authenticate

package

v0.0.0-...-fe632b3 Latest Latest Go to latest Published: Feb 26, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sofastack/sofa-mesh

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthSource
type Caller
type ClientCertAuthenticator
- func (cca *ClientCertAuthenticator) Authenticate(ctx context.Context) (*Caller, error)
type IDTokenAuthenticator
- func NewIDTokenAuthenticator(aud string) (*IDTokenAuthenticator, error)
- func (a *IDTokenAuthenticator) Authenticate(ctx context.Context) (*Caller, error)
type KubeJWTAuthenticator
- func NewKubeJWTAuthenticator(k8sAPIServerURL, caCertPath, jwtPath, trustDomain string) (*KubeJWTAuthenticator, error)
- func (a *KubeJWTAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthSource ¶

type AuthSource int

AuthSource represents where authentication result is derived from.

const (
	AuthSourceClientCertificate AuthSource = iota
	AuthSourceIDToken
)

type Caller ¶

type Caller struct {
	AuthSource AuthSource
	Identities []string
}

Caller carries the identity and authentication source of a caller.

type ClientCertAuthenticator ¶

type ClientCertAuthenticator struct{}

ClientCertAuthenticator extracts identities from client certificate.

func (*ClientCertAuthenticator) Authenticate ¶

func (cca *ClientCertAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate extracts identities from presented client certificates. This method assumes that certificate chain has been properly validated before this method is called. In other words, this method does not do certificate chain validation itself.

type IDTokenAuthenticator ¶

type IDTokenAuthenticator struct {
	// contains filtered or unexported fields
}

IDTokenAuthenticator extracts identity from JWT. The JWT is required to be transmitted using the "Bearer" authentication scheme.

func NewIDTokenAuthenticator ¶

func NewIDTokenAuthenticator(aud string) (*IDTokenAuthenticator, error)

NewIDTokenAuthenticator creates a new IDTokenAuthenticator.

func (*IDTokenAuthenticator) Authenticate ¶

func (a *IDTokenAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate authenticates a caller using the JWT in the context.

type KubeJWTAuthenticator ¶

type KubeJWTAuthenticator struct {
	// contains filtered or unexported fields
}

KubeJWTAuthenticator authenticates K8s JWTs.

func NewKubeJWTAuthenticator ¶

func NewKubeJWTAuthenticator(k8sAPIServerURL, caCertPath, jwtPath, trustDomain string) (*KubeJWTAuthenticator, error)

NewKubeJWTAuthenticator creates a new kubeJWTAuthenticator.

func (*KubeJWTAuthenticator) Authenticate ¶

func (a *KubeJWTAuthenticator) Authenticate(ctx context.Context) (*Caller, error)

Authenticate authenticates the call using the K8s JWT from the context. The returned Caller.Identities is in SPIFFE format.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL