auth

package

v0.3.1 Latest Latest Go to latest Published: Jul 7, 2017 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ecimionatto/cerberus-go-client

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth contains various implementations for authenticating with Cerberus. These implementations can be used standalone from the main Cerberus client to get a login token or manage authentication without having to set up a full client

Index ¶

func Logout(builtURL url.URL, headers http.Header) error
func Refresh(builtURL url.URL, headers http.Header) (*api.UserAuthResponse, error)
type AWSAuth
- func NewAWSAuth(cerberusURL, roleARN, region string) (*AWSAuth, error)
type Auth
type TokenAuth
- func NewTokenAuth(cerberusURL, token string) (*TokenAuth, error)
type UserAuth
- func NewUserAuth(cerberusURL, username, password string) (*UserAuth, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Logout ¶

func Logout(builtURL url.URL, headers http.Header) error

Logout takes a set of headers containing a vault token and a URL and logs out of Cerberus.

func Refresh ¶

func Refresh(builtURL url.URL, headers http.Header) (*api.UserAuthResponse, error)

Refresh contains logic for refreshing a token against the API. Because all tokens can be refreshed this way, it is better to keep this in one place

Types ¶

type AWSAuth ¶

type AWSAuth struct {
	// contains filtered or unexported fields
}

AWSAuth uses AWS roles and authentication to authenticate to Cerberus

func NewAWSAuth ¶

func NewAWSAuth(cerberusURL, roleARN, region string) (*AWSAuth, error)

NewAWSAuth returns an AWSAuth given a valid URL, ARN, and region. If the CERBERUS_URL environment variable is set, it will be used over anything passed to this function. It also expects you to have valid AWS credentials configured either by environment variable or through a credentials config file

func (*AWSAuth) GetHeaders ¶

func (a *AWSAuth) GetHeaders() (http.Header, error)

GetHeaders returns the headers needed to authenticate against Cerberus. This will return an error if the token is expired or non-existent

func (*AWSAuth) GetToken ¶

func (a *AWSAuth) GetToken(f *os.File) (string, error)

GetToken returns a token if it already exists and is not expired. Otherwise, it authenticates using the provided ARN and region and then returns the token. If there are any errors during authentication,

func (*AWSAuth) GetURL ¶

func (a *AWSAuth) GetURL() *url.URL

GetURL returns the configured Cerberus URL

func (*AWSAuth) IsAuthenticated ¶

func (a *AWSAuth) IsAuthenticated() bool

IsAuthenticated returns whether or not the current token is set and is not expired

func (*AWSAuth) Logout ¶

func (a *AWSAuth) Logout() error

Logout deauthorizes the current valid token. This will return an error if the token is expired or non-existent

func (*AWSAuth) Refresh ¶

func (a *AWSAuth) Refresh() error

Refresh refreshes the current token. For AWS Auth, this is just an alias to reauthenticate against the API.

type Auth ¶

type Auth interface {
	// GetToken should either return an existing token or perform all authentication steps
	// necessary to get a new token. It takes a file object as an argument as a place to
	// read an OTP for MFA flow
	GetToken(*os.File) (string, error)
	// IsAuthenticated should return whether or not there is a valid token. A valid token
	// is one that exists and is not expired
	IsAuthenticated() bool
	// Refresh uses the current valid token to retrieve a new one
	Refresh() error
	// Logout revokes the current token
	Logout() error
	// GetHeaders is a helper for any client using the authentication strategy.
	// It returns a basic set of headers asking for a JSON response and has
	// the authorization header set with the proper token
	GetHeaders() (http.Header, error)
	GetURL() *url.URL
}

The Auth interface describes the methods that all authentication providers must satisfy

type TokenAuth ¶

type TokenAuth struct {
	// contains filtered or unexported fields
}

TokenAuth uses a preexisting token to authenticate to Cerberus

func NewTokenAuth ¶

func NewTokenAuth(cerberusURL, token string) (*TokenAuth, error)

NewTokenAuth takes a Cerberus URL and valid token and returns a new TokenAuth. There is no checking done on whether or not the token is valid, so the function expects the a valid token. The URL and token can also be set using the CERBERUS_URL and CERBERUS_TOKEN environment variables. These will always take precedence over any arguments to the function

func (*TokenAuth) GetHeaders ¶

func (t *TokenAuth) GetHeaders() (http.Header, error)

GetHeaders returns HTTP headers used for requests if the method is currently authenticated. Returns an error otherwise

func (*TokenAuth) GetToken ¶

func (t *TokenAuth) GetToken(f *os.File) (string, error)

GetToken returns the token passed when creating the TokenAuth. Nil should be passed as the argument to the function. The argument exists for compatibility with the Auth interface

func (*TokenAuth) GetURL ¶

func (t *TokenAuth) GetURL() *url.URL

GetURL returns the URL for cerberus

func (*TokenAuth) IsAuthenticated ¶

func (t *TokenAuth) IsAuthenticated() bool

IsAuthenticated always returns true if there is a token. If Logout has been called, it will return false

func (*TokenAuth) Logout ¶

func (t *TokenAuth) Logout() error

Logout logs the current token out and removes it from the authentication type

func (*TokenAuth) Refresh ¶

func (t *TokenAuth) Refresh() error

Refresh attempts to refresh the token

type UserAuth ¶

type UserAuth struct {
	// contains filtered or unexported fields
}

UserAuth uses username and password authentication to authenticate against Cerberus

func NewUserAuth ¶

func NewUserAuth(cerberusURL, username, password string) (*UserAuth, error)

NewUserAuth returns a new UserAuth object given a valid Cerberus URL, username, and password

func (*UserAuth) GetHeaders ¶

func (u *UserAuth) GetHeaders() (http.Header, error)

GetHeaders is a helper for any client using the authentication strategy. It returns a basic set of headers asking for a JSON response and has the authorization header set with the proper token

func (*UserAuth) GetToken ¶

func (u *UserAuth) GetToken(f *os.File) (string, error)

GetToken returns an existing token or performs all authentication steps necessary to get a new token. This should be called to authenticate the client once it has been setup

func (*UserAuth) GetURL ¶

func (u *UserAuth) GetURL() *url.URL

GetURL returns the URL used for Cerberus

func (*UserAuth) IsAuthenticated ¶

func (u *UserAuth) IsAuthenticated() bool

IsAuthenticated returns whether or not there is a valid token. A valid token is one that exists and is not expired

func (*UserAuth) Logout ¶

func (u *UserAuth) Logout() error

Logout revokes the current token. Returns ErrorUnauthenticated if not already authenticated

func (*UserAuth) Refresh ¶

func (u *UserAuth) Refresh() error

Refresh uses the current valid token to retrieve a new one. Returns ErrorUnauthenticated if not already authenticated

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL