plugin

package

v0.0.0-...-fb0f190 Latest Latest Go to latest Published: Oct 26, 2022 License: AGPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Davisanity/minio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Enabled(kvs config.KVS) bool
type Args
- func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser), ...) (Args, error)
- func (a *Args) Validate() error
type AuthNErrorResponse
type AuthNPlugin
- func New(args Args) *AuthNPlugin
- func (o *AuthNPlugin) Authenticate(roleArn arn.ARN, token string) (AuthNResponse, error)
- func (o *AuthNPlugin) GetRoleInfo() map[arn.ARN]string
type AuthNResponse
type AuthNSuccessResponse

Constants ¶

View Source

const (
	URL        = "url"
	AuthToken  = "auth_token"
	RolePolicy = "role_policy"
	RoleID     = "role_id"

	EnvIdentityPluginURL        = "MINIO_IDENTITY_PLUGIN_URL"
	EnvIdentityPluginAuthToken  = "MINIO_IDENTITY_PLUGIN_AUTH_TOKEN"
	EnvIdentityPluginRolePolicy = "MINIO_IDENTITY_PLUGIN_ROLE_POLICY"
	EnvIdentityPluginRoleID     = "MINIO_IDENTITY_PLUGIN_ROLE_ID"
)

Authentication Plugin config and env variables

Variables ¶

View Source

var (
	// DefaultKVS - default config for AuthN plugin config
	DefaultKVS = config.KVS{
		config.KV{
			Key:   URL,
			Value: "",
		},
		config.KV{
			Key:   AuthToken,
			Value: "",
		},
		config.KV{
			Key:   RolePolicy,
			Value: "",
		},
		config.KV{
			Key:   RoleID,
			Value: "",
		},
	}

	// Help for Identity Plugin
	Help = config.HelpKVS{
		config.HelpKV{
			Key:         URL,
			Description: `plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/path/to/endpoint"` + defaultHelpPostfix(URL),
			Type:        "url",
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         RolePolicy,
			Description: "policies to apply for plugin authorized users" + defaultHelpPostfix(RolePolicy),
			Type:        "string",
		},
		config.HelpKV{
			Key:         RoleID,
			Description: "unique ID to generate the ARN" + defaultHelpPostfix(RoleID),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
	}
)

Functions ¶

func Enabled ¶

func Enabled(kvs config.KVS) bool

Enabled returns if AuthNPlugin is enabled.

Types ¶

type Args ¶

type Args struct {
	URL         *xnet.URL
	AuthToken   string
	Transport   http.RoundTripper
	CloseRespFn func(r io.ReadCloser)

	RolePolicy string
	RoleARN    arn.ARN
}

Args for authentication plugin.

func LookupConfig ¶

func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser), serverRegion string) (Args, error)

LookupConfig lookup AuthNPlugin from config, override with any ENVs.

func (*Args) Validate ¶

func (a *Args) Validate() error

Validate - validate configuration params.

type AuthNErrorResponse ¶

type AuthNErrorResponse struct {
	Reason string `json:"reason"`
}

AuthNErrorResponse - represents an error response from the authN plugin.

type AuthNPlugin ¶

type AuthNPlugin struct {
	// contains filtered or unexported fields
}

AuthNPlugin - implements pluggable authentication via webhook.

func New ¶

func New(args Args) *AuthNPlugin

New - initializes Authorization Management Plugin.

func (*AuthNPlugin) Authenticate ¶

func (o *AuthNPlugin) Authenticate(roleArn arn.ARN, token string) (AuthNResponse, error)

Authenticate authenticates the token with the external hook endpoint and returns a parent user, max expiry duration for the authentication and a set of claims.

func (*AuthNPlugin) GetRoleInfo ¶

func (o *AuthNPlugin) GetRoleInfo() map[arn.ARN]string

GetRoleInfo - returns ARN to policies map.

type AuthNResponse ¶

type AuthNResponse struct {
	Success *AuthNSuccessResponse
	Failure *AuthNErrorResponse
}

AuthNResponse - represents a result of the authentication operation.

type AuthNSuccessResponse ¶

type AuthNSuccessResponse struct {
	User               string                 `json:"user"`
	MaxValiditySeconds int                    `json:"maxValiditySeconds"`
	Claims             map[string]interface{} `json:"claims"`
}

AuthNSuccessResponse - represents the response from the authentication plugin service.

Source Files ¶

View all Source files

config.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL