auth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 5, 2018 License: MPL-2.0 Imports: 25 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrUnauthRequest = errors.New("received unauthenticated request")
	ErrMissingSig    = errors.New("missing signature within auth header")
	ErrBadKeyID      = errors.New("couldn't parse keyId within header")
	ErrParseAuth     = errors.New("failed to parse values from keyId")
	ErrParseValue    = errors.New("incorrect values parsed from keyId")
	ErrNameLen       = errors.New("parsed name is too short")
	ErrNameFormat    = errors.New("parsed name is not formatted properly")
	ErrKeyConflict   = errors.New("auth: found conflicting key state")

	ErrWhitelist = errors.New("service only accessible by whitelist")
)

Functions

This section is empty.

Types

type AccountCheck

type AccountCheck struct {
	*ParsedRequest
	*accounts.Account

	TritonAccount *account.Account
	// contains filtered or unexported fields
}

func NewAccountCheck

func NewAccountCheck(req *ParsedRequest, store *accounts.Store, cfg Config) *AccountCheck

func (*AccountCheck) HasAccount

func (ac *AccountCheck) HasAccount() bool

HasAccount returns a boolean whether or not the database has a valid Account.

func (*AccountCheck) HasTritonAccount

func (ac *AccountCheck) HasTritonAccount() bool

HasTritonAccount returns a boolean whether or not we've authenticated with Triton.

func (*AccountCheck) IsAuthentic

func (ac *AccountCheck) IsAuthentic() bool

func (*AccountCheck) OnTriton

func (ac *AccountCheck) OnTriton(ctx context.Context) error

func (*AccountCheck) SaveAccount

func (ac *AccountCheck) SaveAccount(ctx context.Context) error

Save saves the TSG account from the Triton Account.

type Config

type Config struct {
	// Name of the datacenter in which this TSG service is operating. This is
	// used to create unique key names per-DC. The value is also available in
	// the HTTP request Session object.
	Datacenter string

	// URL of Triton's CloudAPI in which to scale instances. This is made
	// available within the HTTP request Session object.
	TritonURL string

	// URL of Triton's CloudAPI in which to authenticate incoming API
	// requests. This is only used by internal auth processes. It can be set to
	// the same CloudAPI used by TritonURL as well.
	AuthURL string

	// Prefix name used when creating a new key in Triton. This defaults to
	// "TSG_Management" but can be configured with whatever an end user
	// prefers. The current Datacenter is also appended to this value at
	// runtime.
	KeyNamePrefix string

	// Enable or disable whitelisting behavior. This feature only accepts
	// requests from user accounts that have previously been authenticated. If
	// this is set to true than a Triton account must be manually added to the
	// tsg_accounts table, auto account creation will be disabled.
	EnableWhitelist bool
}

type KeyCheck

type KeyCheck struct {
	*ParsedRequest

	Key       *keys.Key
	TritonKey *account.Key
	// contains filtered or unexported fields
}

func NewKeyCheck

func NewKeyCheck(req *ParsedRequest, acct *accounts.Account, store *keys.Store, cfg Config) *KeyCheck

func (*KeyCheck) AddTritonKey

func (k *KeyCheck) AddTritonKey(ctx context.Context, keypair *KeyPair) error

AddKey adds an account key into Triton, converting the passed in KeyPair into a Triton-Go account.Key for use by external consumers.

func (*KeyCheck) HasKey

func (k *KeyCheck) HasKey() bool

func (*KeyCheck) HasTritonKey

func (k *KeyCheck) HasTritonKey() bool

func (*KeyCheck) InDatabase

func (k *KeyCheck) InDatabase(ctx context.Context) error

InDatabase checks for and sets an account's key within the TSG database.

func (*KeyCheck) InsertKey

func (k *KeyCheck) InsertKey(ctx context.Context, keypair *KeyPair) error

func (*KeyCheck) OnTriton

func (k *KeyCheck) OnTriton(ctx context.Context) error

CheckTriton checks Triton account keys for our TSG key

type KeyPair

type KeyPair struct {
	PublicKey      ssh.PublicKey
	PrivateKey     *rsa.PrivateKey
	FingerprintMD5 string
	// contains filtered or unexported fields
}

func DecodeKeyPair

func DecodeKeyPair(material string) (*KeyPair, error)

func NewKeyPair

func NewKeyPair(bits int) (*KeyPair, error)

func (*KeyPair) PrivateKeyPEM

func (kp *KeyPair) PrivateKeyPEM() string

func (*KeyPair) PublicKeyBase64

func (kp *KeyPair) PublicKeyBase64() string

type ParsedRequest

type ParsedRequest struct {
	AccountName string
	UserName    string
	Fingerprint string
	// contains filtered or unexported fields
}

func ParseRequest

func ParseRequest(req *http.Request) (*ParsedRequest, error)

func (*ParsedRequest) Header

func (r *ParsedRequest) Header() *http.Header

type Session

type Session struct {
	*ParsedRequest

	AccountID   string
	Fingerprint string
	Datacenter  string
	TritonURL   string
	// contains filtered or unexported fields
}

authSession a private struct which is only accessible by pulling out of the current request `context.Context`.

func NewSession

func NewSession(req *http.Request, cfg Config) (*Session, error)

NewSession constructs and returns a new Session by parsing the HTTP request, validating and pulling out authentication headers.

func (*Session) EnsureAccount

func (s *Session) EnsureAccount(ctx context.Context, store *accounts.Store) (*accounts.Account, error)

EnsureAccount ensures that a Triton account is authentic and an account has been created for it within the TSG database. Returns the TSG account that was either created or found.

func (*Session) EnsureKeys

func (s *Session) EnsureKeys(ctx context.Context, acct *accounts.Account, store *keys.Store) error

EnsureKey checks Triton for an active TSG account key. If one cannot be found than a new key is created and stored it into the TSG database.

func (*Session) IsAuthenticated

func (s *Session) IsAuthenticated() bool

IsAuthenticated represents whatever it means for an authSession to be deemed authenticated.

func (*Session) IsDevMode

func (s *Session) IsDevMode() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL