auth

package
v2.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 10, 2024 License: Apache-2.0 Imports: 29 Imported by: 1

Documentation

Overview

Package auth is intended for internal use only. It is made available to facilitate use cases that require access to internal MongoDB driver functionality and state. The API of this package is not stable and there is no backward compatibility guarantee.

WARNING: THIS PACKAGE IS EXPERIMENTAL AND MAY BE MODIFIED OR REMOVED WITHOUT NOTICE! USE WITH EXTREME CAUTION!

Index

Constants

View Source
const (
	// SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1"
	SCRAMSHA1 = "SCRAM-SHA-1"

	// SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256"
	SCRAMSHA256 = "SCRAM-SHA-256"
)
View Source
const AllowedHostsProp = "ALLOWED_HOSTS"

AllowedHostsProp is the property key name that specifies the allowed hosts for the OIDC authenticator.

View Source
const AzureEnvironmentValue = "azure"

AzureEnvironmentValue is the value for the Azure environment.

View Source
const EnvironmentProp = "ENVIRONMENT"

EnvironmentProp is the property key name that specifies the environment for the OIDC authenticator.

View Source
const GCPEnvironmentValue = "gcp"

GCPEnvironmentValue is the value for the GCP environment.

View Source
const GSSAPI = "GSSAPI"

GSSAPI is the mechanism name for GSSAPI.

View Source
const MONGODBCR = "MONGODB-CR"

MONGODBCR is the mechanism name for MONGODB-CR.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

View Source
const MongoDBAWS = "MONGODB-AWS"

MongoDBAWS is the mechanism name for MongoDBAWS.

View Source
const MongoDBOIDC = "MONGODB-OIDC"

MongoDBOIDC is the string constant for the MONGODB-OIDC authentication mechanism.

View Source
const MongoDBX509 = "MONGODB-X509"

MongoDBX509 is the mechanism name for MongoDBX509.

View Source
const PLAIN = "PLAIN"

PLAIN is the mechanism name for PLAIN.

View Source
const ResourceProp = "TOKEN_RESOURCE"

ResourceProp is the property key name that specifies the token resource for GCP and AZURE OIDC auth.

View Source
const TestEnvironmentValue = "test"

TestEnvironmentValue is the value for the test environment.

Variables

This section is empty.

Functions

func ConductSaslConversation

func ConductSaslConversation(ctx context.Context, cfg *driver.AuthConfig, authSource string, client SaslClient) error

ConductSaslConversation runs a full SASL conversation to authenticate the given connection.

func Handshaker

func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker

Handshaker creates a connection handshaker for the given authenticator.

func RegisterAuthenticatorFactory

func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)

RegisterAuthenticatorFactory registers the authenticator factory.

Types

type Authenticator

type Authenticator = driver.Authenticator

Authenticator handles authenticating a connection.

func CreateAuthenticator

func CreateAuthenticator(name string, cred *Cred, httpClient *http.Client) (Authenticator, error)

CreateAuthenticator creates an authenticator.

type AuthenticatorFactory

type AuthenticatorFactory func(*Cred, *http.Client) (Authenticator, error)

AuthenticatorFactory constructs an authenticator.

type Config

type Config struct {
	Connection    *mnet.Connection
	ClusterClock  *session.ClusterClock
	HandshakeInfo driver.HandshakeInformation
	ServerAPI     *driver.ServerAPIOptions
	HTTPClient    *http.Client
}

Config holds the information necessary to perform an authentication attempt.

type Cred

type Cred = driver.Cred

Cred is the type of user credential

type DefaultAuthenticator

type DefaultAuthenticator struct {
	Cred *Cred
	// contains filtered or unexported fields
}

DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.

func (*DefaultAuthenticator) Auth

Auth authenticates the connection.

func (*DefaultAuthenticator) CreateSpeculativeConversation

func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

func (*DefaultAuthenticator) Reauth

Reauth reauthenticates the connection.

type Error

type Error struct {
	// contains filtered or unexported fields
}

Error is an error that occurred during authentication.

func (*Error) Error

func (e *Error) Error() string

func (*Error) Inner

func (e *Error) Inner() error

Inner returns the wrapped error.

func (*Error) Message

func (e *Error) Message() string

Message returns the message.

func (*Error) Unwrap

func (e *Error) Unwrap() error

Unwrap returns the underlying error.

type ExtraOptionsSaslClient

type ExtraOptionsSaslClient interface {
	StartCommandOptions() bsoncore.Document
}

ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.

type HandshakeOptions

type HandshakeOptions struct {
	AppName               string
	Authenticator         Authenticator
	Compressors           []string
	DBUser                string
	PerformAuthentication func(description.Server) bool
	ClusterClock          *session.ClusterClock
	ServerAPI             *driver.ServerAPIOptions
	LoadBalanced          bool

	// Fields provided by a library that wraps the Go Driver.
	OuterLibraryName     string
	OuterLibraryVersion  string
	OuterLibraryPlatform string
}

HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.

type IDPInfo

type IDPInfo = driver.IDPInfo

IDPInfo contains the information needed to perform OIDC authentication with an Identity Provider.

type MongoDBAWSAuthenticator

type MongoDBAWSAuthenticator struct {
	// contains filtered or unexported fields
}

MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.

func (*MongoDBAWSAuthenticator) Auth

Auth authenticates the connection.

func (*MongoDBAWSAuthenticator) Reauth

Reauth reauthenticates the connection.

type MongoDBCRAuthenticator

type MongoDBCRAuthenticator struct {
	DB       string
	Username string
	Password string
}

MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

func (*MongoDBCRAuthenticator) Auth

Auth authenticates the connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

func (*MongoDBCRAuthenticator) Reauth

Reauth reauthenticates the connection.

type MongoDBX509Authenticator

type MongoDBX509Authenticator struct {
	User string
}

MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.

func (*MongoDBX509Authenticator) Auth

Auth authenticates the provided connection by conducting an X509 authentication conversation.

func (*MongoDBX509Authenticator) CreateSpeculativeConversation

func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for X509 authentication.

func (*MongoDBX509Authenticator) Reauth

Reauth reauthenticates the connection.

type OIDCArgs

type OIDCArgs = driver.OIDCArgs

OIDCArgs contains the arguments for the OIDC callback.

type OIDCAuthenticator

type OIDCAuthenticator struct {
	AuthMechanismProperties map[string]string
	OIDCMachineCallback     OIDCCallback
	OIDCHumanCallback       OIDCCallback
	// contains filtered or unexported fields
}

OIDCAuthenticator is synchronized and handles caching of the access token, refreshToken, and IDPInfo. It also provides a mechanism to refresh the access token, but this functionality is only for the OIDC Human flow.

func (*OIDCAuthenticator) Auth

Auth authenticates the connection.

func (*OIDCAuthenticator) CreateSpeculativeConversation

func (oa *OIDCAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for OIDC authentication.

func (*OIDCAuthenticator) Reauth

func (oa *OIDCAuthenticator) Reauth(ctx context.Context, cfg *driver.AuthConfig) error

Reauth reauthenticates the connection when the server returns a 391 code. Reauth is part of the driver.Authenticator interface.

func (*OIDCAuthenticator) SetAccessToken

func (oa *OIDCAuthenticator) SetAccessToken(accessToken string)

SetAccessToken allows for manually setting the access token for the OIDCAuthenticator, this is only for testing purposes.

type OIDCCallback

type OIDCCallback = driver.OIDCCallback

OIDCCallback is a function that takes a context and OIDCArgs and returns an OIDCCredential.

type OIDCCredential

type OIDCCredential = driver.OIDCCredential

OIDCCredential contains the access token and refresh token.

type PlainAuthenticator

type PlainAuthenticator struct {
	Username string
	Password string
}

PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.

func (*PlainAuthenticator) Auth

Auth authenticates the connection.

func (*PlainAuthenticator) Reauth

Reauth reauthenticates the connection.

type SaslClient

type SaslClient interface {
	Start() (string, []byte, error)
	Next(ctx context.Context, challenge []byte) ([]byte, error)
	Completed() bool
}

SaslClient is the client piece of a sasl conversation.

type SaslClientCloser

type SaslClientCloser interface {
	SaslClient
	Close()
}

SaslClientCloser is a SaslClient that has resources to clean up.

type ScramAuthenticator

type ScramAuthenticator struct {
	// contains filtered or unexported fields
}

ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.

func (*ScramAuthenticator) Auth

Auth authenticates the provided connection by conducting a full SASL conversation.

func (*ScramAuthenticator) CreateSpeculativeConversation

func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

func (*ScramAuthenticator) Reauth

Reauth reauthenticates the connection.

type SpeculativeAuthenticator

type SpeculativeAuthenticator interface {
	CreateSpeculativeConversation() (SpeculativeConversation, error)
}

SpeculativeAuthenticator represents an authenticator that supports speculative authentication.

type SpeculativeConversation

type SpeculativeConversation interface {
	FirstMessage() (bsoncore.Document, error)
	Finish(ctx context.Context, cfg *driver.AuthConfig, firstResponse bsoncore.Document) error
}

SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.

FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.

Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.

Directories

Path Synopsis
Package creds is intended for internal use only.
Package creds is intended for internal use only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL