graph

package

v0.16.8 Latest Latest Go to latest Published: Jun 12, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubeguard/guard

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuthResponse
type Group
type GroupList
type ObjectList
type ObjectQuery
type TokenProvider
type TokenResponse
type UserInfo

Constants ¶

View Source

const (
	MSIEndpointForARC = "http://127.0.0.1:8421/metadata/identity/oauth2/token?api-version=2018-02-01"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthResponse ¶

type AuthResponse struct {
	TokenType string `json:"token_type"`
	Expires   int    `json:"expires_in"`
	Token     string `json:"access_token"`
}

AuthResponse represents a response from the MS Graph auth API

type Group ¶

type Group struct {
	Name string `json:"displayName"`
	ID   string `json:"id"`
}

Group represents the Group object from the MSGraphAPI

type GroupList ¶

type GroupList struct {
	Value []Group `json:"value"`
}

GroupList represents a list of groups returned from the MS Graph API

type ObjectList ¶

type ObjectList struct {
	Value []string `json:"value"`
}

ObjectList represents a list of directory object IDs returned from the MS Graph API

type ObjectQuery ¶

type ObjectQuery struct {
	IDs   []string `json:"ids"`
	Types []string `json:"types"`
}

ObjectQuery represents a query object to the directoryObjects endpoint

type TokenProvider ¶

type TokenProvider interface {
	Name() string
	Acquire(ctx context.Context, token string) (AuthResponse, error)
}

TokenProvider is an interface to obtain token for MS Graph api

func NewAKSTokenProvider ¶

func NewAKSTokenProvider(tokenURL, tenantID string) TokenProvider

NewAKSTokenProvider returns a TokenProvider that implements On-Behalf-Of flow using AKS first party service

func NewClientCredentialTokenProvider ¶

func NewClientCredentialTokenProvider(clientID, clientSecret, loginURL, scope string) TokenProvider

NewClientCredentialTokenProvider returns a TokenProvider that implements OAuth client credential flow on Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token

func NewMSITokenProvider ¶ added in v0.14.0

func NewMSITokenProvider(msiAudience, msiEndpoint string) TokenProvider

NewMSITokenProvider returns a TokenProvider that implements OAuth msi flow on Azure Active Directory

func NewOBOTokenProvider ¶

func NewOBOTokenProvider(clientID, clientSecret, loginURL, scope string) TokenProvider

NewOBOTokenProvider returns a TokenProvider that implements OAuth On-Behalf-Of flow on Azure Active Directory https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow

type TokenResponse ¶ added in v0.14.0

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	ExpiresIn    string `json:"expires_in"`
	RefreshToken string `json:"refresh_token"`
	ExpiresOn    string `json:"expires_on"`
	NotBefore    string `json:"not_before"`
	Resource     string `json:"resource"`
	TokenType    string `json:"token_type"`
	ErrorMessage string `json:"error_message,omitempty"`
}

type UserInfo ¶

type UserInfo struct {
	// contains filtered or unexported fields
}

UserInfo allows you to get user data from MS Graph

func New ¶

func New(clientID, clientSecret, tenantID string, useGroupUID bool, aadEndpoint, msgraphHost string) (*UserInfo, error)

New returns a new UserInfo object

func NewWithAKS ¶

func NewWithAKS(tokenURL, tenantID, msgraphHost string) (*UserInfo, error)

NewWithAKS returns a new UserInfo object used in AKS

func NewWithARC ¶ added in v0.14.0

func NewWithARC(msiAudience, resourceId, tenantId, region string) (*UserInfo, error)

NewWithARC returns a new UserInfo object used in ARC

func NewWithOBO ¶

func NewWithOBO(clientID, clientSecret, tenantID string, aadEndpoint, msgraphHost string) (*UserInfo, error)

NewWithOBO returns a new UserInfo object

func TestUserInfo ¶

func TestUserInfo(clientID, clientSecret, loginUrl, apiUrl string, useGroupUID bool) (*UserInfo, error)

func (*UserInfo) GetGroups ¶

func (u *UserInfo) GetGroups(ctx context.Context, userPrincipal string, token string) ([]string, error)

GetGroups gets a list of all groups that the given user principal is part of Generally in federated directories the email address is the userPrincipalName

func (*UserInfo) Name ¶

func (u *UserInfo) Name() string

Name returns the name of this getter

func (*UserInfo) RefreshToken ¶

func (u *UserInfo) RefreshToken(ctx context.Context, token string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL