Documentation
¶
Index ¶
- func GetURINamesFromExtensions(extensions *[]pkix.Extension) (uris []string, err error)
- func IsService(p knox.Principal) bool
- func IsUser(p knox.Principal) bool
- func NewMachine(id string) knox.Principal
- func NewService(domain string, path string) knox.Principal
- func NewUser(id string, groups []string) knox.Principal
- type GitHubLoginFormat
- type GitHubOrgFormat
- type GitHubProvider
- type MTLSAuthProvider
- type Provider
- type SpiffeProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetURINamesFromExtensions ¶
GetURINamesFromExtensions retrieves URIs from the SAN extension of a slice of extensions
func NewMachine ¶
NewMachine creates a machine principal with the given auth Provider.
func NewService ¶
NewService creates a service principal with the given auth Provider.
Types ¶
type GitHubLoginFormat ¶
type GitHubLoginFormat struct {
Name string `json:"login"`
}
GitHubLoginFormat specifies the json return format for /user field.
type GitHubOrgFormat ¶
type GitHubOrgFormat []GitHubLoginFormat
GitHubOrgFormat specifies the JSON return format for /user/org.
type GitHubProvider ¶
type GitHubProvider struct {
// contains filtered or unexported fields
}
GitHubProvider implements user authentication through github.com
func MockGitHubProvider ¶
func MockGitHubProvider() *GitHubProvider
MockGitHubProvider returns a mocked out authentication header with a simple mock "server". If there exists an authorization header with user token that does not equal 'notvalid', it will log in as 'testuser'.
func NewGitHubProvider ¶
func NewGitHubProvider(httpTimeout time.Duration) *GitHubProvider
NewGitHubProvider initializes GitHubProvider with an HTTP client with a timeout
func (*GitHubProvider) Authenticate ¶
Authenticate uses the token to get user data from github.com
func (*GitHubProvider) Type ¶
func (p *GitHubProvider) Type() byte
Type is set to u for GitHubProvider since it authenticates users
func (*GitHubProvider) Version ¶
func (p *GitHubProvider) Version() byte
Version is set to 0 for GitHubProvider
type MTLSAuthProvider ¶
MTLSAuthProvider does authentication by verifying TLS certs against a collection of root CAs
func NewMTLSAuthProvider ¶
func NewMTLSAuthProvider(CAs *x509.CertPool) *MTLSAuthProvider
NewMTLSAuthProvider initializes a chain of trust with given CA certificates
func (*MTLSAuthProvider) Authenticate ¶
Authenticate performs TLS based Authentication for the MTLSAuthProvider
func (*MTLSAuthProvider) Type ¶
func (p *MTLSAuthProvider) Type() byte
Type is set to t for MTLSAuthProvider
func (*MTLSAuthProvider) Version ¶
func (p *MTLSAuthProvider) Version() byte
Version is set to 0 for MTLSAuthProvider
type Provider ¶
type Provider interface {
Authenticate(token string, r *http.Request) (knox.Principal, error)
Version() byte
Type() byte
}
Provider is used for authenticating requests via the authentication decorator.
type SpiffeProvider ¶
SpiffeProvider does authentication by verifying TLS certs against a collection of root CAs
func NewSpiffeAuthProvider ¶
func NewSpiffeAuthProvider(CAs *x509.CertPool) *SpiffeProvider
NewSpiffeAuthProvider initializes a chain of trust with given CA certificates, identical to the MTLS provider except the principal is a Spiffe ID instead of a hostname and the CN of the cert is ignored.
func (*SpiffeProvider) Authenticate ¶
Authenticate performs TLS based Authentication and extracts the Spiffe URI extension
func (*SpiffeProvider) Type ¶
func (p *SpiffeProvider) Type() byte
Type is set to s for SpiffeProvider
func (*SpiffeProvider) Version ¶
func (p *SpiffeProvider) Version() byte
Version is set to 0 for SpiffeProvider
Source Files