Documentation
¶
Index ¶
- Constants
- Variables
- func AddPlugin(name string, depends []string, init PluginInit)
- func BindOnce(params interface{}, c echo.Context) error
- func LogHTTPError(r *http.Response, innerErr error) error
- func NewHTTPError(status int, userFacingError string) error
- func NewHTTPShadowError(status int, userFacingError string, fmtString string, args ...interface{}) error
- func RegisterJetstreamConfigPlugin(plugin JetstreamConfigInit)
- func UpgradeToWebSocket(echoContext echo.Context) (*websocket.Conn, *time.Ticker, error)
- type APIKey
- type AuthEndpointType
- type AuthFlowHandlerFunc
- type AuthHandlerFunc
- type AuthProvider
- type BackupTokenRecord
- type CFInfo
- type CNSIRecord
- type CNSIRequest
- type ConnectedEndpoint
- type ConnectedUser
- type ConsoleConfig
- type Diagnostics
- type Endpoint
- type EndpointAction
- type EndpointDetail
- type EndpointNotificationPlugin
- type EndpointPlugin
- type EndpointRepository
- type ErrHTTPRequest
- type ErrHTTPShadow
- type ErrorResponseBody
- type GetUserInfoFromToken
- type GooseDBVersionRecord
- type Info
- type InfoFunc
- type JWTUserTokenInfo
- type JetstreamConfigInit
- type JetstreamError
- type JetstreamErrorResponse
- type LocalLoginRes
- type LocalUser
- type LoginHook
- type LoginHookFunc
- type LoginRes
- type LoginToCNSIParams
- type LogoutHook
- type LogoutHookFunc
- type MiddlewarePlugin
- type OAuth2Metadata
- type OIDCProvider
- type PluginInit
- type PluginRegistration
- type PortalConfig
- type PortalProxy
- type ProxyRequestInfo
- type RefreshOAuthTokenFunc
- type RegisterEndpointParams
- type RoutePlugin
- type SessionDataStore
- type SessionStorer
- type StoreFactory
- type StratosAuth
- type StratosPlugin
- type StratosPluginCleanup
- type Token
- type TokenRecord
- type TokenRepository
- type UAAErrorResponse
- type UAAResponse
- type UpdateEndpointParams
- type V2Info
- type VCapApplicationData
- type Versions
Constants ¶
View Source
const ( // AuthTypeOAuth2 means OAuth2 AuthTypeOAuth2 = "OAuth2" // AuthTypeOIDC means OIDC AuthTypeOIDC = "OIDC" // AuthTypeHttpBasic means HTTP Basic auth AuthTypeHttpBasic = "HttpBasic" // AuthTypeBearer is http header auth with bearer prefix AuthTypeBearer = "Bearer" // AuthTypeToken is http header auth with token prefix AuthTypeToken = "Token" // AuthTypeOIDC means DEX AuthTypeDex = "Dex" )
View Source
const ( // AuthConnectTypeCreds means authenticate with username/password credentials AuthConnectTypeCreds = "creds" // AuthConnectTypeBearer is authentication with an API token and a auth header prefix of 'bearer' AuthConnectTypeBearer = "bearer" // AuthConnectTypeToken is authentication with a token and a auth header prefix of 'token' AuthConnectTypeToken = "token" // AuthConnectTypeNone means no authentication AuthConnectTypeNone = "none" )
View Source
const (
// DefaultAdminUserName is the default admin user name
DefaultAdminUserName = "admin"
)
View Source
const (
// XSRFTokenHeader - XSRF Token Header name
XSRFTokenHeader = "X-Xsrf-Token"
)
Variables ¶
View Source
var AuthEndpointTypes = map[string]AuthEndpointType{ "remote": Remote, "local": Local, "epinio": Epinio, "none": AuthNone, }
AuthEndpointTypes - Allows lookup of internal string representation by the value of the AUTH_ENDPOINT_TYPE env variable
View Source
var JetstreamConfigPlugins []JetstreamConfigInit
JetstreamConfigPlugins is the array of config plugins
View Source
var PluginInits map[string]PluginRegistration
Init functions for plugins
Functions ¶
func AddPlugin ¶
func AddPlugin(name string, depends []string, init PluginInit)
func BindOnce ¶
func BindOnce(params interface{}, c echo.Context) error
BindOnce -- allows to call echo.Context.Bind() multiple times on the same request After calling Bind(), request body stream is closed and the context can't be bound again. Bound struct is stored in the context store after the first call and retrieved from store on subsequent calls.
func NewHTTPError ¶
func NewHTTPShadowError ¶
func RegisterJetstreamConfigPlugin ¶
func RegisterJetstreamConfigPlugin(plugin JetstreamConfigInit)
RegisterJetstreamConfigPlugin registers a new config plugin
Types ¶
type APIKey ¶
type APIKey struct {
GUID string `json:"guid"`
Secret string `json:"secret"`
UserGUID string `json:"user_guid"`
Comment string `json:"comment"`
LastUsed *time.Time `json:"last_used"`
}
APIKey - represents API key DB entry
type AuthEndpointType ¶
type AuthEndpointType string
AuthEndpointType - Restrict the possible values of the configured
const ( //Remote - String representation of remote auth endpoint type Remote AuthEndpointType = "remote" //Local - String representation of remote auth endpoint type Local AuthEndpointType = "local" // TODO: RC Tech Debt. Custom code in common area Epinio AuthEndpointType = "epinio" //AuthNone - String representation of no authentication AuthNone AuthEndpointType = "none" )
type AuthFlowHandlerFunc ¶
type AuthHandlerFunc ¶
type AuthHandlerFunc func(tokenRec TokenRecord, cnsi CNSIRecord) (*http.Response, error)
type AuthProvider ¶
type AuthProvider struct {
Handler AuthFlowHandlerFunc
UserInfo GetUserInfoFromToken
}
type BackupTokenRecord ¶
type BackupTokenRecord struct {
TokenRecord TokenRecord
UserGUID string
EndpointGUID string
TokenType string
}
BackupTokenRecord used when backing up tokens
type CNSIRecord ¶
type CNSIRecord struct {
GUID string `json:"guid"`
Name string `json:"name"`
CNSIType string `json:"cnsi_type"`
APIEndpoint *url.URL `json:"api_endpoint"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
DopplerLoggingEndpoint string `json:"doppler_logging_endpoint"`
SkipSSLValidation bool `json:"skip_ssl_validation"`
ClientId string `json:"client_id"`
ClientSecret string `json:"-"`
SSOAllowed bool `json:"sso_allowed"`
SubType string `json:"sub_type"`
Metadata string `json:"metadata"`
Local bool `json:"local"`
}
TODO this could be moved back to cnsis subpackage, and extensions could import it?
type CNSIRequest ¶
type CNSIRequest struct {
GUID string `json:"-"`
UserGUID string `json:"-"`
Method string `json:"-"`
Body []byte `json:"-"`
Header http.Header `json:"-"`
URL *url.URL `json:"-"`
StatusCode int `json:"statusCode"`
Status string `json:"status"`
PassThrough bool `json:"-"`
LongRunning bool `json:"-"`
Response []byte `json:"-"`
Error error `json:"-"`
ResponseGUID string `json:"-"`
Token *TokenRecord `json:"-"` // Optional Token record to use instead of looking up
}
CNSIRequest
type ConnectedEndpoint ¶
type ConnectedEndpoint struct {
GUID string `json:"guid"`
Name string `json:"name"`
CNSIType string `json:"cnsi_type"`
APIEndpoint *url.URL `json:"api_endpoint"`
Account string `json:"account"`
TokenExpiry int64 `json:"token_expiry"`
DopplerLoggingEndpoint string `json:"-"`
AuthorizationEndpoint string `json:"-"`
SkipSSLValidation bool `json:"skip_ssl_validation"`
TokenMetadata string `json:"-"`
SubType string `json:"sub_type"`
EndpointMetadata string `json:"metadata"`
Local bool `json:"local"`
}
ConnectedEndpoint
type ConnectedUser ¶
type ConnectedUser struct {
GUID string `json:"guid"`
Name string `json:"name"`
Admin bool `json:"admin"`
Scopes []string `json:"scopes"`
}
ConnectedUser - details about the user connected to a specific service or UAA
type ConsoleConfig ¶
type ConsoleConfig struct {
UAAEndpoint *url.URL `json:"uaa_endpoint" configName:"UAA_ENDPOINT"`
AuthorizationEndpoint *url.URL `json:"authorization_endpoint" configName:"AUTHORIZATION_ENDPOINT"`
ConsoleAdminScope string `json:"console_admin_scope" configName:"CONSOLE_ADMIN_SCOPE"`
ConsoleClient string `json:"console_client" configName:"CONSOLE_CLIENT"`
ConsoleClientSecret string `json:"console_client_secret" configName:"CONSOLE_CLIENT_SECRET"`
LocalUser string `json:"local_user"`
LocalUserPassword string `json:"local_user_password"`
LocalUserScope string `json:"local_user_scope"`
AuthEndpointType string `json:"auth_endpoint_type" configName:"AUTH_ENDPOINT_TYPE"`
SkipSSLValidation bool `json:"skip_ssl_validation" configName:"SKIP_SSL_VALIDATION"`
UseSSO bool `json:"use_sso" configName:"SSO_LOGIN"`
}
ConsoleConfig is essential configuration settings
func (*ConsoleConfig) IsSetupComplete ¶
func (consoleConfig *ConsoleConfig) IsSetupComplete() bool
IsSetupComplete indicates if we have enough config
type Diagnostics ¶
type Diagnostics struct {
DeploymentType string `json:"deploymentType"`
GitClientVersion string `json:"gitClientVersion"`
DBMigrations []*GooseDBVersionRecord `json:"databaseMigrations"`
DatabaseBackend string `json:"databaseBackend"`
HelmName string `json:"helmName,omitempty"`
HelmRevision string `json:"helmRevision,omitempty"`
HelmChartVersion string `json:"helmChartVersion,omitempty"`
HelmLastModified string `json:"helmLastModified,omitempty"`
}
Diagnostics - Diagnostic metadata
type EndpointAction ¶
type EndpointAction int
EndpointAction identifies the type of action for an endpoint notification
const ( // EndpointRegisterAction is for when an endpoint is registered EndpointRegisterAction EndpointAction = iota // EndpointUnregisterAction is for when an endpoint is unregistered EndpointUnregisterAction // EndpointUpdateAction is for when an endpoint is updated (e.g. renamed) EndpointUpdateAction )
type EndpointDetail ¶
type EndpointDetail struct {
*CNSIRecord
EndpointMetadata interface{} `json:"endpoint_metadata,omitempty"`
User *ConnectedUser `json:"user"`
Metadata map[string]string `json:"metadata,omitempty"`
TokenMetadata string `json:"-"`
}
EndpointDetail extends CNSI Record and adds the user
type EndpointNotificationPlugin ¶
type EndpointNotificationPlugin interface {
OnEndpointNotification(EndpointAction, *CNSIRecord)
}
i is the interface for a Jetstream plugin
type EndpointPlugin ¶
type EndpointPlugin interface {
Info(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)
GetType() string
Register(echoContext echo.Context) error
Connect(echoContext echo.Context, cnsiRecord CNSIRecord, userId string) (*TokenRecord, bool, error)
Validate(userGUID string, cnsiRecord CNSIRecord, tokenRecord TokenRecord) error
UpdateMetadata(info *Info, userGUID string, echoContext echo.Context)
}
type EndpointRepository ¶
type EndpointRepository interface {
List(encryptionKey []byte) ([]*CNSIRecord, error)
ListByUser(userGUID string) ([]*ConnectedEndpoint, error)
Find(guid string, encryptionKey []byte) (CNSIRecord, error)
FindByAPIEndpoint(endpoint string, encryptionKey []byte) (CNSIRecord, error)
Delete(guid string) error
Save(guid string, cnsiRecord CNSIRecord, encryptionKey []byte) error
Update(endpoint CNSIRecord, encryptionKey []byte) error
UpdateMetadata(guid string, metadata string) error
SaveOrUpdate(endpoint CNSIRecord, encryptionKey []byte) error
}
EndpointRepository is an application of the repository pattern for storing CNSI Records
type ErrHTTPRequest ¶
func (ErrHTTPRequest) Error ¶
func (e ErrHTTPRequest) Error() string
type ErrHTTPShadow ¶
func (ErrHTTPShadow) Error ¶
func (e ErrHTTPShadow) Error() string
type ErrorResponseBody ¶
type GetUserInfoFromToken ¶
type GetUserInfoFromToken func(cnsiGUID string, cfTokenRecord *TokenRecord) (*ConnectedUser, bool)
type GooseDBVersionRecord ¶
type GooseDBVersionRecord struct {
ID int64 `json:"id"`
VersionID int64 `json:"version_id"`
IsApplied bool `json:"is_applied"`
Timestamp string `json:"timestamp"`
}
GooseDBVersionRecord - the version record in the database that Goose reads/writes
type Info ¶
type Info struct {
Versions *Versions `json:"version"`
User *ConnectedUser `json:"user"`
Endpoints map[string]map[string]*EndpointDetail `json:"endpoints"`
CloudFoundry *CFInfo `json:"cloud-foundry,omitempty"`
Plugins map[string]bool `json:"plugins"`
PluginConfig map[string]string `json:"plugin-config,omitempty"`
Diagnostics *Diagnostics `json:"diagnostics,omitempty"`
Configuration struct {
TechPreview bool `json:"enableTechPreview"`
ListMaxSize int64 `json:"listMaxSize,omitempty"`
ListAllowLoadMaxed bool `json:"listAllowLoadMaxed,omitempty"`
APIKeysEnabled string `json:"APIKeysEnabled"`
HomeViewShowFavoritesOnly bool `json:"homeViewShowFavoritesOnly"`
} `json:"config"`
}
Info - this represents user specific info
type InfoFunc ¶
type InfoFunc func(apiEndpoint string, skipSSLValidation bool) (CNSIRecord, interface{}, error)
type JWTUserTokenInfo ¶
type JetstreamConfigInit ¶
type JetstreamConfigInit func(*env.VarSet, *PortalConfig)
JetstreamConfigInit is the function signature for the config plugin init function
type JetstreamError ¶
type JetstreamError struct {
Status int `json:"statusCode"`
StatusMesssage string `json:"status"`
LogMessage string `json:"-"`
UserFacingError string `json:"message"`
Method string `json:"method"`
}
JetstreamError is standard error response from JetSteam for REST APIs
func NewJetstreamError ¶
func NewJetstreamError(userFacingError string) JetstreamError
NewJetstreamError creates a new JetStream error
func NewJetstreamErrorf ¶
func NewJetstreamErrorf(userFacingError string, args ...interface{}) JetstreamError
NewJetstreamErrorf creates a new JetStream error
func NewJetstreamUserError ¶
func NewJetstreamUserError(userFacingError string) JetstreamError
NewJetstreamUserError creates a new JetStream error indicating that the error is a user error
func NewJetstreamUserErrorf ¶
func NewJetstreamUserErrorf(userFacingError string, args ...interface{}) JetstreamError
NewJetstreamUserErrorf creates a new JetStream error indicating that the error is a user error
func (JetstreamError) Error ¶
func (e JetstreamError) Error() string
func (JetstreamError) HTTPError ¶
func (e JetstreamError) HTTPError() *echo.HTTPError
HTTPError formats the error as an echo HTTPError
func (JetstreamError) HTTPErrorInContext ¶
func (e JetstreamError) HTTPErrorInContext(c echo.Context) *echo.HTTPError
HTTPErrorInContext formats the error as an echo HTTPError filling in missing params from the contexts
type JetstreamErrorResponse ¶
type JetstreamErrorResponse struct {
Error JetstreamError `json:"error"`
ErrorResponse struct {
Method string `json:"method"`
} `json:"errorResponse"`
}
JetstreamErrorResponse formats a Jetstream error in the same way as a passthrough error
type LocalLoginRes ¶
type LocalLoginRes struct {
User *ConnectedUser `json:"user"`
}
type LocalUser ¶
type LocalUser struct {
UserGUID string `json:"user_guid"`
PasswordHash []byte `json:"password_hash"`
Username string `json:"username"`
Email string `json:"email"`
Scope string `json:"scope"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
}
LocalUser - Used for local user auth and management
type LoginHook ¶
type LoginHook struct {
Priority int
Function LoginHookFunc
}
type LoginHookFunc ¶
type LoginHookFunc func(c echo.Context) error
type LoginToCNSIParams ¶
type LoginToCNSIParams struct {
CNSIGUID string `json:"cnsi_guid" form:"cnsi_guid" query:"cnsi_guid"`
ConnectType string `json:"connect_type" form:"connect_type" query:"connect_type"`
Username string `json:"username" form:"username" query:"username"`
Password string `json:"password" form:"password" query:"password"`
}
type LogoutHook ¶
type LogoutHook struct {
Priority int
Function LogoutHookFunc
}
type LogoutHookFunc ¶
type LogoutHookFunc func(c echo.Context) error
type MiddlewarePlugin ¶
type MiddlewarePlugin interface {
EchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc
SessionEchoMiddleware(middleware echo.HandlerFunc) echo.HandlerFunc
}
type OAuth2Metadata ¶
Structure for optional metadata for an OAuth2 Token
type OIDCProvider ¶
type OIDCProvider interface {
AuthCodeURLWithPKCE(state string) (string, string)
ExchangeWithPKCE(ctx context.Context, authCode, codeVerifier string) (*oauth2.Token, error)
Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)
GetConfig() *oauth2.Config
}
OIDCProvider wraps an oidc.Provider and its Configuration
type PluginInit ¶
type PluginInit func(portalProxy PortalProxy) (StratosPlugin, error)
type PluginRegistration ¶
type PluginRegistration struct {
Name string
Dependencies []string
Init PluginInit
}
type PortalConfig ¶
type PortalConfig struct {
HTTPClientTimeoutInSecs int64 `configName:"HTTP_CLIENT_TIMEOUT_IN_SECS"`
HTTPClientTimeoutMutatingInSecs int64 `configName:"HTTP_CLIENT_TIMEOUT_MUTATING_IN_SECS"`
HTTPClientTimeoutLongRunningInSecs int64 `configName:"HTTP_CLIENT_TIMEOUT_LONGRUNNING_IN_SECS"`
HTTPConnectionTimeoutInSecs int64 `configName:"HTTP_CONNECTION_TIMEOUT_IN_SECS"`
TLSAddress string `configName:"CONSOLE_PROXY_TLS_ADDRESS"`
TLSCert string `configName:"CONSOLE_PROXY_CERT"`
TLSCertKey string `configName:"CONSOLE_PROXY_CERT_KEY"`
TLSCertPath string `configName:"CONSOLE_PROXY_CERT_PATH"`
TLSCertKeyPath string `configName:"CONSOLE_PROXY_CERT_KEY_PATH"`
CFClient string `configName:"CF_CLIENT"`
CFClientSecret string `configName:"CF_CLIENT_SECRET"`
AllowedOrigins []string `configName:"ALLOWED_ORIGINS"`
SessionStoreSecret string `configName:"SESSION_STORE_SECRET"`
EncryptionKeyVolume string `configName:"ENCRYPTION_KEY_VOLUME"`
EncryptionKeyFilename string `configName:"ENCRYPTION_KEY_FILENAME"`
EncryptionKey string `configName:"ENCRYPTION_KEY"`
AutoRegisterCFUrl string `configName:"AUTO_REG_CF_URL"`
AutoRegisterCFName string `configName:"AUTO_REG_CF_NAME"`
SSOLogin bool `configName:"SSO_LOGIN"`
SSOOptions string `configName:"SSO_OPTIONS"`
SSOAllowList string `configName:"SSO_ALLOWLIST,SSO_WHITELIST"`
AuthEndpointType string `configName:"AUTH_ENDPOINT_TYPE"`
CookieDomain string `configName:"COOKIE_DOMAIN"`
LogLevel string `configName:"LOG_LEVEL"`
UIListMaxSize int64 `configName:"UI_LIST_MAX_SIZE"`
UIListAllowLoadMaxed bool `configName:"UI_LIST_ALLOW_LOAD_MAXED"`
CFAdminIdentifier string
CloudFoundryInfo *CFInfo
HTTPS bool `configName:"HTTPS"`
EncryptionKeyInBytes []byte
ConsoleVersion string
IsCloudFoundry bool
LoginHooks []LoginHook
LogoutHooks []LogoutHook
SessionStore SessionStorer
ConsoleConfig *ConsoleConfig
PluginConfig map[string]string
DatabaseProviderName string
EnableTechPreview bool `configName:"ENABLE_TECH_PREVIEW"`
CanMigrateDatabaseSchema bool
APIKeysEnabled config.APIKeysConfigValue `configName:"API_KEYS_ENABLED"`
HomeViewShowFavoritesOnly bool `configName:"HOME_VIEW_SHOW_FAVORITES_ONLY"`
}
func (*PortalConfig) SetCanPerformMigrations ¶
func (c *PortalConfig) SetCanPerformMigrations(value bool)
SetCanPerformMigrations updates the state that records if we can perform Database migrations
type PortalProxy ¶
type PortalProxy interface {
GetHttpClient(skipSSLValidation bool) http.Client
GetHttpClientForRequest(req *http.Request, skipSSLValidation bool) http.Client
RegisterEndpoint(c echo.Context, fetchInfo InfoFunc) error
DoRegisterEndpoint(cnsiName string, apiEndpoint string, skipSSLValidation bool, clientId string, clientSecret string, ssoAllowed bool, subType string, fetchInfo InfoFunc) (CNSIRecord, error)
GetEndpointTypeSpec(typeName string) (EndpointPlugin, error)
// Auth
GetStratosAuthService() StratosAuth
ConnectOAuth2(c echo.Context, cnsiRecord CNSIRecord) (*TokenRecord, error)
InitEndpointTokenRecord(expiry int64, authTok string, refreshTok string, disconnect bool) TokenRecord
// Session
GetSession(c echo.Context) (*sessions.Session, error)
GetSessionValue(c echo.Context, key string) (interface{}, error)
GetSessionInt64Value(c echo.Context, key string) (int64, error)
GetSessionStringValue(c echo.Context, key string) (string, error)
SaveSession(c echo.Context, session *sessions.Session) error
GetSessionDataStore() SessionDataStore
RefreshOAuthToken(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)
DoLoginToCNSI(c echo.Context, cnsiGUID string, systemSharedToken bool) (*LoginRes, error)
DoLoginToCNSIwithConsoleUAAtoken(c echo.Context, theCNSIrecord CNSIRecord) error
// Expose internal portal proxy records to extensions
GetCNSIRecord(guid string) (CNSIRecord, error)
GetCNSIRecordByEndpoint(endpoint string) (CNSIRecord, error)
GetCNSITokenRecord(cnsiGUID string, userGUID string) (TokenRecord, bool)
GetCNSITokenRecordWithDisconnected(cnsiGUID string, userGUID string) (TokenRecord, bool)
GetCNSIUser(cnsiGUID string, userGUID string) (*ConnectedUser, bool)
GetConfig() *PortalConfig
Env() *env.VarSet
ListEndpointsByUser(userGUID string) ([]*ConnectedEndpoint, error)
ListEndpoints() ([]*CNSIRecord, error)
UpdateEndpointMetadata(guid string, metadata string) error
// UAA Token
GetUAATokenRecord(userGUID string) (TokenRecord, error)
RefreshUAAToken(userGUID string) (TokenRecord, error)
RefreshUAALogin(username, password string, store bool) error
GetUserTokenInfo(tok string) (u *JWTUserTokenInfo, err error)
// Proxy API requests
ProxyRequest(c echo.Context, uri *url.URL) (map[string]*CNSIRequest, error)
DoProxyRequest(requests []ProxyRequestInfo) (map[string]*CNSIRequest, error)
DoProxySingleRequest(cnsiGUID, userGUID, method, requestUrl string, headers http.Header, body []byte) (*CNSIRequest, error)
DoProxySingleRequestWithToken(cnsiGUID string, token *TokenRecord, method, requestURL string, headers http.Header, body []byte) (*CNSIRequest, error)
SendProxiedResponse(c echo.Context, responses map[string]*CNSIRequest) error
// Database Connection
GetDatabaseConnection() *sql.DB
AddAuthProvider(name string, provider AuthProvider)
GetAuthProvider(name string) AuthProvider
HasAuthProvider(name string) bool
DoAuthFlowRequest(cnsiRequest *CNSIRequest, req *http.Request, authHandler AuthHandlerFunc) (*http.Response, error)
OAuthHandlerFunc(cnsiRequest *CNSIRequest, req *http.Request, refreshOAuthTokenFunc RefreshOAuthTokenFunc) AuthHandlerFunc
DoOAuthFlowRequest(cnsiRequest *CNSIRequest, req *http.Request) (*http.Response, error)
DoOidcFlowRequest(cnsiRequest *CNSIRequest, req *http.Request) (*http.Response, error)
DoDexFlowRequest(cnsiRequest *CNSIRequest, req *http.Request) (*http.Response, error)
GetCNSIUserFromOAuthToken(cnsiGUID string, cfTokenRecord *TokenRecord) (*ConnectedUser, bool)
// Tokens - lower-level access
SaveEndpointToken(cnsiGUID string, userGUID string, tokenRecord TokenRecord) error
DeleteEndpointToken(cnsiGUID string, userGUID string) error
AddLoginHook(priority int, function LoginHookFunc) error
ExecuteLoginHooks(c echo.Context) error
AddLogoutHook(priority int, function LogoutHookFunc) error
ExecuteLogoutHooks(c echo.Context) error
// Plugins
GetPlugin(name string) interface{}
// Store
GetStoreFactory() StoreFactory
SetStoreFactory(factory StoreFactory) StoreFactory
SetSecureCacheContentMiddleware(h echo.HandlerFunc) echo.HandlerFunc
SessionMiddleware() echo.MiddlewareFunc
GetDex() (OIDCProvider, error)
}
type ProxyRequestInfo ¶
type RefreshOAuthTokenFunc ¶
type RefreshOAuthTokenFunc func(skipSSLValidation bool, cnsiGUID, userGUID, client, clientSecret, tokenEndpoint string) (t TokenRecord, err error)
type RegisterEndpointParams ¶
type RegisterEndpointParams struct {
EndpointType string `json:"endpoint_type" form:"endpoint_type" query:"endpoint_type"`
CNSIName string `json:"cnsi_name" form:"cnsi_name" query:"cnsi_name"`
APIEndpoint string `json:"api_endpoint" form:"api_endpoint" query:"api_endpoint"`
SkipSSLValidation string `json:"skip_ssl_validation" form:"skip_ssl_validation" query:"skip_ssl_validation"`
SSOAllowed string `json:"sso_allowed" form:"sso_allowed" query:"sso_allowed"`
CNSIClientID string `json:"cnsi_client_id" form:"cnsi_client_id" query:"cnsi_client_id"`
CNSIClientSecret string `json:"cnsi_client_secret" form:"cnsi_client_secret" query:"cnsi_client_secret"`
SubType string `json:"sub_type" form:"sub_type" query:"sub_type"`
}
type RoutePlugin ¶
type RoutePlugin interface {
AddRootGroupRoutes(echoContext *echo.Group)
AddSessionGroupRoutes(echoContext *echo.Group)
AddAdminGroupRoutes(echoContext *echo.Group)
}
type SessionDataStore ¶
type SessionDataStore interface {
GetValues(session, group string) (map[string]string, error)
// SetValues replaces existing values for the group (deletes them first)
SetValues(session, group string, values map[string]string, autoExpire bool) error
DeleteValues(session, group string) error
IsValidSession(id int) (bool, error)
// Cleanup runs a background goroutine every interval that deletes expired sessions from the database
Cleanup(interval time.Duration) (chan<- struct{}, <-chan struct{})
// StopCleanup stops the background cleanup from running
StopCleanup(quit chan<- struct{}, done <-chan struct{})
}
type SessionStorer ¶
type StoreFactory ¶
type StoreFactory interface {
EndpointStore() (EndpointRepository, error)
TokenStore() (TokenRepository, error)
}
StoreFactory is used to obtain interfaces for accessing the store
type StratosAuth ¶
type StratosAuth interface {
ShowConfig(config *ConsoleConfig)
Login(c echo.Context) error
Logout(c echo.Context) error
GetUsername(userGUID string) (string, error)
GetUser(userGUID string) (*ConnectedUser, error)
VerifySession(c echo.Context, sessionUser string, sessionExpireTime int64) error
BeforeVerifySession(c echo.Context)
}
StratosAuth provides common access to Stratos login/logout functionality
type StratosPlugin ¶
type StratosPlugin interface {
Init() error
GetMiddlewarePlugin() (MiddlewarePlugin, error)
GetEndpointPlugin() (EndpointPlugin, error)
GetRoutePlugin() (RoutePlugin, error)
}
StratosPlugin is the interface for a Jetstream plugin
type StratosPluginCleanup ¶
type StratosPluginCleanup interface {
Destroy()
}
StratosPluginCleanup is interface a plugin can implement if it wants to cleanup on exit
type TokenRecord ¶
type TokenRecord struct {
TokenGUID string
AuthToken string
RefreshToken string
TokenExpiry int64
Disconnected bool
AuthType string
Metadata string
LinkedGUID string // Indicates the GUID of the token that this token is linked to (if any)
Certificate string
CertificateKey string
}
TokenRecord repsrents and endpoint or uaa token
type TokenRepository ¶
type TokenRepository interface {
FindAuthToken(userGUID string, encryptionKey []byte) (TokenRecord, error)
SaveAuthToken(userGUID string, tokenRecord TokenRecord, encryptionKey []byte) error
FindCNSIToken(cnsiGUID string, userGUID string, encryptionKey []byte) (TokenRecord, error)
FindCNSITokenIncludeDisconnected(cnsiGUID string, userGUID string, encryptionKey []byte) (TokenRecord, error)
FindAllCNSITokenBackup(cnsiGUID string, encryptionKey []byte) ([]BackupTokenRecord, error)
DeleteCNSIToken(cnsiGUID string, userGUID string) error
DeleteCNSITokens(cnsiGUID string) error
SaveCNSIToken(cnsiGUID string, userGUID string, tokenRecord TokenRecord, encryptionKey []byte) error
// Update a token's auth data
UpdateTokenAuth(userGUID string, tokenRecord TokenRecord, encryptionKey []byte) error
}
TokenRepository is an application of the repository pattern for storing tokens
type UAAErrorResponse ¶
type UAAErrorResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
}
UAAErrorResponse is the error response returned by Cloud Foundry UAA Service
type UAAResponse ¶
type UAAResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"`
JTI string `json:"jti"`
IDToken string `json:"id_token"`
}
UAAResponse - Response returned by Cloud Foundry UAA Service
type UpdateEndpointParams ¶
type UpdateEndpointParams struct {
ID string `json:"id" form:"id" query:"id"`
Name string `json:"name" form:"name" query:"name"`
SkipSSL string `json:"skipSSL" form:"skipSSL" query:"skipSSL"`
SetClientInfo string `json:"setClientInfo" form:"setClientInfo" query:"setClientInfo"`
ClientID string `json:"clientID" form:"clientID" query:"clientID"`
ClientSecret string `json:"clientSecret" form:"clientSecret" query:"clientSecret"`
AllowSSO string `json:"allowSSO" form:"allowSSO" query:"allowSSO"`
}
type V2Info ¶
type V2Info struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
DopplerLoggingEndpoint string `json:"doppler_logging_endpoint"`
AppSSHEndpoint string `json:"app_ssh_endpoint"`
AppSSHHostKeyFingerprint string `json:"app_ssh_host_key_fingerprint"`
AppSSHOauthCLient string `json:"app_ssh_oauth_client"`
APIVersion string `json:"api_version"`
RoutingEndpoint string `json:"routing_endpoint"`
MinCLIVersion string `json:"min_cli_version"`
MinRecommendedCLIVersion string `json:"min_recommended_cli_version"`
}
V2Info is the response for the Cloud Foundry /v2/info API
type VCapApplicationData ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.