tokens

package
v0.1.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2023 License: MPL-2.0 Imports: 40 Imported by: 0

Documentation

Overview

Package tokens manages token authentication

Index

Constants

This section is empty.

Variables

View Source 
var AuthenticatedPrefixes = []string{
	otfhttp.APIPrefixV2,
	otfhttp.ModuleV1Prefix,
	otfapi.DefaultBasePath,
	paths.UIPrefix,
}

AuthenticatedPrefixes are those URL path prefixes requiring authentication.

Functions

func NewAgentsCommand added in v0.1.9 

func NewAgentsCommand(api *otfapi.Client) *cobra.Command

func NewService 

func NewService(opts Options) (*service, error)

func NewSessionToken 

func NewSessionToken(key jwk.Key, username string, expiry time.Time) (string, error)

func NewTestJWT 

func NewTestJWT(t *testing.T, secret []byte, kind Kind, lifetime time.Duration, claims ...string) string

func NewTestSessionJWT 

func NewTestSessionJWT(t *testing.T, username string, secret []byte, lifetime time.Duration) string

func NewToken 

func NewToken(opts NewTokenOptions) ([]byte, error)

Types

type AgentToken 

type AgentToken struct {
	ID           string `jsonapi:"primary,agent_tokens"`
	CreatedAt    time.Time
	Description  string `jsonapi:"attribute" json:"description"`
	Organization string `jsonapi:"attribute" json:"organization_name"`
}

AgentToken represents the authentication token for an external agent. NOTE: the cryptographic token itself is not retained.

func AgentFromContext 

func AgentFromContext(ctx context.Context) (*AgentToken, error)

AgentFromContext retrieves an agent token from a context

func NewAgentToken 

func NewAgentToken(opts NewAgentTokenOptions) (*AgentToken, []byte, error)

NewAgentToken constructs a token for an external agent, returning both the representation of the token, and the cryptographic token itself.

TODO(@leg100): Unit test this.

func NewTestAgentToken 

func NewTestAgentToken(t *testing.T, org string) *AgentToken

func (*AgentToken) CanAccessOrganization 

func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool

func (*AgentToken) CanAccessSite 

func (*AgentToken) CanAccessSite(action rbac.Action) bool

func (*AgentToken) CanAccessTeam added in v0.1.15 

func (*AgentToken) CanAccessTeam(rbac.Action, string) bool

func (*AgentToken) CanAccessWorkspace 

func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*AgentToken) IsOwner 

func (t *AgentToken) IsOwner(string) bool

func (*AgentToken) IsSiteAdmin 

func (t *AgentToken) IsSiteAdmin() bool

func (*AgentToken) Organizations 

func (t *AgentToken) Organizations() []string

func (*AgentToken) String 

func (t *AgentToken) String() string

type CLI added in v0.1.9 

type CLI struct {
	TokensService
}

type Client 

type Client struct {
	internal.JSONAPIClient

	// client doesn't implement all of service yet
	TokensService
}

func NewClient added in v0.1.9 

func NewClient(api *otfapi.Client) (*Client, error)

func (*Client) CreateAgentToken 

func (c *Client) CreateAgentToken(ctx context.Context, opts CreateAgentTokenOptions) ([]byte, error)

func (*Client) CreateRunToken 

func (c *Client) CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)

func (*Client) GetAgentToken 

func (c *Client) GetAgentToken(ctx context.Context, token string) (*AgentToken, error)

type CreateAgentTokenOptions 

type CreateAgentTokenOptions struct {
	Organization string `json:"organization_name" schema:"organization_name,required"`
	Description  string `json:"description" schema:"description,required"`
}

type CreateOrganizationTokenOptions added in v0.1.0 

type CreateOrganizationTokenOptions struct {
	Organization string `schema:"organization_name,required"`
	Expiry       *time.Time
}

CreateOrganizationTokenOptions are options for creating an organization token via the service endpoint

type CreateRunTokenOptions 

type CreateRunTokenOptions struct {
	Organization *string    `json:"organization"` // Organization of run. Required.
	RunID        *string    `json:"run_id"`       // ID of run. Required.
	Expiry       *time.Time // Override expiry. Optional.
}

type CreateTeamTokenOptions added in v0.1.15 

type CreateTeamTokenOptions struct {
	TeamID string
	Expiry *time.Time
}

CreateTeamTokenOptions are options for creating an team token via the service endpoint

type CreateUserTokenOptions 

type CreateUserTokenOptions struct {
	Description string
}

CreateUserTokenOptions are options for creating a user token via the service endpoint

type GoogleIAPConfig 

type GoogleIAPConfig struct {
	Audience string
}

type Kind 

type Kind string

the Kind of authentication token: user session, user token, agent token, etc

type NewAgentTokenOptions 

type NewAgentTokenOptions struct {
	CreateAgentTokenOptions
	// contains filtered or unexported fields
}

type NewOrganizationTokenOptions added in v0.1.0 

type NewOrganizationTokenOptions struct {
	CreateOrganizationTokenOptions
	Organization string
	// contains filtered or unexported fields
}

NewOrganizationTokenOptions are options for constructing a user token via the constructor.

type NewTeamTokenOptions added in v0.1.15 

type NewTeamTokenOptions struct {
	CreateTeamTokenOptions
	Team string
	// contains filtered or unexported fields
}

NewTeamTokenOptions are options for constructing a team token via the constructor.

type NewTokenOptions 

type NewTokenOptions struct {
	Kind    Kind
	Subject string
	Expiry  *time.Time
	Claims  map[string]string
	// contains filtered or unexported fields
}

type NewUserTokenOptions 

type NewUserTokenOptions struct {
	CreateUserTokenOptions
	Username string
	// contains filtered or unexported fields
}

NewUserTokenOptions are options for constructing a user token via the constructor.

type Options 

type Options struct {
	logr.Logger
	*sql.DB
	*tfeapi.Responder
	html.Renderer
	auth.AuthService
	GoogleIAPConfig

	SiteToken string
	Secret    []byte
}

type OrganizationService 

type OrganizationService organization.Service

Aliases to disambiguate service names when embedded together.

type OrganizationToken added in v0.1.0 

type OrganizationToken struct {
	ID        string
	CreatedAt time.Time

	// Token belongs to an organization
	Organization string
	// Optional expiry.
	Expiry *time.Time
}

OrganizationToken provides information about an API token for a user.

func NewOrganizationToken added in v0.1.0 

func NewOrganizationToken(opts NewOrganizationTokenOptions) (*OrganizationToken, []byte, error)

func (*OrganizationToken) CanAccessOrganization added in v0.1.0 

func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool

func (*OrganizationToken) CanAccessSite added in v0.1.0 

func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool

func (*OrganizationToken) CanAccessTeam added in v0.1.15 

func (u *OrganizationToken) CanAccessTeam(rbac.Action, string) bool

func (*OrganizationToken) CanAccessWorkspace added in v0.1.0 

func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*OrganizationToken) IsOwner added in v0.1.0 

func (u *OrganizationToken) IsOwner(organization string) bool

func (*OrganizationToken) IsSiteAdmin added in v0.1.0 

func (u *OrganizationToken) IsSiteAdmin() bool

func (*OrganizationToken) Organizations added in v0.1.0 

func (u *OrganizationToken) Organizations() []string

func (*OrganizationToken) String added in v0.1.0 

func (u *OrganizationToken) String() string

type RunToken 

type RunToken struct {
	Organization string
}

RunToken is a short-lived token providing a terraform run with access to resources, for example, to access the registry to retrieve modules, or to retrieve the state of other workspaces when using `terraform_remote_state`.

func NewRunTokenFromJWT 

func NewRunTokenFromJWT(token jwt.Token) (*RunToken, error)

func (*RunToken) CanAccessOrganization 

func (t *RunToken) CanAccessOrganization(action rbac.Action, name string) bool

func (*RunToken) CanAccessSite 

func (t *RunToken) CanAccessSite(action rbac.Action) bool

func (*RunToken) CanAccessTeam added in v0.1.15 

func (t *RunToken) CanAccessTeam(rbac.Action, string) bool

func (*RunToken) CanAccessWorkspace 

func (t *RunToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*RunToken) ID 

func (t *RunToken) ID() string

func (*RunToken) IsOwner 

func (t *RunToken) IsOwner(string) bool

func (*RunToken) IsSiteAdmin 

func (t *RunToken) IsSiteAdmin() bool

func (*RunToken) Organizations 

func (t *RunToken) Organizations() []string

func (*RunToken) String 

func (t *RunToken) String() string

type RunTokenService 

type RunTokenService interface {
	CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)
}

type StartSessionOptions 

type StartSessionOptions struct {
	Username *string
	Expiry   *time.Time
}

type TeamToken added in v0.1.15 

type TeamToken struct {
	ID        string
	CreatedAt time.Time

	// Token belongs to a team
	TeamID string
	// Optional expiry.
	Expiry *time.Time
}

TeamToken provides information about an API token for a team.

func NewTeamToken added in v0.1.15 

func NewTeamToken(opts NewTeamTokenOptions) (*TeamToken, []byte, error)

func (*TeamToken) LogValue added in v0.1.15 

func (t *TeamToken) LogValue() slog.Value

type TokensService 

type TokensService interface {
	Middleware() mux.MiddlewareFunc

	RunTokenService
	// contains filtered or unexported methods
}

type UserToken 

type UserToken struct {
	ID          string
	CreatedAt   time.Time
	Description string
	Username    string // Token belongs to a user
}

UserToken provides information about an API token for a user.

func NewTestToken 

func NewTestToken(t *testing.T, org string) *UserToken

func NewUserToken 

func NewUserToken(opts NewUserTokenOptions) (*UserToken, []byte, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.