auth

package
v1.17.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2024 License: Apache-2.0 Imports: 29 Imported by: 69

Documentation

Overview

Package auth is intended for internal use only. It is made available to facilitate use cases that require access to internal MongoDB driver functionality and state. The API of this package is not stable and there is no backward compatibility guarantee.

WARNING: THIS PACKAGE IS EXPERIMENTAL AND MAY BE MODIFIED OR REMOVED WITHOUT NOTICE! USE WITH EXTREME CAUTION!

Index

Constants

View Source 
const (
	// SCRAMSHA1 holds the mechanism name "SCRAM-SHA-1"
	SCRAMSHA1 = "SCRAM-SHA-1"

	// SCRAMSHA256 holds the mechanism name "SCRAM-SHA-256"
	SCRAMSHA256 = "SCRAM-SHA-256"
)
View Source 
const AllowedHostsProp = "ALLOWED_HOSTS"

AllowedHostsProp is the property key name that specifies the allowed hosts for the OIDC authenticator.

View Source 
const AzureEnvironmentValue = "azure"

AzureEnvironmentValue is the value for the Azure environment.

View Source 
const EnvironmentProp = "ENVIRONMENT"

EnvironmentProp is the property key name that specifies the environment for the OIDC authenticator.

View Source 
const GCPEnvironmentValue = "gcp"

GCPEnvironmentValue is the value for the GCP environment.

View Source 
const GSSAPI = "GSSAPI"

GSSAPI is the mechanism name for GSSAPI.

View Source 
const MONGODBCR = "MONGODB-CR"

MONGODBCR is the mechanism name for MONGODB-CR.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

View Source 
const MongoDBAWS = "MONGODB-AWS"

MongoDBAWS is the mechanism name for MongoDBAWS.

View Source 
const MongoDBOIDC = "MONGODB-OIDC"

MongoDBOIDC is the string constant for the MONGODB-OIDC authentication mechanism.

View Source 
const MongoDBX509 = "MONGODB-X509"

MongoDBX509 is the mechanism name for MongoDBX509.

View Source 
const PLAIN = "PLAIN"

PLAIN is the mechanism name for PLAIN.

View Source 
const ResourceProp = "TOKEN_RESOURCE"

ResourceProp is the property key name that specifies the token resource for GCP and AZURE OIDC auth.

View Source 
const TestEnvironmentValue = "test"

TestEnvironmentValue is the value for the test environment.

Variables

This section is empty.

Functions

func ConductSaslConversation 

func ConductSaslConversation(ctx context.Context, cfg *Config, authSource string, client SaslClient) error

ConductSaslConversation runs a full SASL conversation to authenticate the given connection.

func Handshaker 

func Handshaker(h driver.Handshaker, options *HandshakeOptions) driver.Handshaker

Handshaker creates a connection handshaker for the given authenticator.

func RegisterAuthenticatorFactory 

func RegisterAuthenticatorFactory(name string, factory AuthenticatorFactory)

RegisterAuthenticatorFactory registers the authenticator factory.

Types

type Authenticator 

type Authenticator = driver.Authenticator

Authenticator handles authenticating a connection.

func CreateAuthenticator 

func CreateAuthenticator(name string, cred *Cred, httpClient *http.Client) (Authenticator, error)

CreateAuthenticator creates an authenticator.

type AuthenticatorFactory 

type AuthenticatorFactory func(*Cred, *http.Client) (Authenticator, error)

AuthenticatorFactory constructs an authenticator.

type Config added in v1.4.0 

type Config = driver.AuthConfig

Config contains the configuration for an Authenticator.

type Cred 

type Cred = driver.Cred

Cred is the type of user credential

type DefaultAuthenticator 

type DefaultAuthenticator struct {
	Cred *Cred
	// contains filtered or unexported fields
}

DefaultAuthenticator uses SCRAM-SHA-1 or MONGODB-CR depending on the server version.

func (*DefaultAuthenticator) Auth 

func (a *DefaultAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*DefaultAuthenticator) CreateSpeculativeConversation added in v1.4.0 

func (a *DefaultAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

func (*DefaultAuthenticator) Reauth added in v1.17.0 

func (a *DefaultAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type Error 

type Error struct {
	// contains filtered or unexported fields
}

Error is an error that occurred during authentication.

func (*Error) Error 

func (e *Error) Error() string

func (*Error) Inner 

func (e *Error) Inner() error

Inner returns the wrapped error.

func (*Error) Message 

func (e *Error) Message() string

Message returns the message.

func (*Error) Unwrap added in v1.4.0 

func (e *Error) Unwrap() error

Unwrap returns the underlying error.

type ExtraOptionsSaslClient added in v1.4.0 

type ExtraOptionsSaslClient interface {
	StartCommandOptions() bsoncore.Document
}

ExtraOptionsSaslClient is a SaslClient that appends options to the saslStart command.

type HandshakeOptions 

type HandshakeOptions struct {
	AppName               string
	Authenticator         Authenticator
	Compressors           []string
	DBUser                string
	PerformAuthentication func(description.Server) bool
	ClusterClock          *session.ClusterClock
	ServerAPI             *driver.ServerAPIOptions
	LoadBalanced          bool
}

HandshakeOptions packages options that can be passed to the Handshaker() function. DBUser is optional but must be of the form <dbname.username>; if non-empty, then the connection will do SASL mechanism negotiation.

type IDPInfo added in v1.17.0 

type IDPInfo = driver.IDPInfo

IDPInfo contains the information needed to perform OIDC authentication with an Identity Provider.

type MongoDBAWSAuthenticator added in v1.4.0 

type MongoDBAWSAuthenticator struct {
	// contains filtered or unexported fields
}

MongoDBAWSAuthenticator uses AWS-IAM credentials over SASL to authenticate a connection.

func (*MongoDBAWSAuthenticator) Auth added in v1.4.0 

func (a *MongoDBAWSAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*MongoDBAWSAuthenticator) Reauth added in v1.17.0 

func (a *MongoDBAWSAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type MongoDBCRAuthenticator 

type MongoDBCRAuthenticator struct {
	DB       string
	Username string
	Password string
}

MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

func (*MongoDBCRAuthenticator) Auth 

func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in MongoDB 4.0.

func (*MongoDBCRAuthenticator) Reauth added in v1.17.0 

func (a *MongoDBCRAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type MongoDBX509Authenticator 

type MongoDBX509Authenticator struct {
	User string
}

MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.

func (*MongoDBX509Authenticator) Auth 

func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the provided connection by conducting an X509 authentication conversation.

func (*MongoDBX509Authenticator) CreateSpeculativeConversation added in v1.4.0 

func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for X509 authentication.

func (*MongoDBX509Authenticator) Reauth added in v1.17.0 

func (a *MongoDBX509Authenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type OIDCArgs added in v1.17.0 

type OIDCArgs = driver.OIDCArgs

OIDCArgs contains the arguments for the OIDC callback.

type OIDCAuthenticator added in v1.17.0 

type OIDCAuthenticator struct {
	AuthMechanismProperties map[string]string
	OIDCMachineCallback     OIDCCallback
	OIDCHumanCallback       OIDCCallback
	// contains filtered or unexported fields
}

OIDCAuthenticator is synchronized and handles caching of the access token, refreshToken, and IDPInfo. It also provides a mechanism to refresh the access token, but this functionality is only for the OIDC Human flow.

func (*OIDCAuthenticator) Auth added in v1.17.0 

func (oa *OIDCAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*OIDCAuthenticator) CreateSpeculativeConversation added in v1.17.0 

func (oa *OIDCAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for OIDC authentication.

func (*OIDCAuthenticator) Reauth added in v1.17.0 

func (oa *OIDCAuthenticator) Reauth(ctx context.Context, cfg *Config) error

Reauth reauthenticates the connection when the server returns a 391 code. Reauth is part of the driver.Authenticator interface.

func (*OIDCAuthenticator) SetAccessToken added in v1.17.0 

func (oa *OIDCAuthenticator) SetAccessToken(accessToken string)

SetAccessToken allows for manually setting the access token for the OIDCAuthenticator, this is only for testing purposes.

type OIDCCallback added in v1.17.0 

type OIDCCallback = driver.OIDCCallback

OIDCCallback is a function that takes a context and OIDCArgs and returns an OIDCCredential.

type OIDCCredential added in v1.17.0 

type OIDCCredential = driver.OIDCCredential

OIDCCredential contains the access token and refresh token.

type PlainAuthenticator 

type PlainAuthenticator struct {
	Username string
	Password string
}

PlainAuthenticator uses the PLAIN algorithm over SASL to authenticate a connection.

func (*PlainAuthenticator) Auth 

func (a *PlainAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the connection.

func (*PlainAuthenticator) Reauth added in v1.17.0 

func (a *PlainAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type SaslClient 

type SaslClient interface {
	Start() (string, []byte, error)
	Next(ctx context.Context, challenge []byte) ([]byte, error)
	Completed() bool
}

SaslClient is the client piece of a sasl conversation.

type SaslClientCloser 

type SaslClientCloser interface {
	SaslClient
	Close()
}

SaslClientCloser is a SaslClient that has resources to clean up.

type ScramAuthenticator 

type ScramAuthenticator struct {
	// contains filtered or unexported fields
}

ScramAuthenticator uses the SCRAM algorithm over SASL to authenticate a connection.

func (*ScramAuthenticator) Auth 

func (a *ScramAuthenticator) Auth(ctx context.Context, cfg *Config) error

Auth authenticates the provided connection by conducting a full SASL conversation.

func (*ScramAuthenticator) CreateSpeculativeConversation added in v1.4.0 

func (a *ScramAuthenticator) CreateSpeculativeConversation() (SpeculativeConversation, error)

CreateSpeculativeConversation creates a speculative conversation for SCRAM authentication.

func (*ScramAuthenticator) Reauth added in v1.17.0 

func (a *ScramAuthenticator) Reauth(_ context.Context, _ *driver.AuthConfig) error

Reauth reauthenticates the connection.

type SpeculativeAuthenticator added in v1.4.0 

type SpeculativeAuthenticator interface {
	CreateSpeculativeConversation() (SpeculativeConversation, error)
}

SpeculativeAuthenticator represents an authenticator that supports speculative authentication.

type SpeculativeConversation added in v1.4.0 

type SpeculativeConversation interface {
	FirstMessage() (bsoncore.Document, error)
	Finish(ctx context.Context, cfg *Config, firstResponse bsoncore.Document) error
}

SpeculativeConversation represents an authentication conversation that can be merged with the initial connection handshake.

FirstMessage method returns the first message to be sent to the server. This message will be included in the initial hello command.

Finish takes the server response to the initial message and conducts the remainder of the conversation to authenticate the provided connection.

Source Files

View all Source files

Directories

Path Synopsis
Package creds is intended for internal use only.
 Package creds is intended for internal use only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.