authmodel

Documentation

Index

• func Middleware(a Authenticator) func(http.Handler) http.Handler
• type AuthMetadata
• type AuthType
• type Authenticator
  • func New(conf *config.Config) (Authenticator, error)
• type CertificateAuth
  • func (a *CertificateAuth) Authenticate(req *http.Request) (UserInfo, error)
• type CertificateInfo
  • func (c *CertificateInfo) Allowed(keyConf *config.KeyConfig) bool
  • func (c *CertificateInfo) AuditContext(info *audit.Info)
• type Metadata
• type PolicyAuth
  • func (a *PolicyAuth) Authenticate(req *http.Request) (UserInfo, error)
• type PolicyInfo
  • func (i *PolicyInfo) Allowed(keyConf *config.KeyConfig) bool
  • func (i *PolicyInfo) AuditContext(info *audit.Info)
• type UserInfo
  • func RequestInfo(req *http.Request) UserInfo

Functions

func Middleware

func Middleware(a Authenticator) func(http.Handler) http.Handler

Middleware checks each request for authentication. If successful, the user's information is appended to the log context and request context. If not, an error is returned and the inner handler is skipped.

Types

type AuthMetadata

type AuthMetadata struct {
	Type AuthType `json:"type"`
	// azure AD
	Authority string   `json:"authority,omitempty"`
	ClientID  string   `json:"client_id,omitempty"`
	Scopes    []string `json:"scopes,omitempty"`
}

type AuthType

type AuthType string

const (
	AuthTypeCertificate AuthType = "https://relic.sas.com/auth/certificate"
	AuthTypeBearerToken AuthType = "https://relic.sas.com/auth/bearer-token"
	AuthTypeAzureAD     AuthType = "https://relic.sas.com/auth/azure-ad"
)

type Authenticator

type Authenticator interface {
	Authenticate(req *http.Request) (UserInfo, error)
}

func New

func New(conf *config.Config) (Authenticator, error)

New creates an authenticator based on the provided server configuration

type CertificateAuth

type CertificateAuth struct {
	Config *config.Config
}

CertificateAuth requires all callers have a client certificate that either has its fingerprint explicitly configured with access, or is signed by a configured CA.

func (*CertificateAuth) Authenticate

func (a *CertificateAuth) Authenticate(req *http.Request) (UserInfo, error)

type CertificateInfo

type CertificateInfo struct {
	Name    string
	Subject string
	Roles   []string
}

func (*CertificateInfo) Allowed

func (c *CertificateInfo) Allowed(keyConf *config.KeyConfig) bool

func (*CertificateInfo) AuditContext

func (c *CertificateInfo) AuditContext(info *audit.Info)

type Metadata

type Metadata struct {
	Hosts []string       `json:"hosts"`
	Auth  []AuthMetadata `json:"auth"`
}

type PolicyAuth

type PolicyAuth struct {
	// contains filtered or unexported fields
}

func (*PolicyAuth) Authenticate

func (a *PolicyAuth) Authenticate(req *http.Request) (UserInfo, error)

type PolicyInfo

type PolicyInfo struct {
	Subject     string
	Roles       []string
	AllowedKeys []string

	Claims map[string]interface{}
}

func (*PolicyInfo) Allowed

func (i *PolicyInfo) Allowed(keyConf *config.KeyConfig) bool

Allowed checks whether the named key is visible to the current user

func (*PolicyInfo) AuditContext

func (i *PolicyInfo) AuditContext(info *audit.Info)

AuditContext amends an audit record with the authenticated user's name and other relevant details

type UserInfo

type UserInfo interface {
	// Allowed checks whether the named key is visible to the current user
	Allowed(*config.KeyConfig) bool
	// AuditContext amends an audit record with the authenticated user's name
	// and other relevant details
	AuditContext(info *audit.Info)
}

func RequestInfo

func RequestInfo(req *http.Request) UserInfo

RequestInfo returns information about the calling user