Documentation
¶
Index ¶
- func DefaultConfigDir() (string, error)
- func OAuthContext(ctx context.Context, base http.RoundTripper) context.Context
- type AuthFile
- type AuthType
- type OAuthCredential
- type Profile
- type Session
- type Store
- func (s *Store) CurrentProfile() (name string, profile Profile, ok bool)
- func (s *Store) GetAPIKey(profileName string) (string, error)
- func (s *Store) GetOAuthCredential(profileName string) (*OAuthCredential, error)
- func (s *Store) GetProfile(profileName string) (Profile, bool)
- func (s *Store) Load() (*AuthFile, error)
- func (s *Store) ProfileNames() ([]string, error)
- func (s *Store) RemoveProfile(profileName string) error
- func (s *Store) SetAPIKeyProfile(profileName, remoteURL, apiKey string, switchCurrent bool, ...) error
- func (s *Store) SetOAuthProfile(profileName, remoteURL string, cred OAuthCredential, switchCurrent bool, ...) error
- func (s *Store) SwitchProfile(profileName string) error
- type StoreOptions
- type Transport
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultConfigDir ¶
DefaultConfigDir returns the config directory: $BASETEN_CONFIG_DIR > os.UserConfigDir()/baseten
func OAuthContext ¶
OAuthContext returns a context that carries an oauth2 HTTP client which stamps the Baseten User-Agent on every request, layered over base.
Types ¶
type AuthFile ¶
type AuthFile struct {
Version int `json:"version"`
// Current is the name of the profile used when no profile is selected via
// flag or environment.
Current string `json:"current,omitempty"`
Profiles map[string]Profile `json:"profiles"`
}
AuthFile is the on-disk auth.json structure. Unrecognized keys are ignored on read and dropped on the next write.
type OAuthCredential ¶
type OAuthCredential struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
Expiry time.Time `json:"expiry,omitempty"`
}
OAuthCredential holds an OAuth access and refresh token pair, along with the access token's absolute expiry. Expiry is what golang.org/x/oauth2 uses to decide whether to refresh; persisting it lets refresh work across CLI invocations.
type Profile ¶
type Profile struct {
RemoteURL string `json:"remote_url"`
AuthType AuthType `json:"auth_type"`
// InsecureOAuthCredential and InsecureAPIKey are only populated when the
// keyring is unavailable or --insecure-storage was used.
InsecureOAuthCredential *OAuthCredential `json:"oauth_credential,omitempty"`
InsecureAPIKey string `json:"api_key,omitempty"`
}
Profile is a single named, self-contained credential: a remote URL plus the auth used against it. The profile name is the keyring account and the auth.json map key.
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session is the auth context resolved once per invocation. Exactly one of the credential paths applies: a stored profile (ProfileName set) or ephemeral env credentials (ephemeralAPIKey set).
func ResolveSession ¶
ResolveSession determines the effective auth for this invocation, most specific source first:
- profileFlag (the --profile flag)
- BASETEN_API_KEY (+ optional BASETEN_REMOTE_URL), ephemeral
- BASETEN_PROFILE
- defaultProfile (a baked-in fallback, e.g. from the SSH config)
- the current profile in auth.json
defaultProfile is "" for most commands; the SSH sign/proxy commands pass their --default-profile so a pinned profile is used only when nothing more specific selects one.
A named profile that does not exist is not an error here; the failure surfaces when a credential is actually needed (or in the auth commands that manage profiles directly).
func (*Session) IsEphemeral ¶
IsEphemeral reports whether the session uses credentials from BASETEN_API_KEY rather than a stored profile.
func (*Session) ProfileName ¶
ProfileName is the stored profile this session uses, or "" when the session is ephemeral or unauthenticated.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store manages reading and writing auth.json and keyring secrets.
func NewStore ¶
func NewStore(opts StoreOptions) *Store
NewStore creates a Store from the given options.
func (*Store) CurrentProfile ¶
CurrentProfile returns the current profile name and entry.
func (*Store) GetAPIKey ¶
GetAPIKey retrieves the API key for a profile, trying the keyring first, then falling back to the auth.json plaintext field.
func (*Store) GetOAuthCredential ¶
func (s *Store) GetOAuthCredential(profileName string) (*OAuthCredential, error)
GetOAuthCredential retrieves the OAuth credential for a profile, trying the keyring first, then falling back to the auth.json plaintext field.
func (*Store) GetProfile ¶
GetProfile returns the profile with the given name.
func (*Store) Load ¶
Load reads auth.json from disk. Returns an empty AuthFile if it does not exist.
func (*Store) ProfileNames ¶
ProfileNames returns the stored profile names in sorted order.
func (*Store) RemoveProfile ¶
RemoveProfile removes a profile and deletes its keyring entry. If the removed profile was current, the current pointer is cleared.
func (*Store) SetAPIKeyProfile ¶
func (s *Store) SetAPIKeyProfile(profileName, remoteURL, apiKey string, switchCurrent bool, warnWriter func(string)) error
SetAPIKeyProfile stores an API key credential under name. When switchCurrent is true, the profile also becomes the current profile.
func (*Store) SetOAuthProfile ¶
func (s *Store) SetOAuthProfile(profileName, remoteURL string, cred OAuthCredential, switchCurrent bool, warnWriter func(string)) error
SetOAuthProfile stores an OAuth credential under name. When switchCurrent is true, the profile also becomes the current profile. Tries the keyring first; falls back to plaintext in auth.json with a warning written to warnWriter (if non-nil).
func (*Store) SwitchProfile ¶
SwitchProfile sets the current profile. Returns an error if it does not exist.
type StoreOptions ¶
type StoreOptions struct {
// Dir is the directory where auth.json is stored.
Dir string
// InsecureStorage, when true, stores secrets in auth.json instead of
// the system keyring.
InsecureStorage bool
}
StoreOptions configures a Store.
type Transport ¶
type Transport struct {
Session *Session
// OAuthConfig is the OAuth2 configuration used for token refresh.
OAuthConfig *oauth2.Config
Base http.RoundTripper
}
Transport is an HTTP client that injects the appropriate Authorization header for the resolved session. For OAuth credentials, it uses oauth2.TokenSource for transparent token refresh.
It implements the Do(*http.Request) (*http.Response, error) interface expected by the baseten-go SDK clients.