auth

package
v0.56.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SESSION_EXPIRES_AT_UNIX  authFieldKey = "session_expires_at_unix"
	ACCESS_TOKEN             authFieldKey = "access_token"
	REFRESH_TOKEN            authFieldKey = "refresh_token"
	SERVICE_ACCOUNT_TOKEN    authFieldKey = "service_account_token"
	SERVICE_ACCOUNT_EMAIL    authFieldKey = "service_account_email"
	USER_EMAIL               authFieldKey = "user_email"
	SERVICE_ACCOUNT_KEY      authFieldKey = "service_account_key"
	PRIVATE_KEY              authFieldKey = "private_key"
	TOKEN_CUSTOM_ENDPOINT    authFieldKey = "token_custom_endpoint"
	IDP_TOKEN_ENDPOINT       authFieldKey = "idp_token_endpoint" //nolint:gosec // linter false positive
	CACHE_ENCRYPTION_KEY     authFieldKey = "cache_encryption_key"
	CACHE_ENCRYPTION_KEY_AGE authFieldKey = "cache_encryption_key_age"
)

Variables

This section is empty.

Functions

func AuthenticateServiceAccount 

func AuthenticateServiceAccount(p *print.Printer, rt http.RoundTripper, disableWriting bool) (email, accessToken string, err error)

AuthenticateServiceAccount checks the type of the provided roundtripper, authenticates the CLI accordingly and store the credentials. For the key flow, it fetches an access token from the Service Account API. For the token flow, it just stores the provided token and doesn't check if it is valid. It returns the email associated with the service account If disableWriting is set to true the credentials are not stored on disk (keyring, file).

func AuthenticationConfig 

func AuthenticationConfig(p *print.Printer, reauthorizeUserRoutine func(p *print.Printer, _ UserAuthConfig) error) (authCfgOption sdkConfig.ConfigurationOption, err error)

AuthenticationConfig reads the credentials from the storage and initializes the authentication flow. It returns the configuration option that can be used to create an authenticated SDK client.

If the user was logged in and the user session expired, reauthorizeUserRoutine is called to reauthenticate the user again. If the environment variable STACKIT_ACCESS_TOKEN is set this token is used instead.

func AuthorizeUser 

func AuthorizeUser(p *print.Printer, authConfig UserAuthConfig) error

AuthorizeUser implements the PKCE OAuth2 flow.

func DeleteAuthField added in v0.10.0 

func DeleteAuthField(key authFieldKey) error

func DeleteProfileAuth added in v0.10.0 

func DeleteProfileAuth(profile string) error

func EnsureIDPTokenEndpoint added in v0.56.0 

func EnsureIDPTokenEndpoint(p *print.Printer) error

EnsureIDPTokenEndpoint ensures that the `IDP_TOKEN_ENDPOINT` auth field is set. This field is by default only initialized for user accounts. Call this method to also initialize it for service accounts.

func ExchangeToken added in v0.56.0 

func ExchangeToken(ctx context.Context, idpClient *http.Client, accessToken, resource string) (string, error)

func GetAccessToken added in v0.25.0 

func GetAccessToken() (string, error)

func GetAuthEmail added in v0.30.0 

func GetAuthEmail() (string, error)

GetAuthEmail returns the email of the authenticated account. If the environment variable STACKIT_ACCESS_TOKEN is set, the email of this token will be returned.

func GetAuthField 

func GetAuthField(key authFieldKey) (string, error)

func GetAuthFieldMap 

func GetAuthFieldMap(keyMap map[authFieldKey]string) error

Populates the values in the given map according to the auth storage

func GetProfileEmail added in v0.8.0 

func GetProfileEmail(profile string) string

GetProfileEmail returns the email of the user or service account associated with the given profile. If the profile is not authenticated or the email can't be obtained, it returns an empty string.

func GetValidAccessToken added in v0.39.0 

func GetValidAccessToken(p *print.Printer) (string, error)

GetValidAccessToken returns a valid access token for the current authentication flow. For user token flows, it refreshes the token if necessary. For service account flows, it returns the current access token.

func LoginUser added in v0.10.0 

func LoginUser(email, accessToken, refreshToken, sessionExpiresAtUnix string) error

func LogoutUser added in v0.10.0 

func LogoutUser() error

func SetAuthField 

func SetAuthField(key authFieldKey, value string) error

func SetAuthFieldMap 

func SetAuthFieldMap(keyMap map[authFieldKey]string) error

Sets the values in the auth storage according to the given map

func SetAuthFlow 

func SetAuthFlow(value AuthFlow) error

func TokenExpirationTime added in v0.56.0 

func TokenExpirationTime(token string) (time.Time, error)

func TokenExpired added in v0.25.0 

func TokenExpired(token string) (bool, error)

func UserSessionExpired added in v0.25.0 

func UserSessionExpired() (bool, error)

func UserTokenFlow 

func UserTokenFlow(p *print.Printer) *userTokenFlow

Returns a round tripper that adds authentication according to the user token flow

Types

type AuthFlow 

type AuthFlow string

Possible values of authentication flows 

const (
	AUTH_FLOW_USER_TOKEN            AuthFlow = "user_token"
	AUTH_FLOW_SERVICE_ACCOUNT_TOKEN AuthFlow = "sa_token"
	AUTH_FLOW_SERVICE_ACCOUNT_KEY   AuthFlow = "sa_key"
)

func GetAuthFlow 

func GetAuthFlow() (AuthFlow, error)

type InputValues added in v0.27.0 

type InputValues struct {
	Email string
}

type UserAuthConfig added in v0.56.0 

type UserAuthConfig struct {
	// IsReauthentication defines if an expired user session should be renewed
	IsReauthentication bool
	// Port defines which port should be used for the UserAuthFlow callback
	Port *int
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.