auth

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 22, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Index

Constants

View Source 
const (
	ClientTokenName       = ".token"
	ClientCertName        = "wssd.pem"
	ClientTokenPath       = "WSSD_CLIENT_TOKEN"
	WssdConfigPath        = "WSSD_CONFIG_PATH"
	AccessFileDirPath     = "ACCESSFILE_DIR_PATH"
	DefaultWSSDFolder     = ".wssd"
	AccessFileDefaultName = "cloudconfig"
)
View Source 
const (
	CloudAgentServerPort         int     = 55000
	CertificateValidityThreshold float64 = (30.0 / 100.0)
	DefaultServerContextTimeout          = 10 * time.Minute
)
View Source 
const (
	ServerName = "ServerName"
)

Variables

This section is empty.

Functions

func AccessFileToTls 

func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error)

func CertCheck 

func CertCheck(pemCert []byte) error

func GetCertificateDirPath 

func GetCertificateDirPath() string

GetCertificateDirPath will return the directory path where the client certificate will be stored

func GetCertificateFilePath 

func GetCertificateFilePath() string

GetCertificateFilePath will return the file path where the client certificate will be stored

func GetLoginTokenPath 

func GetLoginTokenPath() string

GetLoginTokenPath will return the file path where the login yaml will be stored

func GetMocConfigLocationName 

func GetMocConfigLocationName(subfolder, filename string) string

GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName

func GetWssdConfigLocation 

func GetWssdConfigLocation() string

GetWssdConfigLocation gets the path for access file from environment

func Hash 

func Hash(certificate *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow).

func LoginTypeToAuthType 

func LoginTypeToAuthType(authType string) common.AuthenticationType

func NewPublicKeyVerifier 

func NewPublicKeyVerifier() *publicKeyVerifier

func PrintAccessFile 

func PrintAccessFile(accessFile WssdConfig) error

PrintAccessFile stores wssdConfig in WssdConfigLocation

func PrintAccessFileByName 

func PrintAccessFileByName(accessFile WssdConfig, subfolder, filename string) error

PrintAccessFileByName stores wssdConfig in GetWssdConfigLocationName

func ReadAccessFileToTls 

func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, error)

func RenewCertificates 

func RenewCertificates(server string, wssdConfigLocation string) error

renewCertificates picks the wssdconfig from the location performs a renewal if close to expiry and stores the same back to the location

func SaveToken 

func SaveToken(tokenStr string) error

func SetCertificateDirPath 

func SetCertificateDirPath(certificateDirPath string) error

SetCertificateDirPath sets the directory path where the client certificate will be stored This is achieved by setting ACCESSFILE_DIR_PATH environment variable The path is appended with the executable name before the certificate is stored

func SetCertificateFilePath 

func SetCertificateFilePath(certificateFilePath string) error

SetCertificateFilePath sets the file path where the client certificate will be stored This is achieved by setting WSSD_CONFIG_PATH environment variable

func SetLoginTokenPath 

func SetLoginTokenPath(loginConfigPath string) error

SetLoginTokenPath sets the path where the login yaml will be stored This is achieved by setting WSSD_CLIENT_TOKEN environment variable The path is appended with the executable name before the certificate is stored

func TransportCredentialsFromFile 

func TransportCredentialsFromFile(wssdConfigLocation string, server string) credentials.TransportCredentials

func TransportCredentialsFromNode 

func TransportCredentialsFromNode(tlsCert tls.Certificate, serverCertificate []byte, server string) credentials.TransportCredentials

Types

type Authorizer 

type Authorizer interface {
	WithTransportAuthorization() credentials.TransportCredentials
	WithRPCAuthorization() credentials.PerRPCCredentials
}

func NewAuthorizerForAuth 

func NewAuthorizerForAuth(tokenString string, certificate string, server string) (Authorizer, error)

func NewAuthorizerFromEnvironment 

func NewAuthorizerFromEnvironment(serverName string) (Authorizer, error)

func NewAuthorizerFromEnvironmentByName 

func NewAuthorizerFromEnvironmentByName(serverName, subfolder, filename string) (Authorizer, error)

func NewAuthorizerFromInput 

func NewAuthorizerFromInput(tlsCert tls.Certificate, serverCertificate []byte, server string) (Authorizer, error)

type BearerAuthorizer 

type BearerAuthorizer struct {
	// contains filtered or unexported fields
}

BearerAuthorizer implements the bearer authorization

func NewBearerAuthorizer 

func NewBearerAuthorizer(tp JwtTokenProvider, tc credentials.TransportCredentials) *BearerAuthorizer

NewBearerAuthorizer crates a BearerAuthorizer using the given token provider

func NewEmptyBearerAuthorizer 

func NewEmptyBearerAuthorizer() *BearerAuthorizer

func (*BearerAuthorizer) WithRPCAuthorization 

func (ba *BearerAuthorizer) WithRPCAuthorization() credentials.PerRPCCredentials

func (*BearerAuthorizer) WithTransportAuthorization 

func (ba *BearerAuthorizer) WithTransportAuthorization() credentials.TransportCredentials

type ClientType 

type ClientType string
const (
	Admin          ClientType = "Admin"
	BareMetal      ClientType = "BareMetal"
	ControlPlane   ClientType = "ControlPlane"
	ExternalClient ClientType = "ExternalClient"
	LoadBalancer   ClientType = "LoadBalancer"
	Node           ClientType = "Node"
)

type EnvironmentSettings 

type EnvironmentSettings struct {
	Values map[string]string
}

EnvironmentSettings contains the available authentication settings.

func GetSettingsFromEnvironment 

func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings)

GetSettingsFromEnvironment Read settings from WssdConfigLocation

func GetSettingsFromEnvironmentByName 

func GetSettingsFromEnvironmentByName(serverName, subfolder, filename string) (s EnvironmentSettings, err error)

GetSettingsFromEnvironmentByName Read settings from GetWssdConfigLocationName

func (EnvironmentSettings) GetAuthorizer 

func (settings EnvironmentSettings) GetAuthorizer() (Authorizer, error)

func (EnvironmentSettings) GetManagedIdentityConfig 

func (settings EnvironmentSettings) GetManagedIdentityConfig() ManagedIdentityConfig

type JwtTokenProvider 

type JwtTokenProvider struct {
	RawData string `json:"rawdata"`
}

func NewEmptyTokenCredentialProvider 

func NewEmptyTokenCredentialProvider() JwtTokenProvider

func NewTokenCredentialProvider 

func NewTokenCredentialProvider(token string) JwtTokenProvider

func TokenProviderFromFile 

func TokenProviderFromFile(tokenLocation string) (JwtTokenProvider, error)

func (JwtTokenProvider) GetRequestMetadata 

func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)

func (JwtTokenProvider) RequireTransportSecurity 

func (c JwtTokenProvider) RequireTransportSecurity() bool

type LoginConfig 

type LoginConfig struct {
	Name          string     `json:"name,omitempty"`
	Token         string     `json:"token,omitempty"`
	Certificate   string     `json:"certificate,omitempty"`
	ClientType    ClientType `json:"clienttype,omitempty"`
	CloudFqdn     string     `json:"cloudfqdn,omitempty"`
	CloudPort     int32      `json:"cloudport,omitempty"`
	CloudAuthPort int32      `json:"cloudauthport,omitempty"`
	Location      string     `json:"location,omitempty"`
	Type          LoginType  `json:"type,omitempty"` //Depricated : Needs to cleaned up after removing references
}

type LoginType 

type LoginType string

LoginType [Depricated : Needs to cleaned up after removing references] 

const (
	// SelfSigned ...
	SelfSigned LoginType = "Self-Signed"
	// CASigned ...
	CASigned LoginType = "CA-Signed"
)

func AuthTypeToLoginType 

func AuthTypeToLoginType(authType common.AuthenticationType) LoginType

type ManagedIdentityConfig 

type ManagedIdentityConfig struct {
	ClientTokenPath string
	WssdConfigPath  string
	ServerName      string
}

func (ManagedIdentityConfig) Authorizer 

func (mc ManagedIdentityConfig) Authorizer() (Authorizer, error)

type Set 

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of pinned x509 public keys.

func NewSet 

func NewSet() *Set

NewSet returns a new, empty PubKeyPinSet

func (*Set) Allow 

func (s *Set) Allow(pubKeyHashes ...string) error

Allow adds an allowed public key hash to the Set

func (*Set) CheckAny 

func (s *Set) CheckAny(certificates []*x509.Certificate) error

CheckAny checks if at least one certificate matches one of the public keys in the set

type TransportCredentialsProvider 

type TransportCredentialsProvider struct {
	// contains filtered or unexported fields
}

func NewEmptyTransportCredential 

func NewEmptyTransportCredential() *TransportCredentialsProvider

func NewTransportCredentialFromAccessFile 

func NewTransportCredentialFromAccessFile(serverName string, accessFile WssdConfig) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAccessFileLocation 

func NewTransportCredentialFromAccessFileLocation(serverName, accessFileLocation string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAuthBase64 

func NewTransportCredentialFromAuthBase64(serverName string, rootCACertsBase64 string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromAuthFromPem 

func NewTransportCredentialFromAuthFromPem(serverName string, caCertPem []byte) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromBase64 

func NewTransportCredentialFromBase64(serverName, clientCertificateBase64, clientKeyBase64 string, rootCACertsBase64 string) (*TransportCredentialsProvider, error)

func NewTransportCredentialFromTlsCerts 

func NewTransportCredentialFromTlsCerts(serverName string, tlsCerts []tls.Certificate, rootCACertsPem []byte) (*TransportCredentialsProvider, error)

func (*TransportCredentialsProvider) GetTransportCredentials 

func (transportCredentials *TransportCredentialsProvider) GetTransportCredentials() credentials.TransportCredentials

type WssdConfig 

type WssdConfig struct {
	CloudCertificate      string
	ClientCertificate     string
	ClientKey             string
	IdentityName          string
	ClientCertificateType LoginType //Depricated : Needs to cleaned up after removing references
}

func GenerateClientCsr 

func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error)

func GenerateClientKey 

func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error)

GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation If the file exists the values from the fie is returned

func GenerateClientKeyWithName 

func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error)

GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName If the file exists the values from the fie is returned

Source Files

View all Source files

Directories

Path Synopsis
Package mock_auth is a generated GoMock package.
 Package mock_auth is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.