token

package
v3.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package token defines tokens that serve as credentials in RBAC authorization.

Package token provides primitives to interact with the openapi HTTP API.

Code generated by github.com/deepmap/oapi-codegen version v1.13.0 DO NOT EDIT.

Index

Constants

View Source 
const (
	DOMAIN_HEADER = "X-Athenz-Domain"
	ROLE_HEADER   = "X-Athenz-Role"
)

Variables

View Source 
var (
	ClientError = fmt.Errorf("Client error") // error should be fixed by the client-side, log as warning, response 4xx status code
)

Functions

func GenerateAccessTokenRequestString 

func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, proxyForPrincipal string, expiryTime int) string

GenerateAccessTokenRequestString generates and urlencodes an access token string. TODO: fix the original method: https://github.com/AthenZ/athenz/blob/a85f48666763759ee28fda114acc4c8d2cafc28e/libs/go/athenzutils/ztsclient.go#L68

func New 

func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, error)

func NewTLSConfig 

func NewTLSConfig(ca, cert, key string) (*tls.Config, error)

NewTLSConfig returns a *tls.Config with provided certificate and key. If ca != "", client authentication is enabled.

func NewX509CertPool 

func NewX509CertPool(extraCA string) (pool *x509.CertPool, err error)

NewX509CertPool returns a certificate pool with the system CAs and the extra CA specified.

Types

type AccessToken 

type AccessToken struct {
	// contains filtered or unexported fields
}

AccessToken stores access token

func (*AccessToken) Domain 

func (t *AccessToken) Domain() string

func (*AccessToken) Expiry 

func (t *AccessToken) Expiry() int64

func (*AccessToken) Raw 

func (t *AccessToken) Raw() string

func (*AccessToken) Role 

func (t *AccessToken) Role() string

func (*AccessToken) Scope 

func (t *AccessToken) Scope() string

func (*AccessToken) Size 

func (t *AccessToken) Size() uint

type AccessTokenRequestBody 

type AccessTokenRequestBody struct {
	// Domain Access token domain name
	Domain string `json:"domain"`

	// Expiry Access token expiry time (in second)
	Expiry *int `json:"expiry,omitempty"`

	// ProxyForPrincipal Access token proxyForPrincipal name
	ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"`

	// Role Access token role name (comma separated list)
	Role *string `json:"role,omitempty"`
}

AccessTokenRequestBody defines model for AccessTokenRequestBody.

type AccessTokenResponse 

type AccessTokenResponse struct {
	// AccessToken Access token string
	AccessToken string `json:"access_token"`

	// ExpiresIn Access token expiry time (in second)
	ExpiresIn int `json:"expires_in"`

	// Scope Access token scope (Only added if role is not specified, space separated)
	Scope *string `json:"scope,omitempty"`

	// TokenType Access token token type
	TokenType string `json:"token_type"`
}

AccessTokenResponse defines model for AccessTokenResponse.

type AtRequestBody 

type AtRequestBody = AccessTokenRequestBody

AtRequestBody defines model for atRequestBody.

type AtResponse 

type AtResponse = AccessTokenResponse

AtResponse defines model for atResponse.

type CacheKey 

type CacheKey struct {
	Domain            string
	MaxExpiry         int
	MinExpiry         int
	ProxyForPrincipal string
	Role              string
}

func (CacheKey) Size 

func (k CacheKey) Size() uint

func (CacheKey) String 

func (k CacheKey) String() string

String returns CacheKey's information in a string format, usually for logging purpose.

func (CacheKey) UniqueId 

func (k CacheKey) UniqueId(tokenType string) string

UniqueId returns a unique id of this token, ensuring that the id stays unique with Athenz naming rules. Athenz domain naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*") Athenz role naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*" and therefore delimiter "|" is used to separate domain and role for uniqueness.

type FetchAccessTokenJSONRequestBody 

type FetchAccessTokenJSONRequestBody = AccessTokenRequestBody

FetchAccessTokenJSONRequestBody defines body for FetchAccessToken for application/json ContentType.

type FetchRoleTokenJSONRequestBody 

type FetchRoleTokenJSONRequestBody = RoleTokenRequestBody

FetchRoleTokenJSONRequestBody defines body for FetchRoleToken for application/json ContentType.

type GroupDoResult 

type GroupDoResult struct {
	// contains filtered or unexported fields
}

GroupDoResult contains token and its requestID after singleFlight.group.Do()

type LockedTokenCache 

type LockedTokenCache struct {
	// contains filtered or unexported fields
}

func NewLockedTokenCache 

func NewLockedTokenCache(tokenType, namespace, podName string) *LockedTokenCache

func (*LockedTokenCache) Clear 

func (c *LockedTokenCache) Clear()

func (*LockedTokenCache) Collect 

func (c *LockedTokenCache) Collect(ch chan<- prometheus.Metric)

func (*LockedTokenCache) Describe 

func (c *LockedTokenCache) Describe(ch chan<- *prometheus.Desc)

func (*LockedTokenCache) Keys 

func (c *LockedTokenCache) Keys() []CacheKey

func (*LockedTokenCache) Len 

func (c *LockedTokenCache) Len() int

func (*LockedTokenCache) Load 

func (c *LockedTokenCache) Load(k CacheKey) Token

func (*LockedTokenCache) Range 

func (c *LockedTokenCache) Range(f func(k CacheKey, t Token) error) error

func (*LockedTokenCache) Size 

func (c *LockedTokenCache) Size() int64

func (*LockedTokenCache) Store 

func (c *LockedTokenCache) Store(k CacheKey, t Token)

type RoleToken 

type RoleToken struct {
	// contains filtered or unexported fields
}

RoleToken stores role token

func (*RoleToken) Domain 

func (t *RoleToken) Domain() string

func (*RoleToken) Expiry 

func (t *RoleToken) Expiry() int64

func (*RoleToken) Raw 

func (t *RoleToken) Raw() string

func (*RoleToken) Role 

func (t *RoleToken) Role() string

func (*RoleToken) Size 

func (t *RoleToken) Size() uint

type RoleTokenRequestBody 

type RoleTokenRequestBody struct {
	// Domain Role token domain name
	Domain string `json:"domain"`

	// MaxExpiry Role token maximum expiry time (in second)
	MaxExpiry *int `json:"max_expiry,omitempty"`

	// MinExpiry Role token minimum expiry time (in second)
	MinExpiry *int `json:"min_expiry,omitempty"`

	// ProxyForPrincipal Role token proxyForPrincipal name
	ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"`

	// Role Role token role name (comma separated list)
	Role *string `json:"role,omitempty"`
}

RoleTokenRequestBody defines model for RoleTokenRequestBody.

type RoleTokenResponse 

type RoleTokenResponse struct {
	// ExpiryTime Role token expiry time (Unix timestamp in second)
	ExpiryTime int64 `json:"expiryTime"`

	// Token Role token string
	Token string `json:"token"`
}

RoleTokenResponse defines model for RoleTokenResponse.

type RtRequestBody 

type RtRequestBody = RoleTokenRequestBody

RtRequestBody defines model for rtRequestBody.

type RtResponse 

type RtResponse = RoleTokenResponse

RtResponse defines model for rtResponse.

type Token 

type Token interface {
	Domain() string
	Role() string
	Raw() string

	// Expiry returns the expiry time of the token in seconds since Unix epoch.
	Expiry() int64

	// Size returns the number of bytes used by the token struct.
	Size() uint
}

type TokenCache 

type TokenCache interface {
	Store(k CacheKey, t Token)
	Load(k CacheKey) Token
	Range(func(k CacheKey, t Token) error) error
	Keys() []CacheKey
	Size() int64
	Len() int
	Clear()
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.