Documentation ¶
Overview ¶
Package csp provides Credential Service Provider token utilities.
Index ¶
- Constants
- Variables
- func ConnectToEndpoint(ctxopts ...ContextOpts) (*grpc.ClientConn, error)
- func ConnectToEndpointOrExit(ctxopts ...ContextOpts) *grpc.ClientConn
- func GetAuthOptsOrExit() grpc.CallOption
- func GetIssuer(staging bool) string
- func GetToken(g *configv1alpha1.GlobalServerAuth) (*oauth2.Token, error)
- func IDTokenFromTokenSource(token *oauth2.Token) (idTok string)
- func IsExpired(tokenExpiry time.Time) bool
- func WithCredentialDiscovery() (grpc.CallOption, error)
- func WithStaticCreds(accessToken string) grpc.CallOption
- type Claims
- type ContextOpts
- type Token
- type TokenSource
Constants ¶
const ( // AuthTokenDir is a directory where cluster access token and refresh tokens are stored. AuthTokenDir = "tokens" // ExtraIDToken is the key in the Extra fields map that contains id_token. ExtraIDToken = "id_token" // StgIssuer is the CSP staging issuer. StgIssuer = "https://console-stg.cloud.vmware.com/csp/gateway/am/api" // ProdIssuer is the CSP issuer. ProdIssuer = "https://console.cloud.vmware.com/csp/gateway/am/api" //nolint:gosec // Avoid "hardcoded credentials" false positive. // APITokenKey is the env var for an API token override. APITokenKey = "CSP_API_TOKEN" )
Variables ¶
var DefaultTimeout = 30
DefaultTimeout timeout in seconds.
var ( // KnownIssuers are known OAuth2 endpoints in each CSP environment. KnownIssuers = map[string]oauth2.Endpoint{ StgIssuer: { AuthURL: "https://console-stg.cloud.vmware.com/csp/gateway/discovery", TokenURL: "https://console-stg.cloud.vmware.com/csp/gateway/am/api/auth/authorize", AuthStyle: oauth2.AuthStyleInHeader, }, ProdIssuer: { AuthURL: "https://console.cloud.vmware.com/csp/gateway/discovery", TokenURL: "https://console.cloud.vmware.com/csp/gateway/am/api/auth/authorize", AuthStyle: oauth2.AuthStyleInHeader, }, } )
Functions ¶
func ConnectToEndpoint ¶
func ConnectToEndpoint(ctxopts ...ContextOpts) (*grpc.ClientConn, error)
ConnectToEndpoint attempts to connect to the provided endpoint. If endpoint is empty, it picks up the endpoint from the current auth ctx.
func ConnectToEndpointOrExit ¶
func ConnectToEndpointOrExit(ctxopts ...ContextOpts) *grpc.ClientConn
ConnectToEndpointOrExit returns a client connection to the provided endpoint. If it encounters an error, it exits.
func GetAuthOptsOrExit ¶
func GetAuthOptsOrExit() grpc.CallOption
GetAuthOptsOrExit returns the grpc auth options. If accessToken is not empty it uses it, else it fetches the token from the current auth context. If it encounters and error, it exits.
func GetToken ¶
func GetToken(g *configv1alpha1.GlobalServerAuth) (*oauth2.Token, error)
GetToken fetches a token for the current auth context.
func IDTokenFromTokenSource ¶
IDTokenFromTokenSource parses out the id token from extra info in tokensource if available, or returns empty string.
func IsExpired ¶
IsExpired checks for the token expiry and returns true if the token has expired else will return false
func WithCredentialDiscovery ¶
func WithCredentialDiscovery() (grpc.CallOption, error)
WithCredentialDiscovery returns a grpc.CallOption that adds credentials into gRPC calls. The credentials are loaded from the auth context found on the machine.
func WithStaticCreds ¶
func WithStaticCreds(accessToken string) grpc.CallOption
WithStaticCreds will wrap a static access token into a grpc.CallOption
Types ¶
type ContextOpts ¶
ContextOpts for the context.
type Token ¶
type Token struct { // IDToken for OIDC. IDToken string `json:"id_token"` // TokenType is the type of token. TokenType string `json:"token_type"` // ExpiresIn is experation in seconds. ExpiresIn int64 `json:"expires_in"` // Scope of the token. Scope string `json:"scope"` // AccessToken from CSP. AccessToken string `json:"access_token"` // RefreshToken for use with Refresh Token grant. RefreshToken string `json:"refresh_token"` }
Token is a CSP token.
func GetAccessTokenFromAPIToken ¶
GetAccessTokenFromAPIToken fetches CSP access token using the API-token.
type TokenSource ¶
type TokenSource struct {
oauth2.TokenSource
}
TokenSource supplies PerRPCCredentials from an oauth2.TokenSource using CSP as the IDP. It will supply access token through authorization header and id_token through user-Id header
func (TokenSource) GetRequestMetadata ¶
func (ts TokenSource) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
GetRequestMetadata gets the request metadata as a map from a TokenSource.
func (TokenSource) RequireTransportSecurity ¶
func (ts TokenSource) RequireTransportSecurity() bool
RequireTransportSecurity indicates whether the credentials requires transport security.