luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-nomad/lib/auth/identity.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

40 lines
1011 B
Go
Raw Permalink Normal View History

[COMPLIANCE] Add Copyright and License Headers
2023-04-10 15:36:59 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
acl: RPC endpoints for JWT auth (#15918)
2023-03-16 13:50:20 +00:00
package auth
lib: add OIDC provider cache and callback server. The OIDC provider cache is used by the RPC handler as the OIDC implementation keeps long lived processes running. These process include connections to the remote OIDC provider. The Callback server is used by the CLI and starts when the login command is triggered. This callback server includes success HTML which is displayed when the user successfully logs into the remote OIDC provider.
2023-01-13 13:14:50 +00:00
import (
"github.com/hashicorp/nomad/nomad/structs"
)
type Identity struct {
// Claims is the format of this Identity suitable for selection
// with a binding rule.
Claims interface{}
// ClaimMappings is the format of this Identity suitable for interpolation in a
// bind name within a binding rule.
ClaimMappings map[string]string
}
// NewIdentity builds a new Identity that can be used to generate bindings via
// Bind for ACL token creation.
func NewIdentity(
authMethodConfig *structs.ACLAuthMethodConfig, authClaims *structs.ACLAuthClaims) *Identity {
claimMappings := make(map[string]string)
// Populate claimMappings vars with empty values so HIL works.
for _, k := range authMethodConfig.ClaimMappings {
claimMappings["value."+k] = ""
}
for k, val := range authClaims.Value {
claimMappings["value."+k] = val
}
return &Identity{
Claims: authClaims,
ClaimMappings: claimMappings,
}
}