credentials

package

v1.0.107 Latest Latest Go to latest Published: Dec 6, 2023 License: BSD-3-Clause Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/broadinstitute/thelma

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Credentials
- func New(thelmaConfig config.Config, thelmaRoot root.Root) (Credentials, error)
- func NewWithStore(store stores.Store) Credentials
type MockTokenProvider
- func (m *MockTokenProvider) Get() ([]byte, error)
- func (m *MockTokenProvider) Reissue() ([]byte, error)
type TokenOption
type TokenOptions
type TokenProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	TokenProviders = map[string]TokenProvider{}
)

Functions ¶

This section is empty.

Types ¶

type Credentials ¶

type Credentials interface {
	// GetTokenProvider returns a TokenProvider for the given key, applying the given options if a new TokenProvider is
	// created to fulfill the request. If a TokenProvider already exists for the given key, it will be returned.
	// It's important for callers to be consistent with the options they pass in, at least for a given Thelma execution,
	// since the options are only used on the first call for a given key.
	//
	// The caching means that there will only ever be one TokenProvider for a given key, so the TokenProvider's
	// concurrency-safety guarantees will reliably apply (and the caller doesn't need to worry about caching the
	// response of this function).
	GetTokenProvider(key string, opts ...TokenOption) TokenProvider
}

func New ¶

func New(thelmaConfig config.Config, thelmaRoot root.Root) (Credentials, error)

New returns a new Credentials instance using a directory store rooted at credentialsDir

func NewWithStore ¶ added in v0.0.31

func NewWithStore(store stores.Store) Credentials

NewWithStore returns a new Credentials instance backed by the given store

type MockTokenProvider ¶ added in v1.0.103

type MockTokenProvider struct {
	ReturnString string
	ReturnBytes  []byte
	ReturnNil    bool
	ReturnErr    bool
	FailIfCalled *testing.T
}

MockTokenProvider offers a TokenProvider that is as simple as possible to facilitate testing outside of this package.

func (*MockTokenProvider) Get ¶ added in v1.0.103

func (m *MockTokenProvider) Get() ([]byte, error)

func (*MockTokenProvider) Reissue ¶ added in v1.0.103

func (m *MockTokenProvider) Reissue() ([]byte, error)

type TokenOption ¶

type TokenOption func(*TokenOptions)

TokenOption function for configuring a token's Options

type TokenOptions ¶

type TokenOptions struct {
	// EnvVars (optional) environment variables to use for this token. Defaults to key (upper-cased with s/-/_/, eg. "vault-token" -> "VAULT_TOKEN").
	// Ideally only one environment variable should be used, but multiple are supported for backwards compatibility.
	EnvVars []string
	// PromptEnabled (optional) if true, user will be prompted to manually enter a token value if one does not exist in credential store.
	PromptEnabled bool
	// PromptMessage (optional) Override default prompt message ("Please enter VAULT_TOKEN: ")
	PromptMessage string
	// ValidateFn (optional) Optional function for validating a token. If supplied, stored credentials will be validated before being returned to caller.
	// This function can be called quite frequently in Goroutine scenarios, so offline validation is ideal.
	ValidateFn func([]byte) error
	// RefreshFn (optional) Optional function for refreshing a token. Called if a stored credential turns out to be invalid. If an error is returned, IssueFn will be called to issue a new credential.
	RefreshFn func([]byte) ([]byte, error)
	// IssueFn (optional) Optional function for issuing a new token. If supplied, prompt options are ignored.
	IssueFn func() ([]byte, error)
	// CredentialStore (optional) Use a custom credential store instead of the default store (~/.thelma/credentials/$key)
	CredentialStore stores.Store
}

TokenOptions configuration options for a TokenProvider

type TokenProvider ¶

type TokenProvider interface {
	// Get provides a token value based on the configuration of the TokenProvider. The overall flow is as follows:
	//
	// 1. If a match for any TokenOptions.EnvVars is found, immediately return that value
	// 2. If a match for the key is found in the TokenOptions.CredentialStore:
	//    - If it is valid per TokenOptions.ValidateFn, return it
	//    - If it is invalid but TokenOptions.RefreshFn is provided, attempt to refresh the token and validate, store, and return it
	//      (errors from TokenOptions.RefreshFn will cause the flow to continue to step 3)
	// 3. If TokenOptions.IssueFn is provided, issue a new token and validate, store, and return it
	// 4. If TokenOptions.IssueFn isn't provided but TokenOptions.PromptEnabled is true and the session is interactive,
	//    prompt the user for a new token value and validate, store, and return it
	Get() ([]byte, error)
	// Reissue clears the state of the TokenProvider and then calls Get (which will usually then issue a new token).
	Reissue() ([]byte, error)
}

TokenProvider manages a token used for authentication, possibly stored on the local filesystem. The exported methods are Goroutine-safe.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
stores
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL