Documentation
¶
Index ¶
Constants ¶
const ( // DefaultAppName is the shared keychain application name used by all SafeDep tools. DefaultAppName = "safedep" // DefaultProfile is the default credential profile name. DefaultProfile = "default" )
Variables ¶
var ( // ErrInvalidCredentialType is returned when credentials don't match the // expected type for the client (e.g., API key for control plane). ErrInvalidCredentialType = errors.New("cloud: invalid credential type for this client") // ErrMissingCredentials is returned when required credential fields are empty. ErrMissingCredentials = errors.New("cloud: missing required credentials") )
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a connection to SafeDep Cloud.
func NewControlPlaneClient ¶
func NewControlPlaneClient(name string, creds *Credentials) (*Client, error)
NewControlPlaneClient creates a connection to cloud.safedep.io (JWT auth).
func NewDataPlaneClient ¶
func NewDataPlaneClient(name string, creds *Credentials) (*Client, error)
NewDataPlaneClient creates a connection to api.safedep.io (API key auth).
func (*Client) Connection ¶
func (c *Client) Connection() *grpc.ClientConn
Connection returns the underlying gRPC client connection.
type CloseableCredentialResolver ¶
type CloseableCredentialResolver interface {
CredentialResolver
io.Closer
}
CloseableCredentialResolver combines CredentialResolver with io.Closer for resolvers that own underlying resources.
func NewKeychainCredentialResolver ¶
func NewKeychainCredentialResolver(credType CredentialType, opts ...KeychainOption) (CloseableCredentialResolver, error)
NewKeychainCredentialResolver creates a credential resolver backed by the keychain. The credType parameter specifies which credential type to resolve.
type CredentialResolver ¶
type CredentialResolver interface {
Resolve() (*Credentials, error)
}
CredentialResolver resolves SafeDep Cloud credentials.
func NewChainCredentialResolver ¶
func NewChainCredentialResolver(resolvers ...CredentialResolver) CredentialResolver
NewChainCredentialResolver tries resolvers in order, returning the first successful result.
func NewEnvCredentialResolver ¶
func NewEnvCredentialResolver() (CredentialResolver, error)
NewEnvCredentialResolver creates a resolver that reads from SAFEDEP_API_KEY and SAFEDEP_TENANT_ID environment variables.
type CredentialStore ¶
type CredentialStore interface {
SaveAPIKeyCredential(apiKey, tenantDomain string) error
SaveTokenCredential(token, refreshToken, tenantDomain string) error
Clear() error
io.Closer
}
CredentialStore writes SafeDep Cloud credentials to the keychain.
func NewKeychainCredentialStore ¶
func NewKeychainCredentialStore(opts ...KeychainOption) (CredentialStore, error)
NewKeychainCredentialStore creates a credential store backed by the keychain.
type CredentialType ¶
type CredentialType int
CredentialType identifies the authentication plane.
const ( CredentialTypeUnspecified CredentialType = iota CredentialTypeAPIKey // Data plane (api.safedep.io) CredentialTypeToken // Control plane (cloud.safedep.io) )
type Credentials ¶
type Credentials struct {
// contains filtered or unexported fields
}
Credentials holds SafeDep Cloud authentication details. Fields are private. Use constructors to create, getters to access.
func NewAPIKeyCredential ¶
func NewAPIKeyCredential(apiKey, tenantDomain string) (*Credentials, error)
NewAPIKeyCredential creates data plane credentials. Returns error if apiKey is empty.
func NewTokenCredential ¶
func NewTokenCredential(token, refreshToken, tenantDomain string) (*Credentials, error)
NewTokenCredential creates control plane credentials. Returns error if token is empty.
func (*Credentials) GetAPIKey ¶
func (c *Credentials) GetAPIKey() (string, error)
GetAPIKey returns the API key. Errors if not data plane credentials.
func (*Credentials) GetRefreshToken ¶
func (c *Credentials) GetRefreshToken() (string, error)
GetRefreshToken returns the refresh token. Errors if not control plane credentials.
func (*Credentials) GetTenantDomain ¶
func (c *Credentials) GetTenantDomain() (string, error)
GetTenantDomain returns the tenant domain. Returns error if empty.
func (*Credentials) GetToken ¶
func (c *Credentials) GetToken() (string, error)
GetToken returns the access token. Errors if not control plane credentials.
func (*Credentials) IsControlPlane ¶
func (c *Credentials) IsControlPlane() bool
IsControlPlane returns true if these are control plane credentials.
func (*Credentials) IsDataPlane ¶
func (c *Credentials) IsDataPlane() bool
IsDataPlane returns true if these are data plane credentials.
type KeychainOption ¶
type KeychainOption func(*keychainConfig)
KeychainOption configures keychain-based credential store and resolver.
func WithAppName ¶
func WithAppName(name string) KeychainOption
WithAppName overrides the default application name for the keychain.
func WithInsecureFileFallback ¶
func WithInsecureFileFallback() KeychainOption
WithInsecureFileFallback enables plaintext file storage when the OS keychain is unavailable.
func WithInsecureFileFallbackPath ¶
func WithInsecureFileFallbackPath(path string) KeychainOption
WithInsecureFileFallbackPath sets a custom file path for the insecure file fallback. Implies WithInsecureFileFallback.
func WithKeychainHandle ¶
func WithKeychainHandle(kc keychain.Keychain) KeychainOption
WithKeychainHandle injects an existing keychain instance. The caller owns the lifecycle (Close) when this option is used.
func WithProfile ¶
func WithProfile(profile string) KeychainOption
WithProfile selects a named credential profile. Defaults to "default". Empty or whitespace-only values are normalized to DefaultProfile.