oauth

package
v0.2023.21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 22, 2023 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// HttpServiceRequestCountMetric is the metric that collects the request counts for OAuth Service.
	HttpServiceRequestCountMetric = prometheus.NewCounterVec(
		prometheus.CounterOpts{
			Namespace: config.MetricsNamespace,
			Subsystem: config.MetricsSubsystem,
			Name:      "oauth_service_requests_total",
			Help:      "The request counts to OAuth service categorized by HTTP method status code.",
		},
		[]string{"code", "method"},
	)

	FlowCompleteTimeMetric = prometheus.NewHistogramVec(prometheus.HistogramOpts{
		Namespace: config.MetricsNamespace,
		Subsystem: config.MetricsSubsystem,
		Name:      "oauth_flow_complete_time_seconds",
		Help:      "The time needed to complete OAuth flow",
		Buckets:   []float64{1.0, 1.25, 1.5, 1.75, 2.0, 2.5, 3.0, 3.5, 4.0, 4.5, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30, 40, 50, 60, 300},
	}, []string{"type", "url"})
)

Functions

func AuditLogWithTokenInfo 

func AuditLogWithTokenInfo(ctx context.Context, msg string, namespace string, token string, keysAndValues ...interface{})

AuditLogWithTokenInfo logs message related to particular SPIAccessToken into audit logger

func BypassHandler added in v0.8.3 

func BypassHandler(mainHandler http.Handler, bypassPathPrefixes []string, bypassHandler http.Handler) http.Handler

BypassHandler is a Handler that redirects a request that has URL with certain prefix to a bypassHandler all remaining requests are redirected to mainHandler.

func CSPHandler added in v0.2023.21 

func CSPHandler(h http.Handler) http.Handler

CSPHandler is a Handler that writes into response a CSP headers allowing inline styles, images from redhat domain, and denying everything else, including framing

func CallbackErrorHandler 

func CallbackErrorHandler() http.Handler

CallbackErrorHandler is a Handler implementation that responds with HTML page This page is a landing page after unsuccessfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func CallbackSuccessHandler 

func CallbackSuccessHandler() http.Handler

CallbackSuccessHandler is a Handler implementation that responds with HTML page This page is a landing page after successfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func HandleUpload 

func HandleUpload(uploader TokenUploader) func(http.ResponseWriter, *http.Request)

HandleUpload returns Handler implementation that is relied on provided TokenUploader to persist provided credentials for some concrete SPIAccessToken.

func HttpServiceInstrumentMetricHandler added in v0.8.3 

func HttpServiceInstrumentMetricHandler(reg prometheus.Registerer, handler http.Handler) http.Handler

HttpServiceInstrumentMetricHandler is a http.Handler that collects statistical information about incoming HTTP request and store it in prometheus.Registerer.

func LogDebugAndWriteResponse 

func LogDebugAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, keysAndValues ...interface{})

func LogErrorAndWriteResponse 

func LogErrorAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, err error)

func MiddlewareHandler 

func MiddlewareHandler(reg prometheus.Registerer, allowedOrigins []string, h http.Handler) http.Handler

MiddlewareHandler is a Handler that composed couple of different responsibilities. Like: - Service metrics - Request logging - CORS processing

func OkHandler 

func OkHandler(w http.ResponseWriter, _ *http.Request)

OkHandler is a Handler implementation that responds only with http.StatusOK. Typically, used for liveness and readiness probes

Types

type AuthenticateRoute added in v0.8.3 

type AuthenticateRoute struct {
	// contains filtered or unexported fields
}

AuthenticateRoute route for /oauth/authenticate requests

func (*AuthenticateRoute) ServeHTTP added in v0.8.3 

func (r *AuthenticateRoute) ServeHTTP(wrt http.ResponseWriter, req *http.Request)

type Authenticator 

type Authenticator struct {
	ClientFactory  kubernetesclient.K8sClientFactory
	SessionManager *scs.SessionManager
}

func NewAuthenticator 

func NewAuthenticator(sessionManager *scs.SessionManager, clientFactory kubernetesclient.K8sClientFactory) *Authenticator

func (*Authenticator) GetToken 

func (a *Authenticator) GetToken(ctx context.Context, r *http.Request) (string, error)

func (Authenticator) Login 

func (a Authenticator) Login(w http.ResponseWriter, r *http.Request)

func (Authenticator) Logout added in v0.2023.21 

func (a Authenticator) Logout(w http.ResponseWriter, r *http.Request)

type CallbackRoute added in v0.8.3 

type CallbackRoute struct {
	// contains filtered or unexported fields
}

CallbackRoute route for /oauth/callback requests

func (*CallbackRoute) ServeHTTP added in v0.8.3 

func (r *CallbackRoute) ServeHTTP(wrt http.ResponseWriter, req *http.Request)

type Controller 

type Controller interface {
	// Authenticate handles the initial OAuth request. It should validate that the request is authenticated in Kubernetes
	// compose the authenticated OAuth state and return a redirect to the service-provider OAuth endpoint with the state.
	Authenticate(w http.ResponseWriter, r *http.Request, state *oauthstate.OAuthInfo)

	// Callback finishes the OAuth flow. It handles the final redirect from the OAuth flow of the service provider.
	Callback(ctx context.Context, w http.ResponseWriter, r *http.Request, state *oauthstate.OAuthInfo)
}

Controller implements the OAuth flow. There are specific implementations for each service provider type. These are usually instances of the commonController with service-provider-specific configuration.

func InitController added in v0.8.3 

func InitController(ctx context.Context, spType config.ServiceProviderType, cfg RouterConfiguration) (Controller, error)

type OAuthServiceConfiguration 

type OAuthServiceConfiguration struct {
	config.SharedConfiguration `validate:"required"`
}

type Router added in v0.8.3 

type Router struct {
	// contains filtered or unexported fields
}

Router holds service provider controllers and is responsible for providing matching controller for incoming requests.

func NewRouter added in v0.8.3 

func NewRouter(ctx context.Context, cfg RouterConfiguration, spDefaults []config.ServiceProviderType) (*Router, error)

func (*Router) Authenticate added in v0.8.3 

func (r *Router) Authenticate() *AuthenticateRoute

func (*Router) Callback added in v0.8.3 

func (r *Router) Callback() *CallbackRoute

type RouterConfiguration added in v0.8.3 

type RouterConfiguration struct {
	OAuthServiceConfiguration
	Authenticator      *Authenticator
	StateStorage       StateStorage
	ClientFactory      kubernetesclient.K8sClientFactory
	InClusterK8sClient client.Client
	TokenStorage       tokenstorage.TokenStorage
	RedirectTemplate   *template.Template
}

RouterConfiguration configuration needed to create new Router

type SessionStateStorage added in v0.2023.21 

type SessionStateStorage struct {
	// contains filtered or unexported fields
}

func (*SessionStateStorage) StateVeiledAt added in v0.2023.21 

func (s *SessionStateStorage) StateVeiledAt(ctx context.Context, req *http.Request) (time.Time, error)

func (*SessionStateStorage) UnveilState added in v0.2023.21 

func (s *SessionStateStorage) UnveilState(ctx context.Context, req *http.Request) (string, error)

func (*SessionStateStorage) VeilRealState added in v0.2023.21 

func (s *SessionStateStorage) VeilRealState(req *http.Request) (string, error)

type SpiTokenUploader 

type SpiTokenUploader struct {
	ClientFactory kubernetesclient.K8sClientFactory
	Storage       tokenstorage.TokenStorage
}

func (*SpiTokenUploader) Upload 

func (u *SpiTokenUploader) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

type StateStorage 

type StateStorage interface {
	// VeilRealState returns the random string that can be used as OAuth state.
	// Suppose to be reused to restore the original SPI's state on OAuth callback.
	VeilRealState(req *http.Request) (string, error)
	// UnveilState recover original SPI's state from OAuth callback request.
	UnveilState(ctx context.Context, req *http.Request) (string, error)
	// StateVeiledAt informs when the state was veiled.
	StateVeiledAt(ctx context.Context, req *http.Request) (time.Time, error)
}

StateStorage aims to provide a link between SPI's state and OAuth state.

func NewStateStorage 

func NewStateStorage(sessionManager *scs.SessionManager) StateStorage

type TokenUploader 

type TokenUploader interface {
	Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error
}

TokenUploader is used to permanently persist credentials for the given token.

type UploadFunc 

type UploadFunc func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

UploadFunc used to provide anonymous implementation of TokenUploader. Example: 

 uploader := UploadFunc(func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error {
		return fmt.Errorf("failed to store the token data into storage")
	})

func (UploadFunc) Upload 

func (u UploadFunc) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.