Documentation
¶
Index ¶
- Constants
- Variables
- func LogHTTPError(r *http.Response, innerErr error) error
- func NewHTTPError(status int, userFacingError string) error
- func NewHTTPShadowError(status int, userFacingError string, fmtString string, args ...interface{}) error
- func RegisterJetstreamConfigPlugin(plugin JetstreamConfigInit)
- func UpgradeToWebSocket(echoContext echo.Context) (*websocket.Conn, *time.Ticker, error)
- type AuthEndpointType
- type AuthFlowHandlerFunc
- type AuthHandlerFunc
- type AuthProvider
- type CFInfo
- type CNSIRecord
- type CNSIRequest
- type ConnectedEndpoint
- type ConnectedUser
- type ConsoleConfig
- type Diagnostics
- type EndpointAction
- type EndpointDetail
- type EndpointNotificationPlugin
- type EndpointPlugin
- type EndpointTokenRecord
- type ErrHTTPRequest
- type ErrHTTPShadow
- type GetUserInfoFromToken
- type GooseDBVersionRecord
- type Info
- type InfoFunc
- type JWTUserTokenInfo
- type JetstreamConfigInit
- type LocalLoginRes
- type LocalUser
- type LoginHook
- type LoginHookFunc
- type LoginRes
- type MiddlewarePlugin
- type OAuth2Metadata
- type PortalConfig
- type PortalProxy
- type ProxyRequestInfo
- type RefreshOAuthTokenFunc
- type RoutePlugin
- type SessionStorer
- type StratosPlugin
- type TokenRecord
- type UAAErrorResponse
- type UAAResponse
- type V2Info
- type VCapApplicationData
- type Versions
Constants ¶
View Source
const ( // AuthTypeOAuth2 means OAuth2 AuthTypeOAuth2 = "OAuth2" // AuthTypeOIDC means no OIDC AuthTypeOIDC = "OIDC" // AuthTypeHttpBasic means HTTP Basic auth AuthTypeHttpBasic = "HttpBasic" // AuthTypeAKS means AKS AuthTypeAKS = "AKS" )
View Source
const ( // AuthConnectTypeCreds means authenticate with username/password credentials AuthConnectTypeCreds = "creds" // AuthConnectTypeNone means no authentication AuthConnectTypeNone = "none" )
Variables ¶
View Source
var AuthEndpointTypes = map[string]AuthEndpointType{ "remote": Remote, "local": Local, }
AuthEndpointTypes - Allows lookup of internal string representation by the value of the AUTH_ENDPOINT_TYPE env variable
View Source
var JetstreamConfigPlugins []JetstreamConfigInit
JetstreamConfigPlugins is the array of config plugins
Functions ¶
func NewHTTPError ¶
func NewHTTPShadowError ¶
func RegisterJetstreamConfigPlugin ¶
func RegisterJetstreamConfigPlugin(plugin JetstreamConfigInit)
RegisterJetstreamConfigPlugin registers a new config plugin
Types ¶
type AuthEndpointType ¶
type AuthEndpointType string
AuthEndpointType - Restrict the possible values of the configured
const ( //Remote - String representation of remote auth endpoint type Remote AuthEndpointType = "remote" //Local - String representation of remote auth endpoint type Local AuthEndpointType = "local" )
type AuthFlowHandlerFunc ¶
type AuthHandlerFunc ¶
type AuthHandlerFunc func(tokenRec TokenRecord, cnsi CNSIRecord) (*http.Response, error)
type AuthProvider ¶
type AuthProvider struct {
Handler AuthFlowHandlerFunc
UserInfo GetUserInfoFromToken
}
type CNSIRecord ¶
type CNSIRecord struct {
GUID string `json:"guid"`
Name string `json:"name"`
CNSIType string `json:"cnsi_type"`
APIEndpoint *url.URL `json:"api_endpoint"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
DopplerLoggingEndpoint string `json:"doppler_logging_endpoint"`
SkipSSLValidation bool `json:"skip_ssl_validation"`
ClientId string `json:"client_id"`
ClientSecret string `json:"-"`
SSOAllowed bool `json:"sso_allowed"`
SubType string `json:"sub_type"`
Metadata string `json:"metadata"`
}
TODO this could be moved back to cnsis subpackage, and extensions could import it?
type CNSIRequest ¶
type CNSIRequest struct {
GUID string `json:"-"`
UserGUID string `json:"-"`
Method string `json:"-"`
Body []byte `json:"-"`
Header http.Header `json:"-"`
URL *url.URL `json:"-"`
StatusCode int `json:"statusCode"`
Status string `json:"status"`
PassThrough bool `json:"-"`
Response []byte `json:"-"`
Error error `json:"-"`
ResponseGUID string `json:"-"`
}
CNSIRequest
type ConnectedEndpoint ¶
type ConnectedEndpoint struct {
GUID string `json:"guid"`
Name string `json:"name"`
CNSIType string `json:"cnsi_type"`
APIEndpoint *url.URL `json:"api_endpoint"`
Account string `json:"account"`
TokenExpiry int64 `json:"token_expiry"`
DopplerLoggingEndpoint string `json:"-"`
AuthorizationEndpoint string `json:"-"`
SkipSSLValidation bool `json:"skip_ssl_validation"`
TokenMetadata string `json:"-"`
SubType string `json:"sub_type"`
EndpointMetadata string `json:"metadata"`
}
ConnectedEndpoint
type ConnectedUser ¶
type ConnectedUser struct {
GUID string `json:"guid"`
Name string `json:"name"`
Admin bool `json:"admin"`
Scopes []string `json:"scopes"`
}
ConnectedUser - details about the user connected to a specific service or UAA
type ConsoleConfig ¶
type ConsoleConfig struct {
UAAEndpoint *url.URL `json:"uaa_endpoint" configName:"UAA_ENDPOINT"`
AuthorizationEndpoint *url.URL `json:"authorization_endpoint" configName:"AUTHORIZATION_ENDPOINT"`
ConsoleAdminScope string `json:"console_admin_scope" configName:"CONSOLE_ADMIN_SCOPE"`
ConsoleClient string `json:"console_client" configName:"CONSOLE_CLIENT"`
ConsoleClientSecret string `json:"console_client_secret" configName:"CONSOLE_CLIENT_SECRET"`
LocalUser string `json:"local_user"`
LocalUserPassword string `json:"local_user_password"`
LocalUserScope string `json:"local_user_scope"`
AuthEndpointType string `json:"auth_endpoint_type" configName:"AUTH_ENDPOINT_TYPE"`
SkipSSLValidation bool `json:"skip_ssl_validation" configName:"SKIP_SSL_VALIDATION"`
UseSSO bool `json:"use_sso" configName:"SSO_LOGIN"`
}
ConsoleConfig is essential configuration settings
func (*ConsoleConfig) IsSetupComplete ¶
func (consoleConfig *ConsoleConfig) IsSetupComplete() bool
IsSetupComplete indicates if we have enough config
type Diagnostics ¶
type Diagnostics struct {
DeploymentType string `json:"deploymentType"`
GitClientVersion string `json:"gitClientVersion"`
DBMigrations []*GooseDBVersionRecord `json:"databaseMigrations"`
DatabaseBackend string `json:"databaseBackend"`
HelmName string `json:"helmName,omitempty"`
HelmRevision string `json:"helmRevision,omitempty"`
HelmChartVersion string `json:"helmChartVersion,omitempty"`
HelmLastModified string `json:"helmLastModified,omitempty"`
}
Diagnostics - Diagnostic metadata
type EndpointAction ¶
type EndpointAction int
const ( EndpointRegisterAction EndpointAction = iota EndpointUnregisterAction )
type EndpointDetail ¶
type EndpointDetail struct {
*CNSIRecord
EndpointMetadata interface{} `json:"endpoint_metadata,omitempty"`
User *ConnectedUser `json:"user"`
Metadata map[string]string `json:"metadata,omitempty"`
TokenMetadata string `json:"-"`
}
EndpointDetail extends CNSI Record and adds the user
type EndpointNotificationPlugin ¶
type EndpointNotificationPlugin interface {
OnEndpointNotification(EndpointAction, *CNSIRecord)
}
i is the interface for a Jetstream plugin
type EndpointPlugin ¶
type EndpointPlugin interface {
Info(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)
GetType() string
Register(echoContext echo.Context) error
Connect(echoContext echo.Context, cnsiRecord CNSIRecord, userId string) (*TokenRecord, bool, error)
Validate(userGUID string, cnsiRecord CNSIRecord, tokenRecord TokenRecord) error
UpdateMetadata(info *Info, userGUID string, echoContext echo.Context)
}
type EndpointTokenRecord ¶
type EndpointTokenRecord struct {
*TokenRecord
EndpointGUID string
EndpointType string
APIEndpint string
LoggingEndpoint string
}
Token record for an endpoint (includes the Endpoint GUID)
type ErrHTTPRequest ¶
func (ErrHTTPRequest) Error ¶
func (e ErrHTTPRequest) Error() string
type ErrHTTPShadow ¶
func (ErrHTTPShadow) Error ¶
func (e ErrHTTPShadow) Error() string
type GetUserInfoFromToken ¶
type GetUserInfoFromToken func(cnsiGUID string, cfTokenRecord *TokenRecord) (*ConnectedUser, bool)
type GooseDBVersionRecord ¶
type GooseDBVersionRecord struct {
ID int64 `json:"id"`
VersionID int64 `json:"version_id"`
IsApplied bool `json:"is_applied"`
Timestamp string `json:"timestamp"`
}
GooseDBVersionRecord - the version record in the database that Goose reads/writes
type Info ¶
type Info struct {
Versions *Versions `json:"version"`
User *ConnectedUser `json:"user"`
Endpoints map[string]map[string]*EndpointDetail `json:"endpoints"`
CloudFoundry *CFInfo `json:"cloud-foundry,omitempty"`
Plugins map[string]bool `json:"plugins"`
PluginConfig map[string]string `json:"plugin-config,omitempty"`
Diagnostics *Diagnostics `json:"diagnostics,omitempty"`
Configuration struct {
TechPreview bool `json:"enableTechPreview"`
} `json:"config"`
}
Info - this represents user specific info
type InfoFunc ¶
type InfoFunc func(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)
type JWTUserTokenInfo ¶
type JetstreamConfigInit ¶
type JetstreamConfigInit func(*env.VarSet, *PortalConfig)
JetstreamConfigInit is the function signature for the config plugin init function
type LocalLoginRes ¶
type LocalLoginRes struct {
User *ConnectedUser `json:"user"`
}
type LocalUser ¶
type LocalUser struct {
UserGUID string `json:"user_guid"`
PasswordHash []byte `json:"password_hash"`
Username string `json:"username"`
Email string `json:"email"`
Scope string `json:"scope"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
}
LocalUser - Used for local user auth and management
type LoginHook ¶
type LoginHook struct {
Priority int
Function LoginHookFunc
}
type LoginHookFunc ¶
type MiddlewarePlugin ¶
type MiddlewarePlugin interface {
EchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc
SessionEchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc
}
type OAuth2Metadata ¶
Structure for optional metadata for an OAuth2 Token
type PortalConfig ¶
type PortalConfig struct {
HTTPClientTimeoutInSecs int64 `configName:"HTTP_CLIENT_TIMEOUT_IN_SECS"`
HTTPClientTimeoutMutatingInSecs int64 `configName:"HTTP_CLIENT_TIMEOUT_MUTATING_IN_SECS"`
HTTPConnectionTimeoutInSecs int64 `configName:"HTTP_CONNECTION_TIMEOUT_IN_SECS"`
TLSAddress string `configName:"CONSOLE_PROXY_TLS_ADDRESS"`
TLSCert string `configName:"CONSOLE_PROXY_CERT"`
TLSCertKey string `configName:"CONSOLE_PROXY_CERT_KEY"`
TLSCertPath string `configName:"CONSOLE_PROXY_CERT_PATH"`
TLSCertKeyPath string `configName:"CONSOLE_PROXY_CERT_KEY_PATH"`
CFClient string `configName:"CF_CLIENT"`
CFClientSecret string `configName:"CF_CLIENT_SECRET"`
AllowedOrigins []string `configName:"ALLOWED_ORIGINS"`
SessionStoreSecret string `configName:"SESSION_STORE_SECRET"`
EncryptionKeyVolume string `configName:"ENCRYPTION_KEY_VOLUME"`
EncryptionKeyFilename string `configName:"ENCRYPTION_KEY_FILENAME"`
EncryptionKey string `configName:"ENCRYPTION_KEY"`
AutoRegisterCFUrl string `configName:"AUTO_REG_CF_URL"`
AutoRegisterCFName string `configName:"AUTO_REG_CF_NAME"`
SSOLogin bool `configName:"SSO_LOGIN"`
SSOOptions string `configName:"SSO_OPTIONS"`
SSOWhiteList string `configName:"SSO_WHITELIST"`
AuthEndpointType string `configName:"AUTH_ENDPOINT_TYPE"`
CookieDomain string `configName:"COOKIE_DOMAIN"`
LogLevel string `configName:"LOG_LEVEL"`
CFAdminIdentifier string
CloudFoundryInfo *CFInfo
HTTPS bool
EncryptionKeyInBytes []byte
ConsoleVersion string
IsCloudFoundry bool
LoginHooks []LoginHook
SessionStore SessionStorer
ConsoleConfig *ConsoleConfig
PluginConfig map[string]string
DatabaseProviderName string
EnableTechPreview bool `configName:"ENABLE_TECH_PREVIEW"`
}
type PortalProxy ¶
type PortalProxy interface {
GetHttpClient(skipSSLValidation bool) http.Client
GetHttpClientForRequest(req *http.Request, skipSSLValidation bool) http.Client
RegisterEndpoint(c echo.Context, fetchInfo InfoFunc) error
DoRegisterEndpoint(cnsiName string, apiEndpoint string, skipSSLValidation bool, clientId string, clientSecret string, ssoAllowed bool, subType string, fetchInfo InfoFunc) (CNSIRecord, error)
GetEndpointTypeSpec(typeName string) (EndpointPlugin, error)
// Auth
ConnectOAuth2(c echo.Context, cnsiRecord CNSIRecord) (*TokenRecord, error)
InitEndpointTokenRecord(expiry int64, authTok string, refreshTok string, disconnect bool) TokenRecord
// Session
GetSession(c echo.Context) (*sessions.Session, error)
GetSessionValue(c echo.Context, key string) (interface{}, error)
GetSessionInt64Value(c echo.Context, key string) (int64, error)
GetSessionStringValue(c echo.Context, key string) (string, error)
SaveSession(c echo.Context, session *sessions.Session) error
RefreshOAuthToken(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)
DoLoginToCNSI(c echo.Context, cnsiGUID string, systemSharedToken bool) (*LoginRes, error)
DoLoginToCNSIwithConsoleUAAtoken(c echo.Context, theCNSIrecord CNSIRecord) error
// Expose internal portal proxy records to extensions
GetCNSIRecord(guid string) (CNSIRecord, error)
GetCNSIRecordByEndpoint(endpoint string) (CNSIRecord, error)
GetCNSITokenRecord(cnsiGUID string, userGUID string) (TokenRecord, bool)
GetCNSITokenRecordWithDisconnected(cnsiGUID string, userGUID string) (TokenRecord, bool)
GetCNSIUser(cnsiGUID string, userGUID string) (*ConnectedUser, bool)
GetConfig() *PortalConfig
Env() *env.VarSet
ListEndpointsByUser(userGUID string) ([]*ConnectedEndpoint, error)
ListEndpoints() ([]*CNSIRecord, error)
UpdateEndointMetadata(guid string, metadata string) error
// UAA Token
GetUAATokenRecord(userGUID string) (TokenRecord, error)
RefreshUAAToken(userGUID string) (TokenRecord, error)
GetUsername(userid string) (string, error)
RefreshUAALogin(username, password string, store bool) error
GetUserTokenInfo(tok string) (u *JWTUserTokenInfo, err error)
GetUAAUser(userGUID string) (*ConnectedUser, error)
// Proxy API requests
ProxyRequest(c echo.Context, uri *url.URL) (map[string]*CNSIRequest, error)
DoProxyRequest(requests []ProxyRequestInfo) (map[string]*CNSIRequest, error)
DoProxySingleRequest(cnsiGUID, userGUID, method, requestUrl string, headers http.Header, body []byte) (*CNSIRequest, error)
SendProxiedResponse(c echo.Context, responses map[string]*CNSIRequest) error
// Database Connection
GetDatabaseConnection() *sql.DB
AddAuthProvider(name string, provider AuthProvider)
GetAuthProvider(name string) AuthProvider
DoAuthFlowRequest(cnsiRequest *CNSIRequest, req *http.Request, authHandler AuthHandlerFunc) (*http.Response, error)
OAuthHandlerFunc(cnsiRequest *CNSIRequest, req *http.Request, refreshOAuthTokenFunc RefreshOAuthTokenFunc) AuthHandlerFunc
// Tokens - lower-level access
SaveEndpointToken(cnsiGUID string, userGUID string, tokenRecord TokenRecord) error
DeleteEndpointToken(cnsiGUID string, userGUID string) error
AddLoginHook(priority int, function LoginHookFunc) error
ExecuteLoginHooks(c echo.Context) error
// Plugins
GetPlugin(name string) interface{}
// SetCanPerformMigrations updates the state that records if we can perform Database migrations
SetCanPerformMigrations(bool)
// CanPerformMigrations returns if we can perform Database migrations
CanPerformMigrations() bool
}
type ProxyRequestInfo ¶
type RefreshOAuthTokenFunc ¶
type RefreshOAuthTokenFunc func(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)
type RoutePlugin ¶
type SessionStorer ¶
type StratosPlugin ¶
type StratosPlugin interface {
Init() error
GetMiddlewarePlugin() (MiddlewarePlugin, error)
GetEndpointPlugin() (EndpointPlugin, error)
GetRoutePlugin() (RoutePlugin, error)
}
StratosPlugin is the interface for a Jetstream plugin
type TokenRecord ¶
type TokenRecord struct {
TokenGUID string
AuthToken string
RefreshToken string
TokenExpiry int64
Disconnected bool
AuthType string
Metadata string
LinkedGUID string // Indicates the GUID of the token that this token is linked to (if any)
Certificate string
CertificateKey string
}
TokenRecord repsrents and endpoint or uaa token
type UAAErrorResponse ¶
type UAAErrorResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
}
UAAErrorResponse is the error response returned by Cloud Foundry UAA Service
type UAAResponse ¶
type UAAResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"`
JTI string `json:"jti"`
IDToken string `json:"id_token"`
}
UAAResponse - Response returned by Cloud Foundry UAA Service
type V2Info ¶
type V2Info struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
DopplerLoggingEndpoint string `json:"doppler_logging_endpoint"`
AppSSHEndpoint string `json:"app_ssh_endpoint"`
AppSSHHostKeyFingerprint string `json:"app_ssh_host_key_fingerprint"`
AppSSHOauthCLient string `json:"app_ssh_oauth_client"`
}
type VCapApplicationData ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.