Documentation ¶
Index ¶
Constants ¶
const ( URL = "url" AuthToken = "auth_token" RolePolicy = "role_policy" RoleID = "role_id" EnvIdentityPluginURL = "MINIO_IDENTITY_PLUGIN_URL" EnvIdentityPluginAuthToken = "MINIO_IDENTITY_PLUGIN_AUTH_TOKEN" EnvIdentityPluginRolePolicy = "MINIO_IDENTITY_PLUGIN_ROLE_POLICY" EnvIdentityPluginRoleID = "MINIO_IDENTITY_PLUGIN_ROLE_ID" )
Authentication Plugin config and env variables
Variables ¶
var ( // DefaultKVS - default config for AuthN plugin config DefaultKVS = config.KVS{ config.KV{ Key: URL, Value: "", }, config.KV{ Key: AuthToken, Value: "", }, config.KV{ Key: RolePolicy, Value: "", }, config.KV{ Key: RoleID, Value: "", }, } // Help for Identity Plugin Help = config.HelpKVS{ config.HelpKV{ Key: URL, Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/path/to/endpoint"` + defaultHelpPostfix(URL), Type: "url", }, config.HelpKV{ Key: AuthToken, Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken), Optional: true, Type: "string", Sensitive: true, }, config.HelpKV{ Key: RolePolicy, Description: "policies to apply for plugin authorized users" + defaultHelpPostfix(RolePolicy), Type: "string", }, config.HelpKV{ Key: RoleID, Description: "unique ID to generate the ARN" + defaultHelpPostfix(RoleID), Optional: true, Type: "string", }, config.HelpKV{ Key: config.Comment, Description: config.DefaultComment, Optional: true, Type: "sentence", }, } )
Functions ¶
Types ¶
type Args ¶
type Args struct { URL *xnet.URL AuthToken string Transport http.RoundTripper CloseRespFn func(r io.ReadCloser) RolePolicy string RoleARN arn.ARN }
Args for authentication plugin.
type AuthNErrorResponse ¶
type AuthNErrorResponse struct {
Reason string `json:"reason"`
}
AuthNErrorResponse - represents an error response from the authN plugin.
type AuthNPlugin ¶
type AuthNPlugin struct {
// contains filtered or unexported fields
}
AuthNPlugin - implements pluggable authentication via webhook.
func New ¶
func New(shutdownCtx context.Context, args Args) *AuthNPlugin
New - initializes Authorization Management Plugin.
func (*AuthNPlugin) Authenticate ¶
func (o *AuthNPlugin) Authenticate(roleArn arn.ARN, token string) (AuthNResponse, error)
Authenticate authenticates the token with the external hook endpoint and returns a parent user, max expiry duration for the authentication and a set of claims.
func (*AuthNPlugin) GetRoleInfo ¶
func (o *AuthNPlugin) GetRoleInfo() map[arn.ARN]string
GetRoleInfo - returns ARN to policies map.
func (*AuthNPlugin) Metrics ¶
func (o *AuthNPlugin) Metrics() Metrics
Metrics reports metrics related to plugin service reachability and stats for the last whole minute
type AuthNResponse ¶
type AuthNResponse struct { Success *AuthNSuccessResponse Failure *AuthNErrorResponse }
AuthNResponse - represents a result of the authentication operation.
type AuthNSuccessResponse ¶
type AuthNSuccessResponse struct { User string `json:"user"` MaxValiditySeconds int `json:"maxValiditySeconds"` Claims map[string]interface{} `json:"claims"` }
AuthNSuccessResponse - represents the response from the authentication plugin service.