Documentation
¶
Index ¶
- type CallbackServer
- func (s *CallbackServer) Close() error
- func (s *CallbackServer) ErrorCh() <-chan error
- func (s *CallbackServer) Nonce() string
- func (s *CallbackServer) RedirectURI() string
- func (s *CallbackServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
- func (s *CallbackServer) SuccessCh() <-chan *api.ACLOIDCCompleteAuthRequest
- type ProviderCache
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CallbackServer ¶
type CallbackServer struct {
// contains filtered or unexported fields
}
CallbackServer is started with NewCallbackServer and creates an HTTP server for handling loopback OIDC auth redirects.
func NewCallbackServer ¶
func NewCallbackServer(addr string) (*CallbackServer, error)
NewCallbackServer creates and starts a new local HTTP server for OIDC authentication to redirect to. This is used to capture the necessary information to complete the authentication.
func (*CallbackServer) Close ¶
func (s *CallbackServer) Close() error
Close cleans up and shuts down the server. On close, errors may be sent to ErrorCh and should be ignored.
func (*CallbackServer) ErrorCh ¶
func (s *CallbackServer) ErrorCh() <-chan error
ErrorCh returns a channel where any errors are sent. Errors may be sent after Close and should be disregarded.
func (*CallbackServer) Nonce ¶
func (s *CallbackServer) Nonce() string
Nonce returns a generated nonce that can be used for the request.
func (*CallbackServer) RedirectURI ¶
func (s *CallbackServer) RedirectURI() string
RedirectURI is the redirect URI that should be provided for the auth.
func (*CallbackServer) ServeHTTP ¶
func (s *CallbackServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
ServeHTTP implements http.Handler and handles the callback request. This isn't usually used directly; use the server address instead.
func (*CallbackServer) SuccessCh ¶
func (s *CallbackServer) SuccessCh() <-chan *api.ACLOIDCCompleteAuthRequest
SuccessCh returns a channel that gets sent a partially completed request to complete the OIDC auth with the Nomad server.
type ProviderCache ¶
type ProviderCache struct {
// contains filtered or unexported fields
}
ProviderCache is a cache for OIDC providers. OIDC providers are something you don't want to recreate per-request since they make HTTP requests when they're constructed.
The ProviderCache purges a provider under two scenarios: (1) the provider config is updated, and it is different and (2) after a set amount of time (see cacheExpiry for value) in case the remote provider configuration changed.
func NewProviderCache ¶
func NewProviderCache() *ProviderCache
NewProviderCache should be used to initialize a provider cache. This will start up background resources to manage the cache.
func (*ProviderCache) Delete ¶
func (c *ProviderCache) Delete(name string)
Delete force deletes a single auth method from the cache by name.
func (*ProviderCache) Get ¶
func (c *ProviderCache) Get(authMethod *structs.ACLAuthMethod) (*oidc.Provider, error)
Get returns the OIDC provider for the given auth method configuration. This will initialize the provider if it isn't already in the cache or if the configuration changed.
func (*ProviderCache) Shutdown ¶
func (c *ProviderCache) Shutdown()
Shutdown stops any long-lived cache process and informs each OIDC provider that they are done. This should be called whenever the Nomad server is shutting down.
Source Files