auth

package
v2.30.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2025 License: Apache-2.0 Imports: 18 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	DefaultKeycloakURL                    = "http://platform-keycloak.orch-platform:8080"
	DefaultKeycloakRealm                  = "master"
	DefaultOnboardingCredentialsSecretKey = "client_secret"
	DefaultENCredentialsPrefix            = "edgenode-"

	EnvNameKeycloakURL                     = "KEYCLOAK_URL"
	EnvNameKeycloakRealm                   = "KEYCLOAK_REALM"
	EnvNameOnboardingManagerClientName     = "ONBOARDING_MANAGER_CLIENT_NAME"
	EnvNameOnboardingCredentialsSecretName = "ONBOARDING_CREDENTIALS_SECRET_NAME"
	EnvNameOnboardingCredentialsSecretKey  = "ONBOARDING_CREDENTIALS_SECRET_KEY"
	EnvNameENCredentialsPrefix             = "EN_CREDENTIALS_PREFIX"
	EnvNameEnableGroupCache                = "ENABLE_GROUP_CACHE"
)

Variables

View Source 
var (
	AuthServiceFactory = newKeycloakSecretService
	LoginMethod        = loginKeycloakClient
)

Functions

func AuthServiceMockFactory 

func AuthServiceMockFactory(
	t *testing.T,
	createShouldFail,
	getShouldFail,
	revokeShouldFail bool,
) func(ctx context.Context) (AuthService, error)

func Init 

func Init() error

Init bootstraps the auth service library. Must be called after secretprovider.Init().

func RevokeHostCredentials 

func RevokeHostCredentials(ctx context.Context, tenantID, uuID string) error

Types

type AuthService 

type AuthService interface {
	// CreateCredentialsWithUUID creates EN credentials based on UUID.
	// The credentials can be further used by edge node agents.
	CreateCredentialsWithUUID(ctx context.Context, tenantID, uuid string) (string, string, error)
	// GetCredentialsByUUID obtains EN credentials based on UUID.
	GetCredentialsByUUID(ctx context.Context, tenantID, uuid string) (string, string, error)
	// RevokeCredentialsByUUID revokes EN credentials based on UUID.
	RevokeCredentialsByUUID(ctx context.Context, tenantID, uuid string) error

	// Logout closes the session with authorization service.
	// Should always be invoked after all operations in a session are done.
	Logout(ctx context.Context)
}

AuthService implements the authorization service to create or revoke EN credentials. Remember to call auth.Init() at the very beginning.

type KeycloakAPI 

type KeycloakAPI interface {
	CreateClient(ctx context.Context, accessToken, realm string, newClient gocloak.Client) (string, error)
	GetClientSecret(ctx context.Context, token, realm, idOfClient string) (*gocloak.CredentialRepresentation, error)
	GetClients(ctx context.Context, token, realm string, params gocloak.GetClientsParams) ([]*gocloak.Client, error)
	GetUsers(ctx context.Context, token, realm string, params gocloak.GetUsersParams) ([]*gocloak.User, error)
	GetRoleMappingByUserID(ctx context.Context, token, realm, userID string) (*gocloak.MappingsRepresentation, error)
	AddUserToGroup(ctx context.Context, token, realm, userID, groupID string) error
	DeleteClient(ctx context.Context, token, realm, idOfClient string) error
	Logout(ctx context.Context, clientID, clientSecret, realm, refreshToken string) error
	GetGroups(ctx context.Context, token, realm string, params gocloak.GetGroupsParams) ([]*gocloak.Group, error)
}

KeycloakAPI wraps Keycloak under interface to enable mocking for unit testing.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.