Documentation ¶
Overview ¶
Package tokens manages token authentication
Index ¶
- func NewService(opts Options) (*service, error)
- func NewSessionToken(key jwk.Key, username string, expiry time.Time) (string, error)
- func NewTestJWT(t *testing.T, secret []byte, kind Kind, lifetime time.Duration, ...) string
- func NewTestSessionJWT(t *testing.T, username string, secret []byte, lifetime time.Duration) string
- func NewToken(opts NewTokenOptions) ([]byte, error)
- type AgentToken
- func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool
- func (*AgentToken) CanAccessSite(action rbac.Action) bool
- func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (t *AgentToken) IsOwner(string) bool
- func (t *AgentToken) IsSiteAdmin() bool
- func (t *AgentToken) Organizations() []string
- func (t *AgentToken) String() string
- type Client
- type CreateAgentTokenOptions
- type CreateOrganizationTokenOptions
- type CreateRunTokenOptions
- type CreateUserTokenOptions
- type GoogleIAPConfig
- type Kind
- type NewAgentTokenOptions
- type NewOrganizationTokenOptions
- type NewTokenOptions
- type NewUserTokenOptions
- type Options
- type OrganizationService
- type OrganizationToken
- func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool
- func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool
- func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (u *OrganizationToken) IsOwner(organization string) bool
- func (u *OrganizationToken) IsSiteAdmin() bool
- func (u *OrganizationToken) Organizations() []string
- func (u *OrganizationToken) String() string
- type RunToken
- func (t *RunToken) CanAccessOrganization(action rbac.Action, name string) bool
- func (t *RunToken) CanAccessSite(action rbac.Action) bool
- func (t *RunToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (t *RunToken) ID() string
- func (t *RunToken) IsOwner(string) bool
- func (t *RunToken) IsSiteAdmin() bool
- func (t *RunToken) Organizations() []string
- func (t *RunToken) String() string
- type RunTokenService
- type StartSessionOptions
- type TokensService
- type UserToken
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewService ¶
func NewSessionToken ¶
func NewTestJWT ¶
func NewTestSessionJWT ¶
func NewToken ¶
func NewToken(opts NewTokenOptions) ([]byte, error)
Types ¶
type AgentToken ¶
AgentToken represents the authentication token for an external agent. NOTE: the cryptographic token itself is not retained.
func AgentFromContext ¶
func AgentFromContext(ctx context.Context) (*AgentToken, error)
AgentFromContext retrieves an agent token from a context
func NewAgentToken ¶
func NewAgentToken(opts NewAgentTokenOptions) (*AgentToken, []byte, error)
NewAgentToken constructs a token for an external agent, returning both the representation of the token, and the cryptographic token itself.
TODO(@leg100): Unit test this.
func NewTestAgentToken ¶
func NewTestAgentToken(t *testing.T, org string) *AgentToken
func (*AgentToken) CanAccessOrganization ¶
func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool
func (*AgentToken) CanAccessSite ¶
func (*AgentToken) CanAccessSite(action rbac.Action) bool
func (*AgentToken) CanAccessWorkspace ¶
func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
func (*AgentToken) IsOwner ¶
func (t *AgentToken) IsOwner(string) bool
func (*AgentToken) IsSiteAdmin ¶
func (t *AgentToken) IsSiteAdmin() bool
func (*AgentToken) Organizations ¶
func (t *AgentToken) Organizations() []string
func (*AgentToken) String ¶
func (t *AgentToken) String() string
type Client ¶
type Client struct {
internal.JSONAPIClient
}
func (*Client) CreateAgentToken ¶
func (*Client) CreateRunToken ¶
CreateRunToken creates a run token via HTTP/JSONAPI
func (*Client) GetAgentToken ¶
type CreateAgentTokenOptions ¶
type CreateOrganizationTokenOptions ¶ added in v0.1.0
type CreateOrganizationTokenOptions struct { Organization string `schema:"organization_name,required"` Expiry *time.Time }
CreateOrganizationTokenOptions are options for creating an organization token via the service endpoint
type CreateRunTokenOptions ¶
type CreateUserTokenOptions ¶
type CreateUserTokenOptions struct {
Description string
}
CreateUserTokenOptions are options for creating a user token via the service endpoint
type GoogleIAPConfig ¶
type GoogleIAPConfig struct {
Audience string
}
type Kind ¶
type Kind string
the Kind of authentication token: user session, user token, agent token, etc
type NewAgentTokenOptions ¶
type NewAgentTokenOptions struct { CreateAgentTokenOptions // contains filtered or unexported fields }
type NewOrganizationTokenOptions ¶ added in v0.1.0
type NewOrganizationTokenOptions struct { CreateOrganizationTokenOptions Organization string // contains filtered or unexported fields }
NewOrganizationTokenOptions are options for constructing a user token via the constructor.
type NewTokenOptions ¶
type NewUserTokenOptions ¶
type NewUserTokenOptions struct { CreateUserTokenOptions Username string // contains filtered or unexported fields }
NewUserTokenOptions are options for constructing a user token via the constructor.
type OrganizationService ¶
type OrganizationService organization.Service
Aliases to disambiguate service names when embedded together.
type OrganizationToken ¶ added in v0.1.0
type OrganizationToken struct { ID string CreatedAt time.Time // Token belongs to an organization Organization string // Optional expiry. Expiry *time.Time }
OrganizationToken provides information about an API token for a user.
func NewOrganizationToken ¶ added in v0.1.0
func NewOrganizationToken(opts NewOrganizationTokenOptions) (*OrganizationToken, []byte, error)
func (*OrganizationToken) CanAccessOrganization ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessOrganization(action rbac.Action, org string) bool
func (*OrganizationToken) CanAccessSite ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessSite(action rbac.Action) bool
func (*OrganizationToken) CanAccessWorkspace ¶ added in v0.1.0
func (u *OrganizationToken) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
func (*OrganizationToken) IsOwner ¶ added in v0.1.0
func (u *OrganizationToken) IsOwner(organization string) bool
func (*OrganizationToken) IsSiteAdmin ¶ added in v0.1.0
func (u *OrganizationToken) IsSiteAdmin() bool
func (*OrganizationToken) Organizations ¶ added in v0.1.0
func (u *OrganizationToken) Organizations() []string
func (*OrganizationToken) String ¶ added in v0.1.0
func (u *OrganizationToken) String() string
type RunToken ¶
type RunToken struct {
Organization string
}
RunToken is a short-lived token providing a terraform run with access to resources, for example, to access the registry to retrieve modules, or to retrieve the state of other workspaces when using `terraform_remote_state`.
func (*RunToken) CanAccessOrganization ¶
func (*RunToken) CanAccessWorkspace ¶
func (*RunToken) IsSiteAdmin ¶
func (*RunToken) Organizations ¶
type RunTokenService ¶
type RunTokenService interface {
CreateRunToken(ctx context.Context, opts CreateRunTokenOptions) ([]byte, error)
}
type StartSessionOptions ¶
type TokensService ¶
type TokensService interface { Middleware() mux.MiddlewareFunc RunTokenService // contains filtered or unexported methods }