candid

package module

v1.3.0 Latest Latest Go to latest Published: Nov 15, 2019 License: AGPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/CanonicalLtd/candid

Links

Open Source Insights

README ¶

Candid Identity service

The Candid server provides a macaroon-based authentication service.

Installation

The easiest way to start using the candid service is with the snap:

snap install candid --edge

The configuration file used by the snap can be found in /var/snap/candid/current/config.yaml.

Development

Requirements

Candid requires go1.11 or later to build. This is available in the go snap:

snap install go

Go will additionally require installing the following packages in order that it can fetch and build candid dependencies:

apt install build-essential bzr git

Source

Get the source from github.com/CanoniclaLtd/candid.

git clone git@github.com:CanonicalLtd/candid

It is recommended that you check out the source outside of any $GOPATH ($HOME/go by default). If you do wish to check out into a $GOPATH then you will need to set the environment variable GO111MODULE=on.

Testing

The store/mgostore component additionally requires mongodb to be installed, this should be installed from the system packages:

apt install mongodb

The store/sqlstore component additionally requires a running postgresql, this may be running on a different system. The posgresql system to use is specified using the standard postgresql environment variables. To skip running postgresql tests set the environment variable PGTESTDISABLE=1.

Tests are run by running make check in the root of the source tree. The tests for a single package can be run by running go test in the package directory.

Documentation ¶

Index ¶

Constants
func Versions() []string
type HandlerCloser
- func NewServer(params ServerParams, serveVersions ...string) (HandlerCloser, error)
type ServerParams

Constants ¶

View Source

const (
	Debug      = "debug"
	Discharger = "discharger"
	V1         = "v1"
)

Versions of the API that can be served.

Variables ¶

This section is empty.

Functions ¶

func Versions ¶

func Versions() []string

Versions returns all known API version strings in alphabetical order.

Types ¶

type HandlerCloser ¶

type HandlerCloser interface {
	http.Handler
	Close()
}

func NewServer ¶

func NewServer(params ServerParams, serveVersions ...string) (HandlerCloser, error)

NewServer returns a new handler that handles identity service requests and stores its data in the given database. The handler will serve the specified versions of the API.

type ServerParams ¶

type ServerParams struct {
	// MeetingStore holds the storage that will be used to store
	// rendezvous information.
	MeetingStore meeting.Store

	// ProviderDataStore holds the storeage that can be used by
	// identity providers to store data that is not associated with
	// an individual identity.
	ProviderDataStore store.ProviderDataStore

	// RootKeyStore holds the root key store that will be used to
	// store macaroon root keys within the identity server.
	RootKeyStore bakery.RootKeyStore

	// Store holds the identities store for the identity server.
	Store store.Store

	// AdminPassword holds the password for admin login.
	AdminPassword string

	// Key holds the keypair to use with the bakery service.
	Key *bakery.KeyPair

	// Location holds a URL representing the externally accessible
	// base URL of the service, without a trailing slash.
	Location string

	// PrivateAddr should hold a dialable address that will be used
	// for communication between identity servers. Note that this
	// should not contain a port.
	PrivateAddr string

	// IdentityProviders contains the set of identity providers that
	// should be initialised by the service.
	IdentityProviders []idp.IdentityProvider

	// DebugTeams contains the set of launchpad teams that may access
	// the restricted debug endpoints.
	// TODO remove this.
	DebugTeams []string

	// AdminAgentPublicKey contains the public key of the admin agent.
	AdminAgentPublicKey *bakery.PublicKey

	// StaticFileSystem contains an http.FileSystem that can be used
	// to serve static files.
	StaticFileSystem http.FileSystem

	// Template contains a set of templates that are used to generate
	// html output.
	Template *template.Template

	// DebugStatusCheckerFuncs contains functions that will be
	// executed as part of a /debug/status check.
	DebugStatusCheckerFuncs []debugstatus.CheckerFunc

	// RendezvousTimeout holds the time after which an interactive discharge wait
	// request will time out.
	RendezvousTimeout time.Duration

	// ACLStore holds the ACLStore for the identity server.
	ACLStore aclstore.ACLStore

	// RedirectLoginWhitelist contains a list of URLs that are
	// trusted to be used as return_to URLs during an interactive
	// login.
	RedirectLoginWhitelist []string

	// APIMacaroonTimeout is the maximum life of an API macaroon.
	APIMacaroonTimeout time.Duration

	// DischargeMacaroonTimeout is the maximum life of a Discharge
	// macaroon.
	DischargeMacaroonTimeout time.Duration

	// DischargeTokenTimeout is the maximum life of a Discharge
	// token.
	DischargeTokenTimeout time.Duration
}

ServerParams contains configuration parameters for a server.

Source Files ¶

View all Source files

server.go

Directories ¶

Path	Synopsis
candidtest Package candidtest provides an inmemory candid service for use in tests.	Package candidtest provides an inmemory candid service for use in tests.
cmd
candid
candid/internal/admincmd
candidsrv
migrate-db
migrate-db/internal
migrate-db/internal/mongodoc
config The config package defines configuration parameters for the id server.	The config package defines configuration parameters for the id server.
idp Package idp defines the API provided by all identity providers.	Package idp defines the API provided by all identity providers.
agent Package agent is an identity provider that uses the agent authentication scheme.	Package agent is an identity provider that uses the agent authentication scheme.
azure Package azure is an identity provider that authenticates with azure.	Package azure is an identity provider that authenticates with azure.
google Package google is an identity provider that authenticates with google.	Package google is an identity provider that authenticates with google.
idptest
idputil Package idputil contains utility routines common to many identity providers.	Package idputil contains utility routines common to many identity providers.
idputil/secret
keystone Package keystone contains identity providers that validate against keystone servers.	Package keystone contains identity providers that validate against keystone servers.
keystone/internal/keystone Package keystone implements a keystone client.	Package keystone implements a keystone client.
keystone/internal/mockkeystone
ldap Package ldap contains identity providers that validate against ldap servers.	Package ldap contains identity providers that validate against ldap servers.
openid Package openid provides identity providers that use OpenID to determine the identity.	Package openid provides identity providers that use OpenID to determine the identity.
static Package static contains identity providers that validate against a static list of users.	Package static contains identity providers that validate against a static list of users.
usso Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.	Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.
usso/internal/kvnoncestore Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.	Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.
usso/internal/mockusso
usso/ussodischarge Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.	Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.
usso/ussodischarge/cmd/login login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.	login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.
usso/ussooauth Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.	Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.
internal
auth
auth/httpauth
candidtest Package candidtest provides suites and functions useful for testing the identity manager.	Package candidtest provides suites and functions useful for testing the identity manager.
debug
discharger Package discharger serves all of the endpoints related to discharging macaroon and logging in.	Package discharger serves all of the endpoints related to discharging macaroon and logging in.
discharger/internal
identity
monitoring
v1
meeting Package meeting provides a way for one thread of control to wait for information provided by another thread.	Package meeting provides a way for one thread of control to wait for information provided by another thread.
store
memstore Package memstore provides an in-memory implementation of the store.	Package memstore provides an in-memory implementation of the store.
mgostore
sqlstore
storetest Package testing provides useful tools for testing Store implementations.	Package testing provides useful tools for testing Store implementations.
version

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL