oidc

package

v1.4.0 Latest Latest Go to latest Published: May 19, 2025 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chainloop-dev/chainloop

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Client
type GitHubOIDCClient
- func NewGitHubClient(logger *zerolog.Logger, opts ...Option) (*GitHubOIDCClient, error)
- func (c *GitHubOIDCClient) Token(ctx context.Context) (any, error)
type GitlabOIDCClient
- func NewGitlabClient(ctx context.Context, authToken string, logger *zerolog.Logger) (*GitlabOIDCClient, error)
type GitlabToken
type Option
- func WithActor(actor string) Option
- func WithAudience(audience []string) Option
type Token

Constants ¶

View Source

const (
	// RequestTokenEnvKey is the environment variable for the GitHub Actions OIDC token request token
	RequestTokenEnvKey = "ACTIONS_ID_TOKEN_REQUEST_TOKEN"
	// RequestURLEnvKey is the environment variable for the GitHub Actions OIDC token request URL
	RequestURLEnvKey = "ACTIONS_ID_TOKEN_REQUEST_URL"
)

View Source

const CIServerURLEnv = "CI_SERVER_URL"

CIServerURLEnv is the environment variable name for Gitlab CI server URL.

View Source

const ExpectedAudience = "chainloop"

ExpectedAudience is the expected audience for the Gitlab OIDC token.

View Source

const GitlabTokenEnv = "GITLAB_OIDC"

GitlabTokenEnv is the environment variable name for Gitlab OIDC token. #nosec G101 - This is just the name of an environment variable, not a credential

View Source

const SelfHostedRunner = "self-hosted"

Variables ¶

View Source

var DefaultActionsProviderURL = "https://token.actions.githubusercontent.com"

DefaultActionsProviderURL is the default URL for GitHub Actions OIDC provider

View Source

var DefaultGitHubAudience = []string{"nobody"}

DefaultGitHubAudience is the default audience for GitHub Actions OIDC

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	Token(ctx context.Context) (any, error)
}

Client is the interface for an OIDC client.

type GitHubOIDCClient ¶

type GitHubOIDCClient struct {
	// contains filtered or unexported fields
}

func NewGitHubClient ¶

func NewGitHubClient(logger *zerolog.Logger, opts ...Option) (*GitHubOIDCClient, error)

NewGitHubClient returns new GitHub OIDC provider client.

func (*GitHubOIDCClient) Token ¶

func (c *GitHubOIDCClient) Token(ctx context.Context) (any, error)

Token requests an OIDC token from GitHub's provider, verifies it, and returns the token.

type GitlabOIDCClient ¶

type GitlabOIDCClient struct {
	Token *GitlabToken
}

func NewGitlabClient ¶

func NewGitlabClient(ctx context.Context, authToken string, logger *zerolog.Logger) (*GitlabOIDCClient, error)

type GitlabToken ¶

type GitlabToken struct {
	oidc.IDToken

	// ConfigRefURI is a reference to the current job workflow.
	ConfigRefURI string `json:"ci_config_ref_uri"`

	// RunnerEnvironment is the environment the runner is running in.
	RunnerEnvironment string `json:"runner_environment"`
}

type Option ¶

type Option func(*GitHubOIDCClient)

Option is a functional option for configuring a GitHubOIDCClient.

func WithActor ¶

func WithActor(actor string) Option

WithActor sets the audience for the OIDC token.

func WithAudience ¶

func WithAudience(audience []string) Option

WithAudience sets the audience for the OIDC token.

type Token ¶

type Token struct {
	oidc.IDToken

	// JobWorkflowRef is a reference to the current job workflow.
	JobWorkflowRef string `json:"job_workflow_ref"`

	// RunnerEnvironment is the environment the runner is running in.
	RunnerEnvironment string `json:"runner_environment"`

	// RawToken is the raw token string (for testing)
	RawToken string `json:"-"`
}

Token represents the contents of a GitHub OIDC JWT token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL