Back to godoc.org
go.aporeto.io/midgard-lib/client

package midgardclient

v1.69.1
Latest Go to latest
Published: Feb 26, 2020 | License: Apache-2.0 | Module: go.aporeto.io/midgard-lib

Overview

Package midgardclient contains a client that can be used to retrieve an Aporeto JWT from various authentication sources.

Index

Variables

var OptAudience = func(audience string) Option {

	return func(opts *issueOpts) {
		opts.audience = audience
	}
}

OptAudience passes the requested audience for the token.

var OptOpaque = func(opaque map[string]string) Option {

	return func(opts *issueOpts) {
		opts.opaque = opaque
	}
}

OptOpaque passes opaque data that will be included in the JWT.

var OptQuota = func(quota int) Option {

	if quota < 0 {
		panic("quota must be a positive number")
	}

	return func(opts *issueOpts) {
		opts.quota = quota
	}
}

OptQuota sets the maximum time the issued token can be used.

func CredsToTLSConfig

func CredsToTLSConfig(creds *gaia.Credential) (tlsConfig *tls.Config, err error)

CredsToTLSConfig converts Crendential to *tlsConfig

func ExtractJWTFromHeader

func ExtractJWTFromHeader(header http.Header) (string, error)

ExtractJWTFromHeader extracts the JWT from the given http.Header.

func NormalizeAuth

func NormalizeAuth(c *types.MidgardClaims) (claims []string)

NormalizeAuth normalizes the response to a simple structure.

func ParseCredentials

func ParseCredentials(data []byte) (creds *gaia.Credential, tlsConfig *tls.Config, err error)

ParseCredentials parses the credential data.

func UnsecureClaimsFromToken

func UnsecureClaimsFromToken(token string) ([]string, error)

UnsecureClaimsFromToken gets a token and returns the Aporeto claims contained inside. It is Unsecure in the sense that It doesn't verify the token signature, so the token must be first verified in order to use this function securely.

func VerifyToken

func VerifyToken(tokenString string, cert *x509.Certificate) (*types.MidgardClaims, error)

VerifyToken verifies the jwt locally using the given certificate.

func VerifyTokenSignature

func VerifyTokenSignature(tokenString string, cert *x509.Certificate) ([]string, error)

VerifyTokenSignature verifies the jwt locally using the given certificate. Deprecated: VerifyTokenSignature is deprecated in favor of VerifyToken()

type Client

type Client struct {
	TrackingType string
	// contains filtered or unexported fields
}

A Client allows to interract with a midgard server.

func NewClient

func NewClient(url string) *Client

NewClient returns a new Client.

func NewClientWithTLS

func NewClientWithTLS(url string, tlsConfig *tls.Config) *Client

NewClientWithTLS returns a new Client configured with the given x509.CAPool.

func (*Client) Authentify

func (a *Client) Authentify(ctx context.Context, token string) ([]string, error)

Authentify authentifies the information included in the given token and returns a list of tag string containing the claims.

func (*Client) IssueFromAWSSecurityToken

func (a *Client) IssueFromAWSSecurityToken(ctx context.Context, accessKeyID, secretAccessKey, token string, validity time.Duration, options ...Option) (string, error)

IssueFromAWSSecurityToken issues a Midgard jwt from a security token from amazon. If you don't pass anything, this function will try to retrieve the token using aws magic ip.

func (*Client) IssueFromAzureIdentityToken

func (a *Client) IssueFromAzureIdentityToken(ctx context.Context, token string, validity time.Duration, options ...Option) (string, error)

IssueFromAzureIdentityToken issues a Midgard jwt from a signed Azure identity document for the given validity duration.

func (*Client) IssueFromCertificate

func (a *Client) IssueFromCertificate(ctx context.Context, validity time.Duration, options ...Option) (string, error)

IssueFromCertificate issues a Midgard jwt from a certificate for the given validity duration.

func (*Client) IssueFromGCPIdentityToken

func (a *Client) IssueFromGCPIdentityToken(ctx context.Context, token string, validity time.Duration, options ...Option) (string, error)

IssueFromGCPIdentityToken issues a Midgard jwt from a signed GCP identity document for the given validity duration.

func (*Client) IssueFromGoogle

func (a *Client) IssueFromGoogle(ctx context.Context, googleJWT string, validity time.Duration, options ...Option) (string, error)

IssueFromGoogle issues a Midgard jwt from a Google JWT for the given validity duration.

func (*Client) IssueFromLDAP

func (a *Client) IssueFromLDAP(ctx context.Context, info *ldaputils.LDAPInfo, namespace string, provider string, validity time.Duration, options ...Option) (string, error)

IssueFromLDAP issues a Midgard JWT from an LDAP config for the given validity duration.

func (*Client) IssueFromOIDCStep1

func (a *Client) IssueFromOIDCStep1(ctx context.Context, namespace string, provider string, redirectURL string) (string, error)

IssueFromOIDCStep1 issues a Midgard jwt from a OICD provider. This is performing the first step to validate the issue requests and OIDC provider. It will return the OIDC auth endpoint

func (*Client) IssueFromOIDCStep2

func (a *Client) IssueFromOIDCStep2(ctx context.Context, code string, state string, validity time.Duration, options ...Option) (string, error)

IssueFromOIDCStep2 issues a Midgard jwt from a OICD provider. This is performing the second step to to exchange the code for a Midgard HWT.

func (*Client) IssueFromSAMLStep1

func (a *Client) IssueFromSAMLStep1(ctx context.Context, namespace string, provider string, redirectURL string) (string, error)

IssueFromSAMLStep1 issues a Midgard jwt from a SAML provider. This is performing the first step to validate the issue requests and OIDC provider. It will return the OIDC auth endpoint

func (*Client) IssueFromSAMLStep2

func (a *Client) IssueFromSAMLStep2(ctx context.Context, response string, state string, validity time.Duration, options ...Option) (string, error)

IssueFromSAMLStep2 issues a Midgard jwt from a SAML provider. This is performing the second step to to exchange the code for a Midgard HWT.

func (*Client) IssueFromVince

func (a *Client) IssueFromVince(ctx context.Context, account string, password string, otp string, validity time.Duration, options ...Option) (string, error)

IssueFromVince issues a Midgard jwt from a Vince for the given one time password and validity duration.

type Option

type Option func(*issueOpts)

An Option is the type of various options You can add the issue requests.

type TokenManager

type TokenManager struct {
	// contains filtered or unexported fields
}

A TokenManager issues an renew tokens periodically.

func NewMidgardTokenManager

func NewMidgardTokenManager(url string, validity time.Duration, tlsConfig *tls.Config) *TokenManager

NewMidgardTokenManager returns a new TokenManager backed by midgard.

func (*TokenManager) Issue

func (m *TokenManager) Issue(ctx context.Context) (token string, err error)

Issue issues a token.

func (*TokenManager) Run

func (m *TokenManager) Run(ctx context.Context, tokenCh chan string)

Run runs the token renewal job.

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
f or F : Jump to identifier