tokencmd

package

v3.6.1+incompatible Latest Latest Go to latest Published: Oct 22, 2017 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.imxd.top/openshift/origin

Documentation ¶

Index ¶

Constants
func BasicEnabled() bool
func GSSAPIEnabled() bool
func RequestToken(clientCfg *restclient.Config, reader io.Reader, defaultUsername string, ...) (string, error)
type BasicChallengeHandler
type ChallengeHandler
- func NewMultiHandler(handlers ...ChallengeHandler) ChallengeHandler
- func NewNegotiateChallengeHandler(negotiater Negotiater) ChallengeHandler
type MultiHandler
type NegotiateChallengeHandler
type Negotiater
- func NewGSSAPINegotiator(principalName string) Negotiater
type RequestTokenOptions
- func (o *RequestTokenOptions) RequestToken() (string, error)

Constants ¶

View Source

const CSRFTokenHeader = "X-CSRF-Token"

CSRFTokenHeader is a marker header that indicates we are not a browser that got tricked into requesting basic auth Corresponds to the header expected by basic-auth challenging authenticators

Variables ¶

This section is empty.

Functions ¶

func BasicEnabled ¶ added in v1.3.0

func BasicEnabled() bool

func GSSAPIEnabled ¶ added in v1.3.0

func GSSAPIEnabled() bool

func RequestToken ¶

func RequestToken(clientCfg *restclient.Config, reader io.Reader, defaultUsername string, defaultPassword string) (string, error)

RequestToken uses the cmd arguments to locate an openshift oauth server and attempts to authenticate it returns the access token if it gets one. An error if it does not

Types ¶

type BasicChallengeHandler ¶ added in v1.0.6

type BasicChallengeHandler struct {
	// Host is the server being authenticated to. Used only for displaying messages when prompting for username/password
	Host string

	// Reader is used to prompt for username/password. If nil, no prompting is done
	Reader io.Reader
	// Writer is used to output prompts. If nil, stdout is used
	Writer io.Writer

	// Username is the username to use when challenged. If empty, a prompt is issued to a non-nil Reader
	Username string
	// Password is the password to use when challenged. If empty, a prompt is issued to a non-nil Reader
	Password string
	// contains filtered or unexported fields
}

func (*BasicChallengeHandler) CanHandle ¶ added in v1.0.6

func (c *BasicChallengeHandler) CanHandle(headers http.Header) bool

func (*BasicChallengeHandler) CompleteChallenge ¶ added in v1.3.0

func (c *BasicChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*BasicChallengeHandler) HandleChallenge ¶ added in v1.0.6

func (c *BasicChallengeHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*BasicChallengeHandler) Release ¶ added in v1.3.0

func (c *BasicChallengeHandler) Release() error

type ChallengeHandler ¶ added in v1.3.0

type ChallengeHandler interface {
	// CanHandle returns true if the handler recognizes a challenge it thinks it can handle.
	CanHandle(headers http.Header) bool
	// HandleChallenge lets the handler attempt to handle a challenge.
	// It is only invoked if CanHandle() returned true for the given headers.
	// Returns response headers and true if the challenge is successfully handled.
	// Returns false if the challenge was not handled, and an optional error in error cases.
	HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)
	// CompleteChallenge is invoked with the headers from a successful server response
	// received after having handled one or more challenges.
	// Returns an error if the handler does not consider the challenge/response interaction complete.
	CompleteChallenge(requestURL string, headers http.Header) error
	// Release gives the handler a chance to release any resources held during a challenge/response sequence.
	// It is always invoked, even in cases where no challenges were received or handled.
	Release() error
}

ChallengeHandler handles responses to WWW-Authenticate challenges.

func NewMultiHandler ¶ added in v1.3.0

func NewMultiHandler(handlers ...ChallengeHandler) ChallengeHandler

func NewNegotiateChallengeHandler ¶ added in v1.3.0

func NewNegotiateChallengeHandler(negotiater Negotiater) ChallengeHandler

type MultiHandler ¶ added in v1.3.0

type MultiHandler struct {
	// contains filtered or unexported fields
}

MultiHandler manages a series of authentication challenges it is single-use only, and not thread-safe

func (*MultiHandler) CanHandle ¶ added in v1.3.0

func (h *MultiHandler) CanHandle(headers http.Header) bool

func (*MultiHandler) CompleteChallenge ¶ added in v1.3.0

func (h *MultiHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*MultiHandler) HandleChallenge ¶ added in v1.3.0

func (h *MultiHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*MultiHandler) Release ¶ added in v1.3.0

func (h *MultiHandler) Release() error

type NegotiateChallengeHandler ¶ added in v1.3.0

type NegotiateChallengeHandler struct {
	// contains filtered or unexported fields
}

NegotiateChallengeHandler manages a challenge negotiation session it is single-host, single-use only, and not thread-safe

func (*NegotiateChallengeHandler) CanHandle ¶ added in v1.3.0

func (c *NegotiateChallengeHandler) CanHandle(headers http.Header) bool

func (*NegotiateChallengeHandler) CompleteChallenge ¶ added in v1.3.0

func (c *NegotiateChallengeHandler) CompleteChallenge(requestURL string, headers http.Header) error

func (*NegotiateChallengeHandler) HandleChallenge ¶ added in v1.3.0

func (c *NegotiateChallengeHandler) HandleChallenge(requestURL string, headers http.Header) (http.Header, bool, error)

func (*NegotiateChallengeHandler) Release ¶ added in v1.3.0

func (c *NegotiateChallengeHandler) Release() error

type Negotiater ¶ added in v1.3.0

type Negotiater interface {
	// Load gives the negotiator a chance to load any resources needed to handle a challenge/response sequence.
	// It may be invoked multiple times. If an error is returned, InitSecContext and IsComplete are not called, but Release() is.
	Load() error
	// InitSecContext returns the response token for a Negotiate challenge token from a given URL,
	// or an error if no response token could be obtained or the incoming token is invalid.
	InitSecContext(requestURL string, challengeToken []byte) (tokenToSend []byte, err error)
	// IsComplete returns true if the negotiator is satisfied with the negotiation.
	// This typically means gssapi returned GSS_S_COMPLETE to an initSecContext call.
	IsComplete() bool
	// Release gives the negotiator a chance to release any resources held during a challenge/response sequence.
	// It is always invoked, even in cases where no challenges were received or handled.
	Release() error
}

Negotiater defines the minimal interface needed to interact with GSSAPI to perform a negotiate challenge/response

func NewGSSAPINegotiator ¶ added in v1.3.0

func NewGSSAPINegotiator(principalName string) Negotiater

type RequestTokenOptions ¶ added in v1.3.0

type RequestTokenOptions struct {
	ClientConfig *restclient.Config
	Handler      ChallengeHandler
}

func (*RequestTokenOptions) RequestToken ¶ added in v1.3.0

func (o *RequestTokenOptions) RequestToken() (string, error)

RequestToken locates an openshift oauth server and attempts to authenticate. It returns the access token if it gets one, or an error if it does not. It should only be invoked once on a given RequestTokenOptions instance. The Handler held by the options is released as part of this call.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL