gitlab

package

v0.0.0-...-f927bc5 Latest Latest Go to latest Published: Jan 30, 2025 License: AGPL-3.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/VersoriumX/teleport

Links

Open Source Insights

Documentation ¶

Index ¶

type IDTokenClaims
- func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)
type IDTokenSource
- func NewIDTokenSource(getEnv envGetter) *IDTokenSource
- func (its *IDTokenSource) GetIDToken() (string, error)
type IDTokenValidator
- func NewIDTokenValidator(cfg IDTokenValidatorConfig) (*IDTokenValidator, error)
- func (id *IDTokenValidator) Validate(ctx context.Context, domain string, token string) (*IDTokenClaims, error)
type IDTokenValidatorConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type IDTokenClaims ¶

type IDTokenClaims struct {
	// Sub roughly uniquely identifies the workload. Example:
	// `project_path:mygroup/my-project:ref_type:branch:ref:main`
	// project_path:{group}/{project}:ref_type:{type}:ref:{branch_name}
	Sub string `json:"sub"`
	// Git ref for this job
	Ref string `json:"ref"`
	// Git ref type. Example:
	// `branch` or `tag`
	RefType string `json:"ref_type"`
	// 	true if the Git ref is protected, false otherwise.
	RefProtected string `json:"ref_protected"`
	// Use this to scope to group or user level namespace by path. Example:
	// `mygroup`
	NamespacePath string `json:"namespace_path"`
	// Use this to scope to group or user level namespace by ID.
	NamespaceID string `json:"namespace_id"`
	// Use this to scope to project by path. Example:
	// `mygroup/myproject`
	ProjectPath string `json:"project_path"`
	// Use this to scope to project by ID.
	ProjectID string `json:"project_id"`
	// ID of the user executing the job
	UserID string `json:"user_id"`
	// Username of the user executing the job
	UserLogin string `json:"user_login"`
	// Email of the user executing the job
	UserEmail string `json:"user_email"`
	// Pipeline source.
	// https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules
	// Example: `web`
	PipelineSource string `json:"pipeline_source"`
	// ID of the pipeline.
	PipelineID string `json:"pipeline_id"`
	// Environment this job deploys to (if one is associated)
	Environment string `json:"environment"`
	// 	true if deployed environment is protected, false otherwise
	EnvironmentProtected string `json:"environment_protected"`
	// 	Environment action (environment:action) specified in the job.
	EnvironmentAction string `json:"environment_action"`
	// The ref path to the top-level pipeline definition, for example, gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main.
	CIConfigRefURI string `json:"ci_config_ref_uri"`
	// Git commit SHA for the ci_config_ref_uri.
	CIConfigSHA string `json:"ci_config_sha"`
	// 	The commit SHA for the job.
	SHA string `json:"sha"`
	// ID of the runner executing the job.
	RunnerID int `json:"runner_id"`
	// The type of runner used by the job. Can be either gitlab-hosted or self-hosted
	RunnerEnvironment string `json:"runner_environment"`
	// Deployment tier of the environment the job specifies
	DeploymentTier string `json:"deployment_tier"`
	// The visibility of the project where the pipeline is running. Can be internal, private, or public.
	ProjectVisibility string `json:"project_visibility"`
}

IDTokenClaims is the structure of claims contained within a GitLab issued ID token.

See the following for the structure: https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html#id-tokens

func (*IDTokenClaims) JoinAuditAttributes ¶

func (c *IDTokenClaims) JoinAuditAttributes() (map[string]interface{}, error)

JoinAuditAttributes returns a series of attributes that can be inserted into audit events related to a specific join.

type IDTokenSource ¶

type IDTokenSource struct {
	// contains filtered or unexported fields
}

IDTokenSource allows a GitLab ID token to be fetched whilst executing within the context of a GitLab actions workflow.

func NewIDTokenSource ¶

func NewIDTokenSource(getEnv envGetter) *IDTokenSource

func (*IDTokenSource) GetIDToken ¶

func (its *IDTokenSource) GetIDToken() (string, error)

type IDTokenValidator ¶

type IDTokenValidator struct {
	IDTokenValidatorConfig
}

func NewIDTokenValidator ¶

func NewIDTokenValidator(
	cfg IDTokenValidatorConfig,
) (*IDTokenValidator, error)

func (*IDTokenValidator) Validate ¶

func (id *IDTokenValidator) Validate(
	ctx context.Context, domain string, token string,
) (*IDTokenClaims, error)

type IDTokenValidatorConfig ¶

type IDTokenValidatorConfig struct {
	// Clock is used by the validator when checking expiry and issuer times of
	// tokens. If omitted, a real clock will be used.
	Clock clockwork.Clock
	// ClusterNameGetter is used to get the cluster name in order to identify
	// the correct audience for the token.
	ClusterNameGetter clusterNameGetter
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL