1// Package auth contains types and functions to manage authentication
2// credentials for service hosts.
3package auth
4
5import (
6	"net/http"
7
8	"github.com/hashicorp/terraform/svchost"
9)
10
11// Credentials is a list of CredentialsSource objects that can be tried in
12// turn until one returns credentials for a host, or one returns an error.
13//
14// A Credentials is itself a CredentialsSource, wrapping its members.
15// In principle one CredentialsSource can be nested inside another, though
16// there is no good reason to do so.
17type Credentials []CredentialsSource
18
19// NoCredentials is an empty CredentialsSource that always returns nil
20// when asked for credentials.
21var NoCredentials CredentialsSource = Credentials{}
22
23// A CredentialsSource is an object that may be able to provide credentials
24// for a given host.
25//
26// Credentials lookups are not guaranteed to be concurrency-safe. Callers
27// using these facilities in concurrent code must use external concurrency
28// primitives to prevent race conditions.
29type CredentialsSource interface {
30	// ForHost returns a non-nil HostCredentials if the source has credentials
31	// available for the host, and a nil HostCredentials if it does not.
32	//
33	// If an error is returned, progress through a list of CredentialsSources
34	// is halted and the error is returned to the user.
35	ForHost(host svchost.Hostname) (HostCredentials, error)
36}
37
38// HostCredentials represents a single set of credentials for a particular
39// host.
40type HostCredentials interface {
41	// PrepareRequest modifies the given request in-place to apply the
42	// receiving credentials. The usual behavior of this method is to
43	// add some sort of Authorization header to the request.
44	PrepareRequest(req *http.Request)
45
46	// Token returns the authentication token.
47	Token() string
48}
49
50// ForHost iterates over the contained CredentialsSource objects and
51// tries to obtain credentials for the given host from each one in turn.
52//
53// If any source returns either a non-nil HostCredentials or a non-nil error
54// then this result is returned. Otherwise, the result is nil, nil.
55func (c Credentials) ForHost(host svchost.Hostname) (HostCredentials, error) {
56	for _, source := range c {
57		creds, err := source.ForHost(host)
58		if creds != nil || err != nil {
59			return creds, err
60		}
61	}
62	return nil, nil
63}
64