auth

package module
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 6, 2019 License: Apache-2.0 Imports: 16 Imported by: 6

README

huawei cloud auth

Build Status This provides the authentication mechanism for Huawei Public Cloud. The authentication mechanism can be either AK/SK based or token based.

how to use

sign, err := auth.GetSignFunc(ak, sk, project)
req, err := http.NewRequest("GET", "cce.cn-north-1.myhuaweicloud.com", nil)
err = sign(r)
resp, err := client.Do(req)

how to use in go chassis

1.You can specify the AK/SK in the auth.yaml of Go-Chassis

cse.credentials.accessKey
cse.credentials.secretKey

2.Import in your main.go before other imports

import _ "github.com/huaweicse/auth/adaptor/gochassis"

After signing the header with authourization the Header looks like this

Authorization: Credential=XXX, SignedHeaders=XXX, Signature=XXX

==========================================

For third_party/forked/datastream/aws(github.com/datastream/aws)

Copyright (c) 2014, Xianjie All rights reserved.

========================================================================

For vendor/github.com/huaweicse/auth/third_party/forked/datastream/aws:

========================================================================

See third_party/forked/datastream/aws/LICENSE

Documentation

Index

Constants

View Source
const (
	HeaderServiceAk      = "X-Service-AK"
	HeaderServiceShaAKSK = "X-Service-ShaAKSK"
	HeaderServiceProject = "X-Service-Project"
)

Headers for ak/sk auth

View Source
const (
	EnvKubernetesServiceHost = "KUBERNETES_SERVICE_HOST"
	EnvKubernetesServicePort = "KUBERNETES_SERVICE_PORT"
	HeaderAuthorization      = "Authorization"
	ExpectedArrLength        = 2
	ServiceAccountPath       = `/var/run/secrets/kubernetes.io/serviceaccount`
)

constant value for communication to CCE

View Source
const (
	ServiceStageMountPath = `/opt/CSE/etc/auth`
	DefaultSecretFile     = `.dockerconfigjson`
)

default secret path and file mounted to container by ServiceStage

View Source
const DefaultRefreshInterval = 60 * time.Second

DefaultRefreshInterval is default refresh interval

Variables

View Source
var CCEEnvIdentifications = []string{
	"PAAS_APP_NAME",
	"PAAS_NAMESPACE",
	"PAAS_PROJECT_ID",
	"PAAS_POD_ID",
	"PAAS_CLUSTER_ID",
}

CCEEnvIdentifications is to judge whether a container runs in CCE cluster

View Source
var ErrAuthConfNotExist = errors.New("auth config is not exist")

ErrAuthConfNotExist means the auth config not exist

Functions

This section is empty.

Types

type CCERetriever added in v1.1.1

type CCERetriever struct {
	Client             *http.Client
	ServiceAccountPath string
	EnvIdentifiers     []string
}

CCERetriever queries auth info from CCE

func NewCCERetriever added in v1.1.1

func NewCCERetriever() *CCERetriever

NewCCERetriever news CCERetriever

func (*CCERetriever) API4ImagePullSecret added in v1.1.1

func (q *CCERetriever) API4ImagePullSecret(namespace string) string

API4ImagePullSecret get secret api for a namespace

func (*CCERetriever) GetAuthInfo added in v1.1.1

func (q *CCERetriever) GetAuthInfo() (string, string, string, error)

GetAuthInfo implements Retriever.GetAuthInfo

func (*CCERetriever) Name added in v1.1.1

func (q *CCERetriever) Name() string

Name implements Retriever.Name

type Data added in v1.1.1

type Data struct {
	Auth string `json:"auth"`
}

Data is the base64 format of AK/SHAAKSK/PROJECT

type DockerConfig added in v1.1.1

type DockerConfig struct {
	Auths map[string]Data `json:"auths"`
}

DockerConfig is a tenant's default secret in json format

type HeaderGenerator added in v1.1.1

type HeaderGenerator struct {
	RefreshInterval time.Duration
	Retriever       Retriever
	// contains filtered or unexported fields
}

HeaderGenerator gets auth info and transfers it to auth headers and refresh the auth headers interval

func GetAuthHeaderGenerator added in v1.1.1

func GetAuthHeaderGenerator(qs ...Retriever) (*HeaderGenerator, error)

GetAuthHeaderGenerator news an HeaderGenerator from several Retriever front param has higher priority

func (*HeaderGenerator) GenAuthHeaders added in v1.1.1

func (h *HeaderGenerator) GenAuthHeaders() http.Header

GenAuthHeaders returns the latest auth headers

type KubeSecrets added in v1.1.1

type KubeSecrets struct {
	Data KubeSecretsData `json:"data"`
}

KubeSecrets is response struct of CCE secret api

type KubeSecretsData added in v1.1.1

type KubeSecretsData struct {
	DockerConfigJSON string `json:".dockerconfigjson"`
}

KubeSecretsData is the data of KubeSecrets

type Retriever added in v1.1.1

type Retriever interface {
	GetAuthInfo() (project string, ak string, shaAKSK string, err error)
	Name() string //source name
}

Retriever queries auth infomation: project, AK, SHAAKSK, error

type ServiceStageRetriever added in v1.1.1

type ServiceStageRetriever struct {
	MountPath string
	File      string
}

ServiceStageRetriever queries auth infomation from ServiceStage

func NewServiceStageRetriever added in v1.1.1

func NewServiceStageRetriever() *ServiceStageRetriever

NewServiceStageRetriever news ServiceStageRetriever

func (*ServiceStageRetriever) GetAuthInfo added in v1.1.1

func (q *ServiceStageRetriever) GetAuthInfo() (string, string, string, error)

GetAuthInfo implements Retriever.GetAuthInfo

func (*ServiceStageRetriever) Name added in v1.1.1

func (q *ServiceStageRetriever) Name() string

Name implements Retriever.Name

type SignRequest

type SignRequest func(*http.Request) error

SignRequest inject auth related header and sign this request so that this request can access to huawei cloud

func GetShaAKSKSignFunc

func GetShaAKSKSignFunc(ak, sk, project string) (SignRequest, error)

GetShaAKSKSignFunc sets and initializes the ak/sk auth func

func GetSignFunc

func GetSignFunc(ak, sk, project string) (SignRequest, error)

GetSignFunc sets and initializes the ak/sk auth func

Directories

Path Synopsis
adaptor
third_party

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL