auth

package
v0.0.0-...-9b598c7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TokenExpMin = 30
	JwkKID      = "kastestkey"
)

Variables

This section is empty.

Functions

func GetFilterByOrganisationFromContext 

func GetFilterByOrganisationFromContext(ctx context.Context) bool

func GetIsAdminFromContext 

func GetIsAdminFromContext(ctx context.Context) bool

func ParseJWTKeys 

func ParseJWTKeys(jwtKeyFilePath, jwtCAFilePath string) (*rsa.PrivateKey, *rsa.PublicKey, error)

Parses JWT Private and Public Keys from the given path

func SetFilterByOrganisationContext 

func SetFilterByOrganisationContext(ctx context.Context, filterByOrganisation bool) context.Context

func SetIsAdminContext 

func SetIsAdminContext(ctx context.Context, isAdmin bool) context.Context

func SetTokenInContext 

func SetTokenInContext(ctx context.Context, token *jwt.Token) context.Context

func UseOperatorAuthorisationMiddleware 

func UseOperatorAuthorisationMiddleware(router *mux.Router, jwkValidIssuerURI string, clusterIdVar string, clusterService AuthAgentService)

Types

type AdminRoleAuthZConfig 

type AdminRoleAuthZConfig struct {
	RolesConfigFile string
	RolesConfig     RoleConfig
}

AdminRoleAuthZConfig is the configuration of the role authZ middleware.

func NewAdminAuthZConfig 

func NewAdminAuthZConfig() *AdminRoleAuthZConfig

NewAdminAuthZConfig creates a default AdminRoleAuthZConfig which is enabled and uses the production configuration.

func (*AdminRoleAuthZConfig) AddFlags 

func (c *AdminRoleAuthZConfig) AddFlags(fs *pflag.FlagSet)

AddFlags adds required flags for the role authZ configuration.

func (*AdminRoleAuthZConfig) GetRoleMapping 

func (c *AdminRoleAuthZConfig) GetRoleMapping() map[string][]string

GetRoleMapping will create a map of the required roles. The key will be the HTTP method and value will be a list of allowed roles for that specific HTTP method.

func (*AdminRoleAuthZConfig) ReadFiles 

func (c *AdminRoleAuthZConfig) ReadFiles() error

ReadFiles will read and validate the contents of the configuration file.

func (*AdminRoleAuthZConfig) Validate 

func (c *AdminRoleAuthZConfig) Validate(env *environments.Env) error

type AuditLogMiddleware 

type AuditLogMiddleware interface {
	AuditLog(code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
}

func NewAuditLogMiddleware 

func NewAuditLogMiddleware() AuditLogMiddleware

type AuthAgentService 

type AuthAgentService interface {
	GetClientID(clusterID string) (string, error)
}

type AuthAgentServiceMock 

type AuthAgentServiceMock struct {
	// GetClientIDFunc mocks the GetClientID method.
	GetClientIDFunc func(clusterID string) (string, error)
	// contains filtered or unexported fields
}

AuthAgentServiceMock is a mock implementation of AuthAgentService. 

func TestSomethingThatUsesAuthAgentService(t *testing.T) {

	// make and configure a mocked AuthAgentService
	mockedAuthAgentService := &AuthAgentServiceMock{
		GetClientIDFunc: func(clusterID string) (string, error) {
			panic("mock out the GetClientID method")
		},
	}

	// use mockedAuthAgentService in code that requires AuthAgentService
	// and then make assertions.

}

func (*AuthAgentServiceMock) GetClientID 

func (mock *AuthAgentServiceMock) GetClientID(clusterID string) (string, error)

GetClientID calls GetClientIDFunc.

func (*AuthAgentServiceMock) GetClientIDCalls 

func (mock *AuthAgentServiceMock) GetClientIDCalls() []struct {
	ClusterID string
}

GetClientIDCalls gets all the calls that were made to GetClientID. Check the length with: 

len(mockedAuthAgentService.GetClientIDCalls())

type AuthHelper 

type AuthHelper struct {
	JWTPrivateKey *rsa.PrivateKey
	JWTCA         *rsa.PublicKey
	// contains filtered or unexported fields
}

func NewAuthHelper 

func NewAuthHelper(jwtKeyFilePath, jwtCAFilePath, ocmTokenIssuer string) (*AuthHelper, error)

Creates an auth helper to be used for creating new accounts and jwt.

func (*AuthHelper) CreateJWTWithClaims 

func (authHelper *AuthHelper) CreateJWTWithClaims(account *amv1.Account, jwtClaims jwt.MapClaims) (*jwt.Token, error)

Creates a JSON web token with the claims specified. By default, this will create an ocm JWT if the issuer was not specified in the given claims. Any given claim with nil value will be removed from the claims

func (*AuthHelper) CreateSignedJWT 

func (authHelper *AuthHelper) CreateSignedJWT(account *amv1.Account, jwtClaims jwt.MapClaims) (string, error)

Creates a signed token. By default, this will create a signed ocm token if the issuer was not specified in the given claims.

func (*AuthHelper) GetJWTFromSignedToken 

func (authHelper *AuthHelper) GetJWTFromSignedToken(signedToken string) (*jwt.Token, error)

func (*AuthHelper) NewAccount 

func (authHelper *AuthHelper) NewAccount(username, name, email string, orgId string) (*amv1.Account, error)

Creates a new account with the specified values

type ContextConfig 

type ContextConfig struct {
}

func NewContextConfig 

func NewContextConfig() *ContextConfig

func (*ContextConfig) AddFlags 

func (c *ContextConfig) AddFlags(fs *pflag.FlagSet)

func (*ContextConfig) ReadFiles 

func (c *ContextConfig) ReadFiles() error

type KFMClaims 

type KFMClaims jwt.MapClaims

func GetClaimsFromContext 

func GetClaimsFromContext(ctx context.Context) (KFMClaims, error)

func (*KFMClaims) GetAccountId 

func (c *KFMClaims) GetAccountId() (string, error)

func (*KFMClaims) GetClientID 

func (c *KFMClaims) GetClientID() (string, error)

func (*KFMClaims) GetOrgId 

func (c *KFMClaims) GetOrgId() (string, error)

func (*KFMClaims) GetUsername 

func (c *KFMClaims) GetUsername() (string, error)

func (*KFMClaims) IsOrgAdmin 

func (c *KFMClaims) IsOrgAdmin() bool

func (*KFMClaims) VerifyIssuer 

func (c *KFMClaims) VerifyIssuer(cmp string, req bool) bool

type RequireIssuerMiddleware 

type RequireIssuerMiddleware interface {
	// RequireIssuer checks if the iss field in the JWT claim matches one of the given issuers.
	// If it does not, then the specified code is returned.
	RequireIssuer(issuers []string, code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
}

func NewRequireIssuerMiddleware 

func NewRequireIssuerMiddleware() RequireIssuerMiddleware

type RequireOrgIDMiddleware 

type RequireOrgIDMiddleware interface {
	// RequireOrgID will check that org_id is set as part of the JWT claims in the
	// request and that it is not empty and return code ServiceErrorCode in case
	// the previous conditions are not true
	RequireOrgID(code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
}

func NewRequireOrgIDMiddleware 

func NewRequireOrgIDMiddleware() RequireOrgIDMiddleware

type RequireTermsAcceptanceMiddleware 

type RequireTermsAcceptanceMiddleware interface {
	// RequireTermsAcceptance will check that the user has accepted the required terms.
	// The current implementation is backed by OCM and can be disabled with the "enabled" flag set to false.
	RequireTermsAcceptance(enabled bool, amsClient ocm.AMSClient, code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
}

func NewRequireTermsAcceptanceMiddleware 

func NewRequireTermsAcceptanceMiddleware() RequireTermsAcceptanceMiddleware

type RoleConfig 

type RoleConfig []RolesConfiguration

RoleConfig represents the role configuration.

type RolesAuthorizationMiddleware 

type RolesAuthorizationMiddleware interface {
	// RequireRealmRole will check the given realm role exists in the request token
	RequireRealmRole(roleName string, code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
	// RequireRolesForMethods will check that at least one of the realm roles exists in the request token based on the http method in the request
	RequireRolesForMethods(code errors.ServiceErrorCode) func(handler http.Handler) http.Handler
}

RolesAuthorizationMiddleware can be used to perform RBAC authorization checks on endpoints

func NewRolesAuthzMiddleware 

func NewRolesAuthzMiddleware(config *AdminRoleAuthZConfig) RolesAuthorizationMiddleware

type RolesConfiguration 

type RolesConfiguration struct {
	HTTPMethod string   `yaml:"method"`
	RoleNames  []string `yaml:"roles"`
}

RolesConfiguration is the configuration of required roles per HTTP method of the admin API.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.