tokens

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2022 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Package tokens provides information and interaction with the token API resource for the Enterprise Cloud Identity service.

Example to Create a Token From a Username and Password

authOptions := tokens.AuthOptions{
	UserID:   "username",
	Password: "password",
}

token, err := tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to Create a Token From a Username, Password, and Domain

authOptions := tokens.AuthOptions{
	UserID:   "username",
	Password: "password",
	DomainID: "default",
}

token, err := tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

authOptions = tokens.AuthOptions{
	UserID:     "username",
	Password:   "password",
	DomainName: "default",
}

token, err = tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to Create a Token From a Token

authOptions := tokens.AuthOptions{
	TokenID: "token_id",
}

token, err := tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to Create a Token from a Username and Password with Project ID Scope

scope := tokens.Scope{
	ProjectID: "0fe36e73809d46aeae6705c39077b1b3",
}

authOptions := tokens.AuthOptions{
	Scope:    &scope,
	UserID:   "username",
	Password: "password",
}

token, err = tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to Create a Token from a Username and Password with Domain ID Scope

scope := tokens.Scope{
	DomainID: "default",
}

authOptions := tokens.AuthOptions{
	Scope:    &scope,
	UserID:   "username",
	Password: "password",
}

token, err = tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Example to Create a Token from a Username and Password with Project Name Scope

scope := tokens.Scope{
	ProjectName: "project_name",
	DomainID:    "default",
}

authOptions := tokens.AuthOptions{
	Scope:    &scope,
	UserID:   "username",
	Password: "password",
}

token, err = tokens.Create(identityClient, authOptions).ExtractToken()
if err != nil {
	panic(err)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Validate

func Validate(c *eclcloud.ServiceClient, token string) (bool, error)

Validate determines if a specified token is valid or not.

Types

type AuthOptions

type AuthOptions struct {
	// IdentityEndpoint specifies the HTTP endpoint that is required to work with
	// the Identity API of the appropriate version. While it's ultimately needed
	// by all of the identity services, it will often be populated by a
	// provider-level function.
	IdentityEndpoint string `json:"-"`

	// Username is required if using Identity V2 API. Consult with your provider's
	// control panel to discover your account's username. In Identity V3, either
	// UserID or a combination of Username and DomainID or DomainName are needed.
	Username string `json:"username,omitempty"`
	UserID   string `json:"id,omitempty"`

	Password string `json:"password,omitempty"`

	// At most one of DomainID and DomainName must be provided if using Username
	// with Identity V3. Otherwise, either are optional.
	DomainID   string `json:"-"`
	DomainName string `json:"name,omitempty"`

	// AllowReauth should be set to true if you grant permission for Eclcloud
	// to cache your credentials in memory, and to allow Eclcloud to attempt
	// to re-authenticate automatically if/when your token expires.  If you set
	// it to false, it will not cache these settings, but re-authentication will
	// not be possible.  This setting defaults to false.
	AllowReauth bool `json:"-"`

	// TokenID allows users to authenticate (possibly as another user) with an
	// authentication token ID.
	TokenID string `json:"-"`

	// Authentication through Application Credentials requires supplying name, project and secret
	// For project we can use TenantID
	ApplicationCredentialID     string `json:"-"`
	ApplicationCredentialName   string `json:"-"`
	ApplicationCredentialSecret string `json:"-"`

	Scope Scope `json:"-"`
}

AuthOptions represents options for authenticating a user.

func (*AuthOptions) CanReauth

func (opts *AuthOptions) CanReauth() bool

func (*AuthOptions) ToTokenV3CreateMap

func (opts *AuthOptions) ToTokenV3CreateMap(scope map[string]interface{}) (map[string]interface{}, error)

ToTokenV3CreateMap builds a request body from AuthOptions.

func (*AuthOptions) ToTokenV3ScopeMap

func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)

ToTokenV3CreateMap builds a scope request body from AuthOptions.

type AuthOptionsBuilder

type AuthOptionsBuilder interface {
	// ToTokenV3CreateMap assembles the Create request body, returning an error
	// if parameters are missing or inconsistent.
	ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)
	ToTokenV3ScopeMap() (map[string]interface{}, error)
	CanReauth() bool
}

AuthOptionsBuilder provides the ability for extensions to add additional parameters to AuthOptions. Extensions must satisfy all required methods.

type CatalogEntry

type CatalogEntry struct {
	// Service ID
	ID string `json:"id"`

	// Name will contain the provider-specified name for the service.
	Name string `json:"name"`

	// Type will contain a type string if Enterprise Cloud defines a type for the
	// service. Otherwise, for provider-specific services, the provider may
	// assign their own type strings.
	Type string `json:"type"`

	// Endpoints will let the caller iterate over all the different endpoints that
	// may exist for the service.
	Endpoints []Endpoint `json:"endpoints"`
}

CatalogEntry provides a type-safe interface to an Identity API V3 service catalog listing. Each class of service, such as cloud DNS or block storage services, could have multiple CatalogEntry representing it (one by interface type, e.g public, admin or internal).

Note: when looking for the desired service, try, whenever possible, to key off the type field. Otherwise, you'll tie the representation of the service to a specific provider.

type CreateResult

type CreateResult struct {
	// contains filtered or unexported fields
}

CreateResult is the response from a Create request. Use ExtractToken() to interpret it as a Token, or ExtractServiceCatalog() to interpret it as a service catalog.

func Create

func Create(c *eclcloud.ServiceClient, opts AuthOptionsBuilder) (r CreateResult)

Create authenticates and either generates a new token, or changes the Scope of an existing token.

func (CreateResult) Extract

func (r CreateResult) Extract() (*Token, error)

Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.

func (CreateResult) ExtractInto

func (r CreateResult) ExtractInto(v interface{}) error

func (CreateResult) ExtractProject

func (r CreateResult) ExtractProject() (*Project, error)

ExtractProject returns Project to which User is authorized.

func (CreateResult) ExtractRoles

func (r CreateResult) ExtractRoles() ([]Role, error)

ExtractRoles returns Roles to which User is authorized.

func (CreateResult) ExtractServiceCatalog

func (r CreateResult) ExtractServiceCatalog() (*ServiceCatalog, error)

ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.

func (CreateResult) ExtractToken

func (r CreateResult) ExtractToken() (*Token, error)

ExtractToken interprets a commonResult as a Token.

func (CreateResult) ExtractUser

func (r CreateResult) ExtractUser() (*User, error)

ExtractUser returns the User that is the owner of the Token.

type Domain

type Domain struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Domain provides information about the domain to which this token grants access.

type Endpoint

type Endpoint struct {
	ID        string `json:"id"`
	Region    string `json:"region"`
	RegionID  string `json:"region_id"`
	Interface string `json:"interface"`
	URL       string `json:"url"`
}

Endpoint represents a single API endpoint offered by a service. It matches either a public, internal or admin URL. If supported, it contains a region specifier, again if provided. The significance of the Region field will depend upon your provider.

type GetResult

type GetResult struct {
	// contains filtered or unexported fields
}

GetResult is the response from a Get request. Use ExtractToken() to interpret it as a Token, or ExtractServiceCatalog() to interpret it as a service catalog.

func Get

func Get(c *eclcloud.ServiceClient, token string) (r GetResult)

Get validates and retrieves information about another token.

func (GetResult) Extract

func (r GetResult) Extract() (*Token, error)

Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.

func (GetResult) ExtractInto

func (r GetResult) ExtractInto(v interface{}) error

func (GetResult) ExtractProject

func (r GetResult) ExtractProject() (*Project, error)

ExtractProject returns Project to which User is authorized.

func (GetResult) ExtractRoles

func (r GetResult) ExtractRoles() ([]Role, error)

ExtractRoles returns Roles to which User is authorized.

func (GetResult) ExtractServiceCatalog

func (r GetResult) ExtractServiceCatalog() (*ServiceCatalog, error)

ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.

func (GetResult) ExtractToken

func (r GetResult) ExtractToken() (*Token, error)

ExtractToken interprets a commonResult as a Token.

func (GetResult) ExtractUser

func (r GetResult) ExtractUser() (*User, error)

ExtractUser returns the User that is the owner of the Token.

type Project

type Project struct {
	Domain Domain `json:"domain"`
	ID     string `json:"id"`
	Name   string `json:"name"`
}

Project provides information about project to which User is authorized.

type RevokeResult

type RevokeResult struct {
	// contains filtered or unexported fields
}

RevokeResult is response from a Revoke request.

func Revoke

func Revoke(c *eclcloud.ServiceClient, token string) (r RevokeResult)

Revoke immediately makes specified token invalid.

func (RevokeResult) Extract

func (r RevokeResult) Extract() (*Token, error)

Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.

func (RevokeResult) ExtractInto

func (r RevokeResult) ExtractInto(v interface{}) error

func (RevokeResult) ExtractProject

func (r RevokeResult) ExtractProject() (*Project, error)

ExtractProject returns Project to which User is authorized.

func (RevokeResult) ExtractRoles

func (r RevokeResult) ExtractRoles() ([]Role, error)

ExtractRoles returns Roles to which User is authorized.

func (RevokeResult) ExtractServiceCatalog

func (r RevokeResult) ExtractServiceCatalog() (*ServiceCatalog, error)

ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.

func (RevokeResult) ExtractToken

func (r RevokeResult) ExtractToken() (*Token, error)

ExtractToken interprets a commonResult as a Token.

func (RevokeResult) ExtractUser

func (r RevokeResult) ExtractUser() (*User, error)

ExtractUser returns the User that is the owner of the Token.

type Role

type Role struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Role provides information about roles to which User is authorized.

type Scope

type Scope struct {
	ProjectID   string
	ProjectName string
	DomainID    string
	DomainName  string
}

Scope allows a created token to be limited to a specific domain or project.

type ServiceCatalog

type ServiceCatalog struct {
	Entries []CatalogEntry `json:"catalog"`
}

ServiceCatalog provides a view into the service catalog from a previous, successful authentication.

type Token

type Token struct {
	// ID is the issued token.
	ID string `json:"id"`

	// ExpiresAt is the timestamp at which this token will no longer be accepted.
	ExpiresAt time.Time `json:"expires_at"`
}

Token is a string that grants a user access to a controlled set of services in an Enterprise Cloud provider. Each Token is valid for a set length of time.

type User

type User struct {
	Domain Domain `json:"domain"`
	ID     string `json:"id"`
	Name   string `json:"name"`
}

User represents a user resource that exists in the Identity Service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL