Documentation ¶
Overview ¶
Package auth is intended for internal use only. It is made available to facilitate use cases that require access to internal MongoDB driver functionality and state. The API of this package is not stable and there is no backward compatibility guarantee.
WARNING: THIS PACKAGE IS EXPERIMENTAL AND MAY BE MODIFIED OR REMOVED WITHOUT NOTICE! USE WITH EXTREME CAUTION!
Index ¶
- Constants
- func ConductSaslConversation(ctx context.Context, cfg *driver.AuthConfig, authSource string, ...) error
- func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
- func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
- type Authenticator
- type AuthenticatorFactory
- type Config
- type Cred
- type DefaultAuthenticator
- type Error
- type ExtraOptionsSaslClient
- type HandshakeOptions
- type IDPInfo
- type MongoDBAWSAuthenticator
- type MongoDBCRAuthenticator
- type MongoDBX509Authenticator
- type OIDCArgs
- type OIDCAuthenticator
- func (oa *OIDCAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
- func (oa *OIDCAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
- func (oa *OIDCAuthenticator) Reauth(ctx context.Context, cfg *driver.AuthConfig) error
- func (oa *OIDCAuthenticator) SetAccessToken(accessToken string)
- type OIDCCallback
- type OIDCCredential
- type PlainAuthenticator
- type SaslClient
- type SaslClientCloser
- type ScramAuthenticator
- type SpeculativeAuthenticator
- type SpeculativeConversation
Constants ¶
const ( // SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1" SCRAMSHA1 = "SCRAM-SHA-1" // SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256" SCRAMSHA256 = "SCRAM-SHA-256" )
const AllowedHostsProp = "ALLOWED_HOSTS"
AllowedHostsProp is the property key name that specifies the allowed hosts for the OIDC authenticator.
const AzureEnvironmentValue = "azure"
AzureEnvironmentValue is the value for the Azure environment.
const EnvironmentProp = "ENVIRONMENT"
EnvironmentProp is the property key name that specifies the environment for the OIDC authenticator.
const GCPEnvironmentValue = "gcp"
GCPEnvironmentValue is the value for the GCP environment.
const GSSAPI = "GSSAPI"
GSSAPI is the mechanism name for GSSAPI.
const MONGODBCR = "MONGODB-CR"
MONGODBCR is the mechanism name for MONGODB-CR.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
const MongoDBAWS = "MONGODB-AWS"
MongoDBAWS is the mechanism name for MongoDBAWS.
const MongoDBOIDC = "MONGODB-OIDC"
MongoDBOIDC is the string constant for the MONGODB-OIDC authentication mechanism.
const MongoDBX509 = "MONGODB-X509"
MongoDBX509 is the mechanism name for MongoDBX509.
const PLAIN = "PLAIN"
PLAIN is the mechanism name for PLAIN.
const ResourceProp = "TOKEN_RESOURCE"
ResourceProp is the property key name that specifies the token resource for GCP and AZURE OIDC auth.
const TestEnvironmentValue = "test"
TestEnvironmentValue is the value for the test environment.
Variables ¶
This section is empty.
Functions ¶
func ConductSaslConversation ¶
func ConductSaslConversation(ctx context.Context, cfg *driver.AuthConfig, authSource string, client SaslClient) error
ConductSaslConversation runs a full SASL conversation to authenticate the given connection.
func Handshaker ¶
func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker
Handshaker creates a connection handshaker for the given authenticator.
func RegisterAuthenticatorFactory ¶
func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)
RegisterAuthenticatorFactory registers the authenticator factory.
Types ¶
type Authenticator ¶
type Authenticator = driver.Authenticator
Authenticator handles authenticating a connection.
func CreateAuthenticator ¶
CreateAuthenticator creates an authenticator.
type AuthenticatorFactory ¶
type AuthenticatorFactory func(*Cred, *http.Client) (Authenticator, error)
AuthenticatorFactory constructs an authenticator.
type Config ¶
type Config struct { Connection *mnet.Connection ClusterClock *session.ClusterClock HandshakeInfo driver.HandshakeInformation ServerAPI *driver.ServerAPIOptions HTTPClient *http.Client }
Config holds the information necessary to perform an authentication attempt.
type DefaultAuthenticator ¶
type DefaultAuthenticator struct { Cred *Cred // contains filtered or unexported fields }
DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.
func (*DefaultAuthenticator) Auth ¶
func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the connection.
func (*DefaultAuthenticator) CreateSpeculativeConversation ¶
func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
func (*DefaultAuthenticator) Reauth ¶
func (a *DefaultAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error is an error that occurred during authentication.
type ExtraOptionsSaslClient ¶
ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.
type HandshakeOptions ¶
type HandshakeOptions struct { AppName string Authenticator Authenticator Compressors []string DBUser string PerformAuthentication func(description.Server) bool ClusterClock *session.ClusterClock ServerAPI *driver.ServerAPIOptions LoadBalanced bool // Fields provided by a library that wraps the Go Driver. OuterLibraryName string OuterLibraryVersion string OuterLibraryPlatform string }
HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.
type IDPInfo ¶
IDPInfo contains the information needed to perform OIDC authentication with an Identity Provider.
type MongoDBAWSAuthenticator ¶
type MongoDBAWSAuthenticator struct {
// contains filtered or unexported fields
}
MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.
func (*MongoDBAWSAuthenticator) Auth ¶
func (a *MongoDBAWSAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the connection.
func (*MongoDBAWSAuthenticator) Reauth ¶
func (a *MongoDBAWSAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type MongoDBCRAuthenticator ¶
MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
func (*MongoDBCRAuthenticator) Auth ¶
func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the connection.
The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.
func (*MongoDBCRAuthenticator) Reauth ¶
func (a *MongoDBCRAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type MongoDBX509Authenticator ¶
type MongoDBX509Authenticator struct {
User string
}
MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.
func (*MongoDBX509Authenticator) Auth ¶
func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the provided connection by conducting an X509 authentication conversation.
func (*MongoDBX509Authenticator) CreateSpeculativeConversation ¶
func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for X509 authentication.
func (*MongoDBX509Authenticator) Reauth ¶
func (a *MongoDBX509Authenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type OIDCAuthenticator ¶
type OIDCAuthenticator struct { AuthMechanismProperties map[string]string OIDCMachineCallback OIDCCallback OIDCHumanCallback OIDCCallback // contains filtered or unexported fields }
OIDCAuthenticator is synchronized and handles caching of the access token, refreshToken, and IDPInfo. It also provides a mechanism to refresh the access token, but this functionality is only for the OIDC Human flow.
func (*OIDCAuthenticator) Auth ¶
func (oa *OIDCAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the connection.
func (*OIDCAuthenticator) CreateSpeculativeConversation ¶
func (oa *OIDCAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for OIDC authentication.
func (*OIDCAuthenticator) Reauth ¶
func (oa *OIDCAuthenticator) Reauth(ctx context.Context, cfg *driver.AuthConfig) error
Reauth reauthenticates the connection when the server returns a 391 code. Reauth is part of the driver.Authenticator interface.
func (*OIDCAuthenticator) SetAccessToken ¶
func (oa *OIDCAuthenticator) SetAccessToken(accessToken string)
SetAccessToken allows for manually setting the access token for the OIDCAuthenticator, this is only for testing purposes.
type OIDCCallback ¶
type OIDCCallback = driver.OIDCCallback
OIDCCallback is a function that takes a context and OIDCArgs and returns an OIDCCredential.
type OIDCCredential ¶
type OIDCCredential = driver.OIDCCredential
OIDCCredential contains the access token and refresh token.
type PlainAuthenticator ¶
PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.
func (*PlainAuthenticator) Auth ¶
func (a *PlainAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the connection.
func (*PlainAuthenticator) Reauth ¶
func (a *PlainAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type SaslClient ¶
type SaslClient interface { Start() (string, []byte, error) Next(ctx context.Context, challenge []byte) ([]byte, error) Completed() bool }
SaslClient is the client piece of a sasl conversation.
type SaslClientCloser ¶
type SaslClientCloser interface { SaslClient Close() }
SaslClientCloser is a SaslClient that has resources to clean up.
type ScramAuthenticator ¶
type ScramAuthenticator struct {
// contains filtered or unexported fields
}
ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.
func (*ScramAuthenticator) Auth ¶
func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *driver.AuthConfig) error
Auth authenticates the provided connection by conducting a full SASL conversation.
func (*ScramAuthenticator) CreateSpeculativeConversation ¶
func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)
CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.
func (*ScramAuthenticator) Reauth ¶
func (a *ScramAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error
Reauth reauthenticates the connection.
type SpeculativeAuthenticator ¶
type SpeculativeAuthenticator interface {
CreateSpeculativeConversation() (SpeculativeConversation, error)
}
SpeculativeAuthenticator represents an authenticator that supports speculative authentication.
type SpeculativeConversation ¶
type SpeculativeConversation interface { FirstMessage() (bsoncore.Document, error) Finish(ctx context.Context, cfg *driver.AuthConfig, firstResponse bsoncore.Document) error }
SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.
FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.
Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.