1// Package auth contains types and functions to manage authentication 2// credentials for service hosts. 3package auth 4 5import ( 6 "net/http" 7 8 "github.com/hashicorp/terraform/svchost" 9) 10 11// Credentials is a list of CredentialsSource objects that can be tried in 12// turn until one returns credentials for a host, or one returns an error. 13// 14// A Credentials is itself a CredentialsSource, wrapping its members. 15// In principle one CredentialsSource can be nested inside another, though 16// there is no good reason to do so. 17type Credentials []CredentialsSource 18 19// NoCredentials is an empty CredentialsSource that always returns nil 20// when asked for credentials. 21var NoCredentials CredentialsSource = Credentials{} 22 23// A CredentialsSource is an object that may be able to provide credentials 24// for a given host. 25// 26// Credentials lookups are not guaranteed to be concurrency-safe. Callers 27// using these facilities in concurrent code must use external concurrency 28// primitives to prevent race conditions. 29type CredentialsSource interface { 30 // ForHost returns a non-nil HostCredentials if the source has credentials 31 // available for the host, and a nil HostCredentials if it does not. 32 // 33 // If an error is returned, progress through a list of CredentialsSources 34 // is halted and the error is returned to the user. 35 ForHost(host svchost.Hostname) (HostCredentials, error) 36} 37 38// HostCredentials represents a single set of credentials for a particular 39// host. 40type HostCredentials interface { 41 // PrepareRequest modifies the given request in-place to apply the 42 // receiving credentials. The usual behavior of this method is to 43 // add some sort of Authorization header to the request. 44 PrepareRequest(req *http.Request) 45 46 // Token returns the authentication token. 47 Token() string 48} 49 50// ForHost iterates over the contained CredentialsSource objects and 51// tries to obtain credentials for the given host from each one in turn. 52// 53// If any source returns either a non-nil HostCredentials or a non-nil error 54// then this result is returned. Otherwise, the result is nil, nil. 55func (c Credentials) ForHost(host svchost.Hostname) (HostCredentials, error) { 56 for _, source := range c { 57 creds, err := source.ForHost(host) 58 if creds != nil || err != nil { 59 return creds, err 60 } 61 } 62 return nil, nil 63} 64