Documentation

Overview

    Package midgardclient contains a client that can be used to retrieve an Aporeto JWT from various authentication sources.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func CredsToTLSConfig

    func CredsToTLSConfig(creds *gaia.Credential) (tlsConfig *tls.Config, err error)

      CredsToTLSConfig converts Crendential to *tlsConfig

      func ExtractJWTFromHeader

      func ExtractJWTFromHeader(header http.Header) (string, error)

        ExtractJWTFromHeader extracts the JWT from the given http.Header.

        func NormalizeAuth

        func NormalizeAuth(c *types.MidgardClaims) (claims []string)

          NormalizeAuth normalizes the response to a simple structure.

          func ParseCredentials

          func ParseCredentials(data []byte) (creds *gaia.Credential, tlsConfig *tls.Config, err error)

            ParseCredentials parses the credential data.

            func UnsecureClaimsFromToken

            func UnsecureClaimsFromToken(token string) ([]string, error)

              UnsecureClaimsFromToken gets a token and returns the Aporeto claims contained inside. It is Unsecure in the sense that It doesn't verify the token signature, so the token must be first verified in order to use this function securely.

              func VerifyToken

              func VerifyToken(tokenString string, cert *x509.Certificate) (*types.MidgardClaims, error)

                VerifyToken verifies the jwt locally using the given certificate.

                func VerifyTokenSignature

                func VerifyTokenSignature(tokenString string, cert *x509.Certificate) ([]string, error)

                  VerifyTokenSignature verifies the jwt locally using the given certificate. Deprecated: VerifyTokenSignature is deprecated in favor of VerifyToken()

                  Types

                  type Client

                  type Client struct {
                  	TrackingType string
                  	// contains filtered or unexported fields
                  }

                    A Client allows to interract with a midgard server.

                    func NewClient

                    func NewClient(url string) *Client

                      NewClient returns a new Client.

                      func NewClientWithTLS

                      func NewClientWithTLS(url string, tlsConfig *tls.Config) *Client

                        NewClientWithTLS returns a new Client configured with the given x509.CAPool.

                        func (*Client) Authentify

                        func (a *Client) Authentify(ctx context.Context, token string) ([]string, error)

                          Authentify authentifies the information included in the given token and returns a list of tag string containing the claims.

                          func (*Client) IssueFromAWSSecurityToken

                          func (a *Client) IssueFromAWSSecurityToken(ctx context.Context, accessKeyID, secretAccessKey, token string, validity time.Duration, options ...Option) (string, error)

                            IssueFromAWSSecurityToken issues a Midgard jwt from a security token from amazon. If you don't pass anything, this function will try to retrieve the token using aws magic ip.

                            func (*Client) IssueFromAporetoIdentityToken

                            func (a *Client) IssueFromAporetoIdentityToken(ctx context.Context, token string, validity time.Duration, options ...Option) (string, error)

                              IssueFromAporetoIdentityToken issues a Midgard jwt from an existing one. This new token validity will be capped to the original expiration time and identity claims will be identical. This can be used to issued a token with restrictions without needing the original source of authentication.

                              func (*Client) IssueFromAzureIdentityToken

                              func (a *Client) IssueFromAzureIdentityToken(ctx context.Context, token string, validity time.Duration, options ...Option) (string, error)

                                IssueFromAzureIdentityToken issues a Midgard jwt from a signed Azure identity document for the given validity duration.

                                func (*Client) IssueFromCertificate

                                func (a *Client) IssueFromCertificate(ctx context.Context, validity time.Duration, options ...Option) (string, error)

                                  IssueFromCertificate issues a Midgard jwt from a certificate for the given validity duration.

                                  func (*Client) IssueFromGCPIdentityToken

                                  func (a *Client) IssueFromGCPIdentityToken(ctx context.Context, token string, validity time.Duration, options ...Option) (string, error)

                                    IssueFromGCPIdentityToken issues a Midgard jwt from a signed GCP identity document for the given validity duration.

                                    func (*Client) IssueFromGoogle

                                    func (a *Client) IssueFromGoogle(ctx context.Context, googleJWT string, validity time.Duration, options ...Option) (string, error)

                                      IssueFromGoogle issues a Midgard jwt from a Google JWT for the given validity duration.

                                      func (*Client) IssueFromLDAP

                                      func (a *Client) IssueFromLDAP(ctx context.Context, info *ldaputils.LDAPInfo, namespace string, provider string, validity time.Duration, options ...Option) (string, error)

                                        IssueFromLDAP issues a Midgard JWT from an LDAP config for the given validity duration.

                                        func (*Client) IssueFromOIDCStep1

                                        func (a *Client) IssueFromOIDCStep1(ctx context.Context, namespace string, provider string, redirectURL string) (string, error)

                                          IssueFromOIDCStep1 issues a Midgard jwt from a OICD provider. This is performing the first step to validate the issue requests and OIDC provider. It will return the OIDC auth endpoint

                                          func (*Client) IssueFromOIDCStep2

                                          func (a *Client) IssueFromOIDCStep2(ctx context.Context, code string, state string, validity time.Duration, options ...Option) (string, error)

                                            IssueFromOIDCStep2 issues a Midgard jwt from a OICD provider. This is performing the second step to to exchange the code for a Midgard HWT.

                                            func (*Client) IssueFromPCC

                                            func (a *Client) IssueFromPCC(ctx context.Context, namespace string, provider string, username string, password string, validity time.Duration, options ...Option) (string, error)

                                              IssueFromPCC issues a Midgard jwt from a PCC for the given one time password and validity duration.

                                              func (*Client) IssueFromPCCIdentityToken

                                              func (a *Client) IssueFromPCCIdentityToken(ctx context.Context, namespace string, provider string, token string, validity time.Duration, options ...Option) (string, error)

                                                IssueFromPCCIdentityToken issues a Midgard jwt from a PCC token.

                                                func (*Client) IssueFromSAMLStep1

                                                func (a *Client) IssueFromSAMLStep1(ctx context.Context, namespace string, provider string, redirectURL string) (string, error)

                                                  IssueFromSAMLStep1 issues a Midgard jwt from a SAML provider. This is performing the first step to validate the issue requests and OIDC provider. It will return the OIDC auth endpoint

                                                  func (*Client) IssueFromSAMLStep2

                                                  func (a *Client) IssueFromSAMLStep2(ctx context.Context, response string, state string, validity time.Duration, options ...Option) (string, error)

                                                    IssueFromSAMLStep2 issues a Midgard jwt from a SAML provider. This is performing the second step to to exchange the code for a Midgard HWT.

                                                    func (*Client) IssueFromVince

                                                    func (a *Client) IssueFromVince(ctx context.Context, account string, password string, otp string, validity time.Duration, options ...Option) (string, error)

                                                      IssueFromVince issues a Midgard jwt from a Vince for the given one time password and validity duration.

                                                      type Option

                                                      type Option func(*issueOpts)

                                                        An Option is the type of various options You can add the issue requests.

                                                        func OptAudience

                                                        func OptAudience(audience string) Option

                                                          OptAudience passes the requested audience for the token. Using audience is deprecated. Switch to OptLimitAuthz.

                                                          func OptOpaque

                                                          func OptOpaque(opaque map[string]string) Option

                                                            OptOpaque passes opaque data that will be included in the JWT.

                                                            func OptQuota

                                                            func OptQuota(quota int) Option

                                                              OptQuota sets the maximum time the issued token can be used.

                                                              func OptRestrictNamespace

                                                              func OptRestrictNamespace(namespace string) Option

                                                                OptRestrictNamespace asks for a restricted token on the given namespace.

                                                                func OptRestrictNetworks

                                                                func OptRestrictNetworks(networks []string) Option

                                                                  OptRestrictNetworks asks for a restricted token on the given networks.

                                                                  func OptRestrictPermissions

                                                                  func OptRestrictPermissions(permissions []string) Option

                                                                    OptRestrictPermissions asks for a restricted token on the given permissions.

                                                                    type TokenManager

                                                                    type TokenManager struct {
                                                                    	// contains filtered or unexported fields
                                                                    }

                                                                      A TokenManager issues an renew tokens periodically.

                                                                      func NewMidgardTokenManager

                                                                      func NewMidgardTokenManager(url string, validity time.Duration, tlsConfig *tls.Config) *TokenManager

                                                                        NewMidgardTokenManager returns a new TokenManager backed by midgard.

                                                                        func (*TokenManager) Issue

                                                                        func (m *TokenManager) Issue(ctx context.Context) (token string, err error)

                                                                          Issue issues a token.

                                                                          func (*TokenManager) Run

                                                                          func (m *TokenManager) Run(ctx context.Context, tokenCh chan string)

                                                                            Run runs the token renewal job.