authmethod

package
v1.8.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2020 License: MPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsRegisteredType 

func IsRegisteredType(typeName string) bool

func ParseConfig 

func ParseConfig(rawConfig map[string]interface{}, out interface{}) error

ParseConfig parses the config block for a auth method.

func Register 

func Register(name string, factory ValidatorFactory)

Register makes an auth method with the given type available for use. If Register is called twice with the same name or if validator is nil, it panics.

func RequireIdentityMatch added in v1.8.0 

func RequireIdentityMatch(t testing.T, id *Identity, projectedVars map[string]string, filters ...string)

RequireIdentityMatch tests to see if the given Identity matches the provided projected vars and filters for testing purpose.

func Types 

func Types() []string

Types returns a sorted list of the names of the registered types.

Types

type Cache added in v1.7.0 

type Cache interface {
	// GetValidator retrieves the Validator from the cache.
	// It returns the modify index of struct that the validator was created from,
	// the validator and a boolean indicating whether the value was found
	GetValidator(method *structs.ACLAuthMethod) (uint64, Validator, bool)

	// PutValidatorIfNewer inserts a new validator into the cache if the index is greater
	// than the modify index of any existing entry in the cache. This method will return
	// the newest validator which may or may not be the one from the method parameter
	PutValidatorIfNewer(method *structs.ACLAuthMethod, validator Validator, idx uint64) Validator

	// Purge removes all cached validators
	Purge()
}

func NewCache added in v1.7.0 

func NewCache() Cache

type Identity added in v1.8.0 

type Identity struct {
	// SelectableFields is the format of this Identity suitable for selection
	// with a binding rule.
	SelectableFields interface{}

	// ProjectedVars is the format of this Identity suitable for interpolation
	// in a bind name within a binding rule.
	ProjectedVars map[string]string

	*structs.EnterpriseMeta
}

func (*Identity) ProjectedVarNames added in v1.8.0 

func (i *Identity) ProjectedVarNames() []string

ProjectedVarNames returns just the keyspace of the ProjectedVars map.

type Validator 

type Validator interface {
	// Name returns the name of the auth method backing this validator.
	Name() string

	// NewIdentity creates a blank identity populated with empty values.
	NewIdentity() *Identity

	// ValidateLogin takes raw user-provided auth method metadata and ensures
	// it is sane, provably correct, and currently valid. Relevant identifying
	// data is extracted and returned for immediate use by the role binding
	// process.
	//
	// Depending upon the method, it may make sense to use these calls to
	// continue to extend the life of the underlying token.
	//
	// Returns auth method specific metadata suitable for the Role Binding
	// process as well as the desired enterprise meta for the token to be
	// created.
	ValidateLogin(ctx context.Context, loginToken string) (*Identity, error)

	// Stop should be called to cease any background activity and free up
	// resources.
	Stop()
}

func NewValidator 

func NewValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error)

NewValidator instantiates a new Validator for the given auth method configuration. If no auth method is registered with the provided type an error is returned.

type ValidatorFactory 

type ValidatorFactory func(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.