internal

package
v0.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ID_TYPE = "type"

	ATTR_TYPE                  = "type"
	ATTR_USERNAME              = "username"
	ATTR_EMAIL                 = "email"
	ATTR_PASSWORD              = "password"
	ATTR_CERTIFICATE_AUTHORITY = "certificateAuthority"
	ATTR_CERTIFICATE           = "certificate"
	ATTR_PRIVATE_KEY           = "privateKey"
	ATTR_SERVER_ADDRESS        = "serverAddress"
	ATTR_IDENTITY_TOKEN        = "identityToken"
	ATTR_REGISTRY_TOKEN        = "registryToken"
	ATTR_TOKEN                 = "token"
	ATTR_KEY                   = "key"
)
View Source
const (
	KIND_CREDENTIALS = "credentials"
	KIND_CONSUMER    = "consumer"
	KIND_REPOSITORY  = "repository"
)
View Source
const AliasRepositoryType = "Alias"
View Source
const CONTEXT_TYPE = "credentials" + datacontext.OCM_CONTEXT_SUFFIX

CONTEXT_TYPE is the global type for a credential context.

Variables

View Source
var DefaultContext = Builder{}.New(datacontext.MODE_SHARED)

DefaultContext is the default context initialized by init functions.

View Source
var DefaultRepositoryTypeScheme = NewRepositoryTypeScheme(nil)

DefaultRepositoryTypeScheme contains all globally known access serializer.

View Source
var (
	REALM = ocmlog.DefineSubRealm("Credentials", "credentials")
)
View Source
var StandardIdentityMatchers = NewMatcherRegistry()

Functions

func CompleteMatch

func CompleteMatch(pattern, cur, id ConsumerIdentity) bool

func ConsumerIdentityEqual

func ConsumerIdentityEqual(a, b ConsumerIdentity) bool

func ErrUnknownConsumer

func ErrUnknownConsumer(name string) error

func ErrUnknownCredentials

func ErrUnknownCredentials(name string) error

func ErrUnknownRepository

func ErrUnknownRepository(kind, name string) error

func GetEvaluationContextFor

func GetEvaluationContextFor[T any](ectx EvaluationContext) T

func NoMatch

func NoMatch(pattern, cur, id ConsumerIdentity) bool

func PartialMatch

func PartialMatch(pattern, cur, id ConsumerIdentity) bool

func RegisterIdentityMatcher

func RegisterIdentityMatcher(typ string, matcher IdentityMatcher, desc string)

func RegisterRepositoryType

func RegisterRepositoryType(atype RepositoryType)

Types

type AliasRegistry

type AliasRegistry interface {
	SetAlias(ctx Context, name string, spec RepositorySpec, creds CredentialsSource) error
}

type Builder

type Builder struct {
	// contains filtered or unexported fields
}

func (Builder) Bound

func (b Builder) Bound() (Context, context.Context)

func (Builder) New

func (b Builder) New(m ...datacontext.BuilderMode) Context

func (Builder) WithConfig

func (b Builder) WithConfig(ctx config.Context) Builder

func (Builder) WithContext

func (b Builder) WithContext(ctx context.Context) Builder

func (Builder) WithRepositoyTypeScheme

func (b Builder) WithRepositoyTypeScheme(scheme RepositoryTypeScheme) Builder

func (Builder) WithStandardConumerMatchers

func (b Builder) WithStandardConumerMatchers(matchers IdentityMatcherRegistry) Builder

type ConsumerIdentity

type ConsumerIdentity map[string]string

ConsumerIdentity describes the identity of a credential consumer.

func IdentityByURL

func IdentityByURL(url string) ConsumerIdentity

IdentityByURL return a simple url identity.

func NewConsumerIdentity

func NewConsumerIdentity(typ string, attrs ...string) ConsumerIdentity

func (ConsumerIdentity) Copy

Copy copies identity.

func (ConsumerIdentity) Equals

Equals compares two identities.

func (ConsumerIdentity) IsSet

func (i ConsumerIdentity) IsSet() bool

IsSet checks whether an identity is given.

func (ConsumerIdentity) Key

func (i ConsumerIdentity) Key() []byte

Key returns the object digest of an identity.

func (ConsumerIdentity) Match

func (i ConsumerIdentity) Match(obj map[string]string) bool

Match implements the selector interface.

func (ConsumerIdentity) SetNonEmptyValue

func (i ConsumerIdentity) SetNonEmptyValue(name, value string)

SetNonEmptyValue sets a key-value pair only if the value is not empty.

func (ConsumerIdentity) String

func (i ConsumerIdentity) String() string

String returns the string representation of an identity.

func (ConsumerIdentity) Type

func (i ConsumerIdentity) Type() string

Type returns the required consumer type.

func (*ConsumerIdentity) UnmarshalJSON added in v0.16.0

func (c *ConsumerIdentity) UnmarshalJSON(data []byte) error

UnmarshalJSON allows a yaml specification containing a data type other string, e.g. a hostpath spec with a port. Previously, it would error if the user specified `port: 5000` and instead, the user had to specify `port: "5000"`.

type ConsumerIdentityProvider

type ConsumerIdentityProvider interface {
	// GetConsumerId provides information about the consumer id
	// used for the object implementing this interface.
	// Optionally a sub context can be given to specify
	// a dedicated type specific sub realm.
	GetConsumerId(uctx ...UsageContext) ConsumerIdentity
	// GetIdentityMatcher provides the identity macher type to use
	// to match the consumer identities configured in a credentials
	// context.
	GetIdentityMatcher() string
}

ConsumerIdentityProvider is an interface for objects requiring credentials, which want to expose the ConsumerId they are using to request implicit credentials.

type ConsumerProvider

type ConsumerProvider interface {
	Unregister(id ProviderIdentity)
	Get(id ConsumerIdentity) (CredentialsSource, bool)
	Match(ectx EvaluationContext, id ConsumerIdentity, cur ConsumerIdentity, matcher IdentityMatcher) (CredentialsSource, ConsumerIdentity)
}

func WithPriority

func WithPriority(p ConsumerProvider, prio int) ConsumerProvider

type Context

type Context interface {
	datacontext.Context
	ContextProvider
	config.ContextProvider

	AttributesContext() datacontext.AttributesContext
	RepositoryTypes() RepositoryTypeScheme

	RepositorySpecForConfig(data []byte, unmarshaler runtime.Unmarshaler) (RepositorySpec, error)

	RepositoryForSpec(spec RepositorySpec, creds ...CredentialsSource) (Repository, error)
	RepositoryForConfig(data []byte, unmarshaler runtime.Unmarshaler, creds ...CredentialsSource) (Repository, error)

	CredentialsForSpec(spec CredentialsSpec, creds ...CredentialsSource) (Credentials, error)
	CredentialsForConfig(data []byte, unmarshaler runtime.Unmarshaler, cred ...CredentialsSource) (Credentials, error)

	RegisterConsumerProvider(id ProviderIdentity, provider ConsumerProvider)
	UnregisterConsumerProvider(id ProviderIdentity)

	GetCredentialsForConsumer(ConsumerIdentity, ...IdentityMatcher) (CredentialsSource, error)

	SetCredentialsForConsumer(identity ConsumerIdentity, creds CredentialsSource)
	SetCredentialsForConsumerWithProvider(pid ProviderIdentity, identity ConsumerIdentity, creds CredentialsSource)

	SetAlias(name string, spec RepositorySpec, creds ...CredentialsSource) error

	ConsumerIdentityMatchers() IdentityMatcherRegistry
	// contains filtered or unexported methods
}

func DefinedForContext

func DefinedForContext(ctx context.Context) (Context, bool)

func FromContext

func FromContext(ctx context.Context) Context

FromContext returns the Context to use for context.Context. This is either an explicit context or the default context.

func FromProvider

func FromProvider(p ContextProvider) Context

type ContextProvider

type ContextProvider interface {
	CredentialsContext() Context
}

type CredentialRecursion

type CredentialRecursion []ConsumerIdentity

func (CredentialRecursion) Append

func (CredentialRecursion) Contains

func (c CredentialRecursion) Contains(identity ConsumerIdentity) bool

func (CredentialRecursion) String

func (c CredentialRecursion) String() string

type Credentials

type Credentials interface {
	CredentialsSource
	ExistsProperty(name string) bool
	GetProperty(name string) string
	PropertyNames() set.Set[string]
	Properties() common.Properties
}

func CredentialsForConsumer

func CredentialsForConsumer(ctx ContextProvider, id ConsumerIdentity, unknownAsError bool, matchers ...IdentityMatcher) (Credentials, error)

type CredentialsChain

type CredentialsChain []CredentialsSource

CredentialsChain is a chain of credentials, where the credential i+1 (is present) is used to resolve credential i.

func (CredentialsChain) Credentials

func (c CredentialsChain) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)

type CredentialsSource

type CredentialsSource interface {
	Credentials(Context, ...CredentialsSource) (Credentials, error)
}

CredentialsSource is a factory for effective credentials.

func GetCredentialsForConsumer

func GetCredentialsForConsumer(ctx Context, ectx EvaluationContext, identity ConsumerIdentity, matchers ...IdentityMatcher) (CredentialsSource, error)

type CredentialsSpec

type CredentialsSpec interface {
	CredentialsSource
	GetCredentialsName() string
	GetRepositorySpec(Context) RepositorySpec
}

CredentialsSpec describes a dedicated credential provided by some repository.

func NewCredentialsSpec

func NewCredentialsSpec(name string, repospec RepositorySpec) CredentialsSpec

type DefaultCredentialsSpec

type DefaultCredentialsSpec struct {
	RepositorySpec  RepositorySpec
	CredentialsName string
}

func (*DefaultCredentialsSpec) Credentials

func (s *DefaultCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)

func (*DefaultCredentialsSpec) GetCredentialsName

func (s *DefaultCredentialsSpec) GetCredentialsName() string

func (*DefaultCredentialsSpec) GetRepositorySpec

func (s *DefaultCredentialsSpec) GetRepositorySpec(Context) RepositorySpec

func (DefaultCredentialsSpec) MarshalJSON

func (s DefaultCredentialsSpec) MarshalJSON() ([]byte, error)

MarshalJSON implements a custom json unmarshal method.

func (*DefaultCredentialsSpec) UnmarshalJSON

func (s *DefaultCredentialsSpec) UnmarshalJSON(data []byte) error

UnmarshalJSON implements a custom default json unmarshal method. It should not be used because it always used the default context.

type DirectCredentials

type DirectCredentials common.Properties

func NewCredentials

func NewCredentials(props common.Properties) DirectCredentials

func (DirectCredentials) Copy

func (DirectCredentials) Credentials

func (DirectCredentials) ExistsProperty

func (c DirectCredentials) ExistsProperty(name string) bool

func (DirectCredentials) GetProperty

func (c DirectCredentials) GetProperty(name string) string

func (DirectCredentials) Properties

func (c DirectCredentials) Properties() common.Properties

func (DirectCredentials) PropertyNames

func (c DirectCredentials) PropertyNames() set.Set[string]

func (DirectCredentials) String

func (c DirectCredentials) String() string

type EvaluationContext

type EvaluationContext *evaluationContext

func SetEvaluationContextFor

func SetEvaluationContextFor(ectx EvaluationContext, e any) EvaluationContext

type GenericCredentialsSpec

type GenericCredentialsSpec struct {
	RepositorySpec  *GenericRepositorySpec
	CredentialsName string
}

func NewGenericCredentialsSpec

func NewGenericCredentialsSpec(name string, repospec *GenericRepositorySpec) *GenericCredentialsSpec

func ToGenericCredentialsSpec

func ToGenericCredentialsSpec(spec CredentialsSpec) (*GenericCredentialsSpec, error)

func (*GenericCredentialsSpec) Credentials

func (s *GenericCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)

func (*GenericCredentialsSpec) GetCredentialsName

func (s *GenericCredentialsSpec) GetCredentialsName() string

func (*GenericCredentialsSpec) GetRepositorySpec

func (s *GenericCredentialsSpec) GetRepositorySpec(context Context) RepositorySpec

func (GenericCredentialsSpec) MarshalJSON

func (s GenericCredentialsSpec) MarshalJSON() ([]byte, error)

MarshalJSON implements a custom json unmarshal method.

func (*GenericCredentialsSpec) UnmarshalJSON

func (s *GenericCredentialsSpec) UnmarshalJSON(data []byte) error

UnmarshalJSON implements a custom json unmarshal method for a unstructured typed object.

type GenericRepositorySpec

type GenericRepositorySpec struct {
	runtime.UnstructuredVersionedTypedObject `json:",inline"`
}

func ToGenericRepositorySpec

func ToGenericRepositorySpec(spec RepositorySpec) (*GenericRepositorySpec, error)

func (*GenericRepositorySpec) Evaluate

func (s *GenericRepositorySpec) Evaluate(ctx Context) (RepositorySpec, error)

func (*GenericRepositorySpec) Repository

func (s *GenericRepositorySpec) Repository(ctx Context, creds Credentials) (Repository, error)

type IdentityMatcher

type IdentityMatcher func(pattern, cur, id ConsumerIdentity) bool

IdentityMatcher checks whether id matches against pattern and if this match is better than the one for cur. Hereby pattern is a given credential request and id a configured identity.

func AndMatcher

func AndMatcher(matchers ...IdentityMatcher) IdentityMatcher

func OrMatcher

func OrMatcher(matchers ...IdentityMatcher) IdentityMatcher

type IdentityMatcherInfo

type IdentityMatcherInfo struct {
	Type                 string
	Matcher              IdentityMatcher
	Description          string
	CredentialAttributes string
}

func (*IdentityMatcherInfo) IsConsumerType

func (i *IdentityMatcherInfo) IsConsumerType() bool

type IdentityMatcherInfos

type IdentityMatcherInfos []IdentityMatcherInfo

func (IdentityMatcherInfos) Description

func (l IdentityMatcherInfos) Description(i int) string

func (IdentityMatcherInfos) Key

func (l IdentityMatcherInfos) Key(i int) string

func (IdentityMatcherInfos) Len added in v0.16.0

func (l IdentityMatcherInfos) Len() int

type IdentityMatcherRegistry

type IdentityMatcherRegistry interface {
	Register(typ string, matcher IdentityMatcher, desc string, attrs ...string)
	Get(typ string) IdentityMatcher
	GetInfo(typ string) *IdentityMatcherInfo
	List() IdentityMatcherInfos
}

func NewMatcherRegistry

func NewMatcherRegistry() IdentityMatcherRegistry

type PriorityProvider

type PriorityProvider interface {
	GetPriority() int
}

type ProviderIdentity

type ProviderIdentity = runtimefinalizer.ObjectIdentity

ProviderIdentity is used to uniquely identify a provider for a configured consumer id. If non-empty it must start with a DNSname identifying the origin of the provider followed by a slash and a local arbitrary identity.

type Repository

type Repository interface {
	ExistsCredentials(name string) (bool, error)
	LookupCredentials(name string) (Credentials, error)
	WriteCredentials(name string, creds Credentials) (Credentials, error)
}

type RepositorySpec

type RepositorySpec interface {
	runtime.VersionedTypedObject

	Repository(Context, Credentials) (Repository, error)
}

func CreateRepositorySpec

func CreateRepositorySpec(t runtime.TypedObject) (RepositorySpec, error)

func NewGenericRepositorySpec

func NewGenericRepositorySpec(data []byte, unmarshaler runtime.Unmarshaler) (RepositorySpec, error)

type RepositoryType

type RepositoryType interface {
	descriptivetype.TypedObjectType[RepositorySpec]
}

type RepositoryTypeScheme

type RepositoryTypeScheme interface {
	descriptivetype.TypeScheme[RepositorySpec, RepositoryType]
}

func NewRepositoryTypeScheme

func NewRepositoryTypeScheme(defaultDecoder RepositorySpecDecoder, base ...RepositoryTypeScheme) RepositoryTypeScheme

type SetAliasFunction

type SetAliasFunction func(ctx Context, name string, spec RepositorySpec, creds CredentialsSource) error

type StringUsageContext

type StringUsageContext string

func (StringUsageContext) String

func (s StringUsageContext) String() string

type UnknownRepositorySpec

type UnknownRepositorySpec struct {
	runtime.UnstructuredVersionedTypedObject `json:",inline"`
}

func (*UnknownRepositorySpec) IsUnknown

func (r *UnknownRepositorySpec) IsUnknown() bool

func (*UnknownRepositorySpec) Repository

type UnwindStack

type UnwindStack struct {
	// contains filtered or unexported fields
}

func (*UnwindStack) Unwrap

func (u *UnwindStack) Unwrap() error

type UsageContext

type UsageContext interface {
	String() string
}

UsageContext describes a dedicated type specific sub usage kinds for an object requiring credentials. For example, for an object providing a hierarchical namespace this might be a namespace prefix for included objects, for which credentials should be requested.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL