Documentation
¶
Index ¶
- Constants
- Variables
- func IsConfigKey(key string) bool
- type AuthCodeEntry
- func (ace *AuthCodeEntry) SetAuthServerError(ctx context.Context, err string)
- func (ace *AuthCodeEntry) SetToken(ctx context.Context, tok *provider.Token)
- func (ace *AuthCodeEntry) SetTransientError(ctx context.Context, err string)
- func (ace *AuthCodeEntry) SetUserError(ctx context.Context, err string)
- func (ace *AuthCodeEntry) TokenIssued() bool
- type AuthCodeHolder
- type AuthCodeKey
- type AuthCodeKeyer
- type AuthCodeLocker
- type AuthCodeManager
- func (acm *AuthCodeManager) DeleteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) error
- func (acm *AuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) error
- func (acm *AuthCodeManager) ForEachAuthCodeKey(ctx context.Context, fn func(AuthCodeKeyer) error) error
- func (acm *AuthCodeManager) ForEachDeviceAuthKey(ctx context.Context, fn func(AuthCodeKeyer) error) error
- func (acm *AuthCodeManager) ReadAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) (*AuthCodeEntry, error)
- func (acm *AuthCodeManager) ReadDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) (*DeviceAuthEntry, error)
- func (acm *AuthCodeManager) WriteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer, entry *AuthCodeEntry) error
- func (acm *AuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer, entry *DeviceAuthEntry) error
- type AuthServerEntry
- type AuthServerHolder
- type AuthServerKey
- type AuthServerKeyer
- type AuthServerLocker
- type AuthServerManager
- func (asm *AuthServerManager) DeleteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) error
- func (asm *AuthServerManager) ForEachAuthServerKey(ctx context.Context, fn func(AuthServerKeyer) error) error
- func (asm *AuthServerManager) ReadAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) (*AuthServerEntry, error)
- func (asm *AuthServerManager) WriteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer, entry *AuthServerEntry) error
- type ClientCredsEntry
- type ClientCredsHolder
- type ClientCredsKey
- type ClientCredsKeyer
- type ClientCredsLocker
- type ClientCredsManager
- func (ccm *ClientCredsManager) DeleteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) error
- func (ccm *ClientCredsManager) ForEachClientCredsKey(ctx context.Context, fn func(ClientCredsKeyer) error) error
- func (ccm *ClientCredsManager) ReadClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) (*ClientCredsEntry, error)
- func (ccm *ClientCredsManager) WriteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer, entry *ClientCredsEntry) error
- type ConfigEntry
- type ConfigHolder
- type ConfigLocker
- type ConfigManager
- type ConfigTuningEntry
- type ConfigVersion
- type DeviceAuthEntry
- type Holder
- type LockedAuthCodeHolder
- type LockedAuthCodeManager
- func (lacm *LockedAuthCodeManager) DeleteAuthCodeEntry(ctx context.Context) error
- func (lacm *LockedAuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context) error
- func (lacm *LockedAuthCodeManager) ReadAuthCodeEntry(ctx context.Context) (*AuthCodeEntry, error)
- func (lacm *LockedAuthCodeManager) ReadDeviceAuthEntry(ctx context.Context) (*DeviceAuthEntry, error)
- func (lacm *LockedAuthCodeManager) WriteAuthCodeEntry(ctx context.Context, entry *AuthCodeEntry) error
- func (lacm *LockedAuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, entry *DeviceAuthEntry) error
- type LockedAuthServerHolder
- type LockedAuthServerManager
- type LockedClientCredsHolder
- type LockedClientCredsManager
- func (lccm *LockedClientCredsManager) DeleteClientCredsEntry(ctx context.Context) error
- func (lccm *LockedClientCredsManager) ReadClientCredsEntry(ctx context.Context) (*ClientCredsEntry, error)
- func (lccm *LockedClientCredsManager) WriteClientCredsEntry(ctx context.Context, entry *ClientCredsEntry) error
- type LockedConfigHolder
- type LockedConfigManager
Constants ¶
View Source
const LegacyAuthServerName = "legacy"
UPGRADING (v2): LegacyAuthServerName is the name of the default server created by the v2v3 upgrade.
Variables ¶
View Source
var DefaultConfigTuningEntry = ConfigTuningEntry{ ProviderTimeoutSeconds: 30, ProviderTimeoutExpiryLeewayFactor: 1.5, RefreshCheckIntervalSeconds: 60, RefreshExpiryDeltaFactor: 1.2, ReapCheckIntervalSeconds: 300, ReapDryRun: false, ReapNonRefreshableSeconds: 86400, ReapRevokedSeconds: 3600, ReapTransientErrorAttempts: 10, ReapTransientErrorSeconds: 86400, ReapServerDeletedSeconds: 86400, }
Functions ¶
func IsConfigKey ¶
Types ¶
type AuthCodeEntry ¶
type AuthCodeEntry struct { // We embed a *provider.Token as the base type. This ensures compatibility // and keeps storage size reasonable because this will be the default // configuration. *provider.Token `json:",inline"` // AuthServerName is the authorization server we should use to handle this // entry. AuthServerName string `json:"auth_server_name"` // MaximumExpirySeconds caps issued auth tokens to a desired lifetime. MaximumExpirySeconds int `json:"maximum_expiry_seconds,omitempty"` // LastIssueTime is the most recent time a token was successfully issued. LastIssueTime time.Time `json:"last_issue_time,omitempty"` // AuthServerError indicates that the actual backing server and provider // could not be acquired to make this token request. AuthServerError string `json:"auth_server_error,omitempty"` // UserError is used to store a permanent error that indicates the end of // this token's usable lifespan. UserError string `json:"user_error,omitempty"` // TransientErrorsSinceLastIssue is a counter of the number of transient // errors encountered since the last time the token was successfully issued // (either originally or by refresh). TransientErrorsSinceLastIssue int `json:"transient_errors_since_last_issue,omitempty"` // If TransientErrorsSinceLastIssue > 0, this holds the last transient error // encountered to include as a warning (if the token is still valid) or // error on the response. LastTransientError string `json:"last_transient_error,omitempty"` // If the most recent exchange did not succeed, this holds the time that // exchange occurred. LastAttemptedIssueTime time.Time `json:"last_attempted_issue_time,omitempty"` }
func (*AuthCodeEntry) SetAuthServerError ¶
func (ace *AuthCodeEntry) SetAuthServerError(ctx context.Context, err string)
func (*AuthCodeEntry) SetToken ¶
func (ace *AuthCodeEntry) SetToken(ctx context.Context, tok *provider.Token)
func (*AuthCodeEntry) SetTransientError ¶
func (ace *AuthCodeEntry) SetTransientError(ctx context.Context, err string)
func (*AuthCodeEntry) SetUserError ¶
func (ace *AuthCodeEntry) SetUserError(ctx context.Context, err string)
func (*AuthCodeEntry) TokenIssued ¶
func (ace *AuthCodeEntry) TokenIssued() bool
TokenIssued indicates whether a token has been issued at all.
For certain grant types, like device code flow, we may not have an access token yet. In that case, we must wait for a polling process to update this value. A temporary error will be returned.
type AuthCodeHolder ¶
type AuthCodeHolder struct {
// contains filtered or unexported fields
}
func (*AuthCodeHolder) Manager ¶
func (ach *AuthCodeHolder) Manager(storage logical.Storage) *AuthCodeManager
func (*AuthCodeHolder) WithLock ¶
func (ach *AuthCodeHolder) WithLock(keyer AuthCodeKeyer, fn func(*LockedAuthCodeHolder) error) error
type AuthCodeKey ¶
type AuthCodeKey string
func (AuthCodeKey) AuthCodeKey ¶
func (ack AuthCodeKey) AuthCodeKey() string
func (AuthCodeKey) DeviceAuthKey ¶
func (ack AuthCodeKey) DeviceAuthKey() string
type AuthCodeKeyer ¶
type AuthCodeKeyer interface { // AuthCodeKey returns the storage key for storing AuthCodeEntry objects. AuthCodeKey() string // DeviceAuthKey returns the storage key for storing DeviceAuthEntry // objects. DeviceAuthKey() string }
func AuthCodeName ¶
func AuthCodeName(name string) AuthCodeKeyer
type AuthCodeLocker ¶
type AuthCodeLocker interface {
WithLock(AuthCodeKeyer, func(*LockedAuthCodeHolder) error) error
}
type AuthCodeManager ¶
type AuthCodeManager struct {
// contains filtered or unexported fields
}
func (*AuthCodeManager) DeleteAuthCodeEntry ¶
func (acm *AuthCodeManager) DeleteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) error
func (*AuthCodeManager) DeleteDeviceAuthEntry ¶
func (acm *AuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) error
func (*AuthCodeManager) ForEachAuthCodeKey ¶
func (acm *AuthCodeManager) ForEachAuthCodeKey(ctx context.Context, fn func(AuthCodeKeyer) error) error
func (*AuthCodeManager) ForEachDeviceAuthKey ¶
func (acm *AuthCodeManager) ForEachDeviceAuthKey(ctx context.Context, fn func(AuthCodeKeyer) error) error
func (*AuthCodeManager) ReadAuthCodeEntry ¶
func (acm *AuthCodeManager) ReadAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer) (*AuthCodeEntry, error)
func (*AuthCodeManager) ReadDeviceAuthEntry ¶
func (acm *AuthCodeManager) ReadDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer) (*DeviceAuthEntry, error)
func (*AuthCodeManager) WriteAuthCodeEntry ¶
func (acm *AuthCodeManager) WriteAuthCodeEntry(ctx context.Context, keyer AuthCodeKeyer, entry *AuthCodeEntry) error
func (*AuthCodeManager) WriteDeviceAuthEntry ¶
func (acm *AuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, keyer AuthCodeKeyer, entry *DeviceAuthEntry) error
type AuthServerEntry ¶
type AuthServerEntry struct { Name string `json:"name"` ClientID string `json:"client_id"` ClientSecrets []string `json:"client_secrets"` AuthURLParams map[string]string `json:"auth_url_params"` ProviderName string `json:"provider_name"` ProviderVersion int `json:"provider_version"` ProviderOptions map[string]string `json:"provider_options"` }
type AuthServerHolder ¶
type AuthServerHolder struct {
// contains filtered or unexported fields
}
func (*AuthServerHolder) Manager ¶
func (ash *AuthServerHolder) Manager(storage logical.Storage) *AuthServerManager
func (*AuthServerHolder) WithLock ¶
func (ash *AuthServerHolder) WithLock(keyer AuthServerKeyer, fn func(*LockedAuthServerHolder) error) error
type AuthServerKey ¶
type AuthServerKey string
func (AuthServerKey) AuthServerKey ¶
func (ack AuthServerKey) AuthServerKey() string
type AuthServerKeyer ¶
type AuthServerKeyer interface { // AuthServerKey returns the storage key for storing AuthServerEntry // objects. AuthServerKey() string }
func AuthServerKeyFromStorage ¶
func AuthServerKeyFromStorage(key string) (AuthServerKeyer, bool)
func AuthServerName ¶
func AuthServerName(name string) AuthServerKeyer
type AuthServerLocker ¶
type AuthServerLocker interface {
WithLock(AuthServerKeyer, func(*LockedAuthServerHolder) error) error
}
type AuthServerManager ¶
type AuthServerManager struct {
// contains filtered or unexported fields
}
func (*AuthServerManager) DeleteAuthServerEntry ¶
func (asm *AuthServerManager) DeleteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) error
func (*AuthServerManager) ForEachAuthServerKey ¶
func (asm *AuthServerManager) ForEachAuthServerKey(ctx context.Context, fn func(AuthServerKeyer) error) error
func (*AuthServerManager) ReadAuthServerEntry ¶
func (asm *AuthServerManager) ReadAuthServerEntry(ctx context.Context, keyer AuthServerKeyer) (*AuthServerEntry, error)
func (*AuthServerManager) WriteAuthServerEntry ¶
func (asm *AuthServerManager) WriteAuthServerEntry(ctx context.Context, keyer AuthServerKeyer, entry *AuthServerEntry) error
type ClientCredsEntry ¶
type ClientCredsEntry struct { Token *provider.Token `json:"token"` // AuthServerName is the authorization server we should use to handle this // entry. AuthServerName string `json:"auth_server_name"` // MaximumExpirySeconds caps issued auth tokens to a desired lifetime. MaximumExpirySeconds int `json:"maximum_expiry_seconds,omitempty"` Config struct { Scopes []string `json:"scopes"` TokenURLParams map[string]string `json:"token_url_params"` ProviderOptions map[string]string `json:"provider_options"` } `json:"config"` }
type ClientCredsHolder ¶
type ClientCredsHolder struct {
// contains filtered or unexported fields
}
func (*ClientCredsHolder) Manager ¶
func (cch *ClientCredsHolder) Manager(storage logical.Storage) *ClientCredsManager
func (*ClientCredsHolder) WithLock ¶
func (cch *ClientCredsHolder) WithLock(keyer ClientCredsKeyer, fn func(*LockedClientCredsHolder) error) error
type ClientCredsKey ¶
type ClientCredsKey string
func (ClientCredsKey) ClientCredsKey ¶
func (ack ClientCredsKey) ClientCredsKey() string
type ClientCredsKeyer ¶
type ClientCredsKeyer interface { // ClientCredsKey returns the storage key for storing ClientCredsEntry // objects. ClientCredsKey() string }
func ClientCredsName ¶
func ClientCredsName(name string) ClientCredsKeyer
type ClientCredsLocker ¶
type ClientCredsLocker interface {
WithLock(ClientCredsKeyer, func(*LockedClientCredsHolder) error) error
}
type ClientCredsManager ¶
type ClientCredsManager struct {
// contains filtered or unexported fields
}
func (*ClientCredsManager) DeleteClientCredsEntry ¶
func (ccm *ClientCredsManager) DeleteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) error
func (*ClientCredsManager) ForEachClientCredsKey ¶
func (ccm *ClientCredsManager) ForEachClientCredsKey(ctx context.Context, fn func(ClientCredsKeyer) error) error
func (*ClientCredsManager) ReadClientCredsEntry ¶
func (ccm *ClientCredsManager) ReadClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer) (*ClientCredsEntry, error)
func (*ClientCredsManager) WriteClientCredsEntry ¶
func (ccm *ClientCredsManager) WriteClientCredsEntry(ctx context.Context, keyer ClientCredsKeyer, entry *ClientCredsEntry) error
type ConfigEntry ¶
type ConfigEntry struct { Version ConfigVersion `json:"version"` DefaultServer string `json:"default_server"` Tuning ConfigTuningEntry `json:"tuning"` }
type ConfigHolder ¶
type ConfigHolder struct {
// contains filtered or unexported fields
}
func (*ConfigHolder) Manager ¶
func (ch *ConfigHolder) Manager(storage logical.Storage) *ConfigManager
func (*ConfigHolder) WithLock ¶
func (ch *ConfigHolder) WithLock(fn func(*LockedConfigHolder) error) error
type ConfigLocker ¶
type ConfigLocker interface {
WithLock(func(*LockedConfigHolder) error) error
}
type ConfigManager ¶
type ConfigManager struct {
// contains filtered or unexported fields
}
func (*ConfigManager) DeleteConfig ¶
func (cm *ConfigManager) DeleteConfig(ctx context.Context) error
func (*ConfigManager) ReadConfig ¶
func (cm *ConfigManager) ReadConfig(ctx context.Context) (*ConfigEntry, error)
func (*ConfigManager) WriteConfig ¶
func (cm *ConfigManager) WriteConfig(ctx context.Context, entry *ConfigEntry) error
type ConfigTuningEntry ¶
type ConfigTuningEntry struct { ProviderTimeoutSeconds int `json:"provider_timeout_seconds"` ProviderTimeoutExpiryLeewayFactor float64 `json:"provider_timeout_expiry_leeway_factor"` RefreshCheckIntervalSeconds int `json:"refresh_check_interval_seconds"` RefreshExpiryDeltaFactor float64 `json:"refresh_expiry_delta_factor"` ReapCheckIntervalSeconds int `json:"reap_check_interval_seconds"` ReapDryRun bool `json:"reap_dry_run"` ReapNonRefreshableSeconds int `json:"reap_non_refreshable_seconds"` ReapRevokedSeconds int `json:"reap_revoked_seconds"` ReapTransientErrorAttempts int `json:"reap_transient_error_attempts"` ReapTransientErrorSeconds int `json:"reap_transient_error_seconds"` ReapServerDeletedSeconds int `json:"reap_server_deleted_seconds"` }
type ConfigVersion ¶
type ConfigVersion int
const ( ConfigVersionInitial ConfigVersion = iota ConfigVersion1 ConfigVersion2 ConfigVersion3 ConfigVersion4 ConfigVersionLatest = ConfigVersion4 )
func (ConfigVersion) SupportsTuningProviderTimeout ¶
func (cv ConfigVersion) SupportsTuningProviderTimeout() bool
func (ConfigVersion) SupportsTuningReap ¶
func (cv ConfigVersion) SupportsTuningReap() bool
func (ConfigVersion) SupportsTuningReapServerDeleted ¶
func (cv ConfigVersion) SupportsTuningReapServerDeleted() bool
func (ConfigVersion) SupportsTuningRefresh ¶
func (cv ConfigVersion) SupportsTuningRefresh() bool
func (ConfigVersion) SupportsTuningRefreshExpiryDelta ¶
func (cv ConfigVersion) SupportsTuningRefreshExpiryDelta() bool
type DeviceAuthEntry ¶
type DeviceAuthEntry struct { DeviceCode string `json:"device_code"` Interval int32 `json:"interval"` LastAttemptedIssueTime time.Time `json:"last_attempted_issue_time"` ProviderOptions map[string]string `json:"provider_options"` }
func (*DeviceAuthEntry) ShouldPoll ¶
func (dae *DeviceAuthEntry) ShouldPoll(ctx context.Context) bool
type Holder ¶
type Holder struct { Config *ConfigHolder AuthCode *AuthCodeHolder AuthServer *AuthServerHolder ClientCreds *ClientCredsHolder }
type LockedAuthCodeHolder ¶
type LockedAuthCodeHolder struct {
// contains filtered or unexported fields
}
func (*LockedAuthCodeHolder) Manager ¶
func (lach *LockedAuthCodeHolder) Manager(storage logical.Storage) *LockedAuthCodeManager
type LockedAuthCodeManager ¶
type LockedAuthCodeManager struct {
// contains filtered or unexported fields
}
func (*LockedAuthCodeManager) DeleteAuthCodeEntry ¶
func (lacm *LockedAuthCodeManager) DeleteAuthCodeEntry(ctx context.Context) error
func (*LockedAuthCodeManager) DeleteDeviceAuthEntry ¶
func (lacm *LockedAuthCodeManager) DeleteDeviceAuthEntry(ctx context.Context) error
func (*LockedAuthCodeManager) ReadAuthCodeEntry ¶
func (lacm *LockedAuthCodeManager) ReadAuthCodeEntry(ctx context.Context) (*AuthCodeEntry, error)
func (*LockedAuthCodeManager) ReadDeviceAuthEntry ¶
func (lacm *LockedAuthCodeManager) ReadDeviceAuthEntry(ctx context.Context) (*DeviceAuthEntry, error)
func (*LockedAuthCodeManager) WriteAuthCodeEntry ¶
func (lacm *LockedAuthCodeManager) WriteAuthCodeEntry(ctx context.Context, entry *AuthCodeEntry) error
func (*LockedAuthCodeManager) WriteDeviceAuthEntry ¶
func (lacm *LockedAuthCodeManager) WriteDeviceAuthEntry(ctx context.Context, entry *DeviceAuthEntry) error
type LockedAuthServerHolder ¶
type LockedAuthServerHolder struct {
// contains filtered or unexported fields
}
func (*LockedAuthServerHolder) Manager ¶
func (lash *LockedAuthServerHolder) Manager(storage logical.Storage) *LockedAuthServerManager
type LockedAuthServerManager ¶
type LockedAuthServerManager struct {
// contains filtered or unexported fields
}
func (*LockedAuthServerManager) DeleteAuthServerEntry ¶
func (lasm *LockedAuthServerManager) DeleteAuthServerEntry(ctx context.Context) error
func (*LockedAuthServerManager) ReadAuthServerEntry ¶
func (lasm *LockedAuthServerManager) ReadAuthServerEntry(ctx context.Context) (*AuthServerEntry, error)
func (*LockedAuthServerManager) WriteAuthServerEntry ¶
func (lasm *LockedAuthServerManager) WriteAuthServerEntry(ctx context.Context, entry *AuthServerEntry) error
type LockedClientCredsHolder ¶
type LockedClientCredsHolder struct {
// contains filtered or unexported fields
}
func (*LockedClientCredsHolder) Manager ¶
func (lcch *LockedClientCredsHolder) Manager(storage logical.Storage) *LockedClientCredsManager
type LockedClientCredsManager ¶
type LockedClientCredsManager struct {
// contains filtered or unexported fields
}
func (*LockedClientCredsManager) DeleteClientCredsEntry ¶
func (lccm *LockedClientCredsManager) DeleteClientCredsEntry(ctx context.Context) error
func (*LockedClientCredsManager) ReadClientCredsEntry ¶
func (lccm *LockedClientCredsManager) ReadClientCredsEntry(ctx context.Context) (*ClientCredsEntry, error)
func (*LockedClientCredsManager) WriteClientCredsEntry ¶
func (lccm *LockedClientCredsManager) WriteClientCredsEntry(ctx context.Context, entry *ClientCredsEntry) error
type LockedConfigHolder ¶
type LockedConfigHolder struct{}
func (*LockedConfigHolder) Manager ¶
func (lch *LockedConfigHolder) Manager(storage logical.Storage) *LockedConfigManager
type LockedConfigManager ¶
type LockedConfigManager struct {
// contains filtered or unexported fields
}
func (*LockedConfigManager) DeleteConfig ¶
func (lcm *LockedConfigManager) DeleteConfig(ctx context.Context) error
func (*LockedConfigManager) ReadConfig ¶
func (lcm *LockedConfigManager) ReadConfig(ctx context.Context) (*ConfigEntry, error)
func (*LockedConfigManager) WriteConfig ¶
func (lcm *LockedConfigManager) WriteConfig(ctx context.Context, entry *ConfigEntry) error
Click to show internal directories.
Click to hide internal directories.