cloud

package
v0.0.0-...-05a1a44 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultAppName is the shared keychain application name used by all SafeDep tools.
	DefaultAppName = "safedep"

	// DefaultProfile is the default credential profile name.
	DefaultProfile = "default"
)

Variables

View Source
var (
	// ErrInvalidCredentialType is returned when credentials don't match the
	// expected type for the client (e.g., API key for control plane).
	ErrInvalidCredentialType = errors.New("cloud: invalid credential type for this client")

	// ErrMissingCredentials is returned when required credential fields are empty.
	ErrMissingCredentials = errors.New("cloud: missing required credentials")
)

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a connection to SafeDep Cloud.

func NewControlPlaneClient

func NewControlPlaneClient(name string, creds *Credentials) (*Client, error)

NewControlPlaneClient creates a connection to cloud.safedep.io (JWT auth).

func NewDataPlaneClient

func NewDataPlaneClient(name string, creds *Credentials) (*Client, error)

NewDataPlaneClient creates a connection to api.safedep.io (API key auth).

func (*Client) Close

func (c *Client) Close() error

Close closes the connection.

func (*Client) Connection

func (c *Client) Connection() *grpc.ClientConn

Connection returns the underlying gRPC client connection.

type CloseableCredentialResolver

type CloseableCredentialResolver interface {
	CredentialResolver
	io.Closer
}

CloseableCredentialResolver combines CredentialResolver with io.Closer for resolvers that own underlying resources.

func NewKeychainCredentialResolver

func NewKeychainCredentialResolver(credType CredentialType, opts ...KeychainOption) (CloseableCredentialResolver, error)

NewKeychainCredentialResolver creates a credential resolver backed by the keychain. The credType parameter specifies which credential type to resolve.

type CredentialResolver

type CredentialResolver interface {
	Resolve() (*Credentials, error)
}

CredentialResolver resolves SafeDep Cloud credentials.

func NewChainCredentialResolver

func NewChainCredentialResolver(resolvers ...CredentialResolver) CredentialResolver

NewChainCredentialResolver tries resolvers in order, returning the first successful result.

func NewEnvCredentialResolver

func NewEnvCredentialResolver() (CredentialResolver, error)

NewEnvCredentialResolver creates a resolver that reads from SAFEDEP_API_KEY and SAFEDEP_TENANT_ID environment variables.

type CredentialStore

type CredentialStore interface {
	SaveAPIKeyCredential(apiKey, tenantDomain string) error
	SaveTokenCredential(token, refreshToken, tenantDomain string) error
	Clear() error
	io.Closer
}

CredentialStore writes SafeDep Cloud credentials to the keychain.

func NewKeychainCredentialStore

func NewKeychainCredentialStore(opts ...KeychainOption) (CredentialStore, error)

NewKeychainCredentialStore creates a credential store backed by the keychain.

type CredentialType

type CredentialType int

CredentialType identifies the authentication plane.

const (
	CredentialTypeUnspecified CredentialType = iota
	CredentialTypeAPIKey                     // Data plane (api.safedep.io)
	CredentialTypeToken                      // Control plane (cloud.safedep.io)
)

type Credentials

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials holds SafeDep Cloud authentication details. Fields are private. Use constructors to create, getters to access.

func NewAPIKeyCredential

func NewAPIKeyCredential(apiKey, tenantDomain string) (*Credentials, error)

NewAPIKeyCredential creates data plane credentials. Returns error if apiKey is empty.

func NewTokenCredential

func NewTokenCredential(token, refreshToken, tenantDomain string) (*Credentials, error)

NewTokenCredential creates control plane credentials. Returns error if token is empty.

func (*Credentials) GetAPIKey

func (c *Credentials) GetAPIKey() (string, error)

GetAPIKey returns the API key. Errors if not data plane credentials.

func (*Credentials) GetRefreshToken

func (c *Credentials) GetRefreshToken() (string, error)

GetRefreshToken returns the refresh token. Errors if not control plane credentials.

func (*Credentials) GetTenantDomain

func (c *Credentials) GetTenantDomain() (string, error)

GetTenantDomain returns the tenant domain. Returns error if empty.

func (*Credentials) GetToken

func (c *Credentials) GetToken() (string, error)

GetToken returns the access token. Errors if not control plane credentials.

func (*Credentials) IsControlPlane

func (c *Credentials) IsControlPlane() bool

IsControlPlane returns true if these are control plane credentials.

func (*Credentials) IsDataPlane

func (c *Credentials) IsDataPlane() bool

IsDataPlane returns true if these are data plane credentials.

type KeychainOption

type KeychainOption func(*keychainConfig)

KeychainOption configures keychain-based credential store and resolver.

func WithAppName

func WithAppName(name string) KeychainOption

WithAppName overrides the default application name for the keychain.

func WithInsecureFileFallback

func WithInsecureFileFallback() KeychainOption

WithInsecureFileFallback enables plaintext file storage when the OS keychain is unavailable.

func WithInsecureFileFallbackPath

func WithInsecureFileFallbackPath(path string) KeychainOption

WithInsecureFileFallbackPath sets a custom file path for the insecure file fallback. Implies WithInsecureFileFallback.

func WithKeychainHandle

func WithKeychainHandle(kc keychain.Keychain) KeychainOption

WithKeychainHandle injects an existing keychain instance. The caller owns the lifecycle (Close) when this option is used.

func WithProfile

func WithProfile(profile string) KeychainOption

WithProfile selects a named credential profile. Defaults to "default". Empty or whitespace-only values are normalized to DefaultProfile.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL