Documentation

Index

Constants

View Source
const (
	LDAPConnectorType         = "ldap"
	LDAPLoginPageTemplateName = "ldap-login.html"
)
View Source
const (
	LocalConnectorType    = "local"
	LoginPageTemplateName = "local-login.html"
)
View Source
const (
	BitbucketConnectorType = "bitbucket"
)
View Source
const (
	GitHubConnectorType = "github"
)
View Source
const (
	OIDCConnectorType = "oidc"
)
View Source
const (
	UAAConnectorType = "uaa"
)

Variables

View Source
var ErrorNotFound = errors.New("connector not found in repository")

Functions

func RegisterConnectorConfigType

func RegisterConnectorConfigType(connectorType string, fn NewConnectorConfigFunc)

Types

type BitbucketConnectorConfig

type BitbucketConnectorConfig struct {
	ID           string `json:"id"`
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
}

func (*BitbucketConnectorConfig) Connector

func (cfg *BitbucketConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

func (*BitbucketConnectorConfig) ConnectorID

func (cfg *BitbucketConnectorConfig) ConnectorID() string

func (*BitbucketConnectorConfig) ConnectorType

func (cfg *BitbucketConnectorConfig) ConnectorType() string

type Connector

type Connector interface {
	// ID returns the ID of the ConnectorConfig used to create the Connector.
	ID() string

	// LoginURL returns the backend's authorization URL for a sessionKey
	// and OAuth2 prompt type.
	LoginURL(sessionKey, prompt string) (string, error)

	// Handler allows connectors to register a callback handler with the
	// dex server.
	//
	// Connectors will handle any path that extends the namespace URL provided
	// when the Connector is instantiated.
	Handler(errorURL url.URL) http.Handler

	// Sync triggers any long-running tasks needed to maintain the
	// Connector's operation. For example, this would encompass
	// repeatedly caching any remote resources for local use.
	Sync() chan struct{}

	// TrustedEmailProvider indicates whether or not we can trust that email
	// claims coming from this provider.
	TrustedEmailProvider() bool

	health.Checkable
}

type ConnectorConfig

type ConnectorConfig interface {
	// ConnectorID returns a unique end user facing identifier. For example "google".
	ConnectorID() string

	// ConnectorType returns an implementation specific identifier. For example "oidc".
	ConnectorType() string

	// Connector is invoked by the dex server and returns a Connector configured
	// to use the provided arguments. URL namespace is used to register callbacks.
	// loginFunc is used to associate remote identies with dex session keys.
	//
	// The returned Connector must call loginFunc once upon successful
	// identification of a user.
	//
	// Additional templates are passed for connectors that require rendering HTML
	// pages, such as the "local" connector.
	Connector(ns url.URL, loginFunc oidc.LoginFunc, tpls *template.Template) (Connector, error)
}

    go:generate genconfig -o config.go connector Connector

    func NewConnectorConfigFromType

    func NewConnectorConfigFromType(connectorType string) (ConnectorConfig, error)

    func ReadConfigs

    func ReadConfigs(r io.Reader) ([]ConnectorConfig, error)

    type ConnectorConfigRepo

    type ConnectorConfigRepo interface {
    	All() ([]ConnectorConfig, error)
    	GetConnectorByID(repo.Transaction, string) (ConnectorConfig, error)
    	Set(cfgs []ConnectorConfig) error
    }

    type GitHubConnectorConfig

    type GitHubConnectorConfig struct {
    	ID           string `json:"id"`
    	ClientID     string `json:"clientID"`
    	ClientSecret string `json:"clientSecret"`
    }

    func (*GitHubConnectorConfig) Connector

    func (cfg *GitHubConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

    func (*GitHubConnectorConfig) ConnectorID

    func (cfg *GitHubConnectorConfig) ConnectorID() string

    func (*GitHubConnectorConfig) ConnectorType

    func (cfg *GitHubConnectorConfig) ConnectorType() string

    type GroupsConnector

    type GroupsConnector interface {
    	Groups(fullUserID string) ([]string, error)
    }

      GroupsConnector is a strategy for mapping a user to a set of groups. This is optionally implemented by some connectors.

      type LDAPConnector

      type LDAPConnector struct {
      	// contains filtered or unexported fields
      }

      func (*LDAPConnector) Groups

      func (c *LDAPConnector) Groups(fullUserID string) ([]string, error)

      func (*LDAPConnector) Handler

      func (c *LDAPConnector) Handler(errorURL url.URL) http.Handler

      func (*LDAPConnector) Healthy

      func (c *LDAPConnector) Healthy() error

      func (*LDAPConnector) ID

      func (c *LDAPConnector) ID() string

      func (*LDAPConnector) Identity

      func (c *LDAPConnector) Identity(username, password string) (*oidc.Identity, error)

      func (*LDAPConnector) LoginURL

      func (c *LDAPConnector) LoginURL(sessionKey, prompt string) (string, error)

      func (*LDAPConnector) Sync

      func (c *LDAPConnector) Sync() chan struct{}

      func (*LDAPConnector) TrustedEmailProvider

      func (c *LDAPConnector) TrustedEmailProvider() bool

      type LDAPConnectorConfig

      type LDAPConnectorConfig struct {
      	ID string `json:"id"`
      
      	// Host and port of ldap service in form "host:port"
      	Host string `json:"host"`
      
      	// UseTLS indicates that the connector should use the TLS port.
      	UseTLS bool `json:"useTLS"`
      	UseSSL bool `json:"useSSL"`
      
      	// Trusted TLS certificate when connecting to the LDAP server. If empty the
      	// host's root certificates will be used.
      	CaFile string `json:"caFile"`
      	// CertFile and KeyFile are used to specifiy client certificate data.
      	CertFile string `json:"certFile"`
      	KeyFile  string `json:"keyFile"`
      
      	MaxIdleConn int `json:"maxIdleConn"`
      
      	NameAttribute  string `json:"nameAttribute"`
      	EmailAttribute string `json:"emailAttribute"`
      
      	// The place to start all searches from.
      	BaseDN string `json:"baseDN"`
      
      	// Search fields indicate how to search for user records in LDAP.
      	SearchBeforeAuth  bool   `json:"searchBeforeAuth"`
      	SearchFilter      string `json:"searchFilter"`
      	SearchScope       string `json:"searchScope"`
      	SearchBindDN      string `json:"searchBindDN"`
      	SearchBindPw      string `json:"searchBindPw"`
      	SearchGroupFilter string `json:"searchGroupFilter"`
      
      	// BindTemplate is a format string that maps user names to a record to bind as.
      	// It's passed both the username entered by the end user and the base DN.
      	//
      	// For example the bindTemplate
      	//
      	//     "uid=%u,%d"
      	//
      	// with the username "johndoe" and basename "ou=People,dc=example,dc=com" would attempt
      	// to bind as
      	//
      	//     "uid=johndoe,ou=People,dc=example,dc=com"
      	//
      	BindTemplate string `json:"bindTemplate"`
      
      	// DEPRICATED fields that exist for backward compatibility.
      	// Use "host" instead of "ServerHost" and "ServerPort"
      	ServerHost string        `json:"serverHost"`
      	ServerPort uint16        `json:"serverPort"`
      	Timeout    time.Duration `json:"timeout"`
      }

      func (*LDAPConnectorConfig) Connector

      func (cfg *LDAPConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

      func (*LDAPConnectorConfig) ConnectorID

      func (cfg *LDAPConnectorConfig) ConnectorID() string

      func (*LDAPConnectorConfig) ConnectorType

      func (cfg *LDAPConnectorConfig) ConnectorType() string

      type LDAPPool

      type LDAPPool struct {
      	MaxIdleConn    int
      	PoolCheckTimer time.Duration
      	Host           string
      	UseTLS         bool
      	UseSSL         bool
      	TLSConfig      *tls.Config
      	// contains filtered or unexported fields
      }

        A LDAPPool is a Connection Pool for LDAP connections. Use Do() to request connections from the pool.

        func (*LDAPPool) CheckConnections

        func (p *LDAPPool) CheckConnections() (int, int)

          CheckConnections attempts to iterate over all the connections in the pool and check wheter they are alive or not. Live connections are put back into the pool, dead ones are discarded.

          func (*LDAPPool) Do

          func (p *LDAPPool) Do(f func(conn *ldap.Conn) error) (err error)

            Do runs a function which requires an LDAP connection.

            The connection will be unauthenticated with the server and should not be closed by f.

            type LocalConnector

            type LocalConnector struct {
            	// contains filtered or unexported fields
            }

            func (*LocalConnector) Handler

            func (c *LocalConnector) Handler(errorURL url.URL) http.Handler

            func (*LocalConnector) Healthy

            func (c *LocalConnector) Healthy() error

            func (*LocalConnector) ID

            func (c *LocalConnector) ID() string

            func (*LocalConnector) LoginURL

            func (c *LocalConnector) LoginURL(sessionKey, prompt string) (string, error)

            func (*LocalConnector) SetLocalIdentityProvider

            func (c *LocalConnector) SetLocalIdentityProvider(idp *LocalIdentityProvider)

            func (*LocalConnector) Sync

            func (c *LocalConnector) Sync() chan struct{}

            func (*LocalConnector) TrustedEmailProvider

            func (c *LocalConnector) TrustedEmailProvider() bool

            type LocalConnectorConfig

            type LocalConnectorConfig struct {
            	ID string `json:"id"`
            }

            func (*LocalConnectorConfig) Connector

            func (cfg *LocalConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

            func (*LocalConnectorConfig) ConnectorID

            func (cfg *LocalConnectorConfig) ConnectorID() string

            func (*LocalConnectorConfig) ConnectorType

            func (cfg *LocalConnectorConfig) ConnectorType() string

            type LocalIdentityProvider

            type LocalIdentityProvider struct {
            	PasswordInfoRepo user.PasswordInfoRepo
            	UserRepo         user.UserRepo
            }

            func (*LocalIdentityProvider) Identity

            func (m *LocalIdentityProvider) Identity(email, password string) (*oidc.Identity, error)

            type NewConnectorConfigFunc

            type NewConnectorConfigFunc func() ConnectorConfig

            type OAuth2Connector

            type OAuth2Connector struct {
            	// contains filtered or unexported fields
            }

            func (*OAuth2Connector) Handler

            func (c *OAuth2Connector) Handler(errorURL url.URL) http.Handler

            func (*OAuth2Connector) Healthy

            func (c *OAuth2Connector) Healthy() error

            func (*OAuth2Connector) ID

            func (c *OAuth2Connector) ID() string

            func (*OAuth2Connector) LoginURL

            func (c *OAuth2Connector) LoginURL(sessionKey, prompt string) (string, error)

            func (*OAuth2Connector) Sync

            func (c *OAuth2Connector) Sync() chan struct{}

            func (*OAuth2Connector) TrustedEmailProvider

            func (c *OAuth2Connector) TrustedEmailProvider() bool

            type OIDCConnector

            type OIDCConnector struct {
            	// contains filtered or unexported fields
            }

            func (*OIDCConnector) Handler

            func (c *OIDCConnector) Handler(errorURL url.URL) http.Handler

            func (*OIDCConnector) Healthy

            func (c *OIDCConnector) Healthy() error

            func (*OIDCConnector) ID

            func (c *OIDCConnector) ID() string

            func (*OIDCConnector) LoginURL

            func (c *OIDCConnector) LoginURL(sessionKey, prompt string) (string, error)

            func (*OIDCConnector) Sync

            func (c *OIDCConnector) Sync() chan struct{}

            func (*OIDCConnector) TrustedEmailProvider

            func (c *OIDCConnector) TrustedEmailProvider() bool

            type OIDCConnectorConfig

            type OIDCConnectorConfig struct {
            	ID                   string `json:"id"`
            	IssuerURL            string `json:"issuerURL"`
            	ClientID             string `json:"clientID"`
            	ClientSecret         string `json:"clientSecret"`
            	TrustedEmailProvider bool   `json:"trustedEmailProvider"`
            	EmailClaim           string `json:"emailClaim"`
            }

            func (*OIDCConnectorConfig) Connector

            func (cfg *OIDCConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

            func (*OIDCConnectorConfig) ConnectorID

            func (cfg *OIDCConnectorConfig) ConnectorID() string

            func (*OIDCConnectorConfig) ConnectorType

            func (cfg *OIDCConnectorConfig) ConnectorType() string

            type Page

            type Page struct {
            	PostURL    string
            	Name       string
            	Error      bool
            	Message    string
            	SessionKey string
            }

            type UAAConnectorConfig

            type UAAConnectorConfig struct {
            	ID           string `json:"id"`
            	ClientID     string `json:"clientID"`
            	ClientSecret string `json:"clientSecret"`
            	ServerURL    string `json:"serverURL"`
            }

            func (*UAAConnectorConfig) Connector

            func (cfg *UAAConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error)

            func (*UAAConnectorConfig) ConnectorID

            func (cfg *UAAConnectorConfig) ConnectorID() string

            func (*UAAConnectorConfig) ConnectorType

            func (cfg *UAAConnectorConfig) ConnectorType() string