tenantmapping

package
v0.0.0-...-a423d60 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 4, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const GlobalAccessLevel = "global"

Variables

This section is empty.

Functions

func NewAccessLevelContextProvider 

func NewAccessLevelContextProvider(clientProvider DirectorClient, scopesGetter ScopesGetter) *accessLevelContextProvider

NewAccessLevelContextProvider implements the ObjectContextProvider interface by looking tenant header and access levels defined in the auth session extra.

func NewAuthenticatorContextProvider 

func NewAuthenticatorContextProvider(clientProvider DirectorClient, authenticators []authenticator.Config) *authenticatorContextProvider

NewAuthenticatorContextProvider implements the ObjectContextProvider interface by looking for user scopes in the 'scope' token attribute and also extracts the tenant information from the token by using a dedicated TenantAttribute defined for the specified authenticator. It uses its authenticators to extract authentication details from the requestData.

func NewCertServiceContextProvider 

func NewCertServiceContextProvider(clientProvider DirectorClient, scopesGetter ScopesGetter) *certServiceContextProvider

NewCertServiceContextProvider implements the ObjectContextProvider interface by looking for tenant information directly populated in the certificate.

func NewConsumerContextProvider 

func NewConsumerContextProvider(clientProvider DirectorClient, consumerClaimsKeysConfig cfg.ConsumerClaimsKeysConfig) *consumerContextProvider

NewConsumerContextProvider implements the ObjectContextProvider interface by looking for "user_context" header from the request.

func NewStaticGroupRepository 

func NewStaticGroupRepository(srcPath string) (*staticGroupRepository, error)

NewStaticGroupRepository missing godoc

func NewSystemAuthContextProvider 

func NewSystemAuthContextProvider(clientProvider DirectorClient, scopesGetter ScopesGetter) *systemAuthContextProvider

NewSystemAuthContextProvider missing godoc

func NewUserContextProvider 

func NewUserContextProvider(clientProvider DirectorClient, staticGroupRepo StaticGroupRepository) *userContextProvider

NewUserContextProvider missing godoc

Types

type ClientInstrumenter 

type ClientInstrumenter interface {
	InstrumentClient(clientID string, authFlow string, details string)
}

ClientInstrumenter collects metrics for different client and auth flows.

type DirectorClient 

type DirectorClient interface {
	GetTenantByExternalID(ctx context.Context, tenantID string) (*schema.Tenant, error)
	GetSystemAuthByID(ctx context.Context, authID string) (*model.SystemAuth, error)
	UpdateSystemAuth(ctx context.Context, sysAuth *model.SystemAuth) (director.UpdateAuthResult, error)
}

DirectorClient missing godoc

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler missing godoc

func NewHandler 

func NewHandler(
	reqDataParser ReqDataParser,
	objectContextProviders map[string]ObjectContextProvider,
	clientInstrumenter ClientInstrumenter, directorClient DirectorClient, tenantSubstitutionLabelKey string) *Handler

NewHandler missing godoc

func (*Handler) ServeHTTP 

func (h *Handler) ServeHTTP(writer http.ResponseWriter, req *http.Request)

ServeHTTP missing godoc

type KeysExtra 

type KeysExtra struct {
	TenantKey         string
	ExternalTenantKey string
}

KeysExtra contains the keys that should be used for Tenant and ExternalTenant in the IDToken claims

type ObjectContext 

type ObjectContext struct {
	KeysExtra
	Tenant              *graphql.Tenant
	Scopes              string
	ScopesMergeStrategy scopesMergeStrategy
	Region              string
	OauthClientID       string
	ConsumerID          string
	AuthFlow            oathkeeper.AuthFlow
	ConsumerType        consumer.Type
	ContextProvider     string
	Subject             string
}

ObjectContext missing godoc

func NewObjectContext 

func NewObjectContext(tenant *graphql.Tenant, keysExtra KeysExtra, scopes string, scopesMergeStrategy scopesMergeStrategy, region, clientID, consumerID string, authFlow oathkeeper.AuthFlow, consumerType consumer.Type, contextProvider string, subject string) ObjectContext

NewObjectContext missing godoc

func RedactConsumerIDForLogging 

func RedactConsumerIDForLogging(original ObjectContext) ObjectContext

type ObjectContextProvider 

type ObjectContextProvider interface {
	GetObjectContext(ctx context.Context, reqData oathkeeper.ReqData, authDetails oathkeeper.AuthDetails) (ObjectContext, error)
	Match(ctx context.Context, data oathkeeper.ReqData) (bool, *oathkeeper.AuthDetails, error)
}

ObjectContextProvider missing godoc

type ReqDataParser 

type ReqDataParser interface {
	Parse(req *http.Request) (oathkeeper.ReqData, error)
}

ReqDataParser missing godoc

type ScopesGetter 

type ScopesGetter interface {
	GetRequiredScopes(scopesDefinition string) ([]string, error)
}

ScopesGetter missing godoc

type StaticGroup 

type StaticGroup struct {
	GroupName string   `json:"groupname"`
	Scopes    []string `json:"scopes"`
}

StaticGroup missing godoc

type StaticGroupRepository 

type StaticGroupRepository interface {
	Get(ctx context.Context, groupnames []string) StaticGroups
}

StaticGroupRepository missing godoc

type StaticGroups 

type StaticGroups []StaticGroup

StaticGroups missing godoc

func (StaticGroups) GetGroupScopes 

func (groups StaticGroups) GetGroupScopes() string

GetGroupScopes get all scopes from group array, without duplicates

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.