auth

package

v0.2.0 Latest Latest Go to latest Published: Jan 15, 2021 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/manicminer/hamilton

Links

Open Source Insights

Documentation ¶

Index ¶

type Authorizer
type AzureCliAuthorizer
- func (a AzureCliAuthorizer) Token() (*oauth2.Token, error)
type AzureCliConfig
- func NewAzureCliConfig(tenantId string) (*AzureCliConfig, error)
- func (c *AzureCliConfig) TokenSource(ctx context.Context) Authorizer
type Claims
- func ParseClaims(token *oauth2.Token) (claims Claims, err error)
type Config
- func (c *Config) NewAuthorizer(ctx context.Context) (Authorizer, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Authorizer ¶

type Authorizer interface {
	Token() (*oauth2.Token, error)
}

Authorizer is anything that can return an access token for authorizing API connections

func NewAzureCliAuthorizer ¶

func NewAzureCliAuthorizer(ctx context.Context, tenantId string) (Authorizer, error)

NewAzureCliAuthorizer returns an Authorizer which authenticates using the Azure CLI.

func NewClientCertificateAuthorizer ¶

func NewClientCertificateAuthorizer(ctx context.Context, environment environments.Environment, tenantId, clientId, pfxPath, pfxPass string) (Authorizer, error)

NewClientCertificateAuthorizer returns an authorizer which uses client certificate authentication.

func NewClientSecretAuthorizer ¶

func NewClientSecretAuthorizer(ctx context.Context, environment environments.Environment, tenantId, clientId, clientSecret string) (Authorizer, error)

NewClientSecretAuthorizer returns an authorizer which uses client secret authentication.

type AzureCliAuthorizer ¶

type AzureCliAuthorizer struct {
	// TenantID is optional and forces selection of the specified tenant. Must be a valid UUID.
	TenantID string
	// contains filtered or unexported fields
}

AzureCliAuthorizer is an Authorizer which supports the Azure CLI.

func (AzureCliAuthorizer) Token ¶

func (a AzureCliAuthorizer) Token() (*oauth2.Token, error)

Token returns an access token using the Azure CLI as an authentication mechanism.

type AzureCliConfig ¶

type AzureCliConfig struct {
	TenantID string
}

AzureCliConfig configures an AzureCliAuthorizer.

func NewAzureCliConfig ¶

func NewAzureCliConfig(tenantId string) (*AzureCliConfig, error)

NewAzureCliConfig validates the supplied tenant ID and returns a new AzureCliConfig.

func (*AzureCliConfig) TokenSource ¶

func (c *AzureCliConfig) TokenSource(ctx context.Context) Authorizer

TokenSource provides a source for obtaining access tokens using AzureCliAuthorizer.

type Claims ¶

type Claims struct {
	Audience          string   `json:"aud"`
	Issuer            string   `json:"iss"`
	IdentityProvider  string   `json:"idp"`
	ObjectId          string   `json:"oid"`
	Roles             []string `json:"roles"`
	Subject           string   `json:"sub"`
	TenantRegionScope string   `json:"tenant_region_scope"`
	TenantId          string   `json:"tid"`
	Version           string   `json:"ver"`

	AppDisplayName string `json:"app_displayname,omitempty"`
	AppId          string `json:"appid,omitempty"`
	IdType         string `json:"idtyp,omitempty"`
}

Claims is used to unmarshall the claims from a JWT issued by the Microsoft Identity Platform.

func ParseClaims ¶

func ParseClaims(token *oauth2.Token) (claims Claims, err error)

ParseClaims retrieves and parses the claims from a JWT issued by the Microsoft Identity Platform.

type Config ¶

type Config struct {
	// Specifies the national cloud environment to use
	Environment environments.Environment

	// Azure Active Directory tenant to connect to, should be a valid UUID
	TenantID string

	// Client ID for the application used to authenticate the connection
	ClientID string

	// Enables authentication using Azure CLI
	EnableAzureCliToken bool

	// Enables authentication using managed service identity. Not yet supported.
	// TODO: NOT YET SUPPORTED
	EnableMsiAuth bool

	// Specifies a custom MSI endpoint to connect to
	MsiEndpoint string

	// Enables client certificate authentication using client assertions
	EnableClientCertAuth bool

	// Specifies the path to a client certificate bundle in PFX format
	ClientCertPath string

	// Specifies the encryption password to unlock a client certificate
	ClientCertPassword string

	// Enables client secret authentication using client credentials
	EnableClientSecretAuth bool

	// Specifies the password to authenticate with using client secret authentication
	ClientSecret string
}

func (*Config) NewAuthorizer ¶

func (c *Config) NewAuthorizer(ctx context.Context) (Authorizer, error)

NewAuthorizer returns a suitable Authorizer depending on what is defined in the Config Authorizers are selected for authentication methods in the following preferential order: - Client certificate authentication - Client secret authentication - Azure CLI authentication

Whether one of these is returned depends on whether it is enabled in the Config, and whether sufficient configuration fields are set to enable that authentication method.

For client certificate authentication, specify TenantID, ClientID and ClientCertPath. For client secret authentication, specify TenantID, ClientID and ClientSecret. Azure CLI authentication (if enabled) is used as a fallback mechanism.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
microsoft
microsoft/internal

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL