pam_issuer_server

package

v1.1.0-rc2 Latest Latest Go to latest Published: Feb 10, 2026 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flightctl/flightctl

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func RunUserDBSync(ctx context.Context, log logrus.FieldLogger, userdbDir, etcDir string) (<-chan SyncEvent, error)
type Handler
- func NewHandler(log logrus.FieldLogger, cfg *config.Config, ca *crypto.CAClient) (*Handler, error)
type Server
- func New(log logrus.FieldLogger, cfg *config.Config, ca *crypto.CAClient, ...) *Server
- func (s *Server) Run(ctx context.Context) error
type SyncEvent
type SyncEventKind

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrInvalidSyncDirs = errors.New("userdbDir and etcDir are required")

ErrInvalidSyncDirs is returned when userdbDir or etcDir is empty.

View Source

var ErrUserDBDirInvalid = errors.New("userdb dir missing or not a directory")

ErrUserDBDirInvalid is returned when userdbDir is missing or not a directory.

Functions ¶

func RunUserDBSync ¶

func RunUserDBSync(ctx context.Context, log logrus.FieldLogger, userdbDir, etcDir string) (<-chan SyncEvent, error)

RunUserDBSync copies userdb from userdbDir into etcDir on start, then watches etcDir and copies the four userdb files back to userdbDir whenever they change (so changes from groupadd/useradd/usermod/chpasswd persist). Run until ctx is done. Initial validation (empty dirs, userdbDir missing or not a directory) is done synchronously and returns an error; runtime failures (e.g. watcher) are sent as SyncError on the channel. On success returns (events, nil); the sync runs in a goroutine and the channel is closed when it stops.

Types ¶

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler implements the PAM issuer API handlers

func NewHandler ¶

func NewHandler(
	log logrus.FieldLogger,
	cfg *config.Config,
	ca *crypto.CAClient,
) (*Handler, error)

NewHandler creates a new PAM issuer handler

func (*Handler) AuthAuthorize ¶

func (h *Handler) AuthAuthorize(w http.ResponseWriter, r *http.Request, params pamapi.AuthAuthorizeParams)

AuthAuthorize handles OAuth2 authorization endpoint (GET /api/v1/auth/authorize)

func (*Handler) AuthJWKS ¶

func (h *Handler) AuthJWKS(w http.ResponseWriter, r *http.Request)

AuthJWKS handles JWKS endpoint (GET /api/v1/auth/jwks)

func (*Handler) AuthLogin ¶

func (h *Handler) AuthLogin(w http.ResponseWriter, r *http.Request, params pamapi.AuthLoginParams)

AuthLogin handles GET request to login form (GET /api/v1/auth/login)

func (*Handler) AuthLoginPost ¶

func (h *Handler) AuthLoginPost(w http.ResponseWriter, r *http.Request)

AuthLoginPost handles POST request to login form (POST /api/v1/auth/login)

func (*Handler) AuthOpenIDConfiguration ¶

func (h *Handler) AuthOpenIDConfiguration(w http.ResponseWriter, r *http.Request)

AuthOpenIDConfiguration handles OpenID Connect discovery endpoint (GET /api/v1/auth/.well-known/openid-configuration)

func (*Handler) AuthToken ¶

func (h *Handler) AuthToken(w http.ResponseWriter, r *http.Request)

AuthToken handles OAuth2 token endpoint (POST /api/v1/auth/token)

func (*Handler) AuthUserInfo ¶

func (h *Handler) AuthUserInfo(w http.ResponseWriter, r *http.Request)

AuthUserInfo handles OIDC UserInfo endpoint (GET /api/v1/auth/userinfo)

func (*Handler) Close ¶

func (h *Handler) Close()

Close cleans up resources. It is safe to call multiple times (idempotent).

func (*Handler) Run ¶

func (h *Handler) Run(ctx context.Context) error

Run starts the background cleanup goroutine

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

func New ¶

func New(
	log logrus.FieldLogger,
	cfg *config.Config,
	ca *crypto.CAClient,
	listener net.Listener,
) *Server

New returns a new instance of a PAM issuer server.

func (*Server) Run ¶

func (s *Server) Run(ctx context.Context) error

type SyncEvent ¶

type SyncEvent struct {
	Kind SyncEventKind
	Err  error
	File string
}

SyncEvent is emitted on the returned channel for observability and testing. For SyncError, Err is set. For SyncCopyBackDone, File is the base name of the file copied.

type SyncEventKind ¶

type SyncEventKind string

SyncEventKind is the type of a userdb sync event.

const (
	SyncSkipped        SyncEventKind = "skipped"         // empty dirs or userdb dir missing/not a dir
	SyncCopyInDone     SyncEventKind = "copy_in_done"    // copy from userdb to etc finished
	SyncWatcherStarted SyncEventKind = "watcher_started" // fsnotify watch on etcDir active
	SyncCopyBackDone   SyncEventKind = "copy_back_done"  // copy from etc to userdb finished (after a change)
	SyncError          SyncEventKind = "error"           // runtime failure (e.g. watcher); Err is set
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL