auth

package
v0.0.0-...-bf8e85a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package auth implements common functionality to authenticate reclient against GCP.

Index

Constants

View Source 
const (
	// ExitCodeNoAuth is the exit code when no auth option is specified.
	ExitCodeNoAuth = 14
	// ExitCodeCredsFileAuth is the exit code when there is a failure to authenticate using a credentials file.
	ExitCodeCredsFileAuth = 13
	// ExitCodeGCECredsAuth is the exit code when there is a failure in GCE credentials.
	ExitCodeGCECredsAuth = 12
	// ExitCodeExternalTokenAuth is the exit code when there is a failure to authenticate with an external token.
	ExitCodeExternalTokenAuth = 11
	// ExitCodeAppDefCredsAuth is the exit code when there is a failure to authenticate with ADC.
	ExitCodeAppDefCredsAuth = 10
	// ExitCodeUnknown is the exit code when there is an unknown auth issue.
	ExitCodeUnknown = 19
)

Exit codes to indicate various causes of authentication failure.

View Source 
const (

	// CredshelperPathFlag is the path to the credentials helper binary.
	CredshelperPathFlag = "experimental_credentials_helper"
	// CredshelperArgsFlag is the flag used to pass in the arguments to the credentials helper binary.
	CredshelperArgsFlag = "experimental_credentials_helper_args"

	// UseAppDefaultCredsFlag is used to authenticate with application default credentials.
	UseAppDefaultCredsFlag = "use_application_default_credentials"
	// UseExternalTokenFlag indicates the user will authenticate with a provided token.
	UseExternalTokenFlag = "use_external_auth_token"
	// UseGCECredsFlag indicates the user will authenticate with GCE VM credentials.
	UseGCECredsFlag = "use_gce_credentials"
	// ServiceNoAuthFlag indicates the user will not use authentication
	ServiceNoAuthFlag = "service_no_auth"
	// CredentialFileFlag indicates the user authenticate with a credential file
	CredentialFileFlag = "credential_file"
)

Variables

This section is empty.

Functions

func TimeFromProto 

func TimeFromProto(tPb *tspb.Timestamp) time.Time

TimeFromProto converts a valid Timestamp proto into a time.Time.

func TimeToProto 

func TimeToProto(t time.Time) *tspb.Timestamp

TimeToProto converts a valid time.Time into a proto Timestamp.

Types

type Credentials 

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials provides auth functionalities with a specific auth mechanism.

func LoadCredsFromDisk 

func LoadCredsFromDisk(credsFile string, credsHelperCmd *exec.Cmd) (*Credentials, error)

LoadCredsFromDisk loads credentials helper creds from disk.

func NewCredentials 

func NewCredentials(m Mechanism, credsFile string, channelInitTimeout time.Duration) (*Credentials, error)

NewCredentials initializes a credentials object.

func NewExternalCredentials 

func NewExternalCredentials(credshelper string, credshelperArgs []string, credsFile string) (*Credentials, error)

NewExternalCredentials creates credentials obtained from a credshelper.

func (*Credentials) Mechanism 

func (c *Credentials) Mechanism() Mechanism

Mechanism returns the authentication mechanism of the credentials object.

func (*Credentials) RemoveFromDisk 

func (c *Credentials) RemoveFromDisk()

RemoveFromDisk deletes the credentials cache on disk.

func (*Credentials) SaveToDisk 

func (c *Credentials) SaveToDisk()

SaveToDisk saves credentials to disk.

func (*Credentials) TokenSource 

func (c *Credentials) TokenSource() *grpcOauth.TokenSource

TokenSource returns a token source for this credentials instance. If this credential type does not produce credentials nil will be returned.

func (*Credentials) UpdateStatus 

func (c *Credentials) UpdateStatus() (int, error)

UpdateStatus updates the refresh expiry time if it is expired

type CredsHelperOut 

type CredsHelperOut struct {
	Token         string `json:"token"`
	Expiry        string `json:"expiry"`
	RefreshExpiry string `json:"refresh_expiry"`
}

CredsHelperOut is the struct to record the json output from the credshelper.

type Error 

type Error struct {

	// ExitCode is the exit code for the error.
	ExitCode int
	// contains filtered or unexported fields
}

Error is an error occured during authenticating or initializing credentials.

type Mechanism 

type Mechanism int

Mechanism is a mechanism of authentication to the remote execution service. 

const (
	// Unknown is an unknown auth mechanism.
	Unknown Mechanism = iota

	// CredentialsHelper is using an externally provided binary to get credentials.
	CredentialsHelper

	// ADC is GCP's application default credentials authentication mechanism.
	ADC
	// GCE is authentication using GCE VM service accounts.
	GCE
	// CredentialFile is using service account credentials from a proviced file
	CredentialFile
	// None implies that the user will not use authentication
	None
)

func MechanismFromFlags 

func MechanismFromFlags() (Mechanism, error)

MechanismFromFlags returns an auth Mechanism based on flags currently set.

func (Mechanism) Cacheable 

func (m Mechanism) Cacheable() bool

Cacheable returns true if this mechanism should be cached to disk

func (Mechanism) ReproxyAuthenticationFlags 

func (m Mechanism) ReproxyAuthenticationFlags() []string

ReproxyAuthenticationFlags retrieves the auth flags to use to start reproxy.

func (Mechanism) String 

func (m Mechanism) String() string

String returns the string representation of the auth mechanism.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.