credentials

package
v2.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 5, 2022 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package credentials includes validators for the credentials provided for KongConsumers.

Index

Constants

View Source
const TypeKey = "kongCredType"

TypeKey indicates the key in a consumer secret which identifies the type of credential that is being provided for the consumer.

Variables

View Source
var (
	KeyAuthFields    = []string{"key"}
	BasicAuthFields  = []string{"username", "password"}
	HMACAuthFields   = []string{"username", "secret"}
	JWTAuthFields    = []string{"algorithm", "rsa_public_key", "key", "secret"}
	MTLsAuthFields   = []string{"subject_name"}
	OAUTH2AuthFields = []string{"name", "client_id", "client_secret", "redirect_uris"}
	ACLAuthFields    = []string{"group"}
)
View Source
var CredTypeToFields = map[string][]string{
	"key-auth":             KeyAuthFields,
	"keyauth_credential":   KeyAuthFields,
	"basic-auth":           BasicAuthFields,
	"basicauth_credential": BasicAuthFields,
	"hmac-auth":            HMACAuthFields,
	"hmacauth_credential":  HMACAuthFields,
	"jwt":                  JWTAuthFields,
	"jwt_secret":           JWTAuthFields,
	"oauth2":               OAUTH2AuthFields,
	"acl":                  ACLAuthFields,
	"mtls-auth":            MTLsAuthFields,
}
View Source
var SupportedTypes = sets.NewString(
	"basic-auth",
	"hmac-auth",
	"jwt",
	"key-auth",
	"oauth2",
	"acl",
)

SupportedCreds indicates all the "kongCredType"s which are supported for KongConsumer credentials.

Functions

func IsKeyUniqueConstrained

func IsKeyUniqueConstrained(keyType, key string) (constrained bool)

IsKeyUniqueConstrained indicates whether or not a given key and its type there are unique constraints in place.

func ValidateCredentials added in v2.1.0

func ValidateCredentials(consumerName string, secret *corev1.Secret) error

ValidateCredentials performs basic validation on a credential secret given the Kubernetes secret which contains credentials data.

Types

type Credential

type Credential struct {
	// ConsumerName indicates the name of the KongConsumer which this credential
	// is supplied for.
	ConsumerName string

	// ConsumerNamespace indicates the namespace that the KongConsumer which this
	// credential is supplied for.
	ConsumerNamespace string

	// Type indicates the credential type, which will reference one of the types
	// in the SupportedTypes set.
	Type string

	// Key is the key for the credentials data
	Key string

	// Value is the data provided for the key
	Value string
}

Credential is a metadata struct to help validate the contents of consumer credentials, particularly unique constraints on the underlying data.

type Index

type Index map[string]map[string]map[string]struct{}

Index is a map of credentials types to a map of credential keys to the underlying values already seen for that type and key. This type is used as a history tracker for validation so that callers can keep track of the credentials they've seen thus far and validate whether new credentials they encounter are in violation of any constraints on their respective types.

func (Index) ValidateCredentialsForUniqueKeyConstraints added in v2.1.0

func (cs Index) ValidateCredentialsForUniqueKeyConstraints(consumerName string, secret *corev1.Secret) error

ValidateCredentialsForUniqueKeyConstraints will attempt to add a new Credential to the CredentialsTypeMap and will validate it for both normal structure validation and for unique key constraint violations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL