Documentation ¶
Overview ¶
Package tokens provides information and interaction with the token API resource for the Enterprise Cloud Identity service.
Example to Create a Token From a Username and Password
authOptions := tokens.AuthOptions{ UserID: "username", Password: "password", } token, err := tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to Create a Token From a Username, Password, and Domain
authOptions := tokens.AuthOptions{ UserID: "username", Password: "password", DomainID: "default", } token, err := tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) } authOptions = tokens.AuthOptions{ UserID: "username", Password: "password", DomainName: "default", } token, err = tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to Create a Token From a Token
authOptions := tokens.AuthOptions{ TokenID: "token_id", } token, err := tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to Create a Token from a Username and Password with Project ID Scope
scope := tokens.Scope{ ProjectID: "0fe36e73809d46aeae6705c39077b1b3", } authOptions := tokens.AuthOptions{ Scope: &scope, UserID: "username", Password: "password", } token, err = tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to Create a Token from a Username and Password with Domain ID Scope
scope := tokens.Scope{ DomainID: "default", } authOptions := tokens.AuthOptions{ Scope: &scope, UserID: "username", Password: "password", } token, err = tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Example to Create a Token from a Username and Password with Project Name Scope
scope := tokens.Scope{ ProjectName: "project_name", DomainID: "default", } authOptions := tokens.AuthOptions{ Scope: &scope, UserID: "username", Password: "password", } token, err = tokens.Create(identityClient, authOptions).ExtractToken() if err != nil { panic(err) }
Index ¶
- func Validate(c *eclcloud.ServiceClient, token string) (bool, error)
- type AuthOptions
- type AuthOptionsBuilder
- type CatalogEntry
- type CreateResult
- func (r CreateResult) Extract() (*Token, error)
- func (r CreateResult) ExtractInto(v interface{}) error
- func (r CreateResult) ExtractProject() (*Project, error)
- func (r CreateResult) ExtractRoles() ([]Role, error)
- func (r CreateResult) ExtractServiceCatalog() (*ServiceCatalog, error)
- func (r CreateResult) ExtractToken() (*Token, error)
- func (r CreateResult) ExtractUser() (*User, error)
- type Domain
- type Endpoint
- type GetResult
- func (r GetResult) Extract() (*Token, error)
- func (r GetResult) ExtractInto(v interface{}) error
- func (r GetResult) ExtractProject() (*Project, error)
- func (r GetResult) ExtractRoles() ([]Role, error)
- func (r GetResult) ExtractServiceCatalog() (*ServiceCatalog, error)
- func (r GetResult) ExtractToken() (*Token, error)
- func (r GetResult) ExtractUser() (*User, error)
- type Project
- type RevokeResult
- func (r RevokeResult) Extract() (*Token, error)
- func (r RevokeResult) ExtractInto(v interface{}) error
- func (r RevokeResult) ExtractProject() (*Project, error)
- func (r RevokeResult) ExtractRoles() ([]Role, error)
- func (r RevokeResult) ExtractServiceCatalog() (*ServiceCatalog, error)
- func (r RevokeResult) ExtractToken() (*Token, error)
- func (r RevokeResult) ExtractUser() (*User, error)
- type Role
- type Scope
- type ServiceCatalog
- type Token
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthOptions ¶
type AuthOptions struct { // IdentityEndpoint specifies the HTTP endpoint that is required to work with // the Identity API of the appropriate version. While it's ultimately needed // by all of the identity services, it will often be populated by a // provider-level function. IdentityEndpoint string `json:"-"` // Username is required if using Identity V2 API. Consult with your provider's // control panel to discover your account's username. In Identity V3, either // UserID or a combination of Username and DomainID or DomainName are needed. Username string `json:"username,omitempty"` UserID string `json:"id,omitempty"` Password string `json:"password,omitempty"` // At most one of DomainID and DomainName must be provided if using Username // with Identity V3. Otherwise, either are optional. DomainID string `json:"-"` DomainName string `json:"name,omitempty"` // AllowReauth should be set to true if you grant permission for Eclcloud // to cache your credentials in memory, and to allow Eclcloud to attempt // to re-authenticate automatically if/when your token expires. If you set // it to false, it will not cache these settings, but re-authentication will // not be possible. This setting defaults to false. AllowReauth bool `json:"-"` // TokenID allows users to authenticate (possibly as another user) with an // authentication token ID. TokenID string `json:"-"` // Authentication through Application Credentials requires supplying name, project and secret // For project we can use TenantID ApplicationCredentialID string `json:"-"` ApplicationCredentialName string `json:"-"` ApplicationCredentialSecret string `json:"-"` Scope Scope `json:"-"` }
AuthOptions represents options for authenticating a user.
func (*AuthOptions) CanReauth ¶
func (opts *AuthOptions) CanReauth() bool
func (*AuthOptions) ToTokenV3CreateMap ¶
func (opts *AuthOptions) ToTokenV3CreateMap(scope map[string]interface{}) (map[string]interface{}, error)
ToTokenV3CreateMap builds a request body from AuthOptions.
func (*AuthOptions) ToTokenV3ScopeMap ¶
func (opts *AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)
ToTokenV3CreateMap builds a scope request body from AuthOptions.
type AuthOptionsBuilder ¶
type AuthOptionsBuilder interface { // ToTokenV3CreateMap assembles the Create request body, returning an error // if parameters are missing or inconsistent. ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error) ToTokenV3ScopeMap() (map[string]interface{}, error) CanReauth() bool }
AuthOptionsBuilder provides the ability for extensions to add additional parameters to AuthOptions. Extensions must satisfy all required methods.
type CatalogEntry ¶
type CatalogEntry struct { // Service ID ID string `json:"id"` // Name will contain the provider-specified name for the service. Name string `json:"name"` // Type will contain a type string if Enterprise Cloud defines a type for the // service. Otherwise, for provider-specific services, the provider may // assign their own type strings. Type string `json:"type"` // Endpoints will let the caller iterate over all the different endpoints that // may exist for the service. Endpoints []Endpoint `json:"endpoints"` }
CatalogEntry provides a type-safe interface to an Identity API V3 service catalog listing. Each class of service, such as cloud DNS or block storage services, could have multiple CatalogEntry representing it (one by interface type, e.g public, admin or internal).
Note: when looking for the desired service, try, whenever possible, to key off the type field. Otherwise, you'll tie the representation of the service to a specific provider.
type CreateResult ¶
type CreateResult struct {
// contains filtered or unexported fields
}
CreateResult is the response from a Create request. Use ExtractToken() to interpret it as a Token, or ExtractServiceCatalog() to interpret it as a service catalog.
func Create ¶
func Create(c *eclcloud.ServiceClient, opts AuthOptionsBuilder) (r CreateResult)
Create authenticates and either generates a new token, or changes the Scope of an existing token.
func (CreateResult) Extract ¶
Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.
func (CreateResult) ExtractInto ¶
func (r CreateResult) ExtractInto(v interface{}) error
func (CreateResult) ExtractProject ¶
ExtractProject returns Project to which User is authorized.
func (CreateResult) ExtractRoles ¶
ExtractRoles returns Roles to which User is authorized.
func (CreateResult) ExtractServiceCatalog ¶
func (r CreateResult) ExtractServiceCatalog() (*ServiceCatalog, error)
ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.
func (CreateResult) ExtractToken ¶
ExtractToken interprets a commonResult as a Token.
func (CreateResult) ExtractUser ¶
ExtractUser returns the User that is the owner of the Token.
type Endpoint ¶
type Endpoint struct { ID string `json:"id"` Region string `json:"region"` RegionID string `json:"region_id"` Interface string `json:"interface"` URL string `json:"url"` }
Endpoint represents a single API endpoint offered by a service. It matches either a public, internal or admin URL. If supported, it contains a region specifier, again if provided. The significance of the Region field will depend upon your provider.
type GetResult ¶
type GetResult struct {
// contains filtered or unexported fields
}
GetResult is the response from a Get request. Use ExtractToken() to interpret it as a Token, or ExtractServiceCatalog() to interpret it as a service catalog.
func Get ¶
func Get(c *eclcloud.ServiceClient, token string) (r GetResult)
Get validates and retrieves information about another token.
func (GetResult) Extract ¶
Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.
func (GetResult) ExtractInto ¶
func (r GetResult) ExtractInto(v interface{}) error
func (GetResult) ExtractProject ¶
ExtractProject returns Project to which User is authorized.
func (GetResult) ExtractRoles ¶
ExtractRoles returns Roles to which User is authorized.
func (GetResult) ExtractServiceCatalog ¶
func (r GetResult) ExtractServiceCatalog() (*ServiceCatalog, error)
ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.
func (GetResult) ExtractToken ¶
ExtractToken interprets a commonResult as a Token.
func (GetResult) ExtractUser ¶
ExtractUser returns the User that is the owner of the Token.
type Project ¶
type Project struct { Domain Domain `json:"domain"` ID string `json:"id"` Name string `json:"name"` }
Project provides information about project to which User is authorized.
type RevokeResult ¶
type RevokeResult struct {
// contains filtered or unexported fields
}
RevokeResult is response from a Revoke request.
func Revoke ¶
func Revoke(c *eclcloud.ServiceClient, token string) (r RevokeResult)
Revoke immediately makes specified token invalid.
func (RevokeResult) Extract ¶
Extract is a shortcut for ExtractToken. This function is deprecated and still present for backward compatibility.
func (RevokeResult) ExtractInto ¶
func (r RevokeResult) ExtractInto(v interface{}) error
func (RevokeResult) ExtractProject ¶
ExtractProject returns Project to which User is authorized.
func (RevokeResult) ExtractRoles ¶
ExtractRoles returns Roles to which User is authorized.
func (RevokeResult) ExtractServiceCatalog ¶
func (r RevokeResult) ExtractServiceCatalog() (*ServiceCatalog, error)
ExtractServiceCatalog returns the ServiceCatalog that was generated along with the user's Token.
func (RevokeResult) ExtractToken ¶
ExtractToken interprets a commonResult as a Token.
func (RevokeResult) ExtractUser ¶
ExtractUser returns the User that is the owner of the Token.
type ServiceCatalog ¶
type ServiceCatalog struct {
Entries []CatalogEntry `json:"catalog"`
}
ServiceCatalog provides a view into the service catalog from a previous, successful authentication.
type Token ¶
type Token struct { // ID is the issued token. ID string `json:"id"` // ExpiresAt is the timestamp at which this token will no longer be accepted. ExpiresAt time.Time `json:"expires_at"` }
Token is a string that grants a user access to a controlled set of services in an Enterprise Cloud provider. Each Token is valid for a set length of time.