csp

package
v1.3.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package csp provides VMware Cloud Services Platform token utilities.

Index

Constants

View Source 
const (
	// AuthTokenDir is a directory where cluster access token and refresh tokens are stored.
	AuthTokenDir = "tokens"

	// ExtraIDToken is the key in the Extra fields map that contains id_token.
	ExtraIDToken = "id_token"

	// StgIssuer is the CSP staging issuer.
	StgIssuer = "https://console-stg.cloud.vmware.com/csp/gateway/am/api"

	// ProdIssuer is the CSP issuer.
	ProdIssuer = "https://console.cloud.vmware.com/csp/gateway/am/api"

	//nolint:gosec // Avoid "hardcoded credentials" false positive.
	// APITokenKey is the env var for an API token override.
	APITokenKey = "CSP_API_TOKEN"
)
View Source 
const (
	// APITokenType Token type to denote the token obtained using API token
	APITokenType = "api-token"
	// IDTokenType Token type to denote the token obtained using interactive login flow
	IDTokenType = "id-token"
)

Token types

Variables

View Source 
var (
	// KnownIssuers are known OAuth2 endpoints in each CSP environment.
	KnownIssuers = map[string]oauth2.Endpoint{
		StgIssuer: {
			AuthURL:   "https://console-stg.cloud.vmware.com/csp/gateway/discovery",
			TokenURL:  "https://console-stg.cloud.vmware.com/csp/gateway/am/api/auth/authorize",
			AuthStyle: oauth2.AuthStyleInHeader,
		},
		ProdIssuer: {
			AuthURL:   "https://console.cloud.vmware.com/csp/gateway/discovery",
			TokenURL:  "https://console.cloud.vmware.com/csp/gateway/am/api/auth/authorize",
			AuthStyle: oauth2.AuthStyleInHeader,
		},
	}
)

Functions

func GetAuthOptsOrExit 

func GetAuthOptsOrExit() grpc.CallOption

GetAuthOptsOrExit returns the grpc auth options. If accessToken is not empty it uses it, else it fetches the token from the current auth context. If it encounters and error, it exits.

func GetIssuer 

func GetIssuer(staging bool) string

GetIssuer returns the appropriate CSP issuer based on the environment.

func GetOrgNameFromOrgID added in v1.2.0 

func GetOrgNameFromOrgID(orgID, accessToken, issuer string) (string, error)

GetOrgNameFromOrgID fetches CSP Org Name given the Organization ID.

func GetToken 

func GetToken(g *configapi.GlobalServerAuth) (*oauth2.Token, error)

GetToken fetches a token for the current auth context.

func IDTokenFromTokenSource 

func IDTokenFromTokenSource(token *oauth2.Token) (idTok string)

IDTokenFromTokenSource parses out the id token from extra info in tokensource if available, or returns empty string.

func IsExpired 

func IsExpired(tokenExpiry time.Time) bool

IsExpired checks for the token expiry and returns true if the token has expired else will return false

func WithCredentialDiscovery 

func WithCredentialDiscovery() (grpc.CallOption, error)

WithCredentialDiscovery returns a grpc.CallOption that adds credentials into gRPC calls. The credentials are loaded from the auth context found on the machine.

func WithStaticCreds 

func WithStaticCreds(accessToken string) grpc.CallOption

WithStaticCreds will wrap a static access token into a grpc.CallOption

Types

type Claims 

type Claims struct {
	Username    string
	Permissions []string
	OrgID       string
	Raw         map[string]interface{}
}

Claims are the jwt claims.

func ParseToken 

func ParseToken(tkn *oauth2.Token) (*Claims, error)

ParseToken parses the token.

type LoginOption added in v1.2.0 

type LoginOption func(*cspLoginHandler) error

LoginOption is an optional configuration for Login().

func WithListenerPort added in v1.2.0 

func WithListenerPort(port uint16) LoginOption

WithListenerPort specifies a TCP listener port on localhost, which will be used for the redirect_uri and to handle the authorization code callback. By default, a random high port will be chosen which requires the authorization server to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252#section-7.3: Being able to designate the listener port might be advantages under some circumstances (e.g. for determining what to port-forward from the host where the web browser is available)

func WithListenerPortFromEnv added in v1.2.0 

func WithListenerPortFromEnv(envVarName string) LoginOption

WithListenerPortFromEnv sets the TCP listener port on localhost based on the value of the specified environment variable, which will be used for the redirect_uri and to handle the authorization code callback. By default, a random high port will be chosen which requires the authorization server to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252#section-7.3: Being able to designate the listener port might be advantages under some circumstances (e.g. for determining what to port-forward from the host where the web browser is available)

func WithOrgID added in v1.2.0 

func WithOrgID(orgID string) LoginOption

WithOrgID causes the login to given Organization.

func WithRefreshToken added in v1.2.0 

func WithRefreshToken(refreshToken string) LoginOption

WithRefreshToken causes the login to use refresh token instead of interactive login. If the refresh token is expired or invalid, the interactive login will kick in

type Token 

type Token struct {
	// IDToken for OIDC.
	IDToken string `json:"id_token"`

	// TokenType is the type of token.
	TokenType string `json:"token_type"`

	// ExpiresIn is expiration in seconds.
	ExpiresIn int64 `json:"expires_in"`

	// Scope of the token.
	Scope string `json:"scope"`

	// AccessToken from CSP.
	AccessToken string `json:"access_token"`

	// RefreshToken for use with Refresh Token grant.
	RefreshToken string `json:"refresh_token"`
}

Token is a CSP token.

func GetAccessTokenFromAPIToken 

func GetAccessTokenFromAPIToken(apiToken, issuer string) (*Token, error)

GetAccessTokenFromAPIToken fetches CSP access token using the API-token.

func TanzuLogin added in v1.2.0 

func TanzuLogin(issuerURL string, opts ...LoginOption) (*Token, error)

type TokenSource 

type TokenSource struct {
	oauth2.TokenSource
}

TokenSource supplies PerRPCCredentials from an oauth2.TokenSource using CSP as the IDP. It will supply access token through authorization header and id_token through user-Id header

func (TokenSource) GetRequestMetadata 

func (ts TokenSource) GetRequestMetadata(_ context.Context, _ ...string) (map[string]string, error)

GetRequestMetadata gets the request metadata as a map from a TokenSource.

func (TokenSource) RequireTransportSecurity 

func (ts TokenSource) RequireTransportSecurity() bool

RequireTransportSecurity indicates whether the credentials requires transport security.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.