package module
Version: v0.0.0-...-4c24d26 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2019 License: Apache-2.0 Imports: 11 Imported by: 7




View Source
const (
	// AuthTypeOAuth2 means OAuth2
	AuthTypeOAuth2 = "OAuth2"
	// AuthTypeOIDC means no OIDC
	AuthTypeOIDC = "OIDC"
	// AuthTypeHttpBasic means HTTP Basic auth
	AuthTypeHttpBasic = "HttpBasic"
	// AuthTypeAKS means AKS
	AuthTypeAKS = "AKS"
View Source
const (
	// AuthConnectTypeCreds means authenticate with username/password credentials
	AuthConnectTypeCreds = "creds"
	// AuthConnectTypeNone means no authentication
	AuthConnectTypeNone = "none"


View Source
var AuthEndpointTypes = map[string]AuthEndpointType{
	"remote": Remote,
	"local":  Local,

AuthEndpointTypes - Allows lookup of internal string representation by the value of the AUTH_ENDPOINT_TYPE env variable

View Source
var JetstreamConfigPlugins []JetstreamConfigInit

JetstreamConfigPlugins is the array of config plugins


func LogHTTPError

func LogHTTPError(r *http.Response, innerErr error) error

func NewHTTPError

func NewHTTPError(status int, userFacingError string) error

func NewHTTPShadowError

func NewHTTPShadowError(status int, userFacingError string, fmtString string, args ...interface{}) error

func RegisterJetstreamConfigPlugin

func RegisterJetstreamConfigPlugin(plugin JetstreamConfigInit)

RegisterJetstreamConfigPlugin registers a new config plugin

func UpgradeToWebSocket

func UpgradeToWebSocket(echoContext echo.Context) (*websocket.Conn, *time.Ticker, error)

Upgrade the HTTP connection to a WebSocket with a Ping ticker


type AuthEndpointType

type AuthEndpointType string

AuthEndpointType - Restrict the possible values of the configured

const (
	//Remote - String representation of remote auth endpoint type
	Remote AuthEndpointType = "remote"
	//Local - String representation of remote auth endpoint type
	Local AuthEndpointType = "local"

type AuthFlowHandlerFunc

type AuthFlowHandlerFunc func(cnsiRequest *CNSIRequest, req *http.Request) (*http.Response, error)

type AuthHandlerFunc

type AuthHandlerFunc func(tokenRec TokenRecord, cnsi CNSIRecord) (*http.Response, error)

type AuthProvider

type AuthProvider struct {
	Handler  AuthFlowHandlerFunc
	UserInfo GetUserInfoFromToken

type CFInfo

type CFInfo struct {
	EndpointGUID string
	SpaceGUID    string
	AppGUID      string

type CNSIRecord

type CNSIRecord struct {
	GUID                   string   `json:"guid"`
	Name                   string   `json:"name"`
	CNSIType               string   `json:"cnsi_type"`
	APIEndpoint            *url.URL `json:"api_endpoint"`
	AuthorizationEndpoint  string   `json:"authorization_endpoint"`
	TokenEndpoint          string   `json:"token_endpoint"`
	DopplerLoggingEndpoint string   `json:"doppler_logging_endpoint"`
	SkipSSLValidation      bool     `json:"skip_ssl_validation"`
	ClientId               string   `json:"client_id"`
	ClientSecret           string   `json:"-"`
	SSOAllowed             bool     `json:"sso_allowed"`
	SubType                string   `json:"sub_type"`
	Metadata               string   `json:"metadata"`

TODO this could be moved back to cnsis subpackage, and extensions could import it?

type CNSIRequest

type CNSIRequest struct {
	GUID     string `json:"-"`
	UserGUID string `json:"-"`

	Method      string      `json:"-"`
	Body        []byte      `json:"-"`
	Header      http.Header `json:"-"`
	URL         *url.URL    `json:"-"`
	StatusCode  int         `json:"statusCode"`
	Status      string      `json:"status"`
	PassThrough bool        `json:"-"`

	Response     []byte `json:"-"`
	Error        error  `json:"-"`
	ResponseGUID string `json:"-"`


type ConnectedEndpoint

type ConnectedEndpoint struct {
	GUID                   string   `json:"guid"`
	Name                   string   `json:"name"`
	CNSIType               string   `json:"cnsi_type"`
	APIEndpoint            *url.URL `json:"api_endpoint"`
	Account                string   `json:"account"`
	TokenExpiry            int64    `json:"token_expiry"`
	DopplerLoggingEndpoint string   `json:"-"`
	AuthorizationEndpoint  string   `json:"-"`
	SkipSSLValidation      bool     `json:"skip_ssl_validation"`
	TokenMetadata          string   `json:"-"`
	SubType                string   `json:"sub_type"`
	EndpointMetadata       string   `json:"metadata"`


type ConnectedUser

type ConnectedUser struct {
	GUID   string   `json:"guid"`
	Name   string   `json:"name"`
	Admin  bool     `json:"admin"`
	Scopes []string `json:"scopes"`

ConnectedUser - details about the user connected to a specific service or UAA

type ConsoleConfig

type ConsoleConfig struct {
	UAAEndpoint           *url.URL `json:"uaa_endpoint" configName:"UAA_ENDPOINT"`
	AuthorizationEndpoint *url.URL `json:"authorization_endpoint" configName:"AUTHORIZATION_ENDPOINT"`
	ConsoleAdminScope     string   `json:"console_admin_scope" configName:"CONSOLE_ADMIN_SCOPE"`
	ConsoleClient         string   `json:"console_client" configName:"CONSOLE_CLIENT"`
	ConsoleClientSecret   string   `json:"console_client_secret" configName:"CONSOLE_CLIENT_SECRET"`
	LocalUser             string   `json:"local_user"`
	LocalUserPassword     string   `json:"local_user_password"`
	LocalUserScope        string   `json:"local_user_scope"`
	AuthEndpointType      string   `json:"auth_endpoint_type" configName:"AUTH_ENDPOINT_TYPE"`
	SkipSSLValidation     bool     `json:"skip_ssl_validation" configName:"SKIP_SSL_VALIDATION"`
	UseSSO                bool     `json:"use_sso" configName:"SSO_LOGIN"`

ConsoleConfig is essential configuration settings

func (*ConsoleConfig) IsSetupComplete

func (consoleConfig *ConsoleConfig) IsSetupComplete() bool

IsSetupComplete indicates if we have enough config

type Diagnostics

type Diagnostics struct {
	DeploymentType   string                  `json:"deploymentType"`
	GitClientVersion string                  `json:"gitClientVersion"`
	DBMigrations     []*GooseDBVersionRecord `json:"databaseMigrations"`
	DatabaseBackend  string                  `json:"databaseBackend"`
	HelmName         string                  `json:"helmName,omitempty"`
	HelmRevision     string                  `json:"helmRevision,omitempty"`
	HelmChartVersion string                  `json:"helmChartVersion,omitempty"`
	HelmLastModified string                  `json:"helmLastModified,omitempty"`

Diagnostics - Diagnostic metadata

type EndpointAction

type EndpointAction int
const (
	EndpointRegisterAction EndpointAction = iota

type EndpointDetail

type EndpointDetail struct {
	EndpointMetadata  interface{}       `json:"endpoint_metadata,omitempty"`
	User              *ConnectedUser    `json:"user"`
	Metadata          map[string]string `json:"metadata,omitempty"`
	TokenMetadata     string            `json:"-"`
	SystemSharedToken bool              `json:"system_shared_token"`

EndpointDetail extends CNSI Record and adds the user

type EndpointNotificationPlugin

type EndpointNotificationPlugin interface {
	OnEndpointNotification(EndpointAction, *CNSIRecord)

i is the interface for a Jetstream plugin

type EndpointPlugin

type EndpointPlugin interface {
	Info(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)
	GetType() string
	Register(echoContext echo.Context) error
	Connect(echoContext echo.Context, cnsiRecord CNSIRecord, userId string) (*TokenRecord, bool, error)
	Validate(userGUID string, cnsiRecord CNSIRecord, tokenRecord TokenRecord) error
	UpdateMetadata(info *Info, userGUID string, echoContext echo.Context)

type EndpointTokenRecord

type EndpointTokenRecord struct {
	EndpointGUID    string
	EndpointType    string
	APIEndpint      string
	LoggingEndpoint string

Token record for an endpoint (includes the Endpoint GUID)

type ErrHTTPRequest

type ErrHTTPRequest struct {
	Status     int
	InnerError error
	Response   string

func (ErrHTTPRequest) Error

func (e ErrHTTPRequest) Error() string

type ErrHTTPShadow

type ErrHTTPShadow struct {
	HTTPError       *echo.HTTPError
	LogMessage      string
	UserFacingError string

func (ErrHTTPShadow) Error

func (e ErrHTTPShadow) Error() string

type GetUserInfoFromToken

type GetUserInfoFromToken func(cnsiGUID string, cfTokenRecord *TokenRecord) (*ConnectedUser, bool)

type GooseDBVersionRecord

type GooseDBVersionRecord struct {
	ID        int64  `json:"id"`
	VersionID int64  `json:"version_id"`
	IsApplied bool   `json:"is_applied"`
	Timestamp string `json:"timestamp"`

GooseDBVersionRecord - the version record in the database that Goose reads/writes

type Info

type Info struct {
	Versions      *Versions                             `json:"version"`
	User          *ConnectedUser                        `json:"user"`
	Endpoints     map[string]map[string]*EndpointDetail `json:"endpoints"`
	CloudFoundry  *CFInfo                               `json:"cloud-foundry,omitempty"`
	Plugins       map[string]bool                       `json:"plugins"`
	PluginConfig  map[string]string                     `json:"plugin-config,omitempty"`
	Diagnostics   *Diagnostics                          `json:"diagnostics,omitempty"`
	Configuration struct {
		TechPreview bool `json:"enableTechPreview"`
	} `json:"config"`

Info - this represents user specific info

type InfoFunc

type InfoFunc func(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)

type JWTUserTokenInfo

type JWTUserTokenInfo struct {
	UserGUID    string   `json:"user_id"`
	UserName    string   `json:"user_name"`
	TokenExpiry int64    `json:"exp"`
	Scope       []string `json:"scope"`

type JetstreamConfigInit

type JetstreamConfigInit func(*env.VarSet, *PortalConfig)

JetstreamConfigInit is the function signature for the config plugin init function

type LocalLoginRes

type LocalLoginRes struct {
	User *ConnectedUser `json:"user"`

type LocalUser

type LocalUser struct {
	UserGUID     string `json:"user_guid"`
	PasswordHash []byte `json:"password_hash"`
	Username     string `json:"username"`
	Email        string `json:"email"`
	Scope        string `json:"scope"`
	GivenName    string `json:"given_name"`
	FamilyName   string `json:"family_name"`

LocalUser - Used for local user auth and management

type LoginHook

type LoginHook struct {
	Priority int
	Function LoginHookFunc

type LoginHookFunc

type LoginHookFunc func(c echo.Context) error

type LoginRes

type LoginRes struct {
	Account     string         `json:"account"`
	TokenExpiry int64          `json:"token_expiry"`
	APIEndpoint *url.URL       `json:"api_endpoint"`
	Admin       bool           `json:"admin"`
	User        *ConnectedUser `json:"user"`

type MiddlewarePlugin

type MiddlewarePlugin interface {
	EchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc
	SessionEchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc

type OAuth2Metadata

type OAuth2Metadata struct {
	ClientID     string
	ClientSecret string
	IssuerURL    string

Structure for optional metadata for an OAuth2 Token

type PortalConfig

type PortalConfig struct {
	HTTPClientTimeoutInSecs         int64    `configName:"HTTP_CLIENT_TIMEOUT_IN_SECS"`
	HTTPClientTimeoutMutatingInSecs int64    `configName:"HTTP_CLIENT_TIMEOUT_MUTATING_IN_SECS"`
	HTTPConnectionTimeoutInSecs     int64    `configName:"HTTP_CONNECTION_TIMEOUT_IN_SECS"`
	TLSAddress                      string   `configName:"CONSOLE_PROXY_TLS_ADDRESS"`
	TLSCert                         string   `configName:"CONSOLE_PROXY_CERT"`
	TLSCertKey                      string   `configName:"CONSOLE_PROXY_CERT_KEY"`
	TLSCertPath                     string   `configName:"CONSOLE_PROXY_CERT_PATH"`
	TLSCertKeyPath                  string   `configName:"CONSOLE_PROXY_CERT_KEY_PATH"`
	CFClient                        string   `configName:"CF_CLIENT"`
	CFClientSecret                  string   `configName:"CF_CLIENT_SECRET"`
	AllowedOrigins                  []string `configName:"ALLOWED_ORIGINS"`
	SessionStoreSecret              string   `configName:"SESSION_STORE_SECRET"`
	EncryptionKeyVolume             string   `configName:"ENCRYPTION_KEY_VOLUME"`
	EncryptionKeyFilename           string   `configName:"ENCRYPTION_KEY_FILENAME"`
	EncryptionKey                   string   `configName:"ENCRYPTION_KEY"`
	AutoRegisterCFUrl               string   `configName:"AUTO_REG_CF_URL"`
	AutoRegisterCFName              string   `configName:"AUTO_REG_CF_NAME"`
	SSOLogin                        bool     `configName:"SSO_LOGIN"`
	SSOOptions                      string   `configName:"SSO_OPTIONS"`
	SSOWhiteList                    string   `configName:"SSO_WHITELIST"`
	AuthEndpointType                string   `configName:"AUTH_ENDPOINT_TYPE"`
	CookieDomain                    string   `configName:"COOKIE_DOMAIN"`
	LogLevel                        string   `configName:"LOG_LEVEL"`
	CFAdminIdentifier               string
	CloudFoundryInfo                *CFInfo
	HTTPS                           bool
	EncryptionKeyInBytes            []byte
	ConsoleVersion                  string
	IsCloudFoundry                  bool
	LoginHooks                      []LoginHook
	SessionStore                    SessionStorer
	ConsoleConfig                   *ConsoleConfig
	PluginConfig                    map[string]string
	DatabaseProviderName            string
	EnableTechPreview               bool `configName:"ENABLE_TECH_PREVIEW"`

type PortalProxy

type PortalProxy interface {
	GetHttpClient(skipSSLValidation bool) http.Client
	GetHttpClientForRequest(req *http.Request, skipSSLValidation bool) http.Client
	RegisterEndpoint(c echo.Context, fetchInfo InfoFunc) error

	DoRegisterEndpoint(cnsiName string, apiEndpoint string, skipSSLValidation bool, clientId string, clientSecret string, ssoAllowed bool, subType string, fetchInfo InfoFunc) (CNSIRecord, error)

	GetEndpointTypeSpec(typeName string) (EndpointPlugin, error)

	// Auth
	ConnectOAuth2(c echo.Context, cnsiRecord CNSIRecord) (*TokenRecord, error)
	InitEndpointTokenRecord(expiry int64, authTok string, refreshTok string, disconnect bool) TokenRecord

	// Session
	GetSession(c echo.Context) (*sessions.Session, error)
	GetSessionValue(c echo.Context, key string) (interface{}, error)
	GetSessionInt64Value(c echo.Context, key string) (int64, error)
	GetSessionStringValue(c echo.Context, key string) (string, error)
	SaveSession(c echo.Context, session *sessions.Session) error

	RefreshOAuthToken(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)
	DoLoginToCNSI(c echo.Context, cnsiGUID string, systemSharedToken bool) (*LoginRes, error)
	DoLoginToCNSIwithConsoleUAAtoken(c echo.Context, theCNSIrecord CNSIRecord) error

	// Expose internal portal proxy records to extensions
	GetCNSIRecord(guid string) (CNSIRecord, error)
	GetCNSIRecordByEndpoint(endpoint string) (CNSIRecord, error)
	GetCNSITokenRecord(cnsiGUID string, userGUID string) (TokenRecord, bool)
	GetCNSITokenRecordWithDisconnected(cnsiGUID string, userGUID string) (TokenRecord, bool)
	GetCNSIUser(cnsiGUID string, userGUID string) (*ConnectedUser, bool)
	GetConfig() *PortalConfig
	Env() *env.VarSet
	ListEndpointsByUser(userGUID string) ([]*ConnectedEndpoint, error)
	ListEndpoints() ([]*CNSIRecord, error)
	UpdateEndointMetadata(guid string, metadata string) error

	// UAA Token
	GetUAATokenRecord(userGUID string) (TokenRecord, error)
	RefreshUAAToken(userGUID string) (TokenRecord, error)

	GetUsername(userid string) (string, error)
	RefreshUAALogin(username, password string, store bool) error
	GetUserTokenInfo(tok string) (u *JWTUserTokenInfo, err error)
	GetUAAUser(userGUID string) (*ConnectedUser, error)

	// Proxy API requests
	ProxyRequest(c echo.Context, uri *url.URL) (map[string]*CNSIRequest, error)
	DoProxyRequest(requests []ProxyRequestInfo) (map[string]*CNSIRequest, error)
	DoProxySingleRequest(cnsiGUID, userGUID, method, requestUrl string, headers http.Header, body []byte) (*CNSIRequest, error)
	SendProxiedResponse(c echo.Context, responses map[string]*CNSIRequest) error

	// Database Connection
	GetDatabaseConnection() *sql.DB
	AddAuthProvider(name string, provider AuthProvider)
	GetAuthProvider(name string) AuthProvider
	DoAuthFlowRequest(cnsiRequest *CNSIRequest, req *http.Request, authHandler AuthHandlerFunc) (*http.Response, error)
	OAuthHandlerFunc(cnsiRequest *CNSIRequest, req *http.Request, refreshOAuthTokenFunc RefreshOAuthTokenFunc) AuthHandlerFunc

	// Tokens - lower-level access
	SaveEndpointToken(cnsiGUID string, userGUID string, tokenRecord TokenRecord) error
	DeleteEndpointToken(cnsiGUID string, userGUID string) error

	AddLoginHook(priority int, function LoginHookFunc) error
	ExecuteLoginHooks(c echo.Context) error

	// Plugins
	GetPlugin(name string) interface{}

	// SetCanPerformMigrations updates the state that records if we can perform Database migrations

	// CanPerformMigrations returns if we can perform Database migrations
	CanPerformMigrations() bool

type ProxyRequestInfo

type ProxyRequestInfo struct {
	EndpointGUID string
	URI          *url.URL
	UserGUID     string
	ResultGUID   string
	Headers      http.Header
	Body         []byte
	Method       string

type RefreshOAuthTokenFunc

type RefreshOAuthTokenFunc func(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)

type RoutePlugin

type RoutePlugin interface {
	AddSessionGroupRoutes(echoContext *echo.Group)
	AddAdminGroupRoutes(echoContext *echo.Group)

type SessionStorer

type SessionStorer interface {
	Get(r *http.Request, name string) (*sessions.Session, error)
	Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error

type StratosPlugin

type StratosPlugin interface {
	Init() error
	GetMiddlewarePlugin() (MiddlewarePlugin, error)
	GetEndpointPlugin() (EndpointPlugin, error)
	GetRoutePlugin() (RoutePlugin, error)

StratosPlugin is the interface for a Jetstream plugin

type TokenRecord

type TokenRecord struct {
	TokenGUID      string
	AuthToken      string
	RefreshToken   string
	TokenExpiry    int64
	Disconnected   bool
	AuthType       string
	Metadata       string
	SystemShared   bool
	LinkedGUID     string // Indicates the GUID of the token that this token is linked to (if any)
	Certificate    string
	CertificateKey string

TokenRecord repsrents and endpoint or uaa token

type UAAErrorResponse

type UAAErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`

UAAErrorResponse is the error response returned by Cloud Foundry UAA Service

type UAAResponse

type UAAResponse struct {
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
	Scope        string `json:"scope"`
	JTI          string `json:"jti"`
	IDToken      string `json:"id_token"`

UAAResponse - Response returned by Cloud Foundry UAA Service

type V2Info

type V2Info struct {
	AuthorizationEndpoint    string `json:"authorization_endpoint"`
	TokenEndpoint            string `json:"token_endpoint"`
	DopplerLoggingEndpoint   string `json:"doppler_logging_endpoint"`
	AppSSHEndpoint           string `json:"app_ssh_endpoint"`
	AppSSHHostKeyFingerprint string `json:"app_ssh_host_key_fingerprint"`
	AppSSHOauthCLient        string `json:"app_ssh_oauth_client"`

type VCapApplicationData

type VCapApplicationData struct {
	API           string `json:"cf_api"`
	ApplicationID string `json:"application_id"`
	SpaceID       string `json:"space_id"`

type Versions

type Versions struct {
	ProxyVersion    string `json:"proxy_version"`
	DatabaseVersion int64  `json:"database_version"`

Versions - response returned to caller from a getVersions action


Path Synopsis
Package config allows a struct-loading approach to configuration.
Package config allows a struct-loading approach to configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL