Back to godoc.org

Package connector

v0.6.1
Latest Go to latest

The highest tagged major version is .

Published: Sep 29, 2016 | License: Apache-2.0 | Module: git.k2software.com.cn/go/dex

Index

Constants

const (
	LDAPConnectorType         = "ldap"
	LDAPLoginPageTemplateName = "ldap-login.html"
)
const (
	LocalConnectorType    = "local"
	LoginPageTemplateName = "local-login.html"
)
const (
	BitbucketConnectorType = "bitbucket"
)
const (
	GitHubConnectorType = "github"
)
const (
	OIDCConnectorType = "oidc"
)
const (
	UAAConnectorType = "uaa"
)

Variables

var ErrorNotFound = errors.New("connector not found in repository")

func RegisterConnectorConfigType

func RegisterConnectorConfigType(connectorType string, fn NewConnectorConfigFunc)

type BitbucketConnectorConfig

type BitbucketConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
}

func (*BitbucketConnectorConfig) Connector

func (cfg *BitbucketConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*BitbucketConnectorConfig) ConnectorID

func (cfg *BitbucketConnectorConfig) ConnectorID() string

func (*BitbucketConnectorConfig) ConnectorType

func (cfg *BitbucketConnectorConfig) ConnectorType() string

type Connector

type Connector interface {
	// ID returns the ID of the ConnectorConfig used to create the Connector.
	ID() string

	// LoginURL returns the backend's authorization URL for a sessionKey
	// and OAuth2 prompt type.
	LoginURL(sessionKey, prompt string) (string, error)

	// Handler allows connectors to register a callback handler with the
	// dex server.
	//
	// Connectors will handle any path that extends the namespace URL provided
	// when the Connector is instantiated.
	Handler(errorURL url.URL) http.Handler

	// Sync triggers any long-running tasks needed to maintain the
	// Connector's operation. For example, this would encompass
	// repeatedly caching any remote resources for local use.
	Sync() chan struct{}

	// TrustedEmailProvider indicates whether or not we can trust that email
	// claims coming from this provider.
	TrustedEmailProvider() bool

	health.Checkable
}

type ConnectorConfig

type ConnectorConfig interface {
	// ConnectorID returns a unique end user facing identifier. For example "google".
	ConnectorID() string

	// ConnectorType returns an implementation specific identifier. For example "oidc".
	ConnectorType() string

	// Connector is invoked by the dex server and returns a Connector configured
	// to use the provided arguments. URL namespace is used to register callbacks.
	// loginFunc is used to associate remote identies with dex session keys.
	//
	// The returned Connector must call loginFunc once upon successful
	// identification of a user.
	//
	// Additional templates are passed for connectors that require rendering HTML
	// pages, such as the "local" connector.
	Connector(ns url.URL, loginFunc oidc.LoginFunc, tpls *template.Template) (Connector, error)
}

go:generate genconfig -o config.go connector Connector

func NewConnectorConfigFromType

func NewConnectorConfigFromType(connectorType string) (ConnectorConfig, error)

func ReadConfigs

func ReadConfigs(r io.Reader) ([]ConnectorConfig, error)

type ConnectorConfigRepo

type ConnectorConfigRepo interface {
	All() ([]ConnectorConfig, error)
	GetConnectorByID(repo.Transaction, string) (ConnectorConfig, error)
	Set(cfgs []ConnectorConfig) error
}

type GitHubConnectorConfig

type GitHubConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
}

func (*GitHubConnectorConfig) Connector

func (cfg *GitHubConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*GitHubConnectorConfig) ConnectorID

func (cfg *GitHubConnectorConfig) ConnectorID() string

func (*GitHubConnectorConfig) ConnectorType

func (cfg *GitHubConnectorConfig) ConnectorType() string

type GroupsConnector

type GroupsConnector interface {
	Groups(fullUserID string) ([]string, error)
}

GroupsConnector is a strategy for mapping a user to a set of groups. This is optionally implemented by some connectors.

type LDAPConnector

type LDAPConnector struct {
	// contains filtered or unexported fields
}

func (*LDAPConnector) Groups

func (c *LDAPConnector) Groups(fullUserID string) ([]string, error)

func (*LDAPConnector) Handler

func (c *LDAPConnector) Handler(errorURL url.URL) http.Handler

func (*LDAPConnector) Healthy

func (c *LDAPConnector) Healthy() error

func (*LDAPConnector) ID

func (c *LDAPConnector) ID() string

func (*LDAPConnector) Identity

func (c *LDAPConnector) Identity(username, password string) (*oidc.Identity, error)

func (*LDAPConnector) LoginURL

func (c *LDAPConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*LDAPConnector) Sync

func (c *LDAPConnector) Sync() chan struct{}

func (*LDAPConnector) TrustedEmailProvider

func (c *LDAPConnector) TrustedEmailProvider() bool

type LDAPConnectorConfig

type LDAPConnectorConfig struct {
	ID string `json:"id"`

	// Host and port of ldap service in form "host:port"
	Host string `json:"host"`

	// UseTLS indicates that the connector should use the TLS port.
	UseTLS bool `json:"useTLS"`
	UseSSL bool `json:"useSSL"`

	// Trusted TLS certificate when connecting to the LDAP server. If empty the
	// host's root certificates will be used.
	CaFile string `json:"caFile"`
	// CertFile and KeyFile are used to specifiy client certificate data.
	CertFile string `json:"certFile"`
	KeyFile  string `json:"keyFile"`

	MaxIdleConn int `json:"maxIdleConn"`

	NameAttribute  string `json:"nameAttribute"`
	EmailAttribute string `json:"emailAttribute"`

	// The place to start all searches from.
	BaseDN string `json:"baseDN"`

	// Search fields indicate how to search for user records in LDAP.
	SearchBeforeAuth  bool   `json:"searchBeforeAuth"`
	SearchFilter      string `json:"searchFilter"`
	SearchScope       string `json:"searchScope"`
	SearchBindDN      string `json:"searchBindDN"`
	SearchBindPw      string `json:"searchBindPw"`
	SearchGroupFilter string `json:"searchGroupFilter"`

	// BindTemplate is a format string that maps user names to a record to bind as.
	// It's passed both the username entered by the end user and the base DN.
	//
	// For example the bindTemplate
	//
	//     "uid=%u,%d"
	//
	// with the username "johndoe" and basename "ou=People,dc=example,dc=com" would attempt
	// to bind as
	//
	//     "uid=johndoe,ou=People,dc=example,dc=com"
	//
	BindTemplate string `json:"bindTemplate"`

	// DEPRICATED fields that exist for backward compatibility.
	// Use "host" instead of "ServerHost" and "ServerPort"
	ServerHost string        `json:"serverHost"`
	ServerPort uint16        `json:"serverPort"`
	Timeout    time.Duration `json:"timeout"`
}

func (*LDAPConnectorConfig) Connector

func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*LDAPConnectorConfig) ConnectorID

func (cfg *LDAPConnectorConfig) ConnectorID() string

func (*LDAPConnectorConfig) ConnectorType

func (cfg *LDAPConnectorConfig) ConnectorType() string

type LDAPPool

type LDAPPool struct {
	MaxIdleConn    int
	PoolCheckTimer time.Duration
	Host           string
	UseTLS         bool
	UseSSL         bool
	TLSConfig      *tls.Config
	// contains filtered or unexported fields
}

A LDAPPool is a Connection Pool for LDAP connections. Use Do() to request connections from the pool.

func (*LDAPPool) CheckConnections

func (p *LDAPPool) CheckConnections() (int, int)

CheckConnections attempts to iterate over all the connections in the pool and check wheter they are alive or not. Live connections are put back into the pool, dead ones are discarded.

func (*LDAPPool) Do

func (p *LDAPPool) Do(f func(conn *ldap.Conn) error) (err error)

Do runs a function which requires an LDAP connection.

The connection will be unauthenticated with the server and should not be closed by f.

type LocalConnector

type LocalConnector struct {
	// contains filtered or unexported fields
}

func (*LocalConnector) Handler

func (c *LocalConnector) Handler(errorURL url.URL) http.Handler

func (*LocalConnector) Healthy

func (c *LocalConnector) Healthy() error

func (*LocalConnector) ID

func (c *LocalConnector) ID() string

func (*LocalConnector) LoginURL

func (c *LocalConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*LocalConnector) SetLocalIdentityProvider

func (c *LocalConnector) SetLocalIdentityProvider(idp *LocalIdentityProvider)

func (*LocalConnector) Sync

func (c *LocalConnector) Sync() chan struct{}

func (*LocalConnector) TrustedEmailProvider

func (c *LocalConnector) TrustedEmailProvider() bool

type LocalConnectorConfig

type LocalConnectorConfig struct {
	ID string `json:"id"`
}

func (*LocalConnectorConfig) Connector

func (cfg *LocalConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*LocalConnectorConfig) ConnectorID

func (cfg *LocalConnectorConfig) ConnectorID() string

func (*LocalConnectorConfig) ConnectorType

func (cfg *LocalConnectorConfig) ConnectorType() string

type LocalIdentityProvider

type LocalIdentityProvider struct {
	PasswordInfoRepo user.PasswordInfoRepo
	UserRepo         user.UserRepo
}

func (*LocalIdentityProvider) Identity

func (m *LocalIdentityProvider) Identity(email, password string) (*oidc.Identity, error)

type NewConnectorConfigFunc

type NewConnectorConfigFunc func() ConnectorConfig

type OAuth2Connector

type OAuth2Connector struct {
	// contains filtered or unexported fields
}

func (*OAuth2Connector) Handler

func (c *OAuth2Connector) Handler(errorURL url.URL) http.Handler

func (*OAuth2Connector) Healthy

func (c *OAuth2Connector) Healthy() error

func (*OAuth2Connector) ID

func (c *OAuth2Connector) ID() string

func (*OAuth2Connector) LoginURL

func (c *OAuth2Connector) LoginURL(sessionKey, prompt string) (string, error)

func (*OAuth2Connector) Sync

func (c *OAuth2Connector) Sync() chan struct{}

func (*OAuth2Connector) TrustedEmailProvider

func (c *OAuth2Connector) TrustedEmailProvider() bool

type OIDCConnector

type OIDCConnector struct {
	// contains filtered or unexported fields
}

func (*OIDCConnector) Handler

func (c *OIDCConnector) Handler(errorURL url.URL) http.Handler

func (*OIDCConnector) Healthy

func (c *OIDCConnector) Healthy() error

func (*OIDCConnector) ID

func (c *OIDCConnector) ID() string

func (*OIDCConnector) LoginURL

func (c *OIDCConnector) LoginURL(sessionKey, prompt string) (string, error)

func (*OIDCConnector) Sync

func (c *OIDCConnector) Sync() chan struct{}

func (*OIDCConnector) TrustedEmailProvider

func (c *OIDCConnector) TrustedEmailProvider() bool

type OIDCConnectorConfig

type OIDCConnectorConfig struct {
	ID                   string `json:"id"`
	IssuerURL            string `json:"issuerURL"`
	ClientID             string `json:"clientID"`
	ClientSecret         string `json:"clientSecret"`
	TrustedEmailProvider bool   `json:"trustedEmailProvider"`
	EmailClaim           string `json:"emailClaim"`
}

func (*OIDCConnectorConfig) Connector

func (cfg *OIDCConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*OIDCConnectorConfig) ConnectorID

func (cfg *OIDCConnectorConfig) ConnectorID() string

func (*OIDCConnectorConfig) ConnectorType

func (cfg *OIDCConnectorConfig) ConnectorType() string

type Page

type Page struct {
	PostURL    string
	Name       string
	Error      bool
	Message    string
	SessionKey string
}

type UAAConnectorConfig

type UAAConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
	ServerURL    string `json:"serverURL"`
}

func (*UAAConnectorConfig) Connector

func (cfg *UAAConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*UAAConnectorConfig) ConnectorID

func (cfg *UAAConnectorConfig) ConnectorID() string

func (*UAAConnectorConfig) ConnectorType

func (cfg *UAAConnectorConfig) ConnectorType() string

Package Files

  • config.go
  • config_repo.go
  • connector_bitbucket.go
  • connector_github.go
  • connector_ldap.go
  • connector_local.go
  • connector_oauth2.go
  • connector_oidc.go
  • connector_uaa.go
  • interface.go
  • login_local.go
Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier