-
Notifications
You must be signed in to change notification settings - Fork 3
/
types.go
133 lines (114 loc) · 3.29 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package types
import (
"fmt"
"time"
)
//ConfigMap maps all the configuration needed by auth
type ConfigMap struct {
AuthConfig AuthConfig `yaml:"authConfig"`
}
//AuthConfig ...
type AuthConfig struct {
V0 UserMeta `yaml:"v0"`
ServerAddress int `yaml:"serverAddress"`
AuthSigningKey string `yaml:"authSigningKey"`
}
// UserMeta - User detail for V0 api
type UserMeta struct {
Source string `yaml:"source"`
UserDetailFilePath string `yaml:"userDetailFilePath"`
}
//AuthResponse ...
type AuthResponse struct {
Provider Provider `json:"provider,omitempty"`
Error string `json:"error,omitempty"`
}
//Provider ...
type Provider struct {
Name string `json:"name,omitempty"`
Token Token `json:"token,omitempty"`
}
//Token return JWT with its expiry time
type Token struct {
JWT string `json:"jwt,omitempty"`
Expiry int64 `json:"expiry,omitempty"`
}
//V1Token ...
type V1Token struct {
Token string `json:"token,omitempty"`
Expiry int64 `json:"expiry,omitempty"`
}
//RawAuthResponse ...
type RawAuthResponse struct {
Provider Provider
Error error
HTTPStatus int
}
//UserInfo holds authentication information
type UserInfo struct {
APIVersion string `json:"apiVersion,omitempty"`
Kind string `json:"kind,omitempty"`
Status *Status `json:"status,omitempty"`
}
//User holds user information from AD
type User struct {
Username string `json:"username,omitempty"`
EMail string `json:"email,omitempty"`
UID string `json:"uid,omitempty"`
Groups []string `json:"groups,omitempty"`
}
// UserCredentials is a simple username/password pair
type UserCredentials struct {
UserName string
Password string
}
// JWTClaimsJSON is used for decoding an incoming JSON JWT payload to the /authenticate API
type JWTClaimsJSON struct {
Iat int64 `json:"iat"`
UID string `json:"uid"`
Username string `json:"username"`
Expiry int64 `json:"exp"`
Groups []string `json:"groups"`
}
// Valid so that JWTClaimsJSON satisfies the jwt.Claims interface
func (c JWTClaimsJSON) Valid() error {
if c.UID == "" {
return fmt.Errorf("UID must be present in token claims")
}
if c.Expiry == 0 {
return fmt.Errorf("Token has no expiry")
}
if c.Expiry < int64(time.Now().Unix()) {
return fmt.Errorf("Token has expired")
}
if c.Iat > int64(time.Now().Unix()+int64(time.Second)) {
return fmt.Errorf("Token is from the future")
}
return nil
}
//Status indicates if user is authenticated or not
type Status struct {
Authenticated *bool `json:"authenticated,omitempty"`
User *User `json:"user,omitempty"`
}
//Request maps the incoming auth request from api-server
type Request struct {
APIVersion string `json:"apiVersion,omitempty"`
Kind string `json:"kind,omitempty"`
Spec *Spec `json:"spec,omitempty"`
}
//Spec maps to the bearer token send by api-server
type Spec struct {
Token string `json:"token,omitempty"`
}
//Authorization response
type AuthorizationResponse struct {
APIVersion string `json:"apiVersion,omitempty"`
Kind string `json:"kind,omitempty"`
Status *AuthorizationStatus `json:"status,omitempty"`
}
type AuthorizationStatus struct {
Allowed bool `json:"allowed,omitempty"`
Denied bool `json:"denied,omitempty"`
Reason string `json:"reason,omitempty"`
}