forked from couchbase/gocbcore
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.go
80 lines (66 loc) · 2.16 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package gocbcore
import "crypto/tls"
// UserPassPair represents a username and password pair.
type UserPassPair struct {
Username string
Password string
}
// AuthCredsRequest represents an authentication details request from the agent.
type AuthCredsRequest struct {
Service ServiceType
Endpoint string
}
// AuthCertRequest represents a certificate details request from the agent.
type AuthCertRequest struct {
Service ServiceType
Endpoint string
}
// AuthProvider is an interface to allow the agent to fetch authentication
// credentials on-demand from the application.
type AuthProvider interface {
SupportsTLS() bool
SupportsNonTLS() bool
Certificate(req AuthCertRequest) (*tls.Certificate, error)
Credentials(req AuthCredsRequest) ([]UserPassPair, error)
}
func getSingleAuthCreds(auth AuthProvider, req AuthCredsRequest) (UserPassPair, error) {
creds, err := auth.Credentials(req)
if err != nil {
return UserPassPair{}, err
}
if len(creds) != 1 {
return UserPassPair{}, errInvalidCredentials
}
return creds[0], nil
}
func getKvAuthCreds(auth AuthProvider, endpoint string) (UserPassPair, error) {
return getSingleAuthCreds(auth, AuthCredsRequest{
Service: MemdService,
Endpoint: endpoint,
})
}
// PasswordAuthProvider provides a standard AuthProvider implementation
// for use with a standard username/password pair (for example, RBAC).
type PasswordAuthProvider struct {
Username string
Password string
}
// SupportsNonTLS specifies whether this authenticator supports non-TLS connections.
func (auth PasswordAuthProvider) SupportsNonTLS() bool {
return true
}
// SupportsTLS specifies whether this authenticator supports TLS connections.
func (auth PasswordAuthProvider) SupportsTLS() bool {
return true
}
// Certificate directly returns a certificate chain to present for the connection.
func (auth PasswordAuthProvider) Certificate(req AuthCertRequest) (*tls.Certificate, error) {
return nil, nil
}
// Credentials directly returns the username/password from the provider.
func (auth PasswordAuthProvider) Credentials(req AuthCredsRequest) ([]UserPassPair, error) {
return []UserPassPair{{
Username: auth.Username,
Password: auth.Password,
}}, nil
}