auth_providers

package
v1.5.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 26 Imported by: 11

Documentation

Index

Constants

View Source 
const (
	// EnvKeyfactorUsername is the environment variable for the Keyfactor hostname
	EnvKeyfactorUsername = "KEYFACTOR_USERNAME"

	// EnvKeyfactorPassword is the environment variable for the Keyfactor password
	EnvKeyfactorPassword = "KEYFACTOR_PASSWORD"

	// EnvKeyfactorDomain is the environment variable for the Keyfactor domain
	EnvKeyfactorDomain = "KEYFACTOR_DOMAIN"
)
View Source 
const (
	// DefaultCommandPort is the default port for Keyfactor Command API
	DefaultCommandPort = 443

	// DefaultCommandAPIPath is the default path for Keyfactor Command API
	DefaultCommandAPIPath = "KeyfactorAPI"

	// DefaultAPIVersion is the default version for Keyfactor Command API
	DefaultAPIVersion = "1"

	// DefaultAPIClientName is the default client name for Keyfactor Command API
	DefaultAPIClientName = "APIClient"

	// DefaultProductVersion is the default product version for Keyfactor Command API
	DefaultProductVersion = "10.5.0.0"

	// DefaultConfigFilePath is the default path for the configuration file
	DefaultConfigFilePath = ".keyfactor/command_config.json"

	// DefaultConfigProfile is the default profile for the configuration file
	DefaultConfigProfile = "default"

	// DefaultClientTimeout is the default timeout for the http Client
	DefaultClientTimeout = 60

	//Default HTTP protocol
	DefaultHttpProtocol = "https"

	// EnvKeyfactorHostName is the environment variable for the Keyfactor Command hostname
	EnvKeyfactorHostName = "KEYFACTOR_HOSTNAME"

	// EnvKeyfactorPort is the environment variable for the Keyfactor Command http(s) port
	EnvKeyfactorPort = "KEYFACTOR_PORT"

	// EnvKeyfactorAPIPath is the environment variable for the Keyfactor Command API path
	EnvKeyfactorAPIPath = "KEYFACTOR_API_PATH"

	// EnvKeyfactorSkipVerify is the environment variable for skipping TLS verification when communicating with Keyfactor Command
	EnvKeyfactorSkipVerify = "KEYFACTOR_SKIP_VERIFY"

	// EnvKeyfactorCACert is the environment variable for the CA certificate to be used for TLS verification when communicating with Keyfactor Command API
	EnvKeyfactorCACert = "KEYFACTOR_CA_CERT"

	// EnvKeyfactorAuthProvider is the environment variable for the authentication provider to be used for Keyfactor Command API
	EnvKeyfactorAuthProvider = "KEYFACTOR_AUTH_PROVIDER"

	// EnvKeyfactorAuthProfile is the environment variable for the profile of the configuration file
	EnvKeyfactorAuthProfile = "KEYFACTOR_AUTH_CONFIG_PROFILE"

	// EnvKeyfactorConfigFile is the environment variable for the configuration file to reference for connecting to the Keyfactor Command API
	EnvKeyfactorConfigFile = "KEYFACTOR_AUTH_CONFIG_FILE"

	// EnvKeyfactorClientTimeout is the environment variable for the timeout for the http Client
	EnvKeyfactorClientTimeout = "KEYFACTOR_CLIENT_TIMEOUT"
)
View Source 
const (
	// EnvKeyfactorKrbUsername is the environment variable for the Kerberos principal
	EnvKeyfactorKrbUsername = "KEYFACTOR_AUTH_KRB_USERNAME"

	// EnvKeyfactorKrbPassword is the environment variable for the Kerberos password
	EnvKeyfactorKrbPassword = "KEYFACTOR_AUTH_KRB_PASSWORD"

	// EnvKeyfactorKrbRealm is the environment variable for the Kerberos realm
	EnvKeyfactorKrbRealm = "KEYFACTOR_AUTH_KRB_REALM"

	// EnvKeyfactorKrbKeytab is the environment variable for the Kerberos keytab file path
	EnvKeyfactorKrbKeytab = "KEYFACTOR_AUTH_KRB_KEYTAB"

	// EnvKeyfactorKrbConfig is the environment variable for the krb5.conf file path
	EnvKeyfactorKrbConfig = "KEYFACTOR_AUTH_KRB_CONFIG"

	// EnvKeyfactorKrbCCache is the environment variable for the Kerberos credential cache path
	EnvKeyfactorKrbCCache = "KEYFACTOR_AUTH_KRB_CCACHE"

	// EnvKeyfactorKrbSPN is the environment variable for the Service Principal Name
	EnvKeyfactorKrbSPN = "KEYFACTOR_AUTH_KRB_SPN"

	// EnvKeyfactorKrbDisablePAFXFast is the environment variable to disable PA-FX-FAST for AD compatibility
	EnvKeyfactorKrbDisablePAFXFast = "KEYFACTOR_AUTH_KRB_DISABLE_PAFXFAST"

	// DefaultKrbConfigPath is the default path to krb5.conf
	DefaultKrbConfigPath = "/etc/krb5.conf"
)
View Source 
const (
	// DefaultKeyfactorAuthPort is the default port for Keyfactor authentication
	DefaultKeyfactorAuthPort = "8444"

	// DefaultTokenPrefix is the default token prefix for Keyfactor authentication headers
	DefaultTokenPrefix = "Bearer"

	// EnvKeyfactorClientID is the environment variable used to set the Client ID for oauth Client credentials authentication
	EnvKeyfactorClientID = "KEYFACTOR_AUTH_CLIENT_ID"

	// EnvKeyfactorClientSecret is the environment variable used to set the Client secret for oauth Client credentials authentication
	EnvKeyfactorClientSecret = "KEYFACTOR_AUTH_CLIENT_SECRET"

	// EnvKeyfactorAuthTokenURL EnvCommandTokenURL is the environment variable used to set the token URL for oauth Client credentials authentication
	EnvKeyfactorAuthTokenURL = "KEYFACTOR_AUTH_TOKEN_URL"

	// EnvKeyfactorAccessToken is the environment variable used to set the access token for oauth Client credentials authentication
	EnvKeyfactorAccessToken = "KEYFACTOR_AUTH_ACCESS_TOKEN"

	// EnvKeyfactorAuthAudience is the environment variable used to set the audience for oauth Client credentials
	//authentication
	EnvKeyfactorAuthAudience = "KEYFACTOR_AUTH_AUDIENCE"

	// EnvKeyfactorAuthScopes is the environment variable used to set the scopes for oauth Client credentials authentication
	EnvKeyfactorAuthScopes = "KEYFACTOR_AUTH_SCOPES"

	// EnvAuthCACert is a path to a CA certificate for the OAuth Client credentials authentication
	EnvAuthCACert = "KEYFACTOR_AUTH_CA_CERT"
)
View Source 
const (
	EnvAzureVaultName  = "AZURE_KEYVAULT_NAME"
	EnvAzureSecretName = "AZURE_SECRET_NAME"
)

Variables

View Source 
var (
	// DefaultScopes is the default scopes for Keyfactor authentication
	DefaultScopes []string
)

Functions

func DecodePEMBytes 

func DecodePEMBytes(buf []byte) ([]*pem.Block, []byte, error)

DecodePEMBytes decodes the PEM encoded bytes into a slice of PEM blocks.

func FindCACertificate 

func FindCACertificate(caCertificatePath string) ([]*x509.Certificate, error)

FindCACertificate reads the CA certificate from a file and returns a slice of x509.Certificate.

func LoadCACertificates 

func LoadCACertificates(certFile string) (*x509.CertPool, error)

LoadCACertificates loads the custom CA certificates from a file.

func RequestToCurl added in v1.2.0 

func RequestToCurl(req *http.Request) (string, error)

func WriteConfigToJSON 

func WriteConfigToJSON(filePath string, config *Config) error

WriteConfigToJSON writes a Config configuration to a JSON file.

func WriteConfigToYAML 

func WriteConfigToYAML(filePath string, config *Config) error

WriteConfigToYAML writes a Config configuration to a YAML file.

func WriteServerToJSON 

func WriteServerToJSON(filePath string, server *Server) error

WriteServerToJSON writes a Server configuration to a JSON file.

func WriteServerToYAML 

func WriteServerToYAML(filePath string, server *Server) error

WriteServerToYAML writes a Server configuration to a YAML file.

Types

type AuthProvider 

type AuthProvider struct {
	Type       string                 `json:"type,omitempty" yaml:"type,omitempty"`             // Type is the type of authentication provider.
	Profile    string                 `json:"profile,omitempty" yaml:"profile,omitempty"`       // Profile is the profile of the authentication provider.
	Parameters map[string]interface{} `json:"parameters,omitempty" yaml:"parameters,omitempty"` // Parameters are additional parameters for the authentication provider.
}

AuthProvider represents the authentication provider configuration.

type Authenticator 

type Authenticator interface {
	GetHttpClient() (*http.Client, error)
}

Authenticator is an interface for authentication to Keyfactor Command API.

type BasicAuthAuthenticator 

type BasicAuthAuthenticator struct {
	Client *http.Client
}

BasicAuthAuthenticator is an Authenticator that uses Basic Auth for authentication.

func (*BasicAuthAuthenticator) GetHttpClient 

func (b *BasicAuthAuthenticator) GetHttpClient() (*http.Client, error)

GetHttpClient returns the http client

type CommandAuthConfig 

type CommandAuthConfig struct {
	// ConfigType is the type of configuration
	ConfigType string `json:"config_type,omitempty" yaml:"config_type,omitempty"`

	//ConfigProfile is the profile of the configuration
	ConfigProfile string

	//ConfigFilePath is the path to the configuration file
	ConfigFilePath string

	// FileConfig
	FileConfig *Server

	// AuthHeader is the header to be used for authentication to Keyfactor Command API
	AuthHeader string `json:"auth_header,omitempty" yaml:"auth_header,omitempty"`

	// CommandHostName is the hostname of the Keyfactor Command API
	CommandHostName string `json:"host,omitempty" yaml:"host,omitempty"`

	// CommandPort is the port of the Keyfactor Command API
	CommandPort int `json:"port,omitempty" yaml:"port,omitempty"`

	// CommandAPIPath is the path of the Keyfactor Command API, default is "KeyfactorAPI"
	CommandAPIPath string `json:"api_path,omitempty" yaml:"api_path,omitempty"`

	// CommandAPIVersion is the version of the Keyfactor Command API, default is "1"
	CommandVersion string `json:"command_version,omitempty" yaml:"command_version,omitempty"`

	// CommandCACert is the CA certificate to be used for authentication to Keyfactor Command API for use with not widely trusted certificates. This can be a filepath or a string of the certificate in PEM format.
	CommandCACert string `json:"command_ca_cert,omitempty" yaml:"command_ca_cert,omitempty"`

	// SkipVerify is a flag to skip verification of the server's certificate chain and host name. Default is false.
	SkipVerify bool `json:"skip_verify,omitempty" yaml:"skip_verify,omitempty"`

	// HttpClientTimeout is the timeout for the http Client
	HttpClientTimeout int `json:"client_timeout,omitempty" yaml:"client_timeout,omitempty"`

	// UserAgent is the user agent to be used for authentication to Keyfactor Command API
	UserAgent string `json:"user_agent,omitempty" yaml:"user_agent,omitempty"`

	// Debug
	Debug bool `json:"debug,omitempty" yaml:"debug,omitempty"`

	// HTTPProtocol
	HttpProtocol string `json:"http_protocol,omitempty" yaml:"http_protocol,omitempty"`

	// HttpClient is the http Client to be used for authentication to Keyfactor Command API
	HttpClient *http.Client
}

CommandAuthConfig represents the base configuration needed for authentication to Keyfactor Command API.

func (*CommandAuthConfig) Authenticate 

func (c *CommandAuthConfig) Authenticate() error

Authenticate performs the authentication test to Keyfactor Command API and sets Command product version.

func (*CommandAuthConfig) BuildTransport 

func (c *CommandAuthConfig) BuildTransport() (*http.Transport, error)

BuildTransport creates a custom http Transport for authentication to Keyfactor Command API.

func (CommandAuthConfig) GetCommandVersion added in v1.5.0 

func (c CommandAuthConfig) GetCommandVersion() string

GetCommandVersion returns the Keyfactor Command product version detected during authentication.

func (*CommandAuthConfig) GetServerConfig 

func (c *CommandAuthConfig) GetServerConfig() *Server

GetServerConfig returns the server configuration.

func (*CommandAuthConfig) LoadConfig 

func (c *CommandAuthConfig) LoadConfig(profile string, configFilePath string, silentLoad bool) (
	*Server,
	error,
)

LoadConfig loads the configuration file and returns the server configuration.

func (*CommandAuthConfig) SetClient 

func (c *CommandAuthConfig) SetClient(client *http.Client) *http.Client

SetClient sets the http Client for authentication to Keyfactor Command API.

func (*CommandAuthConfig) ValidateAuthConfig 

func (c *CommandAuthConfig) ValidateAuthConfig() error

ValidateAuthConfig validates the authentication configuration for Keyfactor Command API.

func (*CommandAuthConfig) WithClientTimeout 

func (c *CommandAuthConfig) WithClientTimeout(timeout int) *CommandAuthConfig

WithClientTimeout sets the timeout for the http Client.

func (*CommandAuthConfig) WithCommandAPIPath 

func (c *CommandAuthConfig) WithCommandAPIPath(apiPath string) *CommandAuthConfig

WithCommandAPIPath sets the API path for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithCommandCACert 

func (c *CommandAuthConfig) WithCommandCACert(caCert string) *CommandAuthConfig

WithCommandCACert sets the CA certificate for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithCommandHostName 

func (c *CommandAuthConfig) WithCommandHostName(hostName string) *CommandAuthConfig

WithCommandHostName sets the hostname for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithCommandPort 

func (c *CommandAuthConfig) WithCommandPort(port int) *CommandAuthConfig

WithCommandPort sets the port for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithConfigFile 

func (c *CommandAuthConfig) WithConfigFile(configFilePath string) *CommandAuthConfig

WithConfigFile sets the configuration file for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithConfigProfile 

func (c *CommandAuthConfig) WithConfigProfile(profile string) *CommandAuthConfig

WithConfigProfile sets the configuration profile for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithHttpClient 

func (c *CommandAuthConfig) WithHttpClient(client *http.Client) *CommandAuthConfig

WithHttpClient sets the http Client for authentication to Keyfactor Command API.

func (*CommandAuthConfig) WithSkipVerify 

func (c *CommandAuthConfig) WithSkipVerify(skipVerify bool) *CommandAuthConfig

WithSkipVerify sets the flag to skip verification of the server's certificate chain and host name.

type CommandAuthConfigBasic 

type CommandAuthConfigBasic struct {
	// CommandAuthConfig is a reference to the base configuration needed for authentication to Keyfactor Command API
	CommandAuthConfig

	// Username is the username to be used for authentication to Keyfactor Command API
	Username string `json:"username,omitempty" yaml:"username,omitempty"`

	// Password is the password to be used for authentication to Keyfactor Command API
	Password string `json:"password,omitempty" yaml:"password,omitempty"`

	// Domain is the domain of the Active Directory used to authenticate to Keyfactor Command API
	Domain string `json:"domain,omitempty" yaml:"domain,omitempty"`
}

CommandAuthConfigBasic represents the base configuration needed for authentication to Keyfactor Command API.

func NewBasicAuthAuthenticatorBuilder 

func NewBasicAuthAuthenticatorBuilder() *CommandAuthConfigBasic

NewBasicAuthAuthenticatorBuilder creates a new instance of CommandAuthConfigBasic

func (*CommandAuthConfigBasic) Authenticate 

func (a *CommandAuthConfigBasic) Authenticate() error

Authenticate authenticates the request using basic authentication.

func (*CommandAuthConfigBasic) Build 

func (a *CommandAuthConfigBasic) Build() (Authenticator, error)

Build creates a new instance of BasicAuthAuthenticator

func (*CommandAuthConfigBasic) GetHttpClient 

func (a *CommandAuthConfigBasic) GetHttpClient() (*http.Client, error)

GetHttpClient returns the http client

func (*CommandAuthConfigBasic) GetServerConfig 

func (a *CommandAuthConfigBasic) GetServerConfig() *Server

GetServerConfig returns the server configuration

func (*CommandAuthConfigBasic) ValidateAuthConfig 

func (a *CommandAuthConfigBasic) ValidateAuthConfig() error

ValidateAuthConfig validates the basic authentication configuration.

func (*CommandAuthConfigBasic) WithDomain 

func (a *CommandAuthConfigBasic) WithDomain(domain string) *CommandAuthConfigBasic

WithDomain sets the domain for authentication

func (*CommandAuthConfigBasic) WithPassword 

func (a *CommandAuthConfigBasic) WithPassword(password string) *CommandAuthConfigBasic

WithPassword sets the password for authentication

func (*CommandAuthConfigBasic) WithUsername 

func (a *CommandAuthConfigBasic) WithUsername(username string) *CommandAuthConfigBasic

WithUsername sets the username for authentication

type CommandAuthConfigKerberos added in v1.5.0 

type CommandAuthConfigKerberos struct {
	// CommandAuthConfig is a reference to the base configuration needed for authentication to Keyfactor Command API
	CommandAuthConfig

	// Username is the Kerberos principal (user@REALM or just username)
	Username string `json:"username,omitempty" yaml:"username,omitempty"`

	// Password is the password for password-based Kerberos authentication
	Password string `json:"password,omitempty" yaml:"password,omitempty"`

	// Realm is the Kerberos realm (uppercase, e.g., EXAMPLE.COM)
	Realm string `json:"kerberos_realm,omitempty" yaml:"kerberos_realm,omitempty"`

	// KeytabPath is the path to the keytab file for keytab-based authentication
	KeytabPath string `json:"kerberos_keytab,omitempty" yaml:"kerberos_keytab,omitempty"`

	// ConfigPath is the path to krb5.conf (default: /etc/krb5.conf)
	ConfigPath string `json:"kerberos_config,omitempty" yaml:"kerberos_config,omitempty"`

	// CCachePath is the path to the Kerberos credential cache
	CCachePath string `json:"kerberos_ccache,omitempty" yaml:"kerberos_ccache,omitempty"`

	// SPN is the Service Principal Name (optional, auto-generated from host as HTTP/hostname)
	SPN string `json:"kerberos_spn,omitempty" yaml:"kerberos_spn,omitempty"`

	// DisablePAFXFast disables PA-FX-FAST for Active Directory compatibility
	DisablePAFXFast bool `json:"kerberos_disable_pafxfast,omitempty" yaml:"kerberos_disable_pafxfast,omitempty"`
}

CommandAuthConfigKerberos represents the configuration needed for Kerberos authentication to Keyfactor Command API.

func NewKerberosAuthenticatorBuilder added in v1.5.0 

func NewKerberosAuthenticatorBuilder() *CommandAuthConfigKerberos

NewKerberosAuthenticatorBuilder creates a new instance of CommandAuthConfigKerberos

func (*CommandAuthConfigKerberos) Authenticate added in v1.5.0 

func (k *CommandAuthConfigKerberos) Authenticate() error

Authenticate authenticates the request using Kerberos/SPNEGO authentication.

func (*CommandAuthConfigKerberos) Build added in v1.5.0 

func (k *CommandAuthConfigKerberos) Build() (Authenticator, error)

Build creates a new instance of KerberosAuthenticator

func (*CommandAuthConfigKerberos) GetHttpClient added in v1.5.0 

func (k *CommandAuthConfigKerberos) GetHttpClient() (*http.Client, error)

GetHttpClient returns the http client configured with Kerberos/SPNEGO authentication

func (*CommandAuthConfigKerberos) GetServerConfig added in v1.5.0 

func (k *CommandAuthConfigKerberos) GetServerConfig() *Server

GetServerConfig returns the server configuration

func (*CommandAuthConfigKerberos) ValidateAuthConfig added in v1.5.0 

func (k *CommandAuthConfigKerberos) ValidateAuthConfig() error

ValidateAuthConfig validates the Kerberos authentication configuration.

func (*CommandAuthConfigKerberos) WithCCachePath added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithCCachePath(ccachePath string) *CommandAuthConfigKerberos

WithCCachePath sets the credential cache path for ccache-based authentication

func (*CommandAuthConfigKerberos) WithConfigPath added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithConfigPath(configPath string) *CommandAuthConfigKerberos

WithConfigPath sets the krb5.conf file path

func (*CommandAuthConfigKerberos) WithDisablePAFXFast added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithDisablePAFXFast(disable bool) *CommandAuthConfigKerberos

WithDisablePAFXFast sets whether to disable PA-FX-FAST for AD compatibility

func (*CommandAuthConfigKerberos) WithKeytabPath added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithKeytabPath(keytabPath string) *CommandAuthConfigKerberos

WithKeytabPath sets the keytab file path for keytab-based authentication

func (*CommandAuthConfigKerberos) WithPassword added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithPassword(password string) *CommandAuthConfigKerberos

WithPassword sets the password for password-based Kerberos authentication

func (*CommandAuthConfigKerberos) WithRealm added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithRealm(realm string) *CommandAuthConfigKerberos

WithRealm sets the Kerberos realm

func (*CommandAuthConfigKerberos) WithSPN added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithSPN(spn string) *CommandAuthConfigKerberos

WithSPN sets the Service Principal Name

func (*CommandAuthConfigKerberos) WithUsername added in v1.5.0 

func (k *CommandAuthConfigKerberos) WithUsername(username string) *CommandAuthConfigKerberos

WithUsername sets the Kerberos principal for authentication

type CommandConfigOauth 

type CommandConfigOauth struct {
	// CommandAuthConfig is a reference to the base configuration needed for authentication to Keyfactor Command API
	CommandAuthConfig

	// ClientID is the Client ID for OAuth authentication
	ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`

	// ClientSecret is the Client secret for OAuth authentication
	ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`

	// Audience is the audience for OAuth authentication
	Audience string `json:"audience,omitempty" yaml:"audience,omitempty"`

	// Scopes is the scopes for OAuth authentication
	Scopes []string `json:"scopes,omitempty" yaml:"scopes,omitempty"`

	// CACertificatePath is the path to the CA certificate for OAuth authentication
	CACertificatePath string `json:"idp_ca_cert,omitempty" yaml:"idp_ca_cert,omitempty"`

	// CACertificates is the CA certificates for authentication
	CACertificates []*x509.Certificate `json:"-"`

	// AccessToken is the access token for OAuth authentication
	AccessToken string `json:"access_token,omitempty" yaml:"access_token,omitempty"`

	// RefreshToken is the refresh token for OAuth authentication
	RefreshToken string `json:"refresh_token,omitempty" yaml:"refresh_token,omitempty"`

	// Expiry is the expiry time of the access token
	Expiry time.Time `json:"expiry,omitempty" yaml:"expiry,omitempty"`

	// TokenURL is the token URL for OAuth authentication
	TokenURL string `json:"token_url,omitempty" yaml:"token_url,omitempty"`
}

CommandConfigOauth represents the configuration needed for authentication to Keyfactor Command API using OAuth2.

func NewOAuthAuthenticatorBuilder 

func NewOAuthAuthenticatorBuilder() *CommandConfigOauth

NewOAuthAuthenticatorBuilder creates a new CommandConfigOauth instance.

func (*CommandConfigOauth) Authenticate 

func (b *CommandConfigOauth) Authenticate() error

Authenticate authenticates to Keyfactor Command API using OAuth2.

func (*CommandConfigOauth) Build 

func (b *CommandConfigOauth) Build() (Authenticator, error)

Build creates an OAuth authenticator.

func (*CommandConfigOauth) GetAccessToken added in v1.3.0 

func (b *CommandConfigOauth) GetAccessToken() (*oauth2.Token, error)

GetAccessToken returns the OAuth2 token source for the given configuration.

func (*CommandConfigOauth) GetHttpClient 

func (b *CommandConfigOauth) GetHttpClient() (*http.Client, error)

GetHttpClient returns an HTTP client for oAuth authentication.

func (*CommandConfigOauth) GetServerConfig 

func (b *CommandConfigOauth) GetServerConfig() *Server

GetServerConfig returns the server configuration for Keyfactor Command API using OAuth2.

func (*CommandConfigOauth) LoadConfig 

func (b *CommandConfigOauth) LoadConfig(profile, path string, silentLoad bool) (*Server, error)

LoadConfig loads the configuration for Keyfactor Command API using OAuth2.

func (*CommandConfigOauth) ValidateAuthConfig 

func (b *CommandConfigOauth) ValidateAuthConfig() error

ValidateAuthConfig validates the configuration for Keyfactor Command API using OAuth2.

func (*CommandConfigOauth) WithAccessToken 

func (b *CommandConfigOauth) WithAccessToken(accessToken string) *CommandConfigOauth

WithAccessToken sets the access token for OAuth authentication.

func (*CommandConfigOauth) WithAudience 

func (b *CommandConfigOauth) WithAudience(audience string) *CommandConfigOauth

WithAudience sets the audience for OAuth authentication.

func (*CommandConfigOauth) WithCaCertificatePath 

func (b *CommandConfigOauth) WithCaCertificatePath(caCertificatePath string) *CommandConfigOauth

WithCaCertificatePath sets the CA certificate path for OAuth authentication.

func (*CommandConfigOauth) WithCaCertificates 

func (b *CommandConfigOauth) WithCaCertificates(caCertificates []*x509.Certificate) *CommandConfigOauth

WithCaCertificates sets the CA certificates for OAuth authentication.

func (*CommandConfigOauth) WithClientId 

func (b *CommandConfigOauth) WithClientId(clientId string) *CommandConfigOauth

WithClientId sets the Client ID for OAuth authentication.

func (*CommandConfigOauth) WithClientSecret 

func (b *CommandConfigOauth) WithClientSecret(clientSecret string) *CommandConfigOauth

WithClientSecret sets the Client secret for OAuth authentication.

func (*CommandConfigOauth) WithHttpClient 

func (b *CommandConfigOauth) WithHttpClient(httpClient *http.Client) *CommandConfigOauth

func (*CommandConfigOauth) WithScopes 

func (b *CommandConfigOauth) WithScopes(scopes []string) *CommandConfigOauth

WithScopes sets the scopes for OAuth authentication.

func (*CommandConfigOauth) WithTokenUrl 

func (b *CommandConfigOauth) WithTokenUrl(tokenUrl string) *CommandConfigOauth

WithTokenUrl sets the token URL for OAuth authentication.

type Config 

type Config struct {
	Servers map[string]Server `json:"servers,omitempty" yaml:"servers,omitempty"` // Servers is a map of server configurations.
}

Config represents the overall configuration structure.

func MergeConfigFromFile 

func MergeConfigFromFile(filePath string, config *Config) (*Config, error)

MergeConfigFromFile merges the configuration from a file into the existing Config.

func NewConfig 

func NewConfig() *Config

NewConfig creates a new Config configuration.

func ReadConfigFromJSON 

func ReadConfigFromJSON(filePath string) (*Config, error)

ReadConfigFromJSON reads a Config configuration from a JSON file.

func ReadConfigFromYAML 

func ReadConfigFromYAML(filePath string) (*Config, error)

ReadConfigFromYAML reads a Config configuration from a YAML file.

func (*Config) Compare 

func (c *Config) Compare(other *Config) bool

type ConfigProviderAzureKeyVault added in v1.1.0 

type ConfigProviderAzureKeyVault struct {
	SecretName        string `json:"secret_name,omitempty" yaml:"secret_name,omitempty"`
	VaultName         string `json:"vault_name,omitempty" yaml:"vault_name,omitempty"`
	DefaultCredential *azidentity.DefaultAzureCredential
	CommandConfig     *Config
}

ConfigProviderAzureKeyVault is an Authenticator that uses Azure Key Vault for authentication.

func NewConfigProviderAzureKeyVault added in v1.1.0 

func NewConfigProviderAzureKeyVault() *ConfigProviderAzureKeyVault

NewConfigProviderAzureKeyVault creates a new instance of ConfigProviderAzureKeyVault.

func (*ConfigProviderAzureKeyVault) Authenticate added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) Authenticate() error

Authenticate authenticates to Azure.

func (*ConfigProviderAzureKeyVault) LoadConfigFromAzureKeyVault added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) LoadConfigFromAzureKeyVault() (*Config, error)

LoadConfigFromAzureKeyVault loads a Config type from Azure Key Vault.

func (*ConfigProviderAzureKeyVault) String added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) String() string

String returns a string representation of the ConfigProviderAzureKeyVault.

func (*ConfigProviderAzureKeyVault) Validate added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) Validate() error

Validate validates the ConfigProviderAzureKeyVault.

func (*ConfigProviderAzureKeyVault) WithSecretName added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) WithSecretName(secretName string) *ConfigProviderAzureKeyVault

WithSecretName sets the secret name for authentication.

func (*ConfigProviderAzureKeyVault) WithVaultName added in v1.1.0 

func (a *ConfigProviderAzureKeyVault) WithVaultName(vaultName string) *ConfigProviderAzureKeyVault

WithVaultName sets the vault name for authentication.

type KerberosAuthenticator added in v1.5.0 

type KerberosAuthenticator struct {
	Client *http.Client
}

KerberosAuthenticator is an Authenticator that uses Kerberos/SPNEGO for authentication.

func (*KerberosAuthenticator) GetHttpClient added in v1.5.0 

func (k *KerberosAuthenticator) GetHttpClient() (*http.Client, error)

GetHttpClient returns the http client

type OAuthAuthenticator 

type OAuthAuthenticator struct {
	Client *http.Client
}

OAuthAuthenticator is an Authenticator that uses OAuth2 for authentication.

func (*OAuthAuthenticator) GetHttpClient 

func (a *OAuthAuthenticator) GetHttpClient() (*http.Client, error)

GetHttpClient returns the http client

type Server 

type Server struct {
	Host          string       `json:"host,omitempty" yaml:"host,omitempty"`                       // Host is the Command server DNS name or IP address.
	Port          int          `json:"port,omitempty" yaml:"port,omitempty"`                       // Port is the Command server port.
	Username      string       `json:"username,omitempty" yaml:"username,omitempty"`               // Username is the username for authentication.
	Password      string       `json:"password,omitempty" yaml:"password,omitempty"`               // Password is the password for authentication.
	Domain        string       `json:"domain,omitempty" yaml:"domain,omitempty"`                   // Domain is the domain for authentication.
	ClientID      string       `json:"client_id,omitempty" yaml:"client_id,omitempty"`             // ClientID is the client ID for OAuth.
	ClientSecret  string       `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`     // ClientSecret is the client secret for OAuth.
	AccessToken   string       `json:"access_token,omitempty" yaml:"access_token,omitempty"`       // AccessToken is the OAuth access token.
	Scopes        []string     `json:"scopes,omitempty" yaml:"scopes,omitempty"`                   // Scopes is the OAuth scopes.
	Audience      string       `json:"audience,omitempty" yaml:"audience,omitempty"`               // Audience is the OAuth audience.
	OAuthTokenUrl string       `json:"token_url,omitempty" yaml:"token_url,omitempty"`             // OAuthTokenUrl is full URL for OAuth token request endpoint.
	APIPath       string       `json:"api_path,omitempty" yaml:"api_path,omitempty"`               // APIPath is the API path.
	AuthProvider  AuthProvider `json:"auth_provider,omitempty" yaml:"auth_provider,omitempty"`     // AuthProvider contains the authentication provider details.
	SkipTLSVerify bool         `json:"skip_tls_verify,omitempty" yaml:"skip_tls_verify,omitempty"` // TLSVerify determines whether to verify the TLS certificate.
	CACertPath    string       `json:"ca_cert_path,omitempty" yaml:"ca_cert_path,omitempty"`       // CACertPath is the path to the CA certificate to trust.
	AuthType      string       `json:"auth_type,omitempty" yaml:"auth_type,omitempty"`             // AuthType is the type of authentication to use.

	// Kerberos authentication fields
	KerberosRealm  string `json:"kerberos_realm,omitempty" yaml:"kerberos_realm,omitempty"`   // KerberosRealm is the Kerberos realm (uppercase).
	KerberosKeytab string `json:"kerberos_keytab,omitempty" yaml:"kerberos_keytab,omitempty"` // KerberosKeytab is the path to the keytab file.
	KerberosConfig string `json:"kerberos_config,omitempty" yaml:"kerberos_config,omitempty"` // KerberosConfig is the path to krb5.conf.
	KerberosCCache string `json:"kerberos_ccache,omitempty" yaml:"kerberos_ccache,omitempty"` // KerberosCCache is the path to the credential cache.
	KerberosSPN    string `json:"kerberos_spn,omitempty" yaml:"kerberos_spn,omitempty"`       // KerberosSPN is the Service Principal Name.
}

Server represents the server configuration for authentication.

func ReadServerFromJSON 

func ReadServerFromJSON(filePath string) (*Server, error)

ReadServerFromJSON reads a Server configuration from a JSON file.

func ReadServerFromYAML 

func ReadServerFromYAML(filePath string) (*Server, error)

ReadServerFromYAML reads a Server configuration from a YAML file.

func (*Server) Compare 

func (s *Server) Compare(other *Server) bool

func (*Server) GetAuthType 

func (s *Server) GetAuthType() string

GetAuthType returns the type of authentication to use based on the configuration params.

func (*Server) GetBasicAuthClientConfig 

func (s *Server) GetBasicAuthClientConfig() (*CommandAuthConfigBasic, error)

GetBasicAuthClientConfig returns the basic auth configuration for the client.

func (*Server) GetKerberosClientConfig added in v1.5.0 

func (s *Server) GetKerberosClientConfig() (*CommandAuthConfigKerberos, error)

GetKerberosClientConfig returns the Kerberos configuration for the client.

func (*Server) GetOAuthClientConfig 

func (s *Server) GetOAuthClientConfig() (*CommandConfigOauth, error)

GetOAuthClientConfig returns the OAuth configuration for the client.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.