Documentation
¶
Overview ¶
Package auth is intended for internal use only. It is made available to facilitate use cases that require access to internal MongoDB driver functionality and state. The API of this package is not stable and there is no backward compatibility guarantee.
WARNING: THIS PACKAGE IS EXPERIMENTAL AND MAY BE MODIFIED OR REMOVED WITHOUT NOTICE! USE WITH EXTREME CAUTION!
Index ¶
- Constants
- func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error
- func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
- func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
- type Authenticator
- type AuthenticatorFactory
- type Config
- type Cred
- type DefaultAuthenticator
- type Error
- type ExtraOptionsSaslClient
- type HandshakeOptions
- type MongoDBAWSAuthenticator
- type MongoDBCRAuthenticator
- type MongoDBX509Authenticator
- type PlainAuthenticator
- type SaslClient
- type SaslClientCloser
- type ScramAuthenticator
- type SpeculativeAuthenticator
- type SpeculativeConversation
Constants ¶
const ( // SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1" SCRAMSHA1 = "SCRAM-SHA-1" // SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256" SCRAMSHA256 = "SCRAM-SHA-256" )
const GSSAPI = "GSSAPI"
GSSAPI is the mechanism name for GSSAPI.
const MONGODBCR = "MONGODB-CR"
MONGODBCR is the mechanism name for MONGODB-CR.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
const MongoDBAWS = "MONGODB-AWS"
MongoDBAWS is the mechanism name for MongoDBAWS.
const MongoDBX509 = "MONGODB-X509"
MongoDBX509 is the mechanism name for MongoDBX509.
const PLAIN = "PLAIN"
PLAIN is the mechanism name for PLAIN.
Variables ¶
This section is empty.
Functions ¶
func ConductSaslConversation ¶
func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error
ConductSaslConversation runs a full SASL conversation to authenticate the given connection.
func Handshaker ¶
func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
Handshaker creates a connection handshaker for the given authenticator.
func RegisterAuthenticatorFactory ¶
func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
RegisterAuthenticatorFactory registers the authenticator factory.
Types ¶
type Authenticator ¶
type Authenticator interface {
// Auth authenticates the connection.
Auth(context.Context, *Config) error
}
Authenticator handles authenticating a connection.
func CreateAuthenticator ¶
func CreateAuthenticator(name string, cred *Cred) (Authenticator, error)
CreateAuthenticator creates an authenticator.
type AuthenticatorFactory ¶
type AuthenticatorFactory func(cred *Cred) (Authenticator, error)
AuthenticatorFactory constructs an authenticator.
type Config ¶
type Config struct {
Description description.Server
Connection driver.Connection
ClusterClock *session.ClusterClock
HandshakeInfo driver.HandshakeInformation
ServerAPI *driver.ServerAPIOptions
HTTPClient *http.Client
}
Config holds the information necessary to perform an authentication attempt.
type Cred ¶
type Cred struct {
Source string
Username string
Password string
PasswordSet bool
Props map[string]string
}
Cred is a user's credential.
type DefaultAuthenticator ¶
type DefaultAuthenticator struct {
Cred *Cred
// contains filtered or unexported fields
}
DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.
func (*DefaultAuthenticator) Auth ¶
func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the connection.
func (*DefaultAuthenticator) CreateSpeculativeConversation ¶
func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error is an error that occurred during authentication.
type ExtraOptionsSaslClient ¶
ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.
type HandshakeOptions ¶
type HandshakeOptions struct {
AppName string
Authenticator Authenticator
Compressors []string
DBUser string
PerformAuthentication func(description.Server) bool
ClusterClock *session.ClusterClock
ServerAPI *driver.ServerAPIOptions
LoadBalanced bool
HTTPClient *http.Client
}
HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.
type MongoDBAWSAuthenticator ¶
type MongoDBAWSAuthenticator struct {
// contains filtered or unexported fields
}
MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.
type MongoDBCRAuthenticator ¶
MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
type MongoDBX509Authenticator ¶
type MongoDBX509Authenticator struct {
User string
}
MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.
func (*MongoDBX509Authenticator) Auth ¶
func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the provided connection by conducting an X509 authentication conversation.
func (*MongoDBX509Authenticator) CreateSpeculativeConversation ¶
func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for X509 authentication.
type PlainAuthenticator ¶
PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.
type SaslClient ¶
type SaslClient interface {
Start() (string, []byte, error)
Next(challenge []byte) ([]byte, error)
Completed() bool
}
SaslClient is the client piece of a sasl conversation.
type SaslClientCloser ¶
type SaslClientCloser interface {
SaslClient
Close()
}
SaslClientCloser is a SaslClient that has resources to clean up.
type ScramAuthenticator ¶
type ScramAuthenticator struct {
// contains filtered or unexported fields
}
ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.
func (*ScramAuthenticator) Auth ¶
func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error
Auth authenticates the provided connection by conducting a full SASL conversation.
func (*ScramAuthenticator) CreateSpeculativeConversation ¶
func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
type SpeculativeAuthenticator ¶
type SpeculativeAuthenticator interface {
CreateSpeculativeConversation() (SpeculativeConversation, error)
}
SpeculativeAuthenticator represents an authenticator that supports speculative authentication.
type SpeculativeConversation ¶
type SpeculativeConversation interface {
FirstMessage() (bsoncore.Document, error)
Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error
}
SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.
FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.
Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.
Source Files
Directories