csp

package
v0.90.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package csp provides VMware Cloud Services Platform token utilities.

Index

Constants

View Source 
const (

	// PinnipedSupervisorDomain is the domain name for the pinniped supervisor token issuer that is
	// deployed in TMC self-managed environment to serve as an identity broker.
	PinnipedSupervisorDomain = "pinniped-supervisor"
	// FederationDomainPath is the path in the issuer URL of the federation domain setup to work
	// with the upstream identity provider.
	// TODO(ashisham): finalize what the federation domain deployed in production will look like
	// Prod and non-prod environments can share this path as the DNS zone from which the issuer URL
	// is generated from will be different.
	FederationDomainPath = "provider/pinniped"
)
View Source 
const (
	// AuthTokenDir is a directory where cluster access token and refresh tokens are stored.
	AuthTokenDir = "tokens"

	// ExtraIDToken is the key in the Extra fields map that contains id_token.
	ExtraIDToken = "id_token"

	// StgIssuer is the CSP staging issuer.
	StgIssuer = "https://console-stg.cloud.vmware.com/csp/gateway/am/api"

	// ProdIssuer is the CSP issuer.
	ProdIssuer = "https://console.cloud.vmware.com/csp/gateway/am/api"

	//nolint:gosec // Avoid "hardcoded credentials" false positive.
	// APITokenKey is the env var for an API token override.
	APITokenKey = "CSP_API_TOKEN"
)

Variables

View Source 
var (
	// KnownIssuers are known OAuth2 endpoints in each CSP environment.
	KnownIssuers = map[string]oauth2.Endpoint{
		StgIssuer: {
			AuthURL:   "https://console-stg.cloud.vmware.com/csp/gateway/discovery",
			TokenURL:  "https://console-stg.cloud.vmware.com/csp/gateway/am/api/auth/authorize",
			AuthStyle: oauth2.AuthStyleInHeader,
		},
		ProdIssuer: {
			AuthURL:   "https://console.cloud.vmware.com/csp/gateway/discovery",
			TokenURL:  "https://console.cloud.vmware.com/csp/gateway/am/api/auth/authorize",
			AuthStyle: oauth2.AuthStyleInHeader,
		},
	}
)

Functions

func GetAuthOptsOrExit 

func GetAuthOptsOrExit() grpc.CallOption

GetAuthOptsOrExit returns the grpc auth options. If accessToken is not empty it uses it, else it fetches the token from the current auth context. If it encounters and error, it exits.

func GetIssuer 

func GetIssuer(staging bool) string

GetIssuer returns the appropriate CSP issuer based on the environment.

func GetToken 

func GetToken(g *configapi.GlobalServerAuth) (*oauth2.Token, error)

GetToken fetches a token for the current auth context.

func IDTokenFromTokenSource 

func IDTokenFromTokenSource(token *oauth2.Token) (idTok string)

IDTokenFromTokenSource parses out the id token from extra info in tokensource if available, or returns empty string.

func IsExpired 

func IsExpired(tokenExpiry time.Time) bool

IsExpired checks for the token expiry and returns true if the token has expired else will return false

func WithCredentialDiscovery 

func WithCredentialDiscovery() (grpc.CallOption, error)

WithCredentialDiscovery returns a grpc.CallOption that adds credentials into gRPC calls. The credentials are loaded from the auth context found on the machine.

func WithStaticCreds 

func WithStaticCreds(accessToken string) grpc.CallOption

WithStaticCreds will wrap a static access token into a grpc.CallOption

Types

type Claims 

type Claims struct {
	Username    string
	Permissions []string
	OrgID       string
	Raw         map[string]interface{}
}

Claims are the jwt claims.

func ParseToken 

func ParseToken(tkn *oauth2.Token) (*Claims, error)

ParseToken parses the token.

type Token 

type Token struct {
	// IDToken for OIDC.
	IDToken string `json:"id_token"`

	// TokenType is the type of token.
	TokenType string `json:"token_type"`

	// ExpiresIn is expiration in seconds.
	ExpiresIn int64 `json:"expires_in"`

	// Scope of the token.
	Scope string `json:"scope"`

	// AccessToken from CSP.
	AccessToken string `json:"access_token"`

	// RefreshToken for use with Refresh Token grant.
	RefreshToken string `json:"refresh_token"`
}

Token is a CSP token.

func GetAccessTokenFromAPIToken 

func GetAccessTokenFromAPIToken(apiToken, issuer string) (*Token, error)

GetAccessTokenFromAPIToken fetches CSP access token using the API-token.

func GetAccessTokenFromSelfManagedIDP added in v0.0.4 

func GetAccessTokenFromSelfManagedIDP(refreshToken, issuerURL string) (*Token, error)

type TokenSource 

type TokenSource struct {
	oauth2.TokenSource
}

TokenSource supplies PerRPCCredentials from an oauth2.TokenSource using CSP as the IDP. It will supply access token through authorization header and id_token through user-Id header

func (TokenSource) GetRequestMetadata 

func (ts TokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)

GetRequestMetadata gets the request metadata as a map from a TokenSource.

func (TokenSource) RequireTransportSecurity 

func (ts TokenSource) RequireTransportSecurity() bool

RequireTransportSecurity indicates whether the credentials requires transport security.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.