auth

package

v0.5.1-rc3 Latest Latest Go to latest Published: Dec 8, 2021 License: MPL-2.0 Imports: 27 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/weaveworks/weave-gitops

Documentation ¶

Index ¶

Constants
Variables
func NewGitlabAuthFlow(redirectUri string, client *http.Client) (types.AuthFlow, error)
type AuthService
- func NewAuthService(fluxClient flux.Flux, k8sClient client.Client, ...) (AuthService, error)
type BlockingCLIAuthHandler
type Claims
type GithubAuthClient
- func NewGithubAuthClient(client *http.Client) GithubAuthClient
type GithubDeviceCodeResponse
type GitlabAuthClient
- func NewGitlabAuthClient(client *http.Client) GitlabAuthClient
type JWTClient
- func NewJwtClient(secretKey string) JWTClient
type SecretName
- func (sn SecretName) NamespacedName() types.NamespacedName
- func (sn SecretName) String() string

Constants ¶

View Source

const ExpirationTime = time.Minute * 15

ExpirationTime jwt token expiration time

View Source

const GithubOAuthScope = "repo"

It appears we need `repo` scope, which is VERY permissive. We need to be able to push a deploy key and merge commits. No other scopes matched. Available scopes: https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps

View Source

const WeGOGithubClientID = "edcb13588d46f254052c"

Uniquely identifies us as a GitHub app. This does not need to be obfuscated because it is publicly available to anyone who does an OAuth request via wego. See the auth ADR for more details: https://github.com/weaveworks/weave-gitops/blob/main/doc/adr/0005-wego-core-auth-strategy.md#design

Variables ¶

View Source

var ErrAuthPending = errors.New("auth pending")

View Source

var ErrSlowDown = errors.New("slow down")

View Source

var ErrUnauthorizedToken = errors.New("unauthorized token")

ErrUnauthorizedToken unauthorized token error

Functions ¶

func NewGitlabAuthFlow ¶ added in v0.3.0

func NewGitlabAuthFlow(redirectUri string, client *http.Client) (types.AuthFlow, error)

Types ¶

type AuthService ¶

type AuthService interface {
	CreateGitClient(ctx context.Context, repoUrl gitproviders.RepoURL, targetName string, namespace string, dryRun bool) (git.Git, error)
	GetGitProvider() gitproviders.GitProvider
}

func NewAuthService ¶

func NewAuthService(fluxClient flux.Flux, k8sClient client.Client, provider gitproviders.GitProvider, l logger.Logger) (AuthService, error)

NewAuthService constructs an auth service for doing git operations with an authenticated client.

type BlockingCLIAuthHandler ¶

type BlockingCLIAuthHandler func(context.Context, io.Writer) (string, error)

BlockingCLIAuthHandler takes over the terminal experience and returns a token when the user completes the flow.

func NewAuthCLIHandler ¶

func NewAuthCLIHandler(name gitproviders.GitProviderName) (BlockingCLIAuthHandler, error)

func NewGithubDeviceFlowHandler ¶

func NewGithubDeviceFlowHandler(client *http.Client) BlockingCLIAuthHandler

NewGithubDeviceFlowHandler returns a function which will initiate the Github Device Flow for the CLI.

func NewGitlabAuthFlowHandler ¶ added in v0.3.0

func NewGitlabAuthFlowHandler(client *http.Client, flow types.AuthFlow) BlockingCLIAuthHandler

NewGitlabAuthFlowHandler returns a BlockingCLIAuthHandler for the Gitlab OAuth flow in a CLI. It will set up a temporary server as a callback mechanism. Once the user runs through the flow the server will be shutdown, and we will exit the function.

type Claims ¶

type Claims struct {
	jwt.StandardClaims
	Provider      gitproviders.GitProviderName `json:"provider"`
	ProviderToken string                       `json:"provider_token"`
}

Claims is a custom JWT claims that contains some token information

type GithubAuthClient ¶ added in v0.3.0

type GithubAuthClient interface {
	GetDeviceCode() (*GithubDeviceCodeResponse, error)
	GetDeviceCodeAuthStatus(deviceCode string) (string, error)
}

func NewGithubAuthClient ¶ added in v0.5.0

func NewGithubAuthClient(client *http.Client) GithubAuthClient

type GithubDeviceCodeResponse ¶ added in v0.3.0

type GithubDeviceCodeResponse struct {
	DeviceCode      string `json:"device_code"`
	UserCode        string `json:"user_code"`
	VerificationURI string `json:"verification_uri"`
	Interval        int    `json:"interval"`
}

GithubDeviceCodeResponse represents response body from the Github API

type GitlabAuthClient ¶ added in v0.5.0

type GitlabAuthClient interface {
	AuthURL(ctx context.Context, redirectUri string) (url.URL, error)
	ExchangeCode(ctx context.Context, redirectUri, code string) (*types.TokenResponseState, error)
}

func NewGitlabAuthClient ¶ added in v0.5.0

func NewGitlabAuthClient(client *http.Client) GitlabAuthClient

type JWTClient ¶

type JWTClient interface {
	GenerateJWT(expirationTime time.Duration, providerName gitproviders.GitProviderName, providerToken string) (string, error)
	VerifyJWT(accessToken string) (*Claims, error)
}

JWTClient represents a type that has methods to generate and verify JWT tokens.

func NewJwtClient ¶

func NewJwtClient(secretKey string) JWTClient

NewJwtClient initialize JWTClient instance

type SecretName ¶

type SecretName struct {
	Name      automation.GeneratedSecretName
	Namespace string
}

func (SecretName) NamespacedName ¶

func (sn SecretName) NamespacedName() types.NamespacedName

func (SecretName) String ¶

func (sn SecretName) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authfakes Code generated by counterfeiter.	Code generated by counterfeiter.
internal
types
typesfakes Code generated by counterfeiter.	Code generated by counterfeiter.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL