claims held on the underlying security token
func ResourcePrincipalConfigurationProvider ¶
func ResourcePrincipalConfigurationProvider() (ConfigurationProviderWithClaimAccess, error)
ResourcePrincipalConfigurationProvider returns a resource principal configuration provider using well known environment variables to look up token information. The environment variables can either paths or contain the material value of the keys. However in the case of the keys and tokens paths and values can not be mixed
type Token ¶
type Token struct {
Token string `mandatory:"true" json:"token,omitempty"`
}
Token token
type X509FederationDetails ¶
type X509FederationDetails struct {
Certificate string `mandatory:"true" json:"certificate,omitempty"`
PublicKey string `mandatory:"true" json:"publicKey,omitempty"`
IntermediateCertificates []string `mandatory:"false" json:"intermediateCertificates,omitempty"`
}
X509FederationDetails x509 federation details
Source Files