oauth

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2022 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var GithubSaasHost = "github.com"
View Source 
var GitlabEndpoint = oauth2.Endpoint{
	AuthURL:  "https://gitlab.com/oauth/authorize",
	TokenURL: "https://gitlab.com/oauth/token",
}

GitlabEndpoint is the OAuth endpoints specification of SAAS GitLab instance.

View Source 
var GitlabSaasHost = "gitlab.com"
View Source 
var (
	// HttpServiceRequestCountMetric is the metric that collects the request counts for OAuth Service.
	HttpServiceRequestCountMetric = prometheus.NewCounterVec(
		prometheus.CounterOpts{
			Namespace: config.MetricsNamespace,
			Subsystem: config.MetricsSubsystem,
			Name:      "oauth_service_requests_total",
			Help:      "The request counts to OAuth service categorized by HTTP method status code.",
		},
		[]string{"code", "method"},
	)
)
View Source 
var QuayEndpoint = oauth2.Endpoint{
	AuthURL:  "https://quay.io/oauth/authorize",
	TokenURL: "https://quay.io/oauth/access_token",
}

QuayEndpoint is the OAuth endpoints specification of quay.io

View Source 
var QuaySaasHost = "quay.io"

Functions

func AuditLog 

func AuditLog(ctx context.Context) logr.Logger

AuditLog returns logger prepared with audit markers

func AuditLogWithTokenInfo 

func AuditLogWithTokenInfo(ctx context.Context, msg string, namespace string, token string, keysAndValues ...interface{})

AuditLogWithTokenInfo logs message related to particular SPIAccessToken into audit logger

func AugmentConfiguration 

func AugmentConfiguration(config *rest.Config)

AugmentConfiguration modifies the provided Kubernetes client configuration such that it uses bearer tokens stored in the context using the WithAuthFromRequestIntoContext or WithAuthIntoContext functions.

func BypassHandler added in v0.8.3 

func BypassHandler(mainHandler http.Handler, bypassPathPrefixes []string, bypassHandler http.Handler) http.Handler

BypassHandler is a Handler that redirects a request that has URL with certain prefix to a bypassHandler all remaining requests are redirected to mainHandler.

func CallbackErrorHandler 

func CallbackErrorHandler(w http.ResponseWriter, r *http.Request)

CallbackErrorHandler is a Handler implementation that responds with HTML page This page is a landing page after unsuccessfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func CallbackSuccessHandler 

func CallbackSuccessHandler(w http.ResponseWriter, r *http.Request)

CallbackSuccessHandler is a Handler implementation that responds with HTML page This page is a landing page after successfully completing the OAuth flow. Resource file location is prefixed with `../` to be compatible with tests running locally.

func ExtractTokenFromAuthorizationHeader 

func ExtractTokenFromAuthorizationHeader(authHeader string) string

ExtractTokenFromAuthorizationHeader extracts the token value from the authorization header assumed to be formatted as a bearer token.

func HandleUpload 

func HandleUpload(uploader TokenUploader) func(http.ResponseWriter, *http.Request)

HandleUpload returns Handler implementation that is relied on provided TokenUploader to persist provided credentials for some concrete SPIAccessToken.

func HttpServiceInstrumentMetricHandler added in v0.8.3 

func HttpServiceInstrumentMetricHandler(reg prometheus.Registerer, handler http.Handler) http.Handler

HttpServiceInstrumentMetricHandler is a http.Handler that collects statistical information about incoming HTTP request and store it in prometheus.Registerer.

func LogDebugAndWriteResponse 

func LogDebugAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, keysAndValues ...interface{})

func LogErrorAndWriteResponse 

func LogErrorAndWriteResponse(ctx context.Context, w http.ResponseWriter, status int, msg string, err error)

func MiddlewareHandler 

func MiddlewareHandler(reg prometheus.Registerer, allowedOrigins []string, h http.Handler) http.Handler

MiddlewareHandler is a Handler that composed couple of different responsibilities. Like: - Service metrics - Request logging - CORS processing

func OkHandler 

func OkHandler(w http.ResponseWriter, _ *http.Request)

OkHandler is a Handler implementation that responds only with http.StatusOK. Typically, used for liveness and readiness probes

func WithAuthFromRequestIntoContext 

func WithAuthFromRequestIntoContext(r *http.Request, ctx context.Context) (context.Context, error)

WithAuthFromRequestIntoContext looks into the provided HTTP request and stores the bearer token from that request's Authorization header into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

To link the contexts, you can reuse the context of the provided request: WithAuthFromRequestIntoContext(req, req.Context())

func WithAuthIntoContext 

func WithAuthIntoContext(bearerToken string, ctx context.Context) context.Context

WithAuthIntoContext stores the provided bearer token into the returned context which is based on the provided context. If used with a client constructed from configuration augmented using the AugmentConfiguration function, the requests to the Kubernetes API will be authenticated using this token.

Types

type AuthenticateRoute added in v0.8.3 

type AuthenticateRoute struct {
	// contains filtered or unexported fields
}

AuthenticateRoute route for /oauth/authenticate requests

func (*AuthenticateRoute) ServeHTTP added in v0.8.3 

func (r *AuthenticateRoute) ServeHTTP(wrt http.ResponseWriter, req *http.Request)

type AuthenticatingClient 

type AuthenticatingClient client.Client

AuthenticatingClient is just a typedef that advertises that it is safe to use the WithAuthIntoContext or WithAuthFromRequestIntoContext functions with clients having this type.

func CreateClient 

func CreateClient(cfg *rest.Config, options client.Options) (AuthenticatingClient, error)

CreateClient creates a new client based on the provided configuration. Note that configuration is potentially modified during the call.

type Authenticator 

type Authenticator struct {
	K8sClient      AuthenticatingClient
	SessionManager *scs.SessionManager
}

func NewAuthenticator 

func NewAuthenticator(sessionManager *scs.SessionManager, cl AuthenticatingClient) *Authenticator

func (*Authenticator) GetToken 

func (a *Authenticator) GetToken(ctx context.Context, r *http.Request) (string, error)

func (Authenticator) Login 

func (a Authenticator) Login(w http.ResponseWriter, r *http.Request)

type CallbackRoute added in v0.8.3 

type CallbackRoute struct {
	// contains filtered or unexported fields
}

CallbackRoute route for /oauth/callback requests

func (*CallbackRoute) ServeHTTP added in v0.8.3 

func (r *CallbackRoute) ServeHTTP(wrt http.ResponseWriter, req *http.Request)

type Controller 

type Controller interface {
	// Authenticate handles the initial OAuth request. It should validate that the request is authenticated in Kubernetes
	// compose the authenticated OAuth state and return a redirect to the service-provider OAuth endpoint with the state.
	Authenticate(w http.ResponseWriter, r *http.Request, state *oauthstate.OAuthInfo)

	// Callback finishes the OAuth flow. It handles the final redirect from the OAuth flow of the service provider.
	Callback(ctx context.Context, w http.ResponseWriter, r *http.Request, state *oauthstate.OAuthInfo)
}

Controller implements the OAuth flow. There are specific implementations for each service provider type. These are usually instances of the commonController with service-provider-specific configuration.

func InitController added in v0.8.3 

func InitController(ctx context.Context, spType config.ServiceProviderType, cfg RouterConfiguration, defaultBaseUrlHost string, defaultEndpoint oauth2.Endpoint) (Controller, error)

type OAuthServiceCliArgs 

type OAuthServiceCliArgs struct {
	config.CommonCliArgs
	config.LoggingCliArgs
	tokenstorage.VaultCliArgs
	ServiceAddr     string `arg:"--service-addr, env" default:"0.0.0.0:8000" help:"Service address to listen on"`
	AllowedOrigins  string `` /* 175-byte string literal not displayed */
	KubeConfig      string `arg:"--kubeconfig, env" default:"" help:""`
	KubeInsecureTLS bool   `arg:"--kube-insecure-tls, env" default:"false" help:"Whether is allowed or not insecure kubernetes tls connection."`
	ApiServer       string `` /* 126-byte string literal not displayed */
	ApiServerCAPath string `` /* 140-byte string literal not displayed */
}

type OAuthServiceConfiguration 

type OAuthServiceConfiguration struct {
	config.SharedConfiguration
}

func LoadOAuthServiceConfiguration 

func LoadOAuthServiceConfiguration(args OAuthServiceCliArgs) (OAuthServiceConfiguration, error)

type Router added in v0.8.3 

type Router struct {
	// contains filtered or unexported fields
}

Router holds service provider controllers and is responsible for providing matching controller for incoming requests.

func NewRouter added in v0.8.3 

func NewRouter(ctx context.Context, cfg RouterConfiguration, spDefaults []ServiceProviderDefaults) (*Router, error)

func (*Router) Authenticate added in v0.8.3 

func (r *Router) Authenticate() *AuthenticateRoute

func (*Router) Callback added in v0.8.3 

func (r *Router) Callback() *CallbackRoute

type RouterConfiguration added in v0.8.3 

type RouterConfiguration struct {
	OAuthServiceConfiguration
	Authenticator    *Authenticator
	StateStorage     *StateStorage
	K8sClient        client.Client
	TokenStorage     tokenstorage.TokenStorage
	RedirectTemplate *template.Template
}

RouterConfiguration configuration needed to create new Router

type ServiceProviderDefaults added in v0.8.3 

type ServiceProviderDefaults struct {
	SpType   config.ServiceProviderType
	Endpoint oauth2.Endpoint
	UrlHost  string
}

ServiceProviderDefaults configuration containing default values used to initialize supported service providers

type SpiTokenUploader 

type SpiTokenUploader struct {
	K8sClient client.Client
	Storage   tokenstorage.TokenStorage
}

func (*SpiTokenUploader) Upload 

func (u *SpiTokenUploader) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

type StateStorage 

type StateStorage struct {
	// contains filtered or unexported fields
}

func NewStateStorage 

func NewStateStorage(sessionManager *scs.SessionManager) *StateStorage

func (StateStorage) UnveilState 

func (s StateStorage) UnveilState(ctx context.Context, req *http.Request) (string, error)

func (StateStorage) VeilRealState 

func (s StateStorage) VeilRealState(req *http.Request) (string, error)

type TokenUploader 

type TokenUploader interface {
	Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error
}

TokenUploader is used to permanently persist credentials for the given token.

type UploadFunc 

type UploadFunc func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

UploadFunc used to provide anonymous implementation of TokenUploader. Example: 

 uploader := UploadFunc(func(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error {
		return fmt.Errorf("failed to store the token data into storage")
	})

func (UploadFunc) Upload 

func (u UploadFunc) Upload(ctx context.Context, tokenObjectName string, tokenObjectNamespace string, data *api.Token) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.