Documentation
¶
Index ¶
- func GetURINamesFromExtensions(extensions *[]pkix.Extension) (uris []string, err error)
- func IsService(p knox.Principal) bool
- func IsUser(p knox.Principal) bool
- func NewMachine(id string) knox.Principal
- func NewService(domain string, path string) knox.Principal
- func NewUser(id string, groups []string) knox.Principal
- type GitHubLoginFormat
- type GitHubOrgFormat
- type GitHubProvider
- type MTLSAuthProvider
- type Provider
- type SpiffeFallbackProvider
- type SpiffeProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetURINamesFromExtensions ¶
GetURINamesFromExtensions retrieves URIs from the SAN extension of a slice of extensions
func IsService ¶
IsService returns true if the principal, or first principal in the case of mux, is a service.
func IsUser ¶
IsUser returns true if the principal, or first principal in the case of mux, is a user.
func NewMachine ¶
NewMachine creates a machine principal with the given auth Provider.
func NewService ¶
NewService creates a service principal with the given auth Provider.
Types ¶
type GitHubLoginFormat ¶
type GitHubLoginFormat struct {
Name string `json:"login"`
}
GitHubLoginFormat specifies the json return format for /user field.
type GitHubOrgFormat ¶
type GitHubOrgFormat []GitHubLoginFormat
GitHubOrgFormat specifies the JSON return format for /user/org.
type GitHubProvider ¶
type GitHubProvider struct {
// contains filtered or unexported fields
}
GitHubProvider implements user authentication through github.com
func MockGitHubProvider ¶
func MockGitHubProvider() *GitHubProvider
MockGitHubProvider returns a mocked out authentication header with a simple mock "server". If there exists an authorization header with user token that does not equal 'notvalid', it will log in as 'testuser'.
func NewGitHubProvider ¶
func NewGitHubProvider(httpTimeout time.Duration) *GitHubProvider
NewGitHubProvider initializes GitHubProvider with an HTTP client with a timeout
func (*GitHubProvider) Authenticate ¶
Authenticate uses the token to get user data from github.com
func (*GitHubProvider) Name ¶
func (p *GitHubProvider) Name() string
Name is the name of the provider for logging
func (*GitHubProvider) Type ¶
func (p *GitHubProvider) Type() byte
Type is set to u for GitHubProvider since it authenticates users
func (*GitHubProvider) Version ¶
func (p *GitHubProvider) Version() byte
Version is set to 0 for GitHubProvider
type MTLSAuthProvider ¶
MTLSAuthProvider does authentication by verifying TLS certs against a collection of root CAs
func NewMTLSAuthProvider ¶
func NewMTLSAuthProvider(CAs *x509.CertPool) *MTLSAuthProvider
NewMTLSAuthProvider initializes a chain of trust with given CA certificates
func (*MTLSAuthProvider) Authenticate ¶
Authenticate performs TLS based Authentication for the MTLSAuthProvider
func (*MTLSAuthProvider) Name ¶
func (p *MTLSAuthProvider) Name() string
Name is the name of the provider for logging
func (*MTLSAuthProvider) Type ¶
func (p *MTLSAuthProvider) Type() byte
Type is set to t for MTLSAuthProvider
func (*MTLSAuthProvider) Version ¶
func (p *MTLSAuthProvider) Version() byte
Version is set to 0 for MTLSAuthProvider
type Provider ¶
type Provider interface {
Name() string
Authenticate(token string, r *http.Request) (knox.Principal, error)
Version() byte
Type() byte
}
Provider is used for authenticating requests via the authentication decorator.
type SpiffeFallbackProvider ¶
type SpiffeFallbackProvider struct {
SpiffeProvider
}
SpiffeFallbackProvider is a SpiffeProvider that uses the same Type byte as the MTLSAuthProvider. The use case for this is to allow a client that specifies MTLSAuth to also transparently be given Spiffe based access as well. For more predictable results, ensure that the MTLSAuthProvider is registered before the SpiffeFallbackProvider so that MTLSAuthProvider is always used if it succeeds. Note that this is only possible with the SpiffeProvider because there is no use of the token from the AuthorizationHeader in this Provider.
func NewSpiffeAuthFallbackProvider ¶
func NewSpiffeAuthFallbackProvider(CAs *x509.CertPool) *SpiffeFallbackProvider
NewSpiffeAuthFallbackProvider initializes a chain of trust with given CA certificates, identical to the SpiffeProvider except the Type is defined as the MTLSAuthProvider Type().
func (*SpiffeFallbackProvider) Name ¶
func (p *SpiffeFallbackProvider) Name() string
Name is the name of the provider for logging
func (*SpiffeFallbackProvider) Type ¶
func (s *SpiffeFallbackProvider) Type() byte
Type is set to be identical to the Type of the MTLSAuthProvider
type SpiffeProvider ¶
SpiffeProvider does authentication by verifying TLS certs against a collection of root CAs
func NewSpiffeAuthProvider ¶
func NewSpiffeAuthProvider(CAs *x509.CertPool) *SpiffeProvider
NewSpiffeAuthProvider initializes a chain of trust with given CA certificates, identical to the MTLS provider except the principal is a Spiffe ID instead of a hostname and the CN of the cert is ignored.
func (*SpiffeProvider) Authenticate ¶
Authenticate performs TLS based Authentication and extracts the Spiffe URI extension
func (*SpiffeProvider) Name ¶
func (p *SpiffeProvider) Name() string
Name is the name of the provider for logging
func (*SpiffeProvider) Type ¶
func (p *SpiffeProvider) Type() byte
Type is set to s for SpiffeProvider
func (*SpiffeProvider) Version ¶
func (p *SpiffeProvider) Version() byte
Version is set to 0 for SpiffeProvider
Source Files