Documentation ¶
Overview ¶
Copyright 2023 The Authors (see AUTHORS file)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 The Authors (see AUTHORS file)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2023 The Authors (see AUTHORS file)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Package server defines the http request handlers and the route processing for this service. The server accepts requests containing OIDC tokens from GitHub, validates them against a configuration and then mints a GitHub application token with elevated privlidges.
Index ¶
Constants ¶
const ( AuthHeader = "X-GitHub-OIDC-Token" JWTCacheKey = "github-app-jwt" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { If string `yaml:"if" json:"if"` Repositories []string `yaml:"repositories" json:"repositories"` Permissions map[string]string `yaml:"permissions" json:"permissions"` Program cel.Program `yaml:"-" json:"-"` }
Config defines a conditional configuration for a set of permissions.
type ConfigReader ¶
type ConfigReader interface {
Read(repoKey string) (*RepositoryConfig, error)
}
ConfigReader is an interface that will produce a repository config for a given repository name.
type MemoryStore ¶
type MemoryStore struct {
// contains filtered or unexported fields
}
MemoryStore is an implementation of the ConfigReader interface which stores its configuration in a map that is preloaded on startup.
func NewInMemoryStore ¶
func NewInMemoryStore(configLocation string) (*MemoryStore, error)
NewInMemoryStore creates a ConfigReader implementation that stores the configuration objects in memory. All configurations are loaded once on creation.
func (*MemoryStore) Read ¶
func (m *MemoryStore) Read(repoKey string) (*RepositoryConfig, error)
Read retrieves the RepositoryConfig object for a given repository e.g. abcxyz/somerepo.
type RepositoryConfig ¶
type RepositoryConfig []*Config
RepositoryConfig defines a set of configurations for a GitHub repository.
type TokenMintServer ¶
type TokenMintServer struct {
// contains filtered or unexported fields
}
TokenMintServer is the implementation of an HTTP server that exchanges a GitHub OIDC token for a GitHub application token with eleveated privlidges.
func NewRouter ¶
func NewRouter(ctx context.Context, githubApp *githubauth.App, configStore ConfigReader, jwtParseOptions []jwt.ParseOption) (*TokenMintServer, error)
NewRouter creates a new HTTP server implementation that will exchange a GitHub OIDC token for a GitHub application token with eleveated privlidges.