Documentation ¶
Overview ¶
Package auth describes some implementations of Provider that can be used in snellerd.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Provider ¶
Provider is the interface through which HTTP Bearer tokens are turned into db.Tenant objects. The purpose of Provider is to hide the details mapping tokens to users and users to db.FS implementations.
See, for example, S3Bearer for a Provider that uses a remote HTTP(s) endpoint to turn tokens into S3 credentials for implementing a Tenant.
func FromEndPoint ¶
FromEndPoint creates an authorization provider that uses and endpoint to validate and return the proper credentials. See also S3Bearer.
func FromFile ¶
FromFile creates an authorization provider that reads the credential information from the given file-name. See alse S3Static.
func NewEnvProvider ¶
func NewWebIdentityProvider ¶
NewWebIdentityProvider returns a provider that allows fetching AWS credentials using a web-identity token. It returns a `nil` provider, when one of the required environment variables isn't set.
type S3Bearer ¶
S3Bearer is a tenant authorization strategy that produces a db.Tenant from a remote HTTP(s) endpoint by passing it an opaque token. The remote HTTP(s) endpoint is expected to return a JSON object describing the S3 bucket and access credentials necessary for the tenant to operate. See also S3BearerIdentity.
type S3BearerCredentials ¶
type S3BearerCredentials struct { BaseURI string `json:"BaseURI,omitempty"` AccessKeyID string `json:"AccessKeyID"` SecretAccessKey string `json:"SecretAccessKey"` SessionToken string `json:"SessionToken,omitempty"` Source string `json:"Source,omitempty"` Expires time.Time `json:"Expires,omitempty"` CanExpire bool `json:"CanExpire"` }
type S3BearerIdentity ¶
type S3BearerIdentity struct { ID string `json:"TenantID"` Region string `json:"Region"` IndexKey []byte `json:"IndexKey,omitempty"` Bucket string `json:"SnellerBucket"` // Credentials is a JSON-compatible // representation of the AWS SDK "Credentials" structure Credentials S3BearerCredentials `json:"Credentials"` // MaxScanBytes is the maximum number of bytes // allowed to be scanned on any query. MaxScanBytes uint64 `json:"MaxScanBytes"` }
S3BearerIdentity describes the JSON object that should be returned from the HTTP server implementing the S3Bearer API.
func (*S3BearerIdentity) Expired ¶
func (s *S3BearerIdentity) Expired() bool
Expired indicates whether or not the credentials in the identity have expired.
type S3Static ¶
type S3Static struct { // CheckToken is used to validate // tokens in Authorize. // If CheckToken is nil, then all // tokens are accepted. CheckToken func(token string) error // S3BearerIdentity is the embedded // static identity that is used to // implement the db.Tenant returned // from Authorize. S3BearerIdentity }
S3Static is a Provider that is backed by a single static S3 identity.