Documentation ¶
Overview ¶
Package auth is not for public use.
The API for packages in the 'private' directory have no stability guarantee.
The packages within the 'private' directory would normally be put into an 'internal' directory to prohibit their use outside the 'mongo' directory. However, some MongoDB tools require very low-level access to the building blocks of a driver, so we have placed them under 'private' to allow these packages to be imported by projects that need them.
These package APIs may be modified in backwards-incompatible ways at any time.
You are strongly discouraged from directly using any packages under 'private'.
Index ¶
- Constants
- func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error
- func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
- func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
- type Authenticator
- type AuthenticatorFactory
- type Config
- type Cred
- type DefaultAuthenticator
- type Error
- type ExtraOptionsSaslClient
- type HandshakeOptions
- type MongoDBAWSAuthenticator
- type MongoDBCRAuthenticator
- type MongoDBX509Authenticator
- type PlainAuthenticator
- type SaslClient
- type SaslClientCloser
- type ScramAuthenticator
- type SpeculativeAuthenticator
- type SpeculativeConversation
Constants ¶
const ( // SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1" SCRAMSHA1 = "SCRAM-SHA-1" // SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256" SCRAMSHA256 = "SCRAM-SHA-256" )
const GSSAPI = "GSSAPI"
GSSAPI is the mechanism name for GSSAPI.
const MONGODBCR = "MONGODB-CR"
MONGODBCR is the mechanism name for MONGODB-CR.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
const MongoDBAWS = "MONGODB-AWS"
MongoDBAWS is the mechanism name for MongoDBAWS.
const MongoDBX509 = "MONGODB-X509"
MongoDBX509 is the mechanism name for MongoDBX509.
const PLAIN = "PLAIN"
PLAIN is the mechanism name for PLAIN.
Variables ¶
This section is empty.
Functions ¶
func ConductSaslConversation ¶
func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error
ConductSaslConversation runs a full SASL conversation to authenticate the given connection.
func Handshaker ¶
func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
Handshaker creates a connection handshaker for the given authenticator.
func RegisterAuthenticatorFactory ¶
func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
RegisterAuthenticatorFactory registers the authenticator factory.
Types ¶
type Authenticator ¶
type Authenticator interface { // Auth authenticates the connection. Auth(context.Context, *Config) error }
Authenticator handles authenticating a connection.
func CreateAuthenticator ¶
func CreateAuthenticator(name string, cred *Cred) (Authenticator, error)
CreateAuthenticator creates an authenticator.
type AuthenticatorFactory ¶
type AuthenticatorFactory func(cred *Cred) (Authenticator, error)
AuthenticatorFactory constructs an authenticator.
type Config ¶
type Config struct { Description description.Server Connection driver.Connection ClusterClock *session.ClusterClock HandshakeInfo driver.HandshakeInformation ServerAPI *driver.ServerAPIOptions HTTPClient *http.Client }
Config holds the information necessary to perform an authentication attempt.
type Cred ¶
type Cred struct { Source string Username string Password string PasswordSet bool Props map[string]string }
Cred is a user's credential.
type DefaultAuthenticator ¶
type DefaultAuthenticator struct { Cred *Cred // contains filtered or unexported fields }
DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.
func (*DefaultAuthenticator) Auth ¶
func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the connection.
func (*DefaultAuthenticator) CreateSpeculativeConversation ¶
func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error is an error that occurred during authentication.
type ExtraOptionsSaslClient ¶
ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.
type HandshakeOptions ¶
type HandshakeOptions struct { AppName string Authenticator Authenticator Compressors []string DBUser string PerformAuthentication func(description.Server) bool ClusterClock *session.ClusterClock ServerAPI *driver.ServerAPIOptions LoadBalanced bool HTTPClient *http.Client }
HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.
type MongoDBAWSAuthenticator ¶
type MongoDBAWSAuthenticator struct {
// contains filtered or unexported fields
}
MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.
type MongoDBCRAuthenticator ¶
MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
type MongoDBX509Authenticator ¶
type MongoDBX509Authenticator struct {
User string
}
MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.
func (*MongoDBX509Authenticator) Auth ¶
func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the provided connection by conducting an X509 authentication conversation.
func (*MongoDBX509Authenticator) CreateSpeculativeConversation ¶
func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for X509 authentication.
type PlainAuthenticator ¶
PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.
type SaslClient ¶
type SaslClient interface { Start() (string, []byte, error) Next(challenge []byte) ([]byte, error) Completed() bool }
SaslClient is the client piece of a sasl conversation.
type SaslClientCloser ¶
type SaslClientCloser interface { SaslClient Close() }
SaslClientCloser is a SaslClient that has resources to clean up.
type ScramAuthenticator ¶
type ScramAuthenticator struct {
// contains filtered or unexported fields
}
ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.
func (*ScramAuthenticator) Auth ¶
func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the provided connection by conducting a full SASL conversation.
func (*ScramAuthenticator) CreateSpeculativeConversation ¶
func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
type SpeculativeAuthenticator ¶
type SpeculativeAuthenticator interface {
CreateSpeculativeConversation() (SpeculativeConversation, error)
}
SpeculativeAuthenticator represents an authenticator that supports speculative authentication.
type SpeculativeConversation ¶
type SpeculativeConversation interface { FirstMessage() (bsoncore.Document, error) Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error }
SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.
FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.
Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.