Documentation ¶
Index ¶
- Variables
- type BaseScope
- type Builtin
- func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error)
- func (r *Builtin) Login(user, password string) (token Token, err error)
- func (r *Builtin) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
- func (r *Builtin) Refresh(refresh string) (token Token, err error)
- func (r *Builtin) Scopes(jwToken *jwt.Token) (scopes []Scope)
- func (r *Builtin) User(jwToken *jwt.Token) (user string)
- type Keycloak
- func (r *Keycloak) Authenticate(request *Request) (jwToken *jwt.Token, err error)
- func (r *Keycloak) Login(user, password string) (token Token, err error)
- func (r Keycloak) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
- func (r *Keycloak) Refresh(refresh string) (token Token, err error)
- func (r *Keycloak) Scopes(jwToken *jwt.Token) (scopes []Scope)
- func (r *Keycloak) User(jwToken *jwt.Token) (user string)
- type NoAuth
- func (r *NoAuth) Authenticate(_ *Request) (jwToken *jwt.Token, err error)
- func (r *NoAuth) Login(user, password string) (token Token, err error)
- func (r NoAuth) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
- func (r *NoAuth) Refresh(refresh string) (token Token, err error)
- func (r *NoAuth) Scopes(jwToken *jwt.Token) (scopes []Scope)
- func (r *NoAuth) User(jwToken *jwt.Token) (name string)
- type NotAuthenticated
- type NotValid
- type Provider
- type Realm
- type Reconciler
- type Request
- type Resource
- type Result
- type Role
- type Scope
- type Token
- type User
- type Validator
Constants ¶
This section is empty.
Variables ¶
var AddonRole = []string{
"applications:get",
"applications:put",
"applications.tags:*",
"applications.facts:*",
"applications.bucket:*",
"applications.analyses:*",
"identities:get",
"identities:decrypt",
"proxies:get",
"settings:get",
"tags:*",
"tagcategories:*",
"tasks:get",
"tasks.report:*",
"tasks.bucket:get",
"files:get",
"rulesets:get",
}
AddonRole defines the addon scopes.
var Settings = &settings.Settings
var Validators []Validator
Validators provide token validation based on claims.
Functions ¶
This section is empty.
Types ¶
type BaseScope ¶
BaseScope provides base behavior.
type Builtin ¶
type Builtin struct { }
Builtin auth provider.
func (*Builtin) Authenticate ¶
Authenticate the token
func (*Builtin) NewToken ¶
func (r *Builtin) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
NewToken creates a new signed token.
type Keycloak ¶
type Keycloak struct {
// contains filtered or unexported fields
}
Keycloak auth provider
func (*Keycloak) Authenticate ¶
Authenticate the token
func (Keycloak) NewToken ¶
func (r Keycloak) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
NewToken creates a new signed token.
type NoAuth ¶
type NoAuth struct { }
NoAuth provider always permits access.
func (*NoAuth) Authenticate ¶
Authenticate the token
func (NoAuth) NewToken ¶
func (r NoAuth) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
NewToken creates a new signed token.
type NotAuthenticated ¶
type NotAuthenticated struct {
Token string
}
NotAuthenticated is returned when a token cannot be authenticated.
func (*NotAuthenticated) Error ¶
func (e *NotAuthenticated) Error() (s string)
func (*NotAuthenticated) Is ¶
func (e *NotAuthenticated) Is(err error) (matched bool)
type NotValid ¶
type NotValid struct {
Token string
}
NotValid is returned when a token is not valid.
type Provider ¶
type Provider interface { // NewToken creates a signed token. NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error) // Authenticate authenticates and validates the token. Authenticate(r *Request) (jwToken *jwt.Token, err error) // Scopes extracts a list of scopes from the token. Scopes(jwToken *jwt.Token) []Scope // User extracts the user from token. User(jwToken *jwt.Token) (user string) // Login and obtain a token. Login(user, password string) (token Token, err error) // Refresh token. Refresh(refresh string) (token Token, err error) }
Provider provides RBAC.
func NewKeycloak ¶
NewKeycloak builds a new Keycloak auth provider.
type Realm ¶
type Realm struct { Users map[string]gocloak.User Scopes map[string]gocloak.ClientScope Roles map[string]gocloak.Role }
Realm is a container for the users, scopes, and roles that exist in the hub's keycloak realm.
type Reconciler ¶
type Reconciler struct {
// contains filtered or unexported fields
}
Keycloak realm reconciler
func NewReconciler ¶
func NewReconciler(host, realm, id, secret, admin, pass, adminRealm string) (r Reconciler)
NewReconciler builds a new Keycloak realm reconciler.
func (*Reconciler) Reconcile ¶
func (r *Reconciler) Reconcile() (err error)
Reconcile ensures that the Hub realm exists and the expected clients, roles, scopes, and users are present in it.
type Scope ¶
type Scope interface { // Match returns whether the scope is a match. Match(resource string, method string) bool //String representations of the scope. String() (s string) }
Scope represents an authorization scope.