README
¶
Identity service
The identity service provides the ability to manage, create, remove and change Juju users and Juju environments. It is designed as a proxy to the external identity providers.
Installation
To start using the id service, first ensure you have a valid Go environment, then run the following:
go get github.com/CanonicalLtd/blues-identity
cd $GOPATH/github.com/CanonicalLtd/blues-identity
Go dependencies
The project uses godeps (https://launchpad.net/godeps) to manage Go dependencies. To install this, run:
go get launchpad.net/godeps
After installing it, you can update the dependencies
to the revision specified in the dependencies.tsv file with the following:
make deps
Use make create-deps to update the dependencies file.
Development environment
A couple of system packages are required in order to set up a development environment. To install them, run the following:
make sysdeps
At this point, from the root of this branch, run the command::
make install
The command above builds and installs the identity service binaries, and places
them in $GOPATH/bin. This is the list of the installed commands:
- idserver: start the identity server;
Identity server
The identity server can be started with the following command:
idserver -logging-config INFO cmd/idserver/config.yaml
The same result can be achieved more easily by running make server.
Note that this configuration should not be used when running a production
server.
At this point the server starts listening on port 8081 (as specified in the config YAML file).
Testing
Run make check to test the application.
Run make help to display help about all the available make targets.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( Debug = "debug" Discharger = "discharger" V1 = "v1" )
Versions of the API that can be served.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type HandlerCloser ¶
func NewServer ¶
func NewServer(params ServerParams, serveVersions ...string) (HandlerCloser, error)
NewServer returns a new handler that handles identity service requests and stores its data in the given database. The handler will serve the specified versions of the API.
type ServerParams ¶
type ServerParams struct {
// MeetingStore holds the storage that will be used to store
// rendezvous information.
MeetingStore meeting.Store
// ProviderDataStore holds the storeage that can be used by
// identity providers to store data that is not associated with
// an individual identity.
ProviderDataStore store.ProviderDataStore
// RootKeyStore holds the root key store that will be used to
// store macaroon root keys within the identity server.
RootKeyStore bakery.RootKeyStore
// Store holds the identities store for the identity server.
Store store.Store
// AuthUsername holds the username for admin login.
AuthUsername string
// AuthPassword holds the password for admin login.
AuthPassword string
// Key holds the keypair to use with the bakery service.
Key *bakery.KeyPair
// Location holds a URL representing the externally accessible
// base URL of the service, without a trailing slash.
Location string
// PrivateAddr should hold a dialable address that will be used
// for communication between identity servers. Note that this
// should not contain a port.
PrivateAddr string
// IdentityProviders contains the set of identity providers that
// should be initialised by the service.
IdentityProviders []idp.IdentityProvider
// DebugTeams contains the set of launchpad teams that may access
// the restricted debug endpoints.
DebugTeams []string
// AdminAgentPublicKey contains the public key of the admin agent.
AdminAgentPublicKey *bakery.PublicKey
// StaticFileSystem contains an http.FileSystem that can be used
// to serve static files.
StaticFileSystem http.FileSystem
// Template contains a set of templates that are used to generate
// html output.
Template *template.Template
// DebugStatusCheckerFuncs contains functions that will be
// executed as part of a /debug/status check.
DebugStatusCheckerFuncs []debugstatus.CheckerFunc
// WaitTimeout holds the time after which an interactive discharge wait
// request will timeout.
WaitTimeout time.Duration
}
ServerParams contains configuration parameters for a server.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
idserver
command
|
|
|
migrate-db
command
|
|
|
user-admin
command
|
|
|
The config package defines configuration parameters for the id server.
|
The config package defines configuration parameters for the id server. |
|
Package idp defines the API provided by all identity providers.
|
Package idp defines the API provided by all identity providers. |
|
agent
Package agent is an identity provider that uses the agent authentication scheme.
|
Package agent is an identity provider that uses the agent authentication scheme. |
|
azure
Package azure is an identity provider that authenticates with azure.
|
Package azure is an identity provider that authenticates with azure. |
|
google
Package google is an identity provider that authenticates with google.
|
Package google is an identity provider that authenticates with google. |
|
idputil
Package idputil contains utility routines common to many identity providers.
|
Package idputil contains utility routines common to many identity providers. |
|
keystone
Package keystone contains identity providers that validate against keystone servers.
|
Package keystone contains identity providers that validate against keystone servers. |
|
keystone/internal/keystone
Package keystone implements a keystone client.
|
Package keystone implements a keystone client. |
|
ldap
Package ldap contains identity providers that validate against ldap servers.
|
Package ldap contains identity providers that validate against ldap servers. |
|
openid
Package openid provides identity providers that use OpenID to determine the identity.
|
Package openid provides identity providers that use OpenID to determine the identity. |
|
test
Package test contains an identity provider useful for testing other parts of the system.
|
Package test contains an identity provider useful for testing other parts of the system. |
|
usso
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID.
|
Pacakge usso is an identity provider that authenticates against Ubuntu SSO using OpenID. |
|
usso/internal/kvnoncestore
Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore.
|
Package kvnoncestore is an openid.NonceStore that is backed by a store.KeyValueStore. |
|
usso/ussodischarge
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol.
|
Pacakge ussodischarge is an identity provider that authenticates against Ubuntu SSO using Ubuntu SSO's macaroon protocol. |
|
usso/ussodischarge/cmd/login
command
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol.
|
login is a simple tool that can be used to test the Ubuntu SSO discharge login protocol. |
|
usso/ussooauth
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth.
|
Pacakge ussooauth is an identity provider that authenticates against Ubuntu SSO using OAuth. |
|
internal
|
|
|
discharger
Pacakage discharger serves all of the endpoints related to discharging macaroon and logging in.
|
Pacakage discharger serves all of the endpoints related to discharging macaroon and logging in. |
|
idmtest
Package idmtest provides suites and functions useful for testing the identity manager.
|
Package idmtest provides suites and functions useful for testing the identity manager. |
|
Package meeting provides a way for one thread of control to wait for information provided by another thread.
|
Package meeting provides a way for one thread of control to wait for information provided by another thread. |
|
Package memstore provides an in-memory implementation of the store.
|
Package memstore provides an in-memory implementation of the store. |
|
testing
Package testing provides useful tools for testing Store implementations.
|
Package testing provides useful tools for testing Store implementations. |
Click to show internal directories.
Click to hide internal directories.