oidcsecurity

package
v0.0.0-...-0aed4ba Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 3, 2025 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PlatformAuthIDPConfigMapName is the name of the ConfigMap containing settings used for Client management
	PlatformAuthIDPConfigMapName string = "platform-auth-idp"
	// PlatformAuthIDPCredentialsSecretName is the name of the Secret containing default credentials
	PlatformAuthIDPCredentialsSecretName string = "platform-auth-idp-credentials"
	// PlatformOIDCCredentialsSecretName is the name of the Secret containing the OP admin oauthadmin's password
	PlatformOIDCCredentialsSecretName string = "platform-oidc-credentials"
	// CSCACertificateSecretName is the name of the Secret created by the installer in the shared services namespace
	// that contains the Common Services CA certificate and private key details
	CSCACertificateSecretName string = "cs-ca-certificate-secret"
	// CP3FinalizerName is the name of the finalizer added to Clients by the Client controller in IM v4.x
	CP3FinalizerName string = "client.oidc.security.ibm.com"
	// CP2FinalizerName is the name of the finalizer added to Clients by the OIDC Client Watcher in IAM v3.x
	CP2FinalizerName  string = "fynalyzer.client.oidc.security.ibm.com"
	AdministratorRole string = "Administrator"
)
View Source 
const (
	MessageCreateClientSuccessful             = "OIDC client registration create successful"
	MessageUpdateClientSuccessful             = "OIDC client registration update successful"
	MessageClientSuccessful                   = "OIDC client registration successful"
	MessageCreateClientFailed                 = "OIDC client registration create failed"
	MessageCreateZenRegistrationFailed        = "Registration of the Zen Instance failed"
	MessageUnknown                     string = "Unexpected error occurred while processing the request"

	ReasonCreateClientSuccessful             = "CreateClientSuccessful"
	ReasonCreateClientFailed                 = "CreateClientFailed"
	ReasonUpdateClientSuccessful             = "UpdateClientSuccessful"
	ReasonUpdateClientFailed                 = "UpdateClientFailed"
	ReasonGetClientFailed                    = "GetClientFailed"
	ReasonDeleteClientFailed                 = "DeleteClientFailed"
	ReasonCreateZenRegistrationFailed        = "CreateZenRegistrationFailed"
	ReasonUnknown                     string = "Unknown"
)
View Source 
const OptimisticLockErrorMsg = "the object has been modified; please apply your changes to the latest version and try again"

Variables

View Source 
var Clock clock.Clock = clock.RealClock{}
View Source 
var ConfigNotSetError error = fmt.Errorf("config is not set")

Functions

func GetCommonServiceCATLSKey 

func GetCommonServiceCATLSKey(cl client.Client, ctx context.Context, namespace string) (key []byte, err error)

func GetDefaultAdminCredentials 

func GetDefaultAdminCredentials(cl client.Client, ctx context.Context, namespace string) (username []byte, password []byte, err error)

func GetFunctionName 

func GetFunctionName(fn any) string

func GetOAuthAdminCredentials 

func GetOAuthAdminCredentials(cl client.Client, ctx context.Context, namespace string) (username, password []byte, err error)

func IsHTTPError 

func IsHTTPError(err error) bool

IsHTTPError returns whether the error is the result of an HTTP connection that has failed in some way

func IsOIDCError 

func IsOIDCError(err error) bool

IsOIDCError returns whether the error is related to an attempt to register OIDC Client or an existing OIDC Client

func IsZenError 

func IsZenError(err error) bool

IsZenError returns whether the error relates to a failure received when interacting with Zen

func NewCP2ServiceURLFormatError 

func NewCP2ServiceURLFormatError() (err error)

func NewDataKeyNotSetError 

func NewDataKeyNotSetError(obj client.Object, key string) (err error)

func NewInvalidResourceError 

func NewInvalidResourceError(kind, name, namespace, reason string) (err error)

Types

type CP2ServiceURLFormatError 

type CP2ServiceURLFormatError struct{}

func (*CP2ServiceURLFormatError) Error 

func (e *CP2ServiceURLFormatError) Error() string

type ClientCredentials 

type ClientCredentials struct {
	ClientID     []byte `json:"CLIENT_ID"`
	ClientSecret []byte `json:"CLIENT_SECRET"`
}

type ClientReconciler 

type ClientReconciler struct {
	runtimeClient.Client
	Reader   runtimeClient.Reader
	Scheme   *k8sRuntime.Scheme
	Recorder record.EventRecorder
	RunMode  common.RunModeType
	common.ByteGenerator
}

ClientReconciler reconciles a Client object

func (*ClientReconciler) Get 

func (r *ClientReconciler) Get(ctx context.Context, objkey runtimeClient.ObjectKey, obj runtimeClient.Object) (err error)

Get first tries to GET the object from the cache; if this fails, it attempts a GET from the API server directly.

func (*ClientReconciler) GetClientCreds 

func (r *ClientReconciler) GetClientCreds(ctx context.Context, client *oidcsecurityv1.Client) (clientCreds *ClientCredentials, err error)

GetClientCreds uses information from a Client to obtain the Client's credentials from the cluster. The Client must at a minimum have its ClientId, Secret, and namespace set.

func (*ClientReconciler) Reconcile 

func (r *ClientReconciler) Reconcile(rootCtx context.Context, req ctrl.Request) (result ctrl.Result, err error)

Reconcile is part of the main kubernetes reconciliation loop which aims to move the current state of the cluster closer to the desired state.

func (*ClientReconciler) SetupWithManager 

func (r *ClientReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type DataKeyNotSetError 

type DataKeyNotSetError struct {
	// contains filtered or unexported fields
}

DataKeyNotSetError is returned when a specific key is not available in the AuthenticationConfig

func (*DataKeyNotSetError) Error 

func (e *DataKeyNotSetError) Error() string

func (*DataKeyNotSetError) GetKey 

func (e *DataKeyNotSetError) GetKey() string

func (*DataKeyNotSetError) GetKind 

func (e *DataKeyNotSetError) GetKind() string

func (*DataKeyNotSetError) GetName 

func (e *DataKeyNotSetError) GetName() string

func (*DataKeyNotSetError) GetNamespace 

func (e *DataKeyNotSetError) GetNamespace() string

type DataNotSetError 

type DataNotSetError struct {
	// contains filtered or unexported fields
}

DataNotSetError is returned when a specific key is not available in the AuthenticationConfig

func (*DataNotSetError) Error 

func (e *DataNotSetError) Error() string

type InvalidResourceError 

type InvalidResourceError struct {
	// contains filtered or unexported fields
}

func (*InvalidResourceError) Error 

func (e *InvalidResourceError) Error() string

type Key 

type Key interface {
	String() string
}

type OIDCClientRegistrationError 

type OIDCClientRegistrationError struct {
	Description string `json:"error_description"`
	// contains filtered or unexported fields
}

OIDCClientRegistrationError is an error for any issue that occurs while interacting with OIDC Client registrations.

func NewOIDCClientRegistrationError 

func NewOIDCClientRegistrationError(clientID, requestMethod, origErrMsg string, response *http.Response) (oidcErr *OIDCClientRegistrationError)

NewOIDCClientRegistrationError produces a new OIDCClientError by attempting to unmarshal the response body JSON into an OIDCClientRegistrationError's description field.

func (*OIDCClientRegistrationError) ClientID 

func (e *OIDCClientRegistrationError) ClientID() string

func (*OIDCClientRegistrationError) Error 

func (e *OIDCClientRegistrationError) Error() string

func (*OIDCClientRegistrationError) RequestMethod 

func (e *OIDCClientRegistrationError) RequestMethod() string

func (*OIDCClientRegistrationError) Response 

func (e *OIDCClientRegistrationError) Response() *http.Response

type OidcClientResponse 

type OidcClientResponse struct {
	ClientIDIssuedAt        int      `json:"client_id_issued_at"`
	RegistrationClientURI   string   `json:"registration_client_uri"`
	ClientSecretExpiresAt   int      `json:"client_secret_expires_at"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method"`
	Scope                   string   `json:"scope"`
	GrantTypes              []string `json:"grant_types"`
	ResponseTypes           []string `json:"response_types"`
	ApplicationType         string   `json:"application_type"`
	SubjectType             string   `json:"subject_type"`
	PostLogoutRedirectUris  []string `json:"post_logout_redirect_uris"`
	PreauthorizedScope      string   `json:"preauthorized_scope"`
	IntrospectTokens        bool     `json:"introspect_tokens"`
	TrustedURIPrefixes      []string `json:"trusted_uri_prefixes"`
	ResourceIds             []string `json:"resource_ids"`
	FunctionalUserGroupIds  []string `json:"functional_user_groupIds"`
	FunctionalUserID        string   `json:"functional_user_id"`
	AppPasswordAllowed      bool     `json:"appPasswordAllowed"`
	AppTokenAllowed         bool     `json:"appTokenAllowed"`
	ClientID                string   `json:"client_id"`
	ClientSecret            string   `json:"client_secret"`
	ClientName              string   `json:"client_name"`
	RedirectUris            []string `json:"redirect_uris"`
	AllowRegexpRedirects    bool     `json:"allow_regexp_redirects"`
}

type SecretKey 

type SecretKey int
const (
	DefaultAdminUserKey SecretKey = iota
	DefaultAdminPasswordKey
	OAuthAdminPasswordKey
	TLSCertKey
)

func (SecretKey) String 

func (s SecretKey) String() string

type ServiceURLKey 

type ServiceURLKey int
const (
	AuthServiceURLKey ServiceURLKey = iota
	IdentityManagementURLKey
	IdentityProviderURLKey
)

func (ServiceURLKey) String 

func (s ServiceURLKey) String() string

type TokenInfo 

type TokenInfo struct {
	AccessToken  json.RawMessage `json:"access_token"`
	TokenType    json.RawMessage `json:"token_type"`
	ExpiresIn    int             `json:"expires_in"`
	Scope        json.RawMessage `json:"scope"`
	RefreshToken json.RawMessage `json:"refresh_token"`
	IdToken      json.RawMessage `json:"id_token"`
}

type ZenClientRegistrationError 

type ZenClientRegistrationError struct {
	Description string
	// contains filtered or unexported fields
}

ZenClientRegistrationError is an error for any issue that occurs while interacting with a Zen instance.

func NewZenClientRegistrationError 

func NewZenClientRegistrationError(clientID, requestMethod, zenInstanceId, origErrMsg string, response *http.Response) (zenErr *ZenClientRegistrationError)

NewZenClientRegistrationError produces a new ZenClientRegistrationError by attempting to unmarshal the response body JSON into an ZenClientRegistrationError's description field.

func (*ZenClientRegistrationError) ClientID 

func (e *ZenClientRegistrationError) ClientID() string

func (*ZenClientRegistrationError) Error 

func (e *ZenClientRegistrationError) Error() string

func (*ZenClientRegistrationError) RequestMethod 

func (e *ZenClientRegistrationError) RequestMethod() string

func (*ZenClientRegistrationError) Response 

func (e *ZenClientRegistrationError) Response() *http.Response

func (*ZenClientRegistrationError) ZenInstanceId 

func (e *ZenClientRegistrationError) ZenInstanceId() string

type ZenInstance 

type ZenInstance struct {
	ClientID       string `json:"clientId"`
	InstanceId     string `json:"instanceId"`
	ProductNameUrl string `json:"productNameUrl"`
	Namespace      string `json:"namespace"`
	ZenAuditUrl    string `json:"zenAuditUrl"`
}

ZenInstance represents the zen instance model (response from post, get)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.