auth

package

v0.0.0-...-86e9f11 Latest Latest Go to latest Published: Jan 7, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/SnellerInc/sneller

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth describes some implementations of Provider that can be used in snellerd.

Index ¶

func S3Tenant(ctx context.Context, id string, root *db.S3FS, key *blockfmt.Key, ...) db.Tenant
func S3TenantFromEnv(ctx context.Context, bucket string) (db.Tenant, error)
type Provider
type S3Bearer
- func (s *S3Bearer) Authorize(ctx context.Context, token string) (db.Tenant, error)
type S3BearerCredentials
type S3BearerIdentity
- func (s *S3BearerIdentity) Expired() bool
- func (s *S3BearerIdentity) Tenant(ctx context.Context) (db.Tenant, error)
type S3Static
- func (f *S3Static) Authorize(ctx context.Context, token string) (db.Tenant, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func S3Tenant ¶

func S3Tenant(ctx context.Context, id string, root *db.S3FS, key *blockfmt.Key, cfg *db.TenantConfig) db.Tenant

func S3TenantFromEnv ¶

func S3TenantFromEnv(ctx context.Context, bucket string) (db.Tenant, error)

S3TenantFromEnv constructs an s3 tenant from the environment.

Types ¶

type Provider ¶

type Provider interface {
	Authorize(ctx context.Context, token string) (db.Tenant, error)
}

Provider is the interface through which HTTP Bearer tokens are turned into db.Tenant objects. The purpose of Provider is to hide the details mapping tokens to users and users to db.FS implementations.

See, for example, S3Bearer for a Provider that uses a remote HTTP(s) endpoint to turn tokens into S3 credentials for implementing a Tenant.

func FromEndPoint ¶

func FromEndPoint(uri string) (Provider, error)

FromEndPoint creates an authorization provider that uses and endpoint to validate and return the proper credentials. See also S3Bearer.

func FromFile ¶

func FromFile(fileName string) (Provider, error)

FromFile creates an authorization provider that reads the credential information from the given file-name. See alse S3Static.

func NewEnvProvider ¶

func NewEnvProvider() (Provider, error)

func NewWebIdentityProvider ¶

func NewWebIdentityProvider() (Provider, error)

NewWebIdentityProvider returns a provider that allows fetching AWS credentials using a web-identity token. It returns a `nil` provider, when one of the required environment variables isn't set.

func Parse ¶

func Parse(spec string) (Provider, error)

Parse will create a provider based on the given specification.

It uses an authorization endpoint when a http(s):// prefix is detected and otherwise the specification is interpreted as a file name.

type S3Bearer ¶

type S3Bearer struct {
	URI    string
	Client *http.Client
}

S3Bearer is a tenant authorization strategy that produces a db.Tenant from a remote HTTP(s) endpoint by passing it an opaque token. The remote HTTP(s) endpoint is expected to return a JSON object describing the S3 bucket and access credentials necessary for the tenant to operate. See also S3BearerIdentity.

func (*S3Bearer) Authorize ¶

func (s *S3Bearer) Authorize(ctx context.Context, token string) (db.Tenant, error)

Authorize implements Provider.Authorize

The provided token is forwarded verbatim to s.URI. The response is expected to be a JSON object matching structure of S3BearerIdentity.

type S3BearerCredentials ¶

type S3BearerCredentials struct {
	BaseURI         string    `json:"BaseURI,omitempty"`
	AccessKeyID     string    `json:"AccessKeyID"`
	SecretAccessKey string    `json:"SecretAccessKey"`
	SessionToken    string    `json:"SessionToken,omitempty"`
	Source          string    `json:"Source,omitempty"`
	Expires         time.Time `json:"Expires,omitempty"`
	CanExpire       bool      `json:"CanExpire"`
}

type S3BearerIdentity ¶

type S3BearerIdentity struct {
	ID       string `json:"TenantID"`
	Region   string `json:"Region"`
	IndexKey []byte `json:"IndexKey,omitempty"`
	Bucket   string `json:"SnellerBucket"`
	// Credentials is a JSON-compatible
	// representation of the AWS SDK "Credentials" structure
	Credentials S3BearerCredentials `json:"Credentials"`
	// MaxScanBytes is the maximum number of bytes
	// allowed to be scanned on any query.
	MaxScanBytes uint64 `json:"MaxScanBytes"`
}

S3BearerIdentity describes the JSON object that should be returned from the HTTP server implementing the S3Bearer API.

func (*S3BearerIdentity) Expired ¶

func (s *S3BearerIdentity) Expired() bool

Expired indicates whether or not the credentials in the identity have expired.

func (*S3BearerIdentity) Tenant ¶

func (s *S3BearerIdentity) Tenant(ctx context.Context) (db.Tenant, error)

Tenant converts the S3BearerIdentity into a db.Tenant. Tenant will perform some validation of the fields in s to confirm that it describes a valid configuration.

type S3Static ¶

type S3Static struct {
	// CheckToken is used to validate
	// tokens in Authorize.
	// If CheckToken is nil, then all
	// tokens are accepted.
	CheckToken func(token string) error
	// S3BearerIdentity is the embedded
	// static identity that is used to
	// implement the db.Tenant returned
	// from Authorize.
	S3BearerIdentity
}

S3Static is a Provider that is backed by a single static S3 identity.

func (*S3Static) Authorize ¶

func (f *S3Static) Authorize(ctx context.Context, token string) (db.Tenant, error)

Authorize implements Provider.Authorize

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL