README
¶
huawei cloud auth
This provides the authentication mechanism for Huawei Public Cloud.
The authentication mechanism can be either AK/SK based or token based.
how to use
sign, err := auth.GetSignFunc(ak, sk, project)
req, err := http.NewRequest("GET", "cce.cn-north-1.myhuaweicloud.com", nil)
err = sign(r)
resp, err := client.Do(req)
how to use in go chassis
1.You can specify the AK/SK in the auth.yaml of Go-Chassis
cse.credentials.accessKey
cse.credentials.secretKey
2.Import in your main.go before other imports
import _ "github.com/huaweicse/auth/adaptor/gochassis"
After signing the header with authourization the Header looks like this
Authorization: Credential=XXX, SignedHeaders=XXX, Signature=XXX
==========================================
For third_party/forked/datastream/aws(github.com/datastream/aws)
Copyright (c) 2014, Xianjie All rights reserved.
========================================================================
For vendor/github.com/huaweicse/auth/third_party/forked/datastream/aws:
========================================================================
See third_party/forked/datastream/aws/LICENSE
Documentation
¶
Index ¶
Constants ¶
const ( HeaderServiceAk = "X-Service-AK" HeaderServiceShaAKSK = "X-Service-ShaAKSK" HeaderServiceProject = "X-Service-Project" )
Headers for ak/sk auth
const ( EnvKubernetesServiceHost = "KUBERNETES_SERVICE_HOST" EnvKubernetesServicePort = "KUBERNETES_SERVICE_PORT" HeaderAuthorization = "Authorization" ExpectedArrLength = 2 ServiceAccountPath = `/var/run/secrets/kubernetes.io/serviceaccount` )
constant value for communication to CCE
const ( ServiceStageMountPath = `/opt/CSE/etc/auth` DefaultSecretFile = `.dockerconfigjson` )
default secret path and file mounted to container by ServiceStage
const DefaultRefreshInterval = 60 * time.Second
DefaultRefreshInterval is default refresh interval
Variables ¶
var CCEEnvIdentifications = []string{
"PAAS_APP_NAME",
"PAAS_NAMESPACE",
"PAAS_PROJECT_ID",
"PAAS_POD_ID",
"PAAS_CLUSTER_ID",
}
CCEEnvIdentifications is to judge whether a container runs in CCE cluster
var ErrAuthConfNotExist = errors.New("auth config is not exist")
ErrAuthConfNotExist means the auth config not exist
Functions ¶
This section is empty.
Types ¶
type CCERetriever ¶ added in v1.1.1
CCERetriever queries auth info from CCE
func NewCCERetriever ¶ added in v1.1.1
func NewCCERetriever() *CCERetriever
NewCCERetriever news CCERetriever
func (*CCERetriever) API4ImagePullSecret ¶ added in v1.1.1
func (q *CCERetriever) API4ImagePullSecret(namespace string) string
API4ImagePullSecret get secret api for a namespace
func (*CCERetriever) GetAuthInfo ¶ added in v1.1.1
func (q *CCERetriever) GetAuthInfo() (string, string, string, error)
GetAuthInfo implements Retriever.GetAuthInfo
func (*CCERetriever) Name ¶ added in v1.1.1
func (q *CCERetriever) Name() string
Name implements Retriever.Name
type Data ¶ added in v1.1.1
type Data struct {
Auth string `json:"auth"`
}
Data is the base64 format of AK/SHAAKSK/PROJECT
type DockerConfig ¶ added in v1.1.1
DockerConfig is a tenant's default secret in json format
type HeaderGenerator ¶ added in v1.1.1
type HeaderGenerator struct {
RefreshInterval time.Duration
Retriever Retriever
// contains filtered or unexported fields
}
HeaderGenerator gets auth info and transfers it to auth headers and refresh the auth headers interval
func GetAuthHeaderGenerator ¶ added in v1.1.1
func GetAuthHeaderGenerator(qs ...Retriever) (*HeaderGenerator, error)
GetAuthHeaderGenerator news an HeaderGenerator from several Retriever front param has higher priority
func (*HeaderGenerator) GenAuthHeaders ¶ added in v1.1.1
func (h *HeaderGenerator) GenAuthHeaders() http.Header
GenAuthHeaders returns the latest auth headers
type KubeSecrets ¶ added in v1.1.1
type KubeSecrets struct {
Data KubeSecretsData `json:"data"`
}
KubeSecrets is response struct of CCE secret api
type KubeSecretsData ¶ added in v1.1.1
type KubeSecretsData struct {
DockerConfigJSON string `json:".dockerconfigjson"`
}
KubeSecretsData is the data of KubeSecrets
type Retriever ¶ added in v1.1.1
type Retriever interface {
GetAuthInfo() (project string, ak string, shaAKSK string, err error)
Name() string //source name
}
Retriever queries auth infomation: project, AK, SHAAKSK, error
type ServiceStageRetriever ¶ added in v1.1.1
ServiceStageRetriever queries auth infomation from ServiceStage
func NewServiceStageRetriever ¶ added in v1.1.1
func NewServiceStageRetriever() *ServiceStageRetriever
NewServiceStageRetriever news ServiceStageRetriever
func (*ServiceStageRetriever) GetAuthInfo ¶ added in v1.1.1
func (q *ServiceStageRetriever) GetAuthInfo() (string, string, string, error)
GetAuthInfo implements Retriever.GetAuthInfo
func (*ServiceStageRetriever) Name ¶ added in v1.1.1
func (q *ServiceStageRetriever) Name() string
Name implements Retriever.Name
type SignRequest ¶
SignRequest inject auth related header and sign this request so that this request can access to huawei cloud
func GetShaAKSKSignFunc ¶
func GetShaAKSKSignFunc(ak, sk, project string) (SignRequest, error)
GetShaAKSKSignFunc sets and initializes the ak/sk auth func
func GetSignFunc ¶
func GetSignFunc(ak, sk, project string) (SignRequest, error)
GetSignFunc sets and initializes the ak/sk auth func
Source Files
Directories