Documentation ¶
Overview ¶
Package tokens manages token authentication
Index ¶
- Variables
- func NewAgentsCommand(api *otfapi.Client) *cobra.Command
- func NewService(opts Options) (*service, error)
- func NewSessionToken(key jwk.Key, username string, expiry time.Time) (string, error)
- func NewTestJWT(t *testing.T, secret []byte, kind Kind, lifetime time.Duration, ...) string
- func NewTestSessionJWT(t *testing.T, username string, secret []byte, lifetime time.Duration) string
- func NewToken(opts NewTokenOptions) ([]byte, error)
- type AgentToken
- func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool
- func (*AgentToken) CanAccessSite(action rbac.Action) bool
- func (*AgentToken) CanAccessTeam(rbac.Action, string) bool
- func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (t *AgentToken) IsOwner(string) bool
- func (t *AgentToken) IsSiteAdmin() bool
- func (t *AgentToken) Organizations() []string
- func (t *AgentToken) String() string
- type CLI
- type Client
- type CreateAgentTokenOptions
- type CreateOrganizationTokenOptions
- type CreateRunTokenOptions
- type CreateTeamTokenOptions
- type CreateUserTokenOptions
- type GoogleIAPConfig
- type Kind
- type NewAgentTokenOptions
- type NewOrganizationTokenOptions
- type NewTeamTokenOptions
- type NewTokenOptions
- type NewUserTokenOptions
- type Options
- type OrganizationService
- type OrganizationToken
- func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool
- func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool
- func (u *OrganizationToken) CanAccessTeam(rbac.Action, string) bool
- func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (u *OrganizationToken) IsOwner(organization string) bool
- func (u *OrganizationToken) IsSiteAdmin() bool
- func (u *OrganizationToken) Organizations() []string
- func (u *OrganizationToken) String() string
- type RunToken
- func (t *RunToken) CanAccessOrganization(action rbac.Action, name string) bool
- func (t *RunToken) CanAccessSite(action rbac.Action) bool
- func (t *RunToken) CanAccessTeam(rbac.Action, string) bool
- func (t *RunToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (t *RunToken) ID() string
- func (t *RunToken) IsOwner(string) bool
- func (t *RunToken) IsSiteAdmin() bool
- func (t *RunToken) Organizations() []string
- func (t *RunToken) String() string
- type RunTokenService
- type StartSessionOptions
- type TeamToken
- type TokensService
- type UserToken
Constants ¶
This section is empty.
Variables ¶
var AuthenticatedPrefixes = []string{ tfeapi.APIPrefixV2, tfeapi.ModuleV1Prefix, otfapi.DefaultBasePath, paths.UIPrefix, }
AuthenticatedPrefixes are those URL path prefixes requiring authentication.
Functions ¶
func NewService ¶
func NewSessionToken ¶
func NewTestJWT ¶
func NewTestSessionJWT ¶
func NewToken ¶
func NewToken(opts NewTokenOptions) ([]byte, error)
Types ¶
type AgentToken ¶
type AgentToken struct { ID string `jsonapi:"primary,agent_tokens"` CreatedAt time.Time Description string `jsonapi:"attribute" json:"description"` Organization string `jsonapi:"attribute" json:"organization_name"` }
AgentToken represents the authentication token for an external agent. NOTE: the cryptographic token itself is not retained.
func AgentFromContext ¶
func AgentFromContext(ctx context.Context) (*AgentToken, error)
AgentFromContext retrieves an agent token from a context
func NewAgentToken ¶
func NewAgentToken(opts NewAgentTokenOptions) (*AgentToken, []byte, error)
NewAgentToken constructs a token for an external agent, returning both the representation of the token, and the cryptographic token itself.
TODO(@leg100): Unit test this.
func NewTestAgentToken ¶
func NewTestAgentToken(t *testing.T, org string) *AgentToken
func (*AgentToken) CanAccessOrganization ¶
func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool
func (*AgentToken) CanAccessSite ¶
func (*AgentToken) CanAccessSite(action rbac.Action) bool
func (*AgentToken) CanAccessTeam ¶ added in v0.1.15
func (*AgentToken) CanAccessTeam(rbac.Action, string) bool
func (*AgentToken) CanAccessWorkspace ¶
func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
func (*AgentToken) IsOwner ¶
func (t *AgentToken) IsOwner(string) bool
func (*AgentToken) IsSiteAdmin ¶
func (t *AgentToken) IsSiteAdmin() bool
func (*AgentToken) Organizations ¶
func (t *AgentToken) Organizations() []string
func (*AgentToken) String ¶
func (t *AgentToken) String() string
type CLI ¶ added in v0.1.9
type CLI struct {
TokensService
}
type Client ¶
type Client struct { *otfapi.Client // client doesn't implement all of service yet TokensService }
func (*Client) CreateAgentToken ¶
func (*Client) CreateRunToken ¶
func (*Client) GetAgentToken ¶
type CreateAgentTokenOptions ¶
type CreateOrganizationTokenOptions ¶ added in v0.1.0
type CreateOrganizationTokenOptions struct { Organization string `schema:"organization_name,required"` Expiry *time.Time }
CreateOrganizationTokenOptions are options for creating an organization token via the service endpoint
type CreateRunTokenOptions ¶
type CreateTeamTokenOptions ¶ added in v0.1.15
CreateTeamTokenOptions are options for creating an team token via the service endpoint
type CreateUserTokenOptions ¶
type CreateUserTokenOptions struct {
Description string
}
CreateUserTokenOptions are options for creating a user token via the service endpoint
type GoogleIAPConfig ¶
type GoogleIAPConfig struct {
Audience string
}
type Kind ¶
type Kind string
the Kind of authentication token: user session, user token, agent token, etc
type NewAgentTokenOptions ¶
type NewAgentTokenOptions struct { CreateAgentTokenOptions // contains filtered or unexported fields }
type NewOrganizationTokenOptions ¶ added in v0.1.0
type NewOrganizationTokenOptions struct { CreateOrganizationTokenOptions Organization string // contains filtered or unexported fields }
NewOrganizationTokenOptions are options for constructing a user token via the constructor.
type NewTeamTokenOptions ¶ added in v0.1.15
type NewTeamTokenOptions struct { CreateTeamTokenOptions Team string // contains filtered or unexported fields }
NewTeamTokenOptions are options for constructing a team token via the constructor.
type NewTokenOptions ¶
type NewUserTokenOptions ¶
type NewUserTokenOptions struct { CreateUserTokenOptions Username string // contains filtered or unexported fields }
NewUserTokenOptions are options for constructing a user token via the constructor.
type OrganizationService ¶
type OrganizationService organization.Service
Aliases to disambiguate service names when embedded together.
type OrganizationToken ¶ added in v0.1.0
type OrganizationToken struct { ID string CreatedAt time.Time // Token belongs to an organization Organization string // Optional expiry. Expiry *time.Time }
OrganizationToken provides information about an API token for a user.
func NewOrganizationToken ¶ added in v0.1.0
func NewOrganizationToken(opts NewOrganizationTokenOptions) (*OrganizationToken, []byte, error)
func (*OrganizationToken) CanAccessOrganization ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool
func (*OrganizationToken) CanAccessSite ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool
func (*OrganizationToken) CanAccessTeam ¶ added in v0.1.15
func (u *OrganizationToken) CanAccessTeam(rbac.Action, string) bool
func (*OrganizationToken) CanAccessWorkspace ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
func (*OrganizationToken) IsOwner ¶ added in v0.1.0
func (u *OrganizationToken) IsOwner(organization string) bool
func (*OrganizationToken) IsSiteAdmin ¶ added in v0.1.0
func (u *OrganizationToken) IsSiteAdmin() bool
func (*OrganizationToken) Organizations ¶ added in v0.1.0
func (u *OrganizationToken) Organizations() []string
func (*OrganizationToken) String ¶ added in v0.1.0
func (u *OrganizationToken) String() string
type RunToken ¶
type RunToken struct {
Organization string
}
RunToken is a short-lived token providing a terraform run with access to resources, for example, to access the registry to retrieve modules, or to retrieve the state of other workspaces when using `terraform_remote_state`.
func (*RunToken) CanAccessOrganization ¶
func (*RunToken) CanAccessTeam ¶ added in v0.1.15
func (*RunToken) CanAccessWorkspace ¶
func (*RunToken) IsSiteAdmin ¶
func (*RunToken) Organizations ¶
type RunTokenService ¶
type RunTokenService interface {
CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)
}
type StartSessionOptions ¶
type TeamToken ¶ added in v0.1.15
type TeamToken struct { ID string CreatedAt time.Time // Token belongs to a team TeamID string // Optional expiry. Expiry *time.Time }
TeamToken provides information about an API token for a team.
func NewTeamToken ¶ added in v0.1.15
func NewTeamToken(opts NewTeamTokenOptions) (*TeamToken, []byte, error)
type TokensService ¶
type TokensService interface { Middleware() mux.MiddlewareFunc RunTokenService // contains filtered or unexported methods }