Documentation ¶
Index ¶
- func Dial(ctx context.Context, config DialConfig) (durosv2.DurosAPIClient, error)
- func NewJWTToken(subject, issuer string, kid string, roles []string, expires time.Duration, ...) (string, error)
- func NewJWTTokenForCredential(subject, issuer string, credential *v2.Credential, roles []string, ...) (string, error)
- type ByteCredentials
- type Credentials
- type DialConfig
- type GRPCScheme
- type MockClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Dial ¶
func Dial(ctx context.Context, config DialConfig) (durosv2.DurosAPIClient, error)
Dial creates a LightOS cluster client. it is a blocking call and will only return once the connection to [at least one of the] `targets` has been actually established - subject to `ctx` limitations. if `ctx` specified timeout or duration - dialling (and only dialling!) timeout will be set accordingly. `ctx` can also be used to cancel the dialling process, as per usual.
the cluster client will make an effort to transparently reconnect to one of the `targets` in case of connection loss. if the process of finding a live and responsive target amongst `targets` and establishing the connection takes longer than the actual operation context timeout (as opposed to the `ctx` passed here) - `DeadlineExceeded` will be returned as usual, and the caller can retry the operation.
func NewJWTToken ¶
func NewJWTToken(subject, issuer string, kid string, roles []string, expires time.Duration, keyPair *rsa.PrivateKey) (string, error)
NewJWTToken create a JWT Token to use to authenticate against a duros API endpoint
subject: 'sub' claim, who will be using this JWT, example a persons or tenants name kid: this is the "key ID", the name of the credential (pub key) as uploaded to LightOS. it is of the form "<scope>:<name>", e.g.:
system:root - your root pub key, installed during system deployment tenant-foo:first-cred - pub key of tenant tenant-foo uploaded as credential named first-cred. the JWTs are validated using the specific pub keys, so a corresponding credential must already exist in LightOS.
roles: list of roles this token should contain, must be in the form of
foo:admin which gives this user (subject) admin rights to the foo resource
expires: Duration after which this token will expire. keyPair: RSA public and private key which should be used to sign this token
func NewJWTTokenForCredential ¶
func NewJWTTokenForCredential(subject, issuer string, credential *v2.Credential, roles []string, expires time.Duration, keyPair *rsa.PrivateKey) (string, error)
NewJWTTokenForCredential create a new JWTToken where subject and kid is taken from the credential
Types ¶
type ByteCredentials ¶ added in v0.1.2
Credentials specify the TLS Certificate based authentication for the grpc connection without having to use certificate files. If you provide credentials, provide either these or file path credentials but not both.
type Credentials ¶
Credentials specify the TLS Certificate based authentication for the grpc connection If you provide credentials, provide either these or byte credentials but not both.
type DialConfig ¶
type DialConfig struct { Endpoint string Scheme GRPCScheme Token string Credentials *Credentials ByteCredentials *ByteCredentials Log *slog.Logger // UserAgent to use, if empty duros-go is used UserAgent string }
DialConfig is the configuration to create a duros-api connection
type GRPCScheme ¶
type GRPCScheme string
GRPCScheme the scheme to talk to the duros api endpoint, can be plaintext or https
const ( // GRPC defines a plaitext communication GRPC GRPCScheme = "grpc" // GRPCS defines https protocol for the communication GRPCS GRPCScheme = "grpcs" )
type MockClient ¶
type MockClient struct {
// contains filtered or unexported fields
}
func NewMock ¶
func NewMock(c v2.DurosAPIClient) *MockClient