connector

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2016 License: Apache-2.0 Imports: 25 Imported by: 584

Documentation

Index

Constants

View Source
const (
	LDAPConnectorType         = "ldap"
	LDAPLoginPageTemplateName = "ldap-login.html"
)
View Source
const (
	LocalConnectorType    = "local"
	LoginPageTemplateName = "local-login.html"
)
View Source
const (
	BitbucketConnectorType = "bitbucket"
)
View Source
const (
	GitHubConnectorType = "github"
)
View Source
const (
	OIDCConnectorType = "oidc"
)

Variables

View Source
var ErrorNotFound = errors.New("connector not found in repository")

Functions

func RegisterConnectorConfigType

func RegisterConnectorConfigType(connectorType string, fn NewConnectorConfigFunc)

Types

type BitbucketConnectorConfig added in v0.2.0

type BitbucketConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
}

func (*BitbucketConnectorConfig) Connector added in v0.2.0

func (cfg *BitbucketConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*BitbucketConnectorConfig) ConnectorID added in v0.2.0

func (cfg *BitbucketConnectorConfig) ConnectorID() string

func (*BitbucketConnectorConfig) ConnectorType added in v0.2.0

func (cfg *BitbucketConnectorConfig) ConnectorType() string

type Connector

type Connector interface {
	// ID returns the ID of the ConnectorConfig used to create the Connector.
	ID() string

	// LoginURL returns the backend's authorization URL for a sessionKey
	// and OAuth2 prompt type.
	LoginURL(sessionKey, prompt string) (string, error)

	// Register allows connectors to register a callback handler with the
	// dex server.
	//
	// Connectors should register with a path that extends the namespace
	// URL provided when the Connector is instantiated.
	Register(mux *http.ServeMux, errorURL url.URL)

	// Sync triggers any long-running tasks needed to maintain the
	// Connector's operation. For example, this would encompass
	// repeatedly caching any remote resources for local use.
	Sync() chan struct{}

	// TrustedEmailProvider indicates whether or not we can trust that email
	// claims coming from this provider.
	TrustedEmailProvider() bool

	health.Checkable
}

type ConnectorConfig

type ConnectorConfig interface {
	// ConnectorID returns a unique end user facing identifier. For example "google".
	ConnectorID() string

	// ConnectorType returns an implementation specific identifier. For example "oidc".
	ConnectorType() string

	// Connector is invoked by the dex server and returns a Connector configured
	// to use the provided arguments. URL namespace is used to register callbacks.
	// loginFunc is used to associate remote identies with dex session keys.
	//
	// The returned Connector must call loginFunc once upon successful
	// identification of a user.
	//
	// Additional templates are passed for connectors that require rendering HTML
	// pages, such as the "local" connector.
	Connector(ns url.URL, loginFunc oidc.LoginFunc, tpls *template.Template) (Connector, error)
}

func NewConnectorConfigFromType

func NewConnectorConfigFromType(connectorType string) (ConnectorConfig, error)

func ReadConfigs added in v0.3.0

func ReadConfigs(r io.Reader) ([]ConnectorConfig, error)

type ConnectorConfigRepo

type ConnectorConfigRepo interface {
	All() ([]ConnectorConfig, error)
	GetConnectorByID(repo.Transaction, string) (ConnectorConfig, error)
	Set(cfgs []ConnectorConfig) error
}

type GitHubConnectorConfig added in v0.2.0

type GitHubConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
}

func (*GitHubConnectorConfig) Connector added in v0.2.0

func (cfg *GitHubConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*GitHubConnectorConfig) ConnectorID added in v0.2.0

func (cfg *GitHubConnectorConfig) ConnectorID() string

func (*GitHubConnectorConfig) ConnectorType added in v0.2.0

func (cfg *GitHubConnectorConfig) ConnectorType() string

type LDAPConnector added in v0.3.0

type LDAPConnector struct {
	// contains filtered or unexported fields
}

func (*LDAPConnector) Healthy added in v0.3.0

func (c *LDAPConnector) Healthy() error

func (*LDAPConnector) ID added in v0.3.0

func (c *LDAPConnector) ID() string

func (*LDAPConnector) Identity added in v0.5.1

func (c *LDAPConnector) Identity(username, password string) (*oidc.Identity, error)

func (*LDAPConnector) LoginURL added in v0.3.0

func (c *LDAPConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*LDAPConnector) Register added in v0.3.0

func (c *LDAPConnector) Register(mux *http.ServeMux, errorURL url.URL)

func (*LDAPConnector) Sync added in v0.3.0

func (c *LDAPConnector) Sync() chan struct{}

func (*LDAPConnector) TrustedEmailProvider added in v0.3.0

func (c *LDAPConnector) TrustedEmailProvider() bool

type LDAPConnectorConfig added in v0.3.0

type LDAPConnectorConfig struct {
	ID string `json:"id"`

	// Host and port of ldap service in form "host:port"
	Host string `json:"host"`

	// UseTLS indicates that the connector should use the TLS port.
	UseTLS bool `json:"useTLS"`
	UseSSL bool `json:"useSSL"`

	// Trusted TLS certificate when connecting to the LDAP server. If empty the
	// host's root certificates will be used.
	CaFile string `json:"caFile"`
	// CertFile and KeyFile are used to specifiy client certificate data.
	CertFile string `json:"certFile"`
	KeyFile  string `json:"keyFile"`

	MaxIdleConn int `json:"maxIdleConn"`

	NameAttribute  string `json:"nameAttribute"`
	EmailAttribute string `json:"emailAttribute"`

	// The place to start all searches from.
	BaseDN string `json:"baseDN"`

	// Search fields indicate how to search for user records in LDAP.
	SearchBeforeAuth  bool   `json:"searchBeforeAuth"`
	SearchFilter      string `json:"searchFilter"`
	SearchScope       string `json:"searchScope"`
	SearchBindDN      string `json:"searchBindDN"`
	SearchBindPw      string `json:"searchBindPw"`
	SearchGroupFilter string `json:"searchGroupFilter"`

	// BindTemplate is a format string that maps user names to a record to bind as.
	// It's passed both the username entered by the end user and the base DN.
	//
	// For example the bindTemplate
	//
	//     "uid=%u,%d"
	//
	// with the username "johndoe" and basename "ou=People,dc=example,dc=com" would attempt
	// to bind as
	//
	//     "uid=johndoe,ou=People,dc=example,dc=com"
	//
	BindTemplate string `json:"bindTemplate"`

	// DEPRICATED fields that exist for backward compatibility.
	// Use "host" instead of "ServerHost" and "ServerPort"
	ServerHost string        `json:"serverHost"`
	ServerPort uint16        `json:"serverPort"`
	Timeout    time.Duration `json:"timeout"`
}

func (*LDAPConnectorConfig) Connector added in v0.3.0

func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*LDAPConnectorConfig) ConnectorID added in v0.3.0

func (cfg *LDAPConnectorConfig) ConnectorID() string

func (*LDAPConnectorConfig) ConnectorType added in v0.3.0

func (cfg *LDAPConnectorConfig) ConnectorType() string

type LDAPPool added in v0.5.0

type LDAPPool struct {
	MaxIdleConn    int
	PoolCheckTimer time.Duration
	Host           string
	UseTLS         bool
	UseSSL         bool
	TLSConfig      *tls.Config
	// contains filtered or unexported fields
}

A LDAPPool is a Connection Pool for LDAP connections. Use Do() to request connections from the pool.

func (*LDAPPool) CheckConnections added in v0.5.0

func (p *LDAPPool) CheckConnections() (int, int)

CheckConnections attempts to iterate over all the connections in the pool and check wheter they are alive or not. Live connections are put back into the pool, dead ones are discarded.

func (*LDAPPool) Do added in v0.5.1

func (p *LDAPPool) Do(f func(conn *ldap.Conn) error) (err error)

Do runs a function which requires an LDAP connection.

The connection will be unauthenticated with the server and should not be closed by f.

type LocalConnector

type LocalConnector struct {
	// contains filtered or unexported fields
}

func (*LocalConnector) Healthy

func (c *LocalConnector) Healthy() error

func (*LocalConnector) ID

func (c *LocalConnector) ID() string

func (*LocalConnector) LoginURL

func (c *LocalConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*LocalConnector) Register

func (c *LocalConnector) Register(mux *http.ServeMux, errorURL url.URL)

func (*LocalConnector) SetLocalIdentityProvider

func (c *LocalConnector) SetLocalIdentityProvider(idp *LocalIdentityProvider)

func (*LocalConnector) Sync

func (c *LocalConnector) Sync() chan struct{}

func (*LocalConnector) TrustedEmailProvider

func (c *LocalConnector) TrustedEmailProvider() bool

type LocalConnectorConfig

type LocalConnectorConfig struct {
	ID string `json:"id"`
}

func (*LocalConnectorConfig) Connector

func (cfg *LocalConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*LocalConnectorConfig) ConnectorID

func (cfg *LocalConnectorConfig) ConnectorID() string

func (*LocalConnectorConfig) ConnectorType

func (cfg *LocalConnectorConfig) ConnectorType() string

type LocalIdentityProvider

type LocalIdentityProvider struct {
	PasswordInfoRepo user.PasswordInfoRepo
	UserRepo         user.UserRepo
}

func (*LocalIdentityProvider) Identity

func (m *LocalIdentityProvider) Identity(email, password string) (*oidc.Identity, error)

type NewConnectorConfigFunc

type NewConnectorConfigFunc func() ConnectorConfig

type OAuth2Connector added in v0.2.0

type OAuth2Connector struct {
	// contains filtered or unexported fields
}

func (*OAuth2Connector) Healthy added in v0.2.0

func (c *OAuth2Connector) Healthy() error

func (*OAuth2Connector) ID added in v0.2.0

func (c *OAuth2Connector) ID() string

func (*OAuth2Connector) LoginURL added in v0.2.0

func (c *OAuth2Connector) LoginURL(sessionKey, prompt string) (string, error)

func (*OAuth2Connector) Register added in v0.2.0

func (c *OAuth2Connector) Register(mux *http.ServeMux, errorURL url.URL)

func (*OAuth2Connector) Sync added in v0.2.0

func (c *OAuth2Connector) Sync() chan struct{}

func (*OAuth2Connector) TrustedEmailProvider added in v0.2.0

func (c *OAuth2Connector) TrustedEmailProvider() bool

type OIDCConnector

type OIDCConnector struct {
	// contains filtered or unexported fields
}

func (*OIDCConnector) Healthy

func (c *OIDCConnector) Healthy() error

func (*OIDCConnector) ID

func (c *OIDCConnector) ID() string

func (*OIDCConnector) LoginURL

func (c *OIDCConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*OIDCConnector) Register

func (c *OIDCConnector) Register(mux *http.ServeMux, errorURL url.URL)

func (*OIDCConnector) Sync

func (c *OIDCConnector) Sync() chan struct{}

func (*OIDCConnector) TrustedEmailProvider

func (c *OIDCConnector) TrustedEmailProvider() bool

type OIDCConnectorConfig

type OIDCConnectorConfig struct {
	ID                   string `json:"id"`
	IssuerURL            string `json:"issuerURL"`
	ClientID             string `json:"clientID"`
	ClientSecret         string `json:"clientSecret"`
	TrustedEmailProvider bool   `json:"trustedEmailProvider"`
}

func (*OIDCConnectorConfig) Connector

func (cfg *OIDCConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*OIDCConnectorConfig) ConnectorID

func (cfg *OIDCConnectorConfig) ConnectorID() string

func (*OIDCConnectorConfig) ConnectorType

func (cfg *OIDCConnectorConfig) ConnectorType() string

type Page

type Page struct {
	PostURL    string
	Name       string
	Error      bool
	Message    string
	SessionKey string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL