Documentation ¶
Index ¶
- func AuthenticatingHttpClient(cl *http.Client) *http.Client
- func GetAllScopes(convertToScopes func(permission api.Permission) []string, ...) []string
- func GetHostWithScheme(repoUrl string) (string, error)
- type Constructor
- type ConstructorFunc
- type Factory
- type GenericLookup
- type Initializer
- type Matchable
- type MetadataCache
- type MetadataProvider
- type MetadataProviderFunc
- type Probe
- type ProbeFunc
- type ServiceProvider
- type TokenFilter
- type TokenFilterFunc
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticatingHttpClient ¶ added in v0.4.1
func GetAllScopes ¶
func GetAllScopes(convertToScopes func(permission api.Permission) []string, perms *api.Permissions) []string
GetAllScopes is a helper method to translate all the provided permissions into a list of service-provided-specific scopes.
func GetHostWithScheme ¶ added in v0.3.0
GetHostWithScheme is a helper function to extract the scheme and host portion of the provided url.
Types ¶
type Constructor ¶ added in v0.2.1
type Constructor interface { // Construct creates a new instance of service provider Construct(factory *Factory, baseUrl string) (ServiceProvider, error) }
Constructor is able to produce a new service provider instance using data from the provided Factory and the base URL of the service provider.
type ConstructorFunc ¶ added in v0.2.1
type ConstructorFunc func(factory *Factory, baseUrl string) (ServiceProvider, error)
ConstructorFunc converts a compatible function into the Constructor interface
func (ConstructorFunc) Construct ¶ added in v0.2.1
func (c ConstructorFunc) Construct(factory *Factory, baseUrl string) (ServiceProvider, error)
type Factory ¶
type Factory struct { Configuration config.Configuration KubernetesClient client.Client HttpClient *http.Client Initializers map[config.ServiceProviderType]Initializer TokenStorage tokenstorage.TokenStorage }
Factory is able to construct service providers from repository URLs.
func (*Factory) FromRepoUrl ¶
func (f *Factory) FromRepoUrl(repoUrl string) (ServiceProvider, error)
FromRepoUrl returns the service provider instance able to talk to the repository on the provided URL.
type GenericLookup ¶ added in v0.3.0
type GenericLookup struct { // ServiceProviderType is just the type of the provider we're dealing with. It is used to limit the number of // results the filter function needs to sift through. ServiceProviderType api.ServiceProviderType // TokenFilter is the filter function that decides whether a token matches the requirements of a binding, given // the token's service-provider-specific state TokenFilter TokenFilter // MetadataProvider is used to figure out metadata of a token in the service provider useful for token lookup MetadataProvider MetadataProvider // MetadataCache is an abstraction used for storing/fetching the metadata of tokens MetadataCache *MetadataCache }
GenericLookup implements a token lookup in a generic way such that the users only need to provide a function to provide a service-provider-specific "state" of the token and a "filter" function that uses the token and its state to match it against a binding
func (GenericLookup) Lookup ¶ added in v0.3.0
func (l GenericLookup) Lookup(ctx context.Context, cl client.Client, matchable Matchable) ([]api.SPIAccessToken, error)
func (GenericLookup) PersistMetadata ¶ added in v0.3.0
func (l GenericLookup) PersistMetadata(ctx context.Context, token *api.SPIAccessToken) error
type Initializer ¶ added in v0.2.1
type Initializer struct { Probe Probe Constructor Constructor }
Initializer is struct that contains all necessary data to initialize a service provider instance from a URL using a Factory.
type Matchable ¶ added in v0.5.1
type Matchable interface { RepoUrl() string ObjNamespace() string Permissions() *api.Permissions }
type MetadataCache ¶ added in v0.3.0
type MetadataCache struct { // Ttl limits how long the data stays in the cache Ttl time.Duration // contains filtered or unexported fields }
MetadataCache acts like a cache of metadata of tokens. On top of just CRUDing the token metadata, this struct handles the refreshes of the data when it is determined stale.
func NewMetadataCache ¶ added in v0.3.0
func NewMetadataCache(ttl time.Duration, client client.Client) MetadataCache
NewMetadataCache creates a new cache instance with the provided configuration.
func (*MetadataCache) Ensure ¶ added in v0.3.0
func (c *MetadataCache) Ensure(ctx context.Context, token *api.SPIAccessToken, ser MetadataProvider) error
Ensure combines Refresh and Persist. Makes sure that the metadata of the token is either still valid or has been refreshed using the MetadataProvider.
func (*MetadataCache) Persist ¶ added in v0.3.0
func (c *MetadataCache) Persist(ctx context.Context, token *api.SPIAccessToken) error
Persist assigns the last refresh time of the token metadata and updates the token
func (*MetadataCache) Refresh ¶ added in v0.3.0
func (c *MetadataCache) Refresh(token *api.SPIAccessToken)
Refresh checks if the token's metadata is still valid. If it is stale, the metadata is cleared
type MetadataProvider ¶ added in v0.3.0
type MetadataProvider interface { // Fetch tries to fetch the token metadata and assign it in the token. Note that the metadata of the token may or // may not be nil and this method shouldn't change it unless there is data to assign. // Implementors should make sure to return some errors.ServiceProviderError if the failure to fetch the metadata is // caused by the token or service provider itself and not other environmental reasons Fetch(ctx context.Context, token *api.SPIAccessToken) (*api.TokenMetadata, error) }
MetadataProvider is a function that converts a fills in the metadata in the token's status with service-provider-specific information used for token matching.
type MetadataProviderFunc ¶ added in v0.3.0
type MetadataProviderFunc func(ctx context.Context, token *api.SPIAccessToken) (*api.TokenMetadata, error)
func (MetadataProviderFunc) Fetch ¶ added in v0.3.0
func (f MetadataProviderFunc) Fetch(ctx context.Context, token *api.SPIAccessToken) (*api.TokenMetadata, error)
type Probe ¶ added in v0.2.1
type Probe interface { // Examine returns the base url of the service provider, if the provided URL can be handled by that provider or // an empty string if it cannot. The provided http client can be used to perform requests against the URL if needed. Examine(cl *http.Client, url string) (string, error) }
Probe is a simple function that can determine whether a URL can be handled by a certain service provider.
type ProbeFunc ¶ added in v0.2.1
ProbeFunc provides the Probe implementation for compatible functions
type ServiceProvider ¶
type ServiceProvider interface { // LookupToken tries to match an SPIAccessToken object with the requirements expressed in the provided binding. // This usually searches kubernetes (using the provided client) and the service provider itself (using some specific // mechanism (usually an http client)). LookupToken(ctx context.Context, cl client.Client, binding *api.SPIAccessTokenBinding) (*api.SPIAccessToken, error) // PersistMetadata tries to use the OAuth access token associated with the provided token (if any) and persists any // state and metadata required for the token lookup. The metadata must be stored in the Status.TokenMetadata field // of the provided token. // Implementors should make sure that this method returns InvalidAccessTokenError if the reason for the failure is // an invalid token. This is important to distinguish between environmental errors and errors in the data itself. PersistMetadata(ctx context.Context, cl client.Client, token *api.SPIAccessToken) error // GetBaseUrl returns the base URL of the service provider this instance talks to. This info is saved with the // SPIAccessTokens so that later on, the OAuth service can use it to construct the OAuth flow URLs. GetBaseUrl() string // TranslateToScopes translates the provided permission object into (a set of) service-provider-specific scopes. TranslateToScopes(permission api.Permission) []string // GetType merely returns the type of the service provider this instance talks to. GetType() api.ServiceProviderType CheckRepositoryAccess(ctx context.Context, cl client.Client, accessCheck *api.SPIAccessCheck) (*api.SPIAccessCheckStatus, error) // GetOAuthEndpoint returns the URL of the OAuth initiation. This must point to the SPI oauth service, NOT //the service provider itself. GetOAuthEndpoint() string }
ServiceProvider abstracts the interaction with some service provider
type TokenFilter ¶ added in v0.3.0
type TokenFilter interface {
Matches(matchable Matchable, token *api.SPIAccessToken) (bool, error)
}
TokenFilter is a helper interface to implement the ServiceProvider.LookupToken method using the GenericLookup struct.
type TokenFilterFunc ¶ added in v0.3.0
type TokenFilterFunc func(matchable Matchable, token *api.SPIAccessToken) (bool, error)
TokenFilterFunc converts a function into the implementation of the TokenFilter interface
func (TokenFilterFunc) Matches ¶ added in v0.3.0
func (f TokenFilterFunc) Matches(matchable Matchable, token *api.SPIAccessToken) (bool, error)