Documentation ¶
Overview ¶
A minimal UI for simple testing via a UI without Vault
Index ¶
- Constants
- func Factory(ctx context.Context, c *logical.BackendConfig) (logical.Backend, error)
- func ProviderMap() map[string]CustomProvider
- type AzureProvider
- type CLIHandler
- type CustomProvider
- type GSuiteProvider
- func (g *GSuiteProvider) FetchGroups(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, ...) (interface{}, error)
- func (g *GSuiteProvider) FetchUserInfo(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, ...) error
- func (g *GSuiteProvider) Initialize(ctx context.Context, jc *jwtConfig) error
- func (g *GSuiteProvider) SensitiveKeys() []string
- type GSuiteProviderConfig
- type GroupsFetcher
- type IBMISAMProvider
- type SecureAuthProvider
- type UserInfoFetcher
Constants ¶
const ( FieldCallbackHost = "callbackhost" FieldCallbackMethod = "callbackmethod" FieldCallbackMode = "callbackmode" FieldListenAddress = "listenaddress" FieldPort = "port" FieldCallbackPort = "callbackport" FieldSkipBrowser = "skip_browser" FieldAbortOnError = "abort_on_error" )
const ( StaticKeys = iota JWKS OIDCDiscovery OIDCFlow )
Variables ¶
This section is empty.
Functions ¶
func ProviderMap ¶
func ProviderMap() map[string]CustomProvider
ProviderMap returns a map of provider names to custom types
Types ¶
type AzureProvider ¶
type AzureProvider struct {
// contains filtered or unexported fields
}
AzureProvider is used for Azure-specific configuration
func (*AzureProvider) FetchGroups ¶
func (a *AzureProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, tokenSource oauth2.TokenSource) (interface{}, error)
FetchGroups - custom groups fetching for azure - satisfying GroupsFetcher interface
func (*AzureProvider) Initialize ¶
func (a *AzureProvider) Initialize(_ context.Context, _ *jwtConfig) error
Initialize anything in the AzureProvider struct - satisfying the CustomProvider interface
func (*AzureProvider) SensitiveKeys ¶
func (a *AzureProvider) SensitiveKeys() []string
SensitiveKeys - satisfying the CustomProvider interface
type CLIHandler ¶
type CLIHandler struct{}
type CustomProvider ¶
type CustomProvider interface { // Initialize should validate jwtConfig.ProviderConfig, set internal values // and run any initialization necessary for subsequent calls to interface // functions the provider implements Initialize(context.Context, *jwtConfig) error // SensitiveKeys returns any fields in a provider's jwtConfig.ProviderConfig // that should be masked or omitted when output SensitiveKeys() []string }
CustomProvider - Any custom provider must implement this interface
func NewProviderConfig ¶
func NewProviderConfig(ctx context.Context, jc *jwtConfig, providerMap map[string]CustomProvider) (CustomProvider, error)
NewProviderConfig - returns appropriate provider struct if provider_config is specified in jwtConfig. The provider map is provider name -to- instance of a CustomProvider.
type GSuiteProvider ¶
type GSuiteProvider struct {
// contains filtered or unexported fields
}
GSuiteProvider provides G Suite-specific configuration and behavior.
func (*GSuiteProvider) FetchGroups ¶
func (g *GSuiteProvider) FetchGroups(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, _ oauth2.TokenSource) (interface{}, error)
FetchGroups fetches and returns groups from G Suite.
func (*GSuiteProvider) FetchUserInfo ¶
func (g *GSuiteProvider) FetchUserInfo(ctx context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole) error
FetchUserInfo fetches additional user information from G Suite using custom schemas.
func (*GSuiteProvider) Initialize ¶
func (g *GSuiteProvider) Initialize(ctx context.Context, jc *jwtConfig) error
Initialize initializes the GSuiteProvider by validating and creating configuration.
func (*GSuiteProvider) SensitiveKeys ¶
func (g *GSuiteProvider) SensitiveKeys() []string
SensitiveKeys returns keys that should be redacted when reading the config of this provider
type GSuiteProviderConfig ¶
type GSuiteProviderConfig struct { // The path to or contents of a Google service account key file. Optional. // If left unspecified, Application Default Credentials will be used. ServiceAccount string `mapstructure:"gsuite_service_account"` // Email address of a Google Workspace user that has access to read users // and groups for the organization in the Google Workspace Directory API. // Required if accessing the Google Workspace Directory API through // domain-wide delegation of authority. AdminImpersonateEmail string `mapstructure:"gsuite_admin_impersonate"` // Service account email that has been granted domain-wide delegation of // authority in Google Workspace. Required if accessing the Google // Workspace Directory API through domain-wide delegation of authority, // without using a service account key. The service account vault is // running under must be granted the `iam.serviceAccounts.signJwt` // permission on this service account. If AdminImpersonateEmail is // specifed, that Workspace user will be impersonated. ImpersonatePrincipal string `mapstructure:"impersonate_principal"` // If set to true, groups will be fetched from the Google Workspace // Directory API. FetchGroups bool `mapstructure:"fetch_groups"` // If set to true, user info will be fetched from the Google Workspace // Directory API using UserCustomSchemas. FetchUserInfo bool `mapstructure:"fetch_user_info"` // Group membership recursion max depth (0 = do not recurse). GroupsRecurseMaxDepth int `mapstructure:"groups_recurse_max_depth"` // Comma-separated list of G Suite custom schemas to fetch as claims. UserCustomSchemas string `mapstructure:"user_custom_schemas"` // The domain to get groups from. Set this if your workspace is // configured with more than one domain. Domain string `mapstructure:"domain"` }
GSuiteProviderConfig represents the configuration for a GSuiteProvider.
type GroupsFetcher ¶
type GroupsFetcher interface { // FetchGroups queries for groups claims during login FetchGroups(context.Context, *jwtAuthBackend, map[string]interface{}, *jwtRole, oauth2.TokenSource) (interface{}, error) }
GroupsFetcher - Optional support for custom groups handling
type IBMISAMProvider ¶
type IBMISAMProvider struct{}
IBMISAMProvider is used for IBMISAM-specific configuration
func (*IBMISAMProvider) FetchGroups ¶
func (a *IBMISAMProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, _ oauth2.TokenSource) (interface{}, error)
FetchGroups - custom groups fetching for ibmisam - satisfying GroupsFetcher interface IBMISAM by default will return groups not as a json list but as a list of space seperated strings We need to convert this to a json list
func (*IBMISAMProvider) Initialize ¶
func (a *IBMISAMProvider) Initialize(_ context.Context, _ *jwtConfig) error
Initialize anything in the IBMISAMProvider struct - satisfying the CustomProvider interface
func (*IBMISAMProvider) SensitiveKeys ¶
func (a *IBMISAMProvider) SensitiveKeys() []string
SensitiveKeys - satisfying the CustomProvider interface
type SecureAuthProvider ¶
type SecureAuthProvider struct{}
SecureAuthProvider is used for SecureAuth-specific configuration
func (*SecureAuthProvider) FetchGroups ¶
func (a *SecureAuthProvider) FetchGroups(_ context.Context, b *jwtAuthBackend, allClaims map[string]interface{}, role *jwtRole, _ oauth2.TokenSource) (interface{}, error)
FetchGroups - custom groups fetching for secureauth - satisfying GroupsFetcher interface SecureAuth by default will return groups not as a json list but as a list of comma seperated strings We need to convert this to a json list
func (*SecureAuthProvider) Initialize ¶
func (a *SecureAuthProvider) Initialize(_ context.Context, _ *jwtConfig) error
Initialize anything in the SecureAuthProvider struct - satisfying the CustomProvider interface
func (*SecureAuthProvider) SensitiveKeys ¶
func (a *SecureAuthProvider) SensitiveKeys() []string
SensitiveKeys - satisfying the CustomProvider interface