auth

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Api added in v0.5.0 

type Api int
const (
	MsGraph Api = iota
	AadGraph
)

type Authorizer 

type Authorizer interface {
	Token() (*oauth2.Token, error)
}

Authorizer is anything that can return an access token for authorizing API connections

func NewAzureCliAuthorizer 

func NewAzureCliAuthorizer(ctx context.Context, api Api, tenantId string) (Authorizer, error)

NewAzureCliAuthorizer returns an Authorizer which authenticates using the Azure CLI.

func NewClientCertificateAuthorizer 

func NewClientCertificateAuthorizer(ctx context.Context, environment environments.Environment, api Api, tokenVersion TokenVersion, tenantId, clientId, pfxPath, pfxPass string) (Authorizer, error)

NewClientCertificateAuthorizer returns an authorizer which uses client certificate authentication.

func NewClientSecretAuthorizer 

func NewClientSecretAuthorizer(ctx context.Context, environment environments.Environment, api Api, tokenVersion TokenVersion, tenantId, clientId, clientSecret string) (Authorizer, error)

NewClientSecretAuthorizer returns an authorizer which uses client secret authentication.

func NewMsiAuthorizer added in v0.6.0 

func NewMsiAuthorizer(ctx context.Context, environment environments.Environment, api Api, msiEndpoint string) (Authorizer, error)

NewMsiAuthorizer returns an authorizer which uses managed service identity to for authentication.

type AzureCliAuthorizer 

type AzureCliAuthorizer struct {
	// TenantID is optional and forces selection of the specified tenant. Must be a valid UUID.
	TenantID string
	// contains filtered or unexported fields
}

AzureCliAuthorizer is an Authorizer which supports the Azure CLI.

func (AzureCliAuthorizer) Token 

func (a AzureCliAuthorizer) Token() (*oauth2.Token, error)

Token returns an access token using the Azure CLI as an authentication mechanism.

type AzureCliConfig 

type AzureCliConfig struct {
	Api      Api
	TenantID string
}

AzureCliConfig configures an AzureCliAuthorizer.

func NewAzureCliConfig 

func NewAzureCliConfig(api Api, tenantId string) (*AzureCliConfig, error)

NewAzureCliConfig validates the supplied tenant ID and returns a new AzureCliConfig.

func (*AzureCliConfig) TokenSource 

func (c *AzureCliConfig) TokenSource(ctx context.Context) Authorizer

TokenSource provides a source for obtaining access tokens using AzureCliAuthorizer.

type Claims 

type Claims struct {
	Audience          string   `json:"aud"`
	Issuer            string   `json:"iss"`
	IdentityProvider  string   `json:"idp"`
	ObjectId          string   `json:"oid"`
	Roles             []string `json:"roles"`
	Scopes            string   `json:"scp"`
	Subject           string   `json:"sub"`
	TenantRegionScope string   `json:"tenant_region_scope"`
	TenantId          string   `json:"tid"`
	Version           string   `json:"ver"`

	AppDisplayName string `json:"app_displayname,omitempty"`
	AppId          string `json:"appid,omitempty"`
	IdType         string `json:"idtyp,omitempty"`
}

Claims is used to unmarshall the claims from a JWT issued by the Microsoft Identity Platform.

func ParseClaims 

func ParseClaims(token *oauth2.Token) (claims Claims, err error)

ParseClaims retrieves and parses the claims from a JWT issued by the Microsoft Identity Platform.

type Config 

type Config struct {
	// Specifies the national cloud environment to use
	Environment environments.Environment

	// Version specifies the token version  to acquire from Microsoft Identity Platform.
	// Ignored when using Azure CLI authentication.
	Version TokenVersion

	// Azure Active Directory tenant to connect to, should be a valid UUID
	TenantID string

	// Client ID for the application used to authenticate the connection
	ClientID string

	// Enables authentication using Azure CLI
	EnableAzureCliToken bool

	// Enables authentication using managed service identity.
	EnableMsiAuth bool

	// Specifies a custom MSI endpoint to connect to
	MsiEndpoint string

	// Enables client certificate authentication using client assertions
	EnableClientCertAuth bool

	// Specifies the path to a client certificate bundle in PFX format
	ClientCertPath string

	// Specifies the encryption password to unlock a client certificate
	ClientCertPassword string

	// Enables client secret authentication using client credentials
	EnableClientSecretAuth bool

	// Specifies the password to authenticate with using client secret authentication
	ClientSecret string
}

func (*Config) NewAuthorizer 

func (c *Config) NewAuthorizer(ctx context.Context, api Api) (Authorizer, error)

NewAuthorizer returns a suitable Authorizer depending on what is defined in the Config Authorizers are selected for authentication methods in the following preferential order: - Client certificate authentication - Client secret authentication - Azure CLI authentication

Whether one of these is returned depends on whether it is enabled in the Config, and whether sufficient configuration fields are set to enable that authentication method.

For client certificate authentication, specify TenantID, ClientID and ClientCertPath. For client secret authentication, specify TenantID, ClientID and ClientSecret. Azure CLI authentication (if enabled) is used as a fallback mechanism.

type MsiAuthorizer added in v0.6.0 

type MsiAuthorizer struct {
	// contains filtered or unexported fields
}

MsiAuthorizer is an Authorizer which supports managed service identity.

func (*MsiAuthorizer) Token added in v0.6.0 

func (a *MsiAuthorizer) Token() (*oauth2.Token, error)

Token returns an access token acquired from the metadata endpoint.

type MsiConfig added in v0.6.0 

type MsiConfig struct {
	MsiApiVersion string
	MsiEndpoint   string
	Resource      string
}

MsiConfig configures an MsiAuthorizer.

func NewMsiConfig added in v0.6.0 

func NewMsiConfig(resource string, msiEndpoint string) (*MsiConfig, error)

NewMsiConfig returns a new MsiConfig with a configured metadata endpoint and resource.

func (*MsiConfig) TokenSource added in v0.6.0 

func (c *MsiConfig) TokenSource(ctx context.Context) Authorizer

TokenSource provides a source for obtaining access tokens using MsiAuthorizer.

type TokenVersion added in v0.5.0 

type TokenVersion int
const (
	TokenVersion2 TokenVersion = iota
	TokenVersion1
)

Source Files

View all Source files

Directories

Path Synopsis
internal
microsoft

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.