Documentation ¶
Overview ¶
Package token defines tokens that serve as credentials in RBAC authorization.
Package token provides primitives to interact with the openapi HTTP API.
Code generated by github.com/deepmap/oapi-codegen version v1.13.0 DO NOT EDIT.
Index ¶
- Constants
- Variables
- func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, ... string, ...) string
- func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, error)
- func NewTLSConfig(ca, cert, key string) (*tls.Config, error)
- func NewX509CertPool(extraCA string) (pool *x509.CertPool, err error)
- type AccessToken
- type AccessTokenRequestBody
- type AccessTokenResponse
- type AtRequestBody
- type AtResponse
- type CacheKey
- type FetchAccessTokenJSONRequestBody
- type FetchRoleTokenJSONRequestBody
- type GroupDoResult
- type LockedTokenCache
- func (c *LockedTokenCache) Clear()
- func (c *LockedTokenCache) Collect(ch chan<- prometheus.Metric)
- func (c *LockedTokenCache) Describe(ch chan<- *prometheus.Desc)
- func (c *LockedTokenCache) Keys() []CacheKey
- func (c *LockedTokenCache) Len() int
- func (c *LockedTokenCache) Load(k CacheKey) Token
- func (c *LockedTokenCache) Range(f func(k CacheKey, t Token) error) error
- func (c *LockedTokenCache) Size() int64
- func (c *LockedTokenCache) Store(k CacheKey, t Token)
- type RoleToken
- type RoleTokenRequestBody
- type RoleTokenResponse
- type RtRequestBody
- type RtResponse
- type Token
- type TokenCache
Constants ¶
const ( DOMAIN_HEADER = "X-Athenz-Domain" ROLE_HEADER = "X-Athenz-Role" )
Variables ¶
var (
ClientError = fmt.Errorf("Client error") // error should be fixed by the client-side, log as warning, response 4xx status code
)
Functions ¶
func GenerateAccessTokenRequestString ¶
func GenerateAccessTokenRequestString(domain, service, roles, authzDetails, proxyPrincipalSpiffeUris, proxyForPrincipal string, expiryTime int) string
GenerateAccessTokenRequestString generates and urlencodes an access token string. TODO: fix the original method: https://github.com/AthenZ/athenz/blob/a85f48666763759ee28fda114acc4c8d2cafc28e/libs/go/athenzutils/ztsclient.go#L68
func NewTLSConfig ¶
NewTLSConfig returns a *tls.Config with provided certificate and key. If ca != "", client authentication is enabled.
Types ¶
type AccessToken ¶
type AccessToken struct {
// contains filtered or unexported fields
}
AccessToken stores access token
func (*AccessToken) Domain ¶
func (t *AccessToken) Domain() string
func (*AccessToken) Expiry ¶
func (t *AccessToken) Expiry() int64
func (*AccessToken) Raw ¶
func (t *AccessToken) Raw() string
func (*AccessToken) Role ¶
func (t *AccessToken) Role() string
func (*AccessToken) Scope ¶
func (t *AccessToken) Scope() string
func (*AccessToken) Size ¶
func (t *AccessToken) Size() uint
type AccessTokenRequestBody ¶
type AccessTokenRequestBody struct { // Domain Access token domain name Domain string `json:"domain"` // Expiry Access token expiry time (in second) Expiry *int `json:"expiry,omitempty"` // ProxyForPrincipal Access token proxyForPrincipal name ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"` // Role Access token role name (comma separated list) Role *string `json:"role,omitempty"` }
AccessTokenRequestBody defines model for AccessTokenRequestBody.
type AccessTokenResponse ¶
type AccessTokenResponse struct { // AccessToken Access token string AccessToken string `json:"access_token"` // ExpiresIn Access token expiry time (in second) ExpiresIn int `json:"expires_in"` // Scope Access token scope (Only added if role is not specified, space separated) Scope *string `json:"scope,omitempty"` // TokenType Access token token type TokenType string `json:"token_type"` }
AccessTokenResponse defines model for AccessTokenResponse.
type AtRequestBody ¶
type AtRequestBody = AccessTokenRequestBody
AtRequestBody defines model for atRequestBody.
type CacheKey ¶
type CacheKey struct { Domain string MaxExpiry int MinExpiry int ProxyForPrincipal string Role string }
func (CacheKey) String ¶
String returns CacheKey's information in a string format, usually for logging purpose.
func (CacheKey) UniqueId ¶
UniqueId returns a unique id of this token, ensuring that the id stays unique with Athenz naming rules. Athenz domain naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*") Athenz role naming rule: "[a-zA-Z0-9_][a-zA-Z0-9_-]*" and therefore delimiter "|" is used to separate domain and role for uniqueness.
type FetchAccessTokenJSONRequestBody ¶
type FetchAccessTokenJSONRequestBody = AccessTokenRequestBody
FetchAccessTokenJSONRequestBody defines body for FetchAccessToken for application/json ContentType.
type FetchRoleTokenJSONRequestBody ¶
type FetchRoleTokenJSONRequestBody = RoleTokenRequestBody
FetchRoleTokenJSONRequestBody defines body for FetchRoleToken for application/json ContentType.
type GroupDoResult ¶
type GroupDoResult struct {
// contains filtered or unexported fields
}
GroupDoResult contains token and its requestID after singleFlight.group.Do()
type LockedTokenCache ¶
type LockedTokenCache struct {
// contains filtered or unexported fields
}
func NewLockedTokenCache ¶
func NewLockedTokenCache(tokenType, namespace, podName string) *LockedTokenCache
func (*LockedTokenCache) Clear ¶
func (c *LockedTokenCache) Clear()
func (*LockedTokenCache) Collect ¶
func (c *LockedTokenCache) Collect(ch chan<- prometheus.Metric)
func (*LockedTokenCache) Describe ¶
func (c *LockedTokenCache) Describe(ch chan<- *prometheus.Desc)
func (*LockedTokenCache) Keys ¶
func (c *LockedTokenCache) Keys() []CacheKey
func (*LockedTokenCache) Len ¶
func (c *LockedTokenCache) Len() int
func (*LockedTokenCache) Load ¶
func (c *LockedTokenCache) Load(k CacheKey) Token
func (*LockedTokenCache) Range ¶
func (c *LockedTokenCache) Range(f func(k CacheKey, t Token) error) error
func (*LockedTokenCache) Size ¶
func (c *LockedTokenCache) Size() int64
func (*LockedTokenCache) Store ¶
func (c *LockedTokenCache) Store(k CacheKey, t Token)
type RoleToken ¶
type RoleToken struct {
// contains filtered or unexported fields
}
RoleToken stores role token
type RoleTokenRequestBody ¶
type RoleTokenRequestBody struct { // Domain Role token domain name Domain string `json:"domain"` // MaxExpiry Role token maximum expiry time (in second) MaxExpiry *int `json:"max_expiry,omitempty"` // MinExpiry Role token minimum expiry time (in second) MinExpiry *int `json:"min_expiry,omitempty"` // ProxyForPrincipal Role token proxyForPrincipal name ProxyForPrincipal *string `json:"proxy_for_principal,omitempty"` // Role Role token role name (comma separated list) Role *string `json:"role,omitempty"` }
RoleTokenRequestBody defines model for RoleTokenRequestBody.
type RoleTokenResponse ¶
type RoleTokenResponse struct { // ExpiryTime Role token expiry time (Unix timestamp in second) ExpiryTime int64 `json:"expiryTime"` // Token Role token string Token string `json:"token"` }
RoleTokenResponse defines model for RoleTokenResponse.
type RtRequestBody ¶
type RtRequestBody = RoleTokenRequestBody
RtRequestBody defines model for rtRequestBody.