Documentation ¶
Index ¶
- Variables
- func AdminAuthHandler(ctx *gin.Context)
- func AuthHandler(ctx *gin.Context)
- func CheckAdmin(user string) (isAdmin bool, message string)
- func ConfigOAuthClientAPIs(engine *gin.Engine) error
- func ConfigureEmbeddedPrometheus(ctx context.Context, engine *gin.Engine) error
- func ConfigureServerWebAPI(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group) error
- func GenerateCSRFCookie(ctx *gin.Context, metadata map[string]string) (string, error)
- func GenerateOAuthState(metadata map[string]string) string
- func GetEngine() (*gin.Engine, error)
- func GetSessionHandler() (gin.HandlerFunc, error)
- func GetUserGroups(ctx *gin.Context) (user string, groups []string, err error)
- func InitServerWebLogin(ctx context.Context) error
- func ParseOAuthState(state string) (metadata map[string]string, err error)
- func RequireAuthMiddleware(ctx *gin.Context)
- func RunEngine(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group) error
- func RunEngineRoutine(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool) error
- func RunEngineRoutineWithListener(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool, ...) error
- func WritePasswordEntry(user, password string) error
- type InitLogin
- type Login
- type LogrusAdapter
- type OIDCEnabledServerRes
- type PasswordReset
- type ReadyHandler
- type UserRole
- type WhoAmIRes
Constants ¶
This section is empty.
Variables ¶
var ErrNotReady = errors.New("Scrape manager not ready")
ErrNotReady is returned if the underlying scrape manager is not ready yet.
Functions ¶
func AdminAuthHandler ¶
adminAuthHandler checks the admin status of a logged-in user. This middleware should be cascaded behind the web_ui.AuthHandler
func AuthHandler ¶
Check if user is authenticated by checking if the "login" cookie is present and set the user identity to ctx
func CheckAdmin ¶
checkAdmin checks if a user string has admin privilege. It returns boolean and a message indicating the error message.
Note that by default it only checks if user == "admin". If you have a custom list of admin identifiers to check, you should set Server.UIAdminUsers. See parameters.yaml for details.
func ConfigOAuthClientAPIs ¶
Configure OAuth2 client and register related authentication endpoints for Web UI
func ConfigureServerWebAPI ¶ added in v1.0.4
Configure endpoints for server web APIs. This function does not configure any UI specific paths but just redirect root path to /view.
You need to mount the static resources for UI in a separate function
func GenerateCSRFCookie ¶
Generate a 16B random string and set as the value of ctx session key "oauthstate" return a string for OAuth2 "state" query parameter including the random string and other metadata
func GenerateOAuthState ¶
Generate the state for the authentication request in OAuth2 code flow. The metadata are formatted similar to url query parameters:
key1=val1&key2=val2
where values are url-encoded
func GetSessionHandler ¶
func GetSessionHandler() (gin.HandlerFunc, error)
Setup and return the session handler for web UI APIs. Calling mutiple times will only set up the handler once
func GetUserGroups ¶
Get the "subject" claim from the JWT that "login" cookie stores, where subject is set to be the username. Return empty string if no "login" cookie is present
func InitServerWebLogin ¶ added in v1.0.4
Setup the initial server web login by sending the one-time code to stdout and record health status of the WebUI based on the success of the initialization
func ParseOAuthState ¶
Parse the OAuth2 callback state into a key-val map. Error if keys are duplicated state is the url-decoded value of the query parameter "state" in the the OAuth2 callback request
func RequireAuthMiddleware ¶
Require auth; if missing, redirect to the login endpoint.
The current implementation forces the OAuth2 endpoint; future work may instead use a generic login page.
func RunEngine ¶
Run the gin engine in the current goroutine.
Will use a background golang routine to periodically reload the certificate utilized by the UI.
func RunEngineRoutine ¶
func RunEngineRoutine(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool) error
Run the gin engine; if curRoutine is false, it will run in a background goroutine.
func RunEngineRoutineWithListener ¶
func RunEngineRoutineWithListener(ctx context.Context, engine *gin.Engine, egrp *errgroup.Group, curRoutine bool, ln net.Listener) error
Run the web engine connected to a provided listener `ln`.
func WritePasswordEntry ¶ added in v1.0.4
Types ¶
type LogrusAdapter ¶ added in v1.0.4
func (LogrusAdapter) Log ¶ added in v1.0.4
func (a LogrusAdapter) Log(keyvals ...interface{}) error
Log method which satisfies the kitlog.Logger interface. It also propragates field level and field message to top level log
type OIDCEnabledServerRes ¶
type OIDCEnabledServerRes struct {
ODICEnabledServers []string `json:"oidc_enabled_servers"`
}
type PasswordReset ¶ added in v1.0.4
type PasswordReset struct {
Password string `form:"password"`
}
type ReadyHandler ¶
type ReadyHandler struct {
// contains filtered or unexported fields
}
func (*ReadyHandler) SetReady ¶
func (h *ReadyHandler) SetReady(v bool)