authn

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 15, 2026 License: MIT Imports: 19 Imported by: 1

Documentation

Overview

Package authn provides AuthN API over HTTP(S)

  • Copyright (c) 2018-2025, NVIDIA CORPORATION. All rights reserved.

Package authn provides AuthN API over HTTP(S)

  • Copyright (c) 2018-2026, NVIDIA CORPORATION. All rights reserved.

Package authn provides AuthN API over HTTP(S)

  • Copyright (c) 2018-2025, NVIDIA CORPORATION. All rights reserved.

Package authn provides AuthN API over HTTP(S)

  • Copyright (c) 2018-2025, NVIDIA CORPORATION. All rights reserved.

Package authn provides AuthN API over HTTP(S)

  • Copyright (c) 2025, NVIDIA CORPORATION. All rights reserved.

Index

Constants

View Source 
const (
	SigningMethodHS256 = "HS256"
	SigningMethodRS256 = "RS256"
)
View Source 
const (
	AdminRole = "Admin"
)

Variables

This section is empty.

Functions

func AddRole 

func AddRole(bp api.BaseParams, roleSpec *Role) error

func AddUser 

func AddUser(bp api.BaseParams, newUser *User) error

func DeleteRole 

func DeleteRole(bp api.BaseParams, role string) error

func DeleteUser 

func DeleteUser(bp api.BaseParams, userID string) error

func GetJWKS added in v1.4.2 

func GetJWKS(bp api.BaseParams) (*json.RawMessage, error)

GetJWKS returns the raw JSON from the JWKS endpoint While it may be useful to return the parsed jwk.Set here, this avoids requiring all clients (including CLI) to include the jwx library in dependencies

func LoadToken 

func LoadToken(tokenFile string) (string, error)

LoadToken retrieves the authentication token from the specified tokenFile, environment variables, or default location (CLI config).

func RegisterCluster 

func RegisterCluster(bp api.BaseParams, cluSpec CluACL) error

func RevokeToken 

func RevokeToken(bp api.BaseParams, token string) error

func SetConfig 

func SetConfig(bp api.BaseParams, conf *ConfigToUpdate) error

func UnregisterCluster 

func UnregisterCluster(bp api.BaseParams, spec CluACL) error

func UpdateCluster 

func UpdateCluster(bp api.BaseParams, cluSpec CluACL) error

func UpdateRole 

func UpdateRole(bp api.BaseParams, roleSpec *Role) error

func UpdateUser 

func UpdateUser(bp api.BaseParams, user *User) error

Types

type BckACL 

type BckACL struct {
	Bck    cmn.Bck         `json:"bck"`
	Access apc.AccessAttrs `json:"perm,string"`
}

type CluACL 

type CluACL struct {
	ID     string          `json:"id"`
	Alias  string          `json:"alias,omitempty"`
	URLs   []string        `json:"urls,omitempty"`
	Access apc.AccessAttrs `json:"perm,string,omitempty"`
}

func GetRegisteredClusters 

func GetRegisteredClusters(bp api.BaseParams, spec CluACL) ([]*CluACL, error)

func (*CluACL) String 

func (clu *CluACL) String() string

type Config 

type Config struct {
	Server  ServerConf  `json:"auth"`
	Log     LogConf     `json:"log"`
	Net     NetConf     `json:"net"`
	Timeout TimeoutConf `json:"timeout"`
}

func GetConfig 

func GetConfig(bp api.BaseParams) (*Config, error)

func (*Config) Expire added in v1.3.24 

func (c *Config) Expire() time.Duration

func (*Config) Init added in v1.3.24 

func (c *Config) Init()

func (*Config) JspOpts 

func (*Config) JspOpts() jsp.Options

func (*Config) Secret 

func (c *Config) Secret() cmn.Censored

func (*Config) Verbose added in v1.3.18 

func (c *Config) Verbose() bool

type ConfigToUpdate 

type ConfigToUpdate struct {
	Server *ServerConfToSet `json:"auth"`
}

type HTTPConf 

type HTTPConf struct {
	Certificate string `json:"server_crt"`
	Key         string `json:"server_key"`
	Port        int    `json:"port"`
	UseHTTPS    bool   `json:"use_https"`
}

type LogConf 

type LogConf struct {
	Dir   string `json:"dir"`
	Level string `json:"level"`
}

type LoginMsg 

type LoginMsg struct {
	ExpiresIn *time.Duration `json:"expires_in"`
	Password  string         `json:"password"`
}

type NetConf 

type NetConf struct {
	ExternalURL string   `json:"external_url"`
	HTTP        HTTPConf `json:"http"`
}

type OIDCConfiguration added in v1.4.2 

type OIDCConfiguration struct {
	Issuer                           string   `json:"issuer"`
	TokenEndpoint                    string   `json:"token_endpoint"`
	UserinfoEndpoint                 string   `json:"userinfo_endpoint,omitempty"`
	JWKSURI                          string   `json:"jwks_uri"`
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
}

OIDCConfiguration -- Partial implementation of OIDC spec: https://openid.net/specs/openid-connect-discovery-1_0.html

func GetOIDCConfig added in v1.4.2 

func GetOIDCConfig(bp api.BaseParams) (*OIDCConfiguration, error)

func NewOIDCConfiguration added in v1.4.2 

func NewOIDCConfiguration(base *url.URL) *OIDCConfiguration

type RegisteredClusters 

type RegisteredClusters struct {
	Clusters map[string]*CluACL `json:"clusters,omitempty"`
}

type Role 

type Role struct {
	Name        string    `json:"name"`
	Description string    `json:"desc"`
	ClusterACLs []*CluACL `json:"clusters"`
	BucketACLs  []*BckACL `json:"buckets"`
	IsAdmin     bool      `json:"admin"`
}

func GetAllRoles 

func GetAllRoles(bp api.BaseParams) ([]*Role, error)

func GetRole 

func GetRole(bp api.BaseParams, roleID string) (*Role, error)

type ServerConf 

type ServerConf struct {
	Secret string `json:"secret"`
	// Determines when the secret or key expires
	// Also used to determine max-age for client caches of JWKS
	Expire cos.Duration `json:"expiration_time"`
	PubKey *string      `json:"public_key"`
	// Size of RSA private key to generate
	RSAKeyBits int `json:"rsa_key_bits"`
	// contains filtered or unexported fields
}

type ServerConfToSet added in v1.3.21 

type ServerConfToSet struct {
	Secret *string `json:"secret,omitempty"`
	Expire *string `json:"expiration_time,omitempty"`
}

type TimeoutConf 

type TimeoutConf struct {
	Default cos.Duration `json:"default_timeout"`
}

type TokenList 

type TokenList struct {
	Tokens  []string `json:"tokens"`
	Version int64    `json:"version,string"`
}

TokenList is a list of tokens pushed by authn

type TokenMsg 

type TokenMsg struct {
	Token string `json:"token"`
}

func LoginUser 

func LoginUser(bp api.BaseParams, userID, pass string, expire *time.Duration) (token *TokenMsg, err error)

Authorize a user and return a user token in case of success. The token expires in `expire` time. If `expire` is `nil` the expiration time is set by AuthN (default AuthN expiration time is 24 hours)

func (*TokenMsg) JspOpts 

func (*TokenMsg) JspOpts() jsp.Options

type User 

type User struct {
	ID       string  `json:"id"`
	Password string  `json:"pass,omitempty"`
	Roles    []*Role `json:"roles"`
}

func GetAllUsers 

func GetAllUsers(bp api.BaseParams) ([]*User, error)

func GetUser 

func GetUser(bp api.BaseParams, userID string) (*User, error)

func (*User) IsAdmin 

func (u *User) IsAdmin() bool

IsAdmin returns true if the user is an admin or super-user, i.e. the user has full access to everything.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.