serviceprovider

package
v0.5.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2022 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthenticatingHttpClient added in v0.4.1

func AuthenticatingHttpClient(cl *http.Client) *http.Client

func GetAllScopes

func GetAllScopes(convertToScopes func(permission api.Permission) []string, perms *api.Permissions) []string

GetAllScopes is a helper method to translate all the provided permissions into a list of service-provided-specific scopes.

func GetHostWithScheme added in v0.3.0

func GetHostWithScheme(repoUrl string) (string, error)

GetHostWithScheme is a helper function to extract the scheme and host portion of the provided url.

Types

type Constructor added in v0.2.1

type Constructor interface {
	// Construct creates a new instance of service provider
	Construct(factory *Factory, baseUrl string) (ServiceProvider, error)
}

Constructor is able to produce a new service provider instance using data from the provided Factory and the base URL of the service provider.

type ConstructorFunc added in v0.2.1

type ConstructorFunc func(factory *Factory, baseUrl string) (ServiceProvider, error)

ConstructorFunc converts a compatible function into the Constructor interface

func (ConstructorFunc) Construct added in v0.2.1

func (c ConstructorFunc) Construct(factory *Factory, baseUrl string) (ServiceProvider, error)

type Factory

type Factory struct {
	Configuration    config.Configuration
	KubernetesClient client.Client
	HttpClient       *http.Client
	Initializers     map[config.ServiceProviderType]Initializer
	TokenStorage     tokenstorage.TokenStorage
}

Factory is able to construct service providers from repository URLs.

func (*Factory) FromRepoUrl

func (f *Factory) FromRepoUrl(repoUrl string) (ServiceProvider, error)

FromRepoUrl returns the service provider instance able to talk to the repository on the provided URL.

type GenericLookup added in v0.3.0

type GenericLookup struct {
	// ServiceProviderType is just the type of the provider we're dealing with. It is used to limit the number of
	// results the filter function needs to sift through.
	ServiceProviderType api.ServiceProviderType
	// TokenFilter is the filter function that decides whether a token matches the requirements of a binding, given
	// the token's service-provider-specific state
	TokenFilter TokenFilter
	// MetadataProvider is used to figure out metadata of a token in the service provider useful for token lookup
	MetadataProvider MetadataProvider
	// MetadataCache is an abstraction used for storing/fetching the metadata of tokens
	MetadataCache *MetadataCache
}

GenericLookup implements a token lookup in a generic way such that the users only need to provide a function to provide a service-provider-specific "state" of the token and a "filter" function that uses the token and its state to match it against a binding

func (GenericLookup) Lookup added in v0.3.0

func (l GenericLookup) Lookup(ctx context.Context, cl client.Client, matchable Matchable) ([]api.SPIAccessToken, error)

func (GenericLookup) PersistMetadata added in v0.3.0

func (l GenericLookup) PersistMetadata(ctx context.Context, token *api.SPIAccessToken) error

type Initializer added in v0.2.1

type Initializer struct {
	Probe       Probe
	Constructor Constructor
}

Initializer is struct that contains all necessary data to initialize a service provider instance from a URL using a Factory.

type Matchable added in v0.5.1

type Matchable interface {
	RepoUrl() string
	ObjNamespace() string
	Permissions() *api.Permissions
}

type MetadataCache added in v0.3.0

type MetadataCache struct {
	// Ttl limits how long the data stays in the cache
	Ttl time.Duration
	// contains filtered or unexported fields
}

MetadataCache acts like a cache of metadata of tokens. On top of just CRUDing the token metadata, this struct handles the refreshes of the data when it is determined stale.

func NewMetadataCache added in v0.3.0

func NewMetadataCache(ttl time.Duration, client client.Client) MetadataCache

NewMetadataCache creates a new cache instance with the provided configuration.

func (*MetadataCache) Ensure added in v0.3.0

Ensure combines Refresh and Persist. Makes sure that the metadata of the token is either still valid or has been refreshed using the MetadataProvider.

func (*MetadataCache) Persist added in v0.3.0

func (c *MetadataCache) Persist(ctx context.Context, token *api.SPIAccessToken) error

Persist assigns the last refresh time of the token metadata and updates the token

func (*MetadataCache) Refresh added in v0.3.0

func (c *MetadataCache) Refresh(token *api.SPIAccessToken)

Refresh checks if the token's metadata is still valid. If it is stale, the metadata is cleared

type MetadataProvider added in v0.3.0

type MetadataProvider interface {
	// Fetch tries to fetch the token metadata and assign it in the token. Note that the metadata of the token may or
	// may not be nil and this method shouldn't change it unless there is data to assign.
	// Implementors should make sure to return some errors.ServiceProviderError if the failure to fetch the metadata is
	// caused by the token or service provider itself and not other environmental reasons
	Fetch(ctx context.Context, token *api.SPIAccessToken) (*api.TokenMetadata, error)
}

MetadataProvider is a function that converts a fills in the metadata in the token's status with service-provider-specific information used for token matching.

type MetadataProviderFunc added in v0.3.0

type MetadataProviderFunc func(ctx context.Context, token *api.SPIAccessToken) (*api.TokenMetadata, error)

func (MetadataProviderFunc) Fetch added in v0.3.0

type Probe added in v0.2.1

type Probe interface {
	// Examine returns the base url of the service provider, if the provided URL can be handled by that provider or
	// an empty string if it cannot. The provided http client can be used to perform requests against the URL if needed.
	Examine(cl *http.Client, url string) (string, error)
}

Probe is a simple function that can determine whether a URL can be handled by a certain service provider.

type ProbeFunc added in v0.2.1

type ProbeFunc func(*http.Client, string) (string, error)

ProbeFunc provides the Probe implementation for compatible functions

func (ProbeFunc) Examine added in v0.2.1

func (p ProbeFunc) Examine(cl *http.Client, url string) (string, error)

type ServiceProvider

type ServiceProvider interface {
	// LookupToken tries to match an SPIAccessToken object with the requirements expressed in the provided binding.
	// This usually searches kubernetes (using the provided client) and the service provider itself (using some specific
	// mechanism (usually an http client)).
	LookupToken(ctx context.Context, cl client.Client, binding *api.SPIAccessTokenBinding) (*api.SPIAccessToken, error)

	// PersistMetadata tries to use the OAuth access token associated with the provided token (if any) and persists any
	// state and metadata required for the token lookup. The metadata must be stored in the Status.TokenMetadata field
	// of the provided token.
	// Implementors should make sure that this method returns InvalidAccessTokenError if the reason for the failure is
	// an invalid token. This is important to distinguish between environmental errors and errors in the data itself.
	PersistMetadata(ctx context.Context, cl client.Client, token *api.SPIAccessToken) error

	// GetBaseUrl returns the base URL of the service provider this instance talks to. This info is saved with the
	// SPIAccessTokens so that later on, the OAuth service can use it to construct the OAuth flow URLs.
	GetBaseUrl() string

	// TranslateToScopes translates the provided permission object into (a set of) service-provider-specific scopes.
	TranslateToScopes(permission api.Permission) []string

	// GetType merely returns the type of the service provider this instance talks to.
	GetType() api.ServiceProviderType

	CheckRepositoryAccess(ctx context.Context, cl client.Client, accessCheck *api.SPIAccessCheck) (*api.SPIAccessCheckStatus, error)

	// GetOAuthEndpoint returns the URL of the OAuth initiation. This must point to the SPI oauth service, NOT
	//the service provider itself.
	GetOAuthEndpoint() string
}

ServiceProvider abstracts the interaction with some service provider

type TokenFilter added in v0.3.0

type TokenFilter interface {
	Matches(matchable Matchable, token *api.SPIAccessToken) (bool, error)
}

TokenFilter is a helper interface to implement the ServiceProvider.LookupToken method using the GenericLookup struct.

type TokenFilterFunc added in v0.3.0

type TokenFilterFunc func(matchable Matchable, token *api.SPIAccessToken) (bool, error)

TokenFilterFunc converts a function into the implementation of the TokenFilter interface

func (TokenFilterFunc) Matches added in v0.3.0

func (f TokenFilterFunc) Matches(matchable Matchable, token *api.SPIAccessToken) (bool, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL