Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultOIDCConfig = auth.OIDCConfig{}
DefaultOIDCConfig is the default config for the auth API server
Functions ¶
func LocalhostRewriteClient ¶
LocalhostRewriteClient returns an http.Client which replaces the host and scheme from `expected` with `localhostIdentityServerAddress`
This helps us work around the case where we are running in hairpin mode. (see https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/#a-pod-fails-to-reach-itself-via-the-service-ip) We're able to use this to cleverly rewrite requests from pachd -> http://pachd:1658/... as http://localhost:1658/ so that pachd can talk to the dex server running on the same pod while still making requests to 'http://pachd:1658/' which is the configured OIDC Issuer, which preserves OIDC Client-side validation requirements
func NewAuthServer ¶
func NewAuthServer(env Env, public, requireNoncriticalServers, watchesEnabled bool) (*apiServer, error)
NewAuthServer returns an implementation of auth.APIServer.
Types ¶
type ActivationScope ¶
type ActivationScope int
ActivationScope is an additional service to activate auth for.
const ( ActivationScopePFS ActivationScope = iota // Activate auth for PFS. ActivationScopePPS // Activate auth for PPS. )
func (ActivationScope) String ¶
func (s ActivationScope) String() string
String implements fmt.Stringer.
type Env ¶
type Env struct { DB *pachsql.DB EtcdClient *etcd.Client Listener col.PostgresListener TxnEnv *txnenv.TransactionEnv // circular dependency GetEnterpriseServer func() enterprise.APIServer GetIdentityServer func() identity.APIServer GetPfsServer func() pfs.APIServer GetPpsServer func() pps.APIServer BackgroundContext context.Context Config serviceenv.Configuration }
Env is the environment required for an apiServer
func EnvFromServiceEnv ¶
func EnvFromServiceEnv(senv serviceenv.ServiceEnv, txnEnv *txnenv.TransactionEnv) Env
type IDTokenClaims ¶
type IDTokenClaims struct { Email string `json:"email"` EmailVerified bool `json:"email_verified"` Groups []string `json:"groups"` }
IDTokenClaims represents the set of claims in an OIDC ID token that we're concerned with
type RewriteRoundTripper ¶
RewriteRoundTripper replaces the expected hostname with a new hostname. If a scheme is specified it's also replaced.