server

package

v0.0.24 Latest Latest Go to latest Published: Mar 1, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/abcxyz/github-token-minter

Links

Open Source Insights

Documentation ¶

Overview ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Package server defines the http request handlers and the route processing for this service. The server accepts requests containing OIDC tokens from GitHub, validates them against a configuration and then mints a GitHub application token with elevated privlidges.

Index ¶

Constants
type Config
type ConfigReader
type Level
- func (i Level) String() string
type MemoryStore
- func NewInMemoryStore(configLocation string) (*MemoryStore, error)
- func (m *MemoryStore) Read(repoKey string) (*RepositoryConfig, error)
type RepositoryConfig
type TokenMintServer
- func NewRouter(ctx context.Context, githubApp *githubauth.App, configStore ConfigReader, ...) (*TokenMintServer, error)
- func (s *TokenMintServer) Routes(ctx context.Context) http.Handler

Constants ¶

View Source

const (
	AuthHeader  = "X-GitHub-OIDC-Token"
	JWTCacheKey = "github-app-jwt"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	If           string            `yaml:"if" json:"if"`
	Repositories []string          `yaml:"repositories" json:"repositories"`
	Permissions  map[string]string `yaml:"permissions" json:"permissions"`
	Program      cel.Program       `yaml:"-" json:"-"`
}

Config defines a conditional configuration for a set of permissions.

type ConfigReader ¶

type ConfigReader interface {
	Read(repoKey string) (*RepositoryConfig, error)
}

ConfigReader is an interface that will produce a repository config for a given repository name.

type Level ¶

type Level uint8

const (
	LevelInvalid Level = 1 << iota
	LevelRead
	LevelWrite
	LevelAdmin
)

func (Level) String ¶

func (i Level) String() string

type MemoryStore ¶

type MemoryStore struct {
	// contains filtered or unexported fields
}

MemoryStore is an implementation of the ConfigReader interface which stores its configuration in a map that is preloaded on startup.

func NewInMemoryStore ¶

func NewInMemoryStore(configLocation string) (*MemoryStore, error)

NewInMemoryStore creates a ConfigReader implementation that stores the configuration objects in memory. All configurations are loaded once on creation.

func (*MemoryStore) Read ¶

func (m *MemoryStore) Read(repoKey string) (*RepositoryConfig, error)

Read retrieves the RepositoryConfig object for a given repository e.g. abcxyz/somerepo.

type RepositoryConfig ¶

type RepositoryConfig []*Config

RepositoryConfig defines a set of configurations for a GitHub repository.

type TokenMintServer ¶

type TokenMintServer struct {
	// contains filtered or unexported fields
}

TokenMintServer is the implementation of an HTTP server that exchanges a GitHub OIDC token for a GitHub application token with eleveated privlidges.

func NewRouter ¶

func NewRouter(ctx context.Context, githubApp *githubauth.App, configStore ConfigReader, jwtParseOptions []jwt.ParseOption) (*TokenMintServer, error)

NewRouter creates a new HTTP server implementation that will exchange a GitHub OIDC token for a GitHub application token with eleveated privlidges.

func (*TokenMintServer) Routes ¶

func (s *TokenMintServer) Routes(ctx context.Context) http.Handler

Routes creates a ServeMux of all of the routes that this Router supports.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL