auth

package
v2.5.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 20, 2017 License: Apache-2.0 Imports: 11 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNoBasicAuthCredentials is returned if a request can't be authorized with
	// basic auth due to lack of credentials.
	ErrNoBasicAuthCredentials = errors.New("no basic auth credentials")

	// ErrNoToken is returned if a request is successful but the body does not
	// contain an authorization token.
	ErrNoToken = errors.New("authorization server did not include a token in the response")
)

Functions

func NewAuthorizer

func NewAuthorizer(manager ChallengeManager, handlers ...AuthenticationHandler) transport.RequestModifier

NewAuthorizer creates an authorizer which can handle multiple authentication schemes. The handlers are tried in order, the higher priority authentication methods should be first. The challengeMap holds a list of challenges for a given root API endpoint (for example "https://registry-1.docker.io/v2/").

Types

type APIVersion

type APIVersion struct {
	// Type refers to the name of a specific API specification
	// such as "registry"
	Type string

	// Version is the version of the API specification implemented,
	// This may omit the revision number and only include
	// the major and minor version, such as "2.0"
	Version string
}

APIVersion represents a version of an API including its type and version number.

func APIVersions

func APIVersions(resp *http.Response, versionHeader string) []APIVersion

APIVersions gets the API versions out of an HTTP response using the provided version header as the key for the HTTP header.

func ParseAPIVersion

func ParseAPIVersion(versionStr string) APIVersion

ParseAPIVersion parses an API version string into an APIVersion Format (Expected, not enforced): API version string = <API type> '/' <API version> API type = [a-z][a-z0-9]* API version = [0-9]+(\.[0-9]+)? TODO(dmcgowan): Enforce format, add error condition, remove unknown type

func (APIVersion) String

func (v APIVersion) String() string

String returns the string formatted API Version

type AuthenticationHandler

type AuthenticationHandler interface {
	// Scheme returns the scheme as expected from the "WWW-Authenicate" header.
	Scheme() string

	// AuthorizeRequest adds the authorization header to a request (if needed)
	// using the parameters from "WWW-Authenticate" method. The parameters
	// values depend on the scheme.
	AuthorizeRequest(req *http.Request, params map[string]string) error
}

AuthenticationHandler is an interface for authorizing a request from params from a "WWW-Authenicate" header for a single scheme.

func NewBasicHandler

func NewBasicHandler(creds CredentialStore) AuthenticationHandler

NewBasicHandler creaters a new authentiation handler which adds basic authentication credentials to a request.

func NewTokenHandler

func NewTokenHandler(transport http.RoundTripper, creds CredentialStore, scope string, actions ...string) AuthenticationHandler

NewTokenHandler creates a new AuthenicationHandler which supports fetching tokens from a remote token server.

func NewTokenHandlerWithOptions

func NewTokenHandlerWithOptions(options TokenHandlerOptions) AuthenticationHandler

NewTokenHandlerWithOptions creates a new token handler using the provided options structure.

type Challenge

type Challenge struct {
	// Scheme is the auth-scheme according to RFC 2617
	Scheme string

	// Parameters are the auth-params according to RFC 2617
	Parameters map[string]string
}

Challenge carries information from a WWW-Authenticate response header. See RFC 2617.

func ResponseChallenges

func ResponseChallenges(resp *http.Response) []Challenge

ResponseChallenges returns a list of authorization challenges for the given http Response. Challenges are only checked if the response status code was a 401.

type ChallengeManager

type ChallengeManager interface {
	// GetChallenges returns the challenges for the given
	// endpoint URL.
	GetChallenges(endpoint url.URL) ([]Challenge, error)

	// AddResponse adds the response to the challenge
	// manager. The challenges will be parsed out of
	// the WWW-Authenicate headers and added to the
	// URL which was produced the response. If the
	// response was authorized, any challenges for the
	// endpoint will be cleared.
	AddResponse(resp *http.Response) error
}

ChallengeManager manages the challenges for endpoints. The challenges are pulled out of HTTP responses. Only responses which expect challenges should be added to the manager, since a non-unauthorized request will be viewed as not requiring challenges.

func NewSimpleChallengeManager

func NewSimpleChallengeManager() ChallengeManager

NewSimpleChallengeManager returns an instance of ChallengeManger which only maps endpoints to challenges based on the responses which have been added the manager. The simple manager will make no attempt to perform requests on the endpoints or cache the responses to a backend.

type CredentialStore

type CredentialStore interface {
	// Basic returns basic auth for the given URL
	Basic(*url.URL) (string, string)

	// RefreshToken returns a refresh token for the
	// given URL and service
	RefreshToken(*url.URL, string) string

	// SetRefreshToken sets the refresh token if none
	// is provided for the given url and service
	SetRefreshToken(realm *url.URL, service, token string)
}

CredentialStore is an interface for getting credentials for a given URL

type RepositoryScope

type RepositoryScope struct {
	Repository string
	Actions    []string
}

RepositoryScope represents a token scope for access to a repository.

func (RepositoryScope) String

func (rs RepositoryScope) String() string

String returns the string representation of the repository using the scope grammar

type Scope

type Scope interface {
	String() string
}

Scope is a type which is serializable to a string using the allow scope grammar.

type TokenHandlerOptions

type TokenHandlerOptions struct {
	Transport   http.RoundTripper
	Credentials CredentialStore

	OfflineAccess bool
	ForceOAuth    bool
	ClientID      string
	Scopes        []Scope
}

TokenHandlerOptions is used to configure a new token handler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL