Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
NATS NATSConfig `yaml:"nats"`
Storage StorageConfig `yaml:"storage"`
Logging config.LogConfig `yaml:"logging"`
Metrics MetricsConfig `yaml:"metrics"`
Providers []ProviderConfig `yaml:"providers"`
}
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager orchestrates authentication providers and token storage
func NewManager ¶
func NewManager(nats *NATSClient, providerList []providers.Provider, log *slog.Logger, metrics *Metrics) *Manager
NewManager creates a new authentication manager
type Metrics ¶
type Metrics struct {
AuthSuccessTotal *prometheus.CounterVec
AuthFailuresTotal *prometheus.CounterVec
AuthDuration *prometheus.HistogramVec
KVStoreFailuresTotal *prometheus.CounterVec
}
Metrics provides centralized metrics collection for the nats-auth-manager.
func NewMetrics ¶
func NewMetrics(reg prometheus.Registerer) (*Metrics, error)
NewMetrics creates a new metrics instance and registers the collectors.
func (*Metrics) IncAuthFailure ¶
IncAuthFailure increments the counter for failed authentications.
func (*Metrics) IncAuthSuccess ¶
IncAuthSuccess increments the counter for successful authentications.
func (*Metrics) IncKVStoreFailure ¶
IncKVStoreFailure increments the counter for KV store failures.
func (*Metrics) ObserveAuthDuration ¶
ObserveAuthDuration records the duration of an authentication attempt.
type MetricsConfig ¶
type NATSClient ¶
type NATSClient struct {
// contains filtered or unexported fields
}
NATSClient provides minimal NATS KV write functionality No subscriptions, no consumers, no streams - just connect and write to KV bucket
func NewNATSClient ¶
func NewNATSClient(cfg *NATSConfig, storageConfig *StorageConfig, log *slog.Logger) (*NATSClient, error)
NewNATSClient creates a NATS client and opens KV bucket
func NewNATSClientFromConn ¶
func NewNATSClientFromConn(nc *nats.Conn, storageConfig *StorageConfig, log *slog.Logger) (*NATSClient, error)
NewNATSClientFromConn creates a NATSClient that reuses an existing NATS connection. Used when the auth-manager runs as a subsystem of shunt.
func (*NATSClient) Close ¶
func (c *NATSClient) Close() error
Close gracefully closes the NATS connection. When using a shared connection, it skips draining since the owner manages the connection.
func (*NATSClient) StoreToken ¶
func (c *NATSClient) StoreToken(ctx context.Context, key, token string) error
StoreToken writes a token to the KV bucket, applying keyPrefix if configured.
type NATSConfig ¶
type NATSConfig struct {
URLs []string `yaml:"urls"`
Username string `yaml:"username"`
Password string `yaml:"password"`
Token string `yaml:"token"`
NKey string `yaml:"nkey"`
CredsFile string `yaml:"credsFile"`
TLS struct {
Enable bool `yaml:"enable"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
CAFile string `yaml:"caFile"`
Insecure bool `yaml:"insecure"`
} `yaml:"tls"`
}
type ProviderConfig ¶
type ProviderConfig struct {
ID string `yaml:"id"`
Type string `yaml:"type"`
KVKey string `yaml:"kvKey"`
RefreshBefore string `yaml:"refreshBefore"`
RefreshEvery string `yaml:"refreshEvery"`
TokenURL string `yaml:"tokenUrl"`
ClientID string `yaml:"clientId"`
ClientSecret string `yaml:"clientSecret"`
Scopes []string `yaml:"scopes"`
AuthURL string `yaml:"authUrl"`
Method string `yaml:"method"`
Headers map[string]string `yaml:"headers"`
Body string `yaml:"body"`
TokenPath string `yaml:"tokenPath"`
}
Source Files
Directories