Documentation ¶
Index ¶
- Constants
- Variables
- func CompleteMatch(pattern, cur, id ConsumerIdentity) bool
- func ConsumerIdentityEqual(a, b ConsumerIdentity) bool
- func ErrUnknownConsumer(name string) error
- func ErrUnknownCredentials(name string) error
- func ErrUnknownRepository(kind, name string) error
- func GetEvaluationContextFor[T any](ectx EvaluationContext) T
- func NewStrictRepositoryTypeScheme(base ...RepositoryTypeScheme) runtime.VersionedTypeRegistry[RepositorySpec, RepositoryType]
- func NoMatch(pattern, cur, id ConsumerIdentity) bool
- func PartialMatch(pattern, cur, id ConsumerIdentity) bool
- func RegisterIdentityMatcher(typ string, matcher IdentityMatcher, desc string)
- func RegisterRepositoryType(atype RepositoryType)
- type AliasRegistry
- type Builder
- func (b Builder) Bound() (Context, context.Context)
- func (b Builder) New(m ...datacontext.BuilderMode) Context
- func (b Builder) WithConfig(ctx config.Context) Builder
- func (b Builder) WithContext(ctx context.Context) Builder
- func (b Builder) WithRepositoyTypeScheme(scheme RepositoryTypeScheme) Builder
- func (b Builder) WithStandardConumerMatchers(matchers IdentityMatcherRegistry) Builder
- type ConsumerIdentity
- func (i ConsumerIdentity) Copy() ConsumerIdentity
- func (i ConsumerIdentity) Equals(o ConsumerIdentity) bool
- func (i ConsumerIdentity) IsSet() bool
- func (i ConsumerIdentity) Key() []byte
- func (i ConsumerIdentity) Match(obj map[string]string) bool
- func (i ConsumerIdentity) SetNonEmptyValue(name, value string)
- func (i ConsumerIdentity) String() string
- func (i ConsumerIdentity) Type() string
- func (c *ConsumerIdentity) UnmarshalJSON(data []byte) error
- type ConsumerIdentityProvider
- type ConsumerProvider
- type Context
- type ContextProvider
- type CredentialRecursion
- type Credentials
- type CredentialsChain
- type CredentialsSource
- type CredentialsSpec
- type DefaultCredentialsSpec
- func (s *DefaultCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)
- func (s *DefaultCredentialsSpec) GetCredentialsName() string
- func (s *DefaultCredentialsSpec) GetRepositorySpec(Context) RepositorySpec
- func (s DefaultCredentialsSpec) MarshalJSON() ([]byte, error)
- func (s *DefaultCredentialsSpec) UnmarshalJSON(data []byte) error
- type DirectCredentials
- func (c DirectCredentials) Copy() DirectCredentials
- func (c DirectCredentials) Credentials(Context, ...CredentialsSource) (Credentials, error)
- func (c DirectCredentials) ExistsProperty(name string) bool
- func (c DirectCredentials) GetProperty(name string) string
- func (c DirectCredentials) Properties() common.Properties
- func (c DirectCredentials) PropertyNames() set.Set[string]
- func (c DirectCredentials) String() string
- type EvaluationContext
- type GenericCredentialsSpec
- func (s *GenericCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)
- func (s *GenericCredentialsSpec) GetCredentialsName() string
- func (s *GenericCredentialsSpec) GetRepositorySpec(context Context) RepositorySpec
- func (s GenericCredentialsSpec) MarshalJSON() ([]byte, error)
- func (s *GenericCredentialsSpec) UnmarshalJSON(data []byte) error
- type GenericRepositorySpec
- type IdentityMatcher
- type IdentityMatcherInfo
- type IdentityMatcherInfos
- type IdentityMatcherRegistry
- type PriorityProvider
- type ProviderIdentity
- type Repository
- type RepositorySpec
- type RepositorySpecDecoder
- type RepositoryType
- type RepositoryTypeProvider
- type RepositoryTypeScheme
- type SetAliasFunction
- type StringUsageContext
- type UnknownRepositorySpec
- type UnwindStack
- type UsageContext
Constants ¶
const ( ID_TYPE = "type" ATTR_TYPE = "type" ATTR_USERNAME = "username" ATTR_EMAIL = "email" ATTR_PASSWORD = "password" ATTR_CERTIFICATE_AUTHORITY = "certificateAuthority" ATTR_CERTIFICATE = "certificate" ATTR_PRIVATE_KEY = "privateKey" ATTR_SERVER_ADDRESS = "serverAddress" ATTR_IDENTITY_TOKEN = "identityToken" ATTR_REGISTRY_TOKEN = "registryToken" ATTR_TOKEN = "token" ATTR_KEY = "key" )
const ( KIND_CREDENTIALS = "credentials" KIND_CONSUMER = "consumer" KIND_REPOSITORY = "repository" )
const AliasRepositoryType = "Alias"
const CONTEXT_TYPE = "credentials" + datacontext.OCM_CONTEXT_SUFFIX
CONTEXT_TYPE is the global type for a credential context.
Variables ¶
var DefaultContext = Builder{}.New(datacontext.MODE_SHARED)
DefaultContext is the default context initialized by init functions.
var DefaultRepositoryTypeScheme = NewRepositoryTypeScheme(nil)
DefaultRepositoryTypeScheme contains all globally known access serializer.
var (
REALM = ocmlog.DefineSubRealm("Credentials", "credentials")
)
var StandardIdentityMatchers = NewMatcherRegistry()
Functions ¶
func CompleteMatch ¶
func CompleteMatch(pattern, cur, id ConsumerIdentity) bool
func ConsumerIdentityEqual ¶
func ConsumerIdentityEqual(a, b ConsumerIdentity) bool
func ErrUnknownConsumer ¶
func ErrUnknownCredentials ¶
func ErrUnknownRepository ¶
func GetEvaluationContextFor ¶
func GetEvaluationContextFor[T any](ectx EvaluationContext) T
func NewStrictRepositoryTypeScheme ¶
func NewStrictRepositoryTypeScheme(base ...RepositoryTypeScheme) runtime.VersionedTypeRegistry[RepositorySpec, RepositoryType]
func NoMatch ¶
func NoMatch(pattern, cur, id ConsumerIdentity) bool
func PartialMatch ¶
func PartialMatch(pattern, cur, id ConsumerIdentity) bool
func RegisterIdentityMatcher ¶
func RegisterIdentityMatcher(typ string, matcher IdentityMatcher, desc string)
func RegisterRepositoryType ¶
func RegisterRepositoryType(atype RepositoryType)
Types ¶
type AliasRegistry ¶
type AliasRegistry interface {
SetAlias(ctx Context, name string, spec RepositorySpec, creds CredentialsSource) error
}
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
func (Builder) New ¶
func (b Builder) New(m ...datacontext.BuilderMode) Context
func (Builder) WithRepositoyTypeScheme ¶
func (b Builder) WithRepositoyTypeScheme(scheme RepositoryTypeScheme) Builder
func (Builder) WithStandardConumerMatchers ¶
func (b Builder) WithStandardConumerMatchers(matchers IdentityMatcherRegistry) Builder
type ConsumerIdentity ¶
ConsumerIdentity describes the identity of a credential consumer.
func IdentityByURL ¶
func IdentityByURL(url string) ConsumerIdentity
IdentityByURL return a simple url identity.
func NewConsumerIdentity ¶
func NewConsumerIdentity(typ string, attrs ...string) ConsumerIdentity
func (ConsumerIdentity) Copy ¶
func (i ConsumerIdentity) Copy() ConsumerIdentity
Copy copies identity.
func (ConsumerIdentity) Equals ¶
func (i ConsumerIdentity) Equals(o ConsumerIdentity) bool
Equals compares two identities.
func (ConsumerIdentity) IsSet ¶
func (i ConsumerIdentity) IsSet() bool
IsSet checks whether an identity is given.
func (ConsumerIdentity) Key ¶
func (i ConsumerIdentity) Key() []byte
Key returns the object digest of an identity.
func (ConsumerIdentity) Match ¶
func (i ConsumerIdentity) Match(obj map[string]string) bool
Match implements the selector interface.
func (ConsumerIdentity) SetNonEmptyValue ¶
func (i ConsumerIdentity) SetNonEmptyValue(name, value string)
SetNonEmptyValue sets a key-value pair only if the value is not empty.
func (ConsumerIdentity) String ¶
func (i ConsumerIdentity) String() string
String returns the string representation of an identity.
func (ConsumerIdentity) Type ¶
func (i ConsumerIdentity) Type() string
Type returns the required consumer type.
func (*ConsumerIdentity) UnmarshalJSON ¶ added in v0.16.0
func (c *ConsumerIdentity) UnmarshalJSON(data []byte) error
UnmarshalJSON allows a yaml specification containing a data type other string, e.g. a hostpath spec with a port. Previously, it would error if the user specified `port: 5000` and instead, the user had to specify `port: "5000"`.
type ConsumerIdentityProvider ¶
type ConsumerIdentityProvider interface { // GetConsumerId provides information about the consumer id // used for the object implementing this interface. // Optionally a sub context can be given to specify // a dedicated type specific sub realm. GetConsumerId(uctx ...UsageContext) ConsumerIdentity // GetIdentityMatcher provides the identity macher type to use // to match the consumer identities configured in a credentials // context. GetIdentityMatcher() string }
ConsumerIdentityProvider is an interface for objects requiring credentials, which want to expose the ConsumerId they are using to request implicit credentials.
type ConsumerProvider ¶
type ConsumerProvider interface { Unregister(id ProviderIdentity) Get(id ConsumerIdentity) (CredentialsSource, bool) Match(ectx EvaluationContext, id ConsumerIdentity, cur ConsumerIdentity, matcher IdentityMatcher) (CredentialsSource, ConsumerIdentity) }
func WithPriority ¶
func WithPriority(p ConsumerProvider, prio int) ConsumerProvider
type Context ¶
type Context interface { datacontext.Context ContextProvider config.ContextProvider AttributesContext() datacontext.AttributesContext RepositoryTypes() RepositoryTypeScheme RepositorySpecForConfig(data []byte, unmarshaler runtime.Unmarshaler) (RepositorySpec, error) RepositoryForSpec(spec RepositorySpec, creds ...CredentialsSource) (Repository, error) RepositoryForConfig(data []byte, unmarshaler runtime.Unmarshaler, creds ...CredentialsSource) (Repository, error) CredentialsForSpec(spec CredentialsSpec, creds ...CredentialsSource) (Credentials, error) CredentialsForConfig(data []byte, unmarshaler runtime.Unmarshaler, cred ...CredentialsSource) (Credentials, error) RegisterConsumerProvider(id ProviderIdentity, provider ConsumerProvider) UnregisterConsumerProvider(id ProviderIdentity) GetCredentialsForConsumer(ConsumerIdentity, ...IdentityMatcher) (CredentialsSource, error) SetCredentialsForConsumer(identity ConsumerIdentity, creds CredentialsSource) SetCredentialsForConsumerWithProvider(pid ProviderIdentity, identity ConsumerIdentity, creds CredentialsSource) SetAlias(name string, spec RepositorySpec, creds ...CredentialsSource) error ConsumerIdentityMatchers() IdentityMatcherRegistry // contains filtered or unexported methods }
func FromContext ¶
FromContext returns the Context to use for context.Context. This is either an explicit context or the default context.
func FromProvider ¶
func FromProvider(p ContextProvider) Context
type ContextProvider ¶
type ContextProvider interface {
CredentialsContext() Context
}
type CredentialRecursion ¶
type CredentialRecursion []ConsumerIdentity
func (CredentialRecursion) Append ¶
func (c CredentialRecursion) Append(identity ConsumerIdentity) CredentialRecursion
func (CredentialRecursion) Contains ¶
func (c CredentialRecursion) Contains(identity ConsumerIdentity) bool
func (CredentialRecursion) String ¶
func (c CredentialRecursion) String() string
type Credentials ¶
type Credentials interface { CredentialsSource ExistsProperty(name string) bool GetProperty(name string) string PropertyNames() set.Set[string] Properties() common.Properties }
func CredentialsForConsumer ¶
func CredentialsForConsumer(ctx ContextProvider, id ConsumerIdentity, unknownAsError bool, matchers ...IdentityMatcher) (Credentials, error)
type CredentialsChain ¶
type CredentialsChain []CredentialsSource
CredentialsChain is a chain of credentials, where the credential i+1 (is present) is used to resolve credential i.
func (CredentialsChain) Credentials ¶
func (c CredentialsChain) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)
type CredentialsSource ¶
type CredentialsSource interface {
Credentials(Context, ...CredentialsSource) (Credentials, error)
}
CredentialsSource is a factory for effective credentials.
func GetCredentialsForConsumer ¶
func GetCredentialsForConsumer(ctx Context, ectx EvaluationContext, identity ConsumerIdentity, matchers ...IdentityMatcher) (CredentialsSource, error)
type CredentialsSpec ¶
type CredentialsSpec interface { CredentialsSource GetCredentialsName() string GetRepositorySpec(Context) RepositorySpec }
CredentialsSpec describes a dedicated credential provided by some repository.
func NewCredentialsSpec ¶
func NewCredentialsSpec(name string, repospec RepositorySpec) CredentialsSpec
type DefaultCredentialsSpec ¶
type DefaultCredentialsSpec struct { RepositorySpec RepositorySpec CredentialsName string }
func (*DefaultCredentialsSpec) Credentials ¶
func (s *DefaultCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)
func (*DefaultCredentialsSpec) GetCredentialsName ¶
func (s *DefaultCredentialsSpec) GetCredentialsName() string
func (*DefaultCredentialsSpec) GetRepositorySpec ¶
func (s *DefaultCredentialsSpec) GetRepositorySpec(Context) RepositorySpec
func (DefaultCredentialsSpec) MarshalJSON ¶
func (s DefaultCredentialsSpec) MarshalJSON() ([]byte, error)
MarshalJSON implements a custom json unmarshal method.
func (*DefaultCredentialsSpec) UnmarshalJSON ¶
func (s *DefaultCredentialsSpec) UnmarshalJSON(data []byte) error
UnmarshalJSON implements a custom default json unmarshal method. It should not be used because it always used the default context.
type DirectCredentials ¶
type DirectCredentials common.Properties
func NewCredentials ¶
func NewCredentials(props common.Properties) DirectCredentials
func (DirectCredentials) Copy ¶
func (c DirectCredentials) Copy() DirectCredentials
func (DirectCredentials) Credentials ¶
func (c DirectCredentials) Credentials(Context, ...CredentialsSource) (Credentials, error)
func (DirectCredentials) ExistsProperty ¶
func (c DirectCredentials) ExistsProperty(name string) bool
func (DirectCredentials) GetProperty ¶
func (c DirectCredentials) GetProperty(name string) string
func (DirectCredentials) Properties ¶
func (c DirectCredentials) Properties() common.Properties
func (DirectCredentials) PropertyNames ¶
func (c DirectCredentials) PropertyNames() set.Set[string]
func (DirectCredentials) String ¶
func (c DirectCredentials) String() string
type EvaluationContext ¶
type EvaluationContext *evaluationContext
func SetEvaluationContextFor ¶
func SetEvaluationContextFor(ectx EvaluationContext, e any) EvaluationContext
type GenericCredentialsSpec ¶
type GenericCredentialsSpec struct { RepositorySpec *GenericRepositorySpec CredentialsName string }
func NewGenericCredentialsSpec ¶
func NewGenericCredentialsSpec(name string, repospec *GenericRepositorySpec) *GenericCredentialsSpec
func ToGenericCredentialsSpec ¶
func ToGenericCredentialsSpec(spec CredentialsSpec) (*GenericCredentialsSpec, error)
func (*GenericCredentialsSpec) Credentials ¶
func (s *GenericCredentialsSpec) Credentials(ctx Context, creds ...CredentialsSource) (Credentials, error)
func (*GenericCredentialsSpec) GetCredentialsName ¶
func (s *GenericCredentialsSpec) GetCredentialsName() string
func (*GenericCredentialsSpec) GetRepositorySpec ¶
func (s *GenericCredentialsSpec) GetRepositorySpec(context Context) RepositorySpec
func (GenericCredentialsSpec) MarshalJSON ¶
func (s GenericCredentialsSpec) MarshalJSON() ([]byte, error)
MarshalJSON implements a custom json unmarshal method.
func (*GenericCredentialsSpec) UnmarshalJSON ¶
func (s *GenericCredentialsSpec) UnmarshalJSON(data []byte) error
UnmarshalJSON implements a custom json unmarshal method for a unstructured typed object.
type GenericRepositorySpec ¶
type GenericRepositorySpec struct {
runtime.UnstructuredVersionedTypedObject `json:",inline"`
}
func ToGenericRepositorySpec ¶
func ToGenericRepositorySpec(spec RepositorySpec) (*GenericRepositorySpec, error)
func (*GenericRepositorySpec) Evaluate ¶
func (s *GenericRepositorySpec) Evaluate(ctx Context) (RepositorySpec, error)
func (*GenericRepositorySpec) Repository ¶
func (s *GenericRepositorySpec) Repository(ctx Context, creds Credentials) (Repository, error)
type IdentityMatcher ¶
type IdentityMatcher func(pattern, cur, id ConsumerIdentity) bool
IdentityMatcher checks whether id matches against pattern and if this match is better than the one for cur. Hereby pattern is a given credential request and id a configured identity.
func AndMatcher ¶
func AndMatcher(matchers ...IdentityMatcher) IdentityMatcher
func OrMatcher ¶
func OrMatcher(matchers ...IdentityMatcher) IdentityMatcher
type IdentityMatcherInfo ¶
type IdentityMatcherInfo struct { Type string Matcher IdentityMatcher Description string CredentialAttributes string }
func (*IdentityMatcherInfo) IsConsumerType ¶
func (i *IdentityMatcherInfo) IsConsumerType() bool
type IdentityMatcherInfos ¶
type IdentityMatcherInfos []IdentityMatcherInfo
func (IdentityMatcherInfos) Description ¶
func (l IdentityMatcherInfos) Description(i int) string
func (IdentityMatcherInfos) Key ¶
func (l IdentityMatcherInfos) Key(i int) string
func (IdentityMatcherInfos) Len ¶ added in v0.16.0
func (l IdentityMatcherInfos) Len() int
type IdentityMatcherRegistry ¶
type IdentityMatcherRegistry interface { Register(typ string, matcher IdentityMatcher, desc string, attrs ...string) Get(typ string) IdentityMatcher GetInfo(typ string) *IdentityMatcherInfo List() IdentityMatcherInfos }
func NewMatcherRegistry ¶
func NewMatcherRegistry() IdentityMatcherRegistry
type PriorityProvider ¶
type PriorityProvider interface {
GetPriority() int
}
type ProviderIdentity ¶
type ProviderIdentity = runtimefinalizer.ObjectIdentity
ProviderIdentity is used to uniquely identify a provider for a configured consumer id. If non-empty it must start with a DNSname identifying the origin of the provider followed by a slash and a local arbitrary identity.
type Repository ¶
type Repository interface { ExistsCredentials(name string) (bool, error) LookupCredentials(name string) (Credentials, error) WriteCredentials(name string, creds Credentials) (Credentials, error) }
type RepositorySpec ¶
type RepositorySpec interface { runtime.VersionedTypedObject Repository(Context, Credentials) (Repository, error) }
func CreateRepositorySpec ¶
func CreateRepositorySpec(t runtime.TypedObject) (RepositorySpec, error)
func NewGenericRepositorySpec ¶
func NewGenericRepositorySpec(data []byte, unmarshaler runtime.Unmarshaler) (RepositorySpec, error)
type RepositorySpecDecoder ¶
type RepositorySpecDecoder = runtime.TypedObjectDecoder[RepositorySpec]
type RepositoryType ¶
type RepositoryType interface { descriptivetype.TypedObjectType[RepositorySpec] }
type RepositoryTypeProvider ¶
type RepositoryTypeProvider = runtime.KnownTypesProvider[RepositorySpec, RepositoryType]
type RepositoryTypeScheme ¶
type RepositoryTypeScheme interface { descriptivetype.TypeScheme[RepositorySpec, RepositoryType] }
func NewRepositoryTypeScheme ¶
func NewRepositoryTypeScheme(defaultDecoder RepositorySpecDecoder, base ...RepositoryTypeScheme) RepositoryTypeScheme
type SetAliasFunction ¶
type SetAliasFunction func(ctx Context, name string, spec RepositorySpec, creds CredentialsSource) error
type StringUsageContext ¶
type StringUsageContext string
func (StringUsageContext) String ¶
func (s StringUsageContext) String() string
type UnknownRepositorySpec ¶
type UnknownRepositorySpec struct {
runtime.UnstructuredVersionedTypedObject `json:",inline"`
}
func (*UnknownRepositorySpec) IsUnknown ¶
func (r *UnknownRepositorySpec) IsUnknown() bool
func (*UnknownRepositorySpec) Repository ¶
func (r *UnknownRepositorySpec) Repository(Context, Credentials) (Repository, error)
type UnwindStack ¶
type UnwindStack struct {
// contains filtered or unexported fields
}
func (*UnwindStack) Unwrap ¶
func (u *UnwindStack) Unwrap() error
type UsageContext ¶
type UsageContext interface {
String() string
}
UsageContext describes a dedicated type specific sub usage kinds for an object requiring credentials. For example, for an object providing a hierarchical namespace this might be a namespace prefix for included objects, for which credentials should be requested.