tokens

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2023 License: MPL-2.0 Imports: 39 Imported by: 0

Documentation

Overview

Package tokens manages token authentication

Index

Constants

This section is empty.

Variables

AuthenticatedPrefixes are those URL path prefixes requiring authentication.

Functions

func NewAgentsCommand added in v0.1.9

func NewAgentsCommand(api *otfapi.Client) *cobra.Command

func NewService

func NewService(opts Options) (*service, error)

func NewSessionToken

func NewSessionToken(key jwk.Key, username string, expiry time.Time) (string, error)

func NewTestJWT

func NewTestJWT(t *testing.T, secret []byte, kind Kind, lifetime time.Duration, claims ...string) string

func NewTestSessionJWT

func NewTestSessionJWT(t *testing.T, username string, secret []byte, lifetime time.Duration) string

func NewToken

func NewToken(opts NewTokenOptions) ([]byte, error)

Types

type AgentToken

type AgentToken struct {
	ID           string `jsonapi:"primary,agent_tokens"`
	CreatedAt    time.Time
	Description  string `jsonapi:"attribute" json:"description"`
	Organization string `jsonapi:"attribute" json:"organization_name"`
}

AgentToken represents the authentication token for an external agent. NOTE: the cryptographic token itself is not retained.

func AgentFromContext

func AgentFromContext(ctx context.Context) (*AgentToken, error)

AgentFromContext retrieves an agent token from a context

func NewAgentToken

func NewAgentToken(opts NewAgentTokenOptions) (*AgentToken, []byte, error)

NewAgentToken constructs a token for an external agent, returning both the representation of the token, and the cryptographic token itself.

TODO(@leg100): Unit test this.

func NewTestAgentToken

func NewTestAgentToken(t *testing.T, org string) *AgentToken

func (*AgentToken) CanAccessOrganization

func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool

func (*AgentToken) CanAccessSite

func (*AgentToken) CanAccessSite(action rbac.Action) bool

func (*AgentToken) CanAccessTeam added in v0.1.15

func (*AgentToken) CanAccessTeam(rbac.Action, string) bool

func (*AgentToken) CanAccessWorkspace

func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*AgentToken) IsOwner

func (t *AgentToken) IsOwner(string) bool

func (*AgentToken) IsSiteAdmin

func (t *AgentToken) IsSiteAdmin() bool

func (*AgentToken) Organizations

func (t *AgentToken) Organizations() []string

func (*AgentToken) String

func (t *AgentToken) String() string

type CLI added in v0.1.9

type CLI struct {
	TokensService
}

type Client

type Client struct {
	*otfapi.Client

	// client doesn't implement all of service yet
	TokensService
}

func NewClient added in v0.1.9

func NewClient(api *otfapi.Client) (*Client, error)

func (*Client) CreateAgentToken

func (c *Client) CreateAgentToken(ctx context.Context, opts CreateAgentTokenOptions) ([]byte, error)

func (*Client) CreateRunToken

func (c *Client) CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)

func (*Client) GetAgentToken

func (c *Client) GetAgentToken(ctx context.Context, token string) (*AgentToken, error)

type CreateAgentTokenOptions

type CreateAgentTokenOptions struct {
	Organization string `json:"organization_name" schema:"organization_name,required"`
	Description  string `json:"description" schema:"description,required"`
}

type CreateOrganizationTokenOptions added in v0.1.0

type CreateOrganizationTokenOptions struct {
	Organization string `schema:"organization_name,required"`
	Expiry       *time.Time
}

CreateOrganizationTokenOptions are options for creating an organization token via the service endpoint

type CreateRunTokenOptions

type CreateRunTokenOptions struct {
	Organization *string    `json:"organization"` // Organization of run. Required.
	RunID        *string    `json:"run_id"`       // ID of run. Required.
	Expiry       *time.Time // Override expiry. Optional.
}

type CreateTeamTokenOptions added in v0.1.15

type CreateTeamTokenOptions struct {
	TeamID string
	Expiry *time.Time
}

CreateTeamTokenOptions are options for creating an team token via the service endpoint

type CreateUserTokenOptions

type CreateUserTokenOptions struct {
	Description string
}

CreateUserTokenOptions are options for creating a user token via the service endpoint

type GoogleIAPConfig

type GoogleIAPConfig struct {
	Audience string
}

type Kind

type Kind string

the Kind of authentication token: user session, user token, agent token, etc

type NewAgentTokenOptions

type NewAgentTokenOptions struct {
	CreateAgentTokenOptions
	// contains filtered or unexported fields
}

type NewOrganizationTokenOptions added in v0.1.0

type NewOrganizationTokenOptions struct {
	CreateOrganizationTokenOptions
	Organization string
	// contains filtered or unexported fields
}

NewOrganizationTokenOptions are options for constructing a user token via the constructor.

type NewTeamTokenOptions added in v0.1.15

type NewTeamTokenOptions struct {
	CreateTeamTokenOptions
	Team string
	// contains filtered or unexported fields
}

NewTeamTokenOptions are options for constructing a team token via the constructor.

type NewTokenOptions

type NewTokenOptions struct {
	Kind    Kind
	Subject string
	Expiry  *time.Time
	Claims  map[string]string
	// contains filtered or unexported fields
}

type NewUserTokenOptions

type NewUserTokenOptions struct {
	CreateUserTokenOptions
	Username string
	// contains filtered or unexported fields
}

NewUserTokenOptions are options for constructing a user token via the constructor.

type Options

type Options struct {
	logr.Logger
	*sql.DB
	*tfeapi.Responder
	html.Renderer
	auth.AuthService
	GoogleIAPConfig

	SiteToken string
	Secret    []byte
}

type OrganizationService

type OrganizationService organization.Service

Aliases to disambiguate service names when embedded together.

type OrganizationToken added in v0.1.0

type OrganizationToken struct {
	ID        string
	CreatedAt time.Time

	// Token belongs to an organization
	Organization string
	// Optional expiry.
	Expiry *time.Time
}

OrganizationToken provides information about an API token for a user.

func NewOrganizationToken added in v0.1.0

func NewOrganizationToken(opts NewOrganizationTokenOptions) (*OrganizationToken, []byte, error)

func (*OrganizationToken) CanAccessOrganization added in v0.1.0

func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool

func (*OrganizationToken) CanAccessSite added in v0.1.0

func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool

func (*OrganizationToken) CanAccessTeam added in v0.1.15

func (u *OrganizationToken) CanAccessTeam(rbac.Action, string) bool

func (*OrganizationToken) CanAccessWorkspace added in v0.1.0

func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*OrganizationToken) IsOwner added in v0.1.0

func (u *OrganizationToken) IsOwner(organization string) bool

func (*OrganizationToken) IsSiteAdmin added in v0.1.0

func (u *OrganizationToken) IsSiteAdmin() bool

func (*OrganizationToken) Organizations added in v0.1.0

func (u *OrganizationToken) Organizations() []string

func (*OrganizationToken) String added in v0.1.0

func (u *OrganizationToken) String() string

type RunToken

type RunToken struct {
	Organization string
}

RunToken is a short-lived token providing a terraform run with access to resources, for example, to access the registry to retrieve modules, or to retrieve the state of other workspaces when using `terraform_remote_state`.

func NewRunTokenFromJWT

func NewRunTokenFromJWT(token jwt.Token) (*RunToken, error)

func (*RunToken) CanAccessOrganization

func (t *RunToken) CanAccessOrganization(action rbac.Action, name string) bool

func (*RunToken) CanAccessSite

func (t *RunToken) CanAccessSite(action rbac.Action) bool

func (*RunToken) CanAccessTeam added in v0.1.15

func (t *RunToken) CanAccessTeam(rbac.Action, string) bool

func (*RunToken) CanAccessWorkspace

func (t *RunToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool

func (*RunToken) ID

func (t *RunToken) ID() string

func (*RunToken) IsOwner

func (t *RunToken) IsOwner(string) bool

func (*RunToken) IsSiteAdmin

func (t *RunToken) IsSiteAdmin() bool

func (*RunToken) Organizations

func (t *RunToken) Organizations() []string

func (*RunToken) String

func (t *RunToken) String() string

type RunTokenService

type RunTokenService interface {
	CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)
}

type StartSessionOptions

type StartSessionOptions struct {
	Username *string
	Expiry   *time.Time
}

type TeamToken added in v0.1.15

type TeamToken struct {
	ID        string
	CreatedAt time.Time

	// Token belongs to a team
	TeamID string
	// Optional expiry.
	Expiry *time.Time
}

TeamToken provides information about an API token for a team.

func NewTeamToken added in v0.1.15

func NewTeamToken(opts NewTeamTokenOptions) (*TeamToken, []byte, error)

func (*TeamToken) LogValue added in v0.1.15

func (t *TeamToken) LogValue() slog.Value

type TokensService

type TokensService interface {
	Middleware() mux.MiddlewareFunc

	RunTokenService
	// contains filtered or unexported methods
}

type UserToken

type UserToken struct {
	ID          string
	CreatedAt   time.Time
	Description string
	Username    string // Token belongs to a user
}

UserToken provides information about an API token for a user.

func NewTestToken

func NewTestToken(t *testing.T, org string) *UserToken

func NewUserToken

func NewUserToken(opts NewUserTokenOptions) (*UserToken, []byte, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL