auth

package
v0.10.11-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 16, 2021 License: Apache-2.0 Imports: 23 Imported by: 57

Documentation

Overview

Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the Apache v2.0 license.

Index

Constants

View Source 
const (
	ClientTokenName       = ".token"
	ClientCertName        = "wssd.pem"
	ClientTokenPath       = "WSSD_CLIENT_TOKEN"
	WssdConfigPath        = "WSSD_CONFIG_PATH"
	DefaultWSSDFolder     = ".wssd"
	AccessFileDefaultName = "cloudconfig"
	ServerName            = "ServerName"
)
View Source 
const (
	CloudAgentServerPort         int     = 55000
	CertificateValidityThreshold float64 = (30.0 / 100.0)
	DefaultServerContextTimeout          = 10 * time.Minute
)

Variables

This section is empty.

Functions

func AccessFileToTls 

func AccessFileToTls(accessFile WssdConfig) ([]byte, tls.Certificate, error)

func GetMocConfigLocationName added in v0.10.7 

func GetMocConfigLocationName(subfolder, filename string) string

GetWssdConfigLocationName gets the path for access filename from environment + subfolder with file name fileName

func GetServerCertificateFromHash added in v0.10.6 

func GetServerCertificateFromHash(server, caCertHash string) (string, error)

func GetWssdConfigLocation 

func GetWssdConfigLocation() string

GetWssdConfigLocation gets the path for access file from environment

func Hash added in v0.10.6 

func Hash(certificate *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow).

func LoginTypeToAuthType added in v0.10.8 

func LoginTypeToAuthType(authType string) common.AuthenticationType

func NewPublicKeyVerifier added in v0.10.6 

func NewPublicKeyVerifier() *publicKeyVerifier

func PrintAccessFile 

func PrintAccessFile(accessFile WssdConfig) error

PrintAccessFile stores wssdConfig in WssdConfigLocation

func PrintAccessFileByName added in v0.10.7 

func PrintAccessFileByName(accessFile WssdConfig, subfolder, filename string) error

PrintAccessFileByName stores wssdConfig in GetWssdConfigLocationName

func ReadAccessFileToTls added in v0.10.5 

func ReadAccessFileToTls(accessFileLocation string) ([]byte, tls.Certificate, error)

func RenewCertificates added in v0.10.8 

func RenewCertificates(server string, wssdConfigLocation string) error

renewCertificates picks the wssdconfig from the location performs a renewal if close to expiry and stores the same back to the location

func SaveToken 

func SaveToken(tokenStr string) error

func TransportCredentialsFromFile 

func TransportCredentialsFromFile(wssdConfigLocation string, server string) credentials.TransportCredentials

func TransportCredentialsFromNode 

func TransportCredentialsFromNode(tlsCert tls.Certificate, serverCertificate []byte, server string) credentials.TransportCredentials

Types

type Authorizer 

type Authorizer interface {
	WithTransportAuthorization() credentials.TransportCredentials
	WithRPCAuthorization() credentials.PerRPCCredentials
}

func NewAuthorizerForAuth 

func NewAuthorizerForAuth(tokenString string, certificate string, server string) (Authorizer, error)

func NewAuthorizerForAuthFromCACertHash added in v0.10.6 

func NewAuthorizerForAuthFromCACertHash(tokenString string, cacerthash string, server string) (Authorizer, error)

func NewAuthorizerFromEnvironment 

func NewAuthorizerFromEnvironment(serverName string) (Authorizer, error)

func NewAuthorizerFromEnvironmentByName added in v0.10.7 

func NewAuthorizerFromEnvironmentByName(serverName, subfolder, filename string) (Authorizer, error)

func NewAuthorizerFromInput 

func NewAuthorizerFromInput(tlsCert tls.Certificate, serverCertificate []byte, server string) (Authorizer, error)

type BearerAuthorizer 

type BearerAuthorizer struct {
	// contains filtered or unexported fields
}

BearerAuthorizer implements the bearer authorization

func NewBearerAuthorizer 

func NewBearerAuthorizer(tp JwtTokenProvider, tc credentials.TransportCredentials) *BearerAuthorizer

NewBearerAuthorizer crates a BearerAuthorizer using the given token provider

func (*BearerAuthorizer) WithRPCAuthorization 

func (ba *BearerAuthorizer) WithRPCAuthorization() credentials.PerRPCCredentials

func (*BearerAuthorizer) WithTransportAuthorization 

func (ba *BearerAuthorizer) WithTransportAuthorization() credentials.TransportCredentials

type ClientType added in v0.10.9 

type ClientType string
const (
	Admin          ClientType = "Admin"
	BareMetal      ClientType = "BareMetal"
	ControlPlane   ClientType = "ControlPlane"
	ExternalClient ClientType = "ExternalClient"
	LoadBalancer   ClientType = "LoadBalancer"
	Node           ClientType = "Node"
)

type EnvironmentSettings 

type EnvironmentSettings struct {
	Values map[string]string
}

EnvironmentSettings contains the available authentication settings.

func GetSettingsFromEnvironment 

func GetSettingsFromEnvironment(serverName string) (s EnvironmentSettings, err error)

GetSettingsFromEnvironment Read settings from WssdConfigLocation

func GetSettingsFromEnvironmentByName added in v0.10.7 

func GetSettingsFromEnvironmentByName(serverName, subfolder, filename string) (s EnvironmentSettings, err error)

GetSettingsFromEnvironmentByName Read settings from GetWssdConfigLocationName

func (EnvironmentSettings) GetAuthorizer 

func (settings EnvironmentSettings) GetAuthorizer() (Authorizer, error)

func (EnvironmentSettings) GetManagedIdentityConfig 

func (settings EnvironmentSettings) GetManagedIdentityConfig() ManagedIdentityConfig

type JwtTokenProvider 

type JwtTokenProvider struct {
	RawData string `json:"rawdata"`
}

func TokenProviderFromFile 

func TokenProviderFromFile(tokenLocation string) JwtTokenProvider

func (JwtTokenProvider) GetRequestMetadata 

func (c JwtTokenProvider) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)

func (JwtTokenProvider) RequireTransportSecurity 

func (c JwtTokenProvider) RequireTransportSecurity() bool

type LoginConfig 

type LoginConfig struct {
	Name          string     `json:"name,omitempty"`
	Token         string     `json:"token,omitempty"`
	Certificate   string     `json:"certificate,omitempty"`
	ClientType    ClientType `json:"clienttype,omitempty"`
	CloudFqdn     string     `json:"cloudfqdn,omitempty"`
	CloudPort     int32      `json:"cloudport,omitempty"`
	CloudAuthPort int32      `json:"cloudauthport,omitempty"`
	CACertHash    string     `json:"cacerthash,omitempty"`
	Location      string     `json:"location,omitempty"`
	Type          LoginType  `json:"type,omitempty"`
}

type LoginType added in v0.10.7 

type LoginType string

LoginType 

const (
	// SelfSigned ...
	SelfSigned LoginType = "Self-Signed"
	// CASigned ...
	CASigned LoginType = "CA-Signed"
)

func AuthTypeToLoginType added in v0.10.8 

func AuthTypeToLoginType(authType common.AuthenticationType) LoginType

type ManagedIdentityConfig 

type ManagedIdentityConfig struct {
	ClientTokenPath string
	WssdConfigPath  string
	ServerName      string
}

func (ManagedIdentityConfig) Authorizer 

func (mc ManagedIdentityConfig) Authorizer() (Authorizer, error)

type Set added in v0.10.6 

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of pinned x509 public keys.

func NewSet added in v0.10.6 

func NewSet() *Set

NewSet returns a new, empty PubKeyPinSet

func (*Set) Allow added in v0.10.6 

func (s *Set) Allow(pubKeyHashes ...string) error

Allow adds an allowed public key hash to the Set

func (*Set) CheckAny added in v0.10.6 

func (s *Set) CheckAny(certificates []*x509.Certificate) error

CheckAny checks if at least one certificate matches one of the public keys in the set

type WssdConfig 

type WssdConfig struct {
	CloudCertificate      string
	ClientCertificate     string
	ClientKey             string
	ClientCertificateType LoginType
	IdentityName          string
}

func GenerateClientCsr added in v0.10.7 

func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error)

func GenerateClientKey 

func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error)

GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation If the file exists the values from the fie is returned

func GenerateClientKeyWithName added in v0.10.7 

func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error)

GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName If the file exists the values from the fie is returned

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.