GetClientCertAuthType returns TLS cert type.

GetClusterEncryptionConfig returns if cross node communication needs to be encrypted and if non-SSL ports need to be disabled.

GetClusterUuid returns UUID of the cluster cbauth is currently connecting to.

GetCreds returns service password for given host and port together with memcached admin name and http special user.

GetGuardrailStatuses returns guardrail statuses.

GetNodeUuid returns UUID of the node cbauth is currently connecting to.

GetTLSConfig returns current tls config that contains cipher suites, min TLS version, etc.

IsAuthTokenPresent returns true iff ns_server's ui token header ("ns-server-ui") is set to "yes".

MaybeGetCredsFromCert extracts user's credentials from certificate Those returned credentials could be used for calling IsAllowed function.

NewSVC constructs Svc instance.

NewSVCForTest constructs Svc instance.

RegisterConfigRefreshCallback registers callback for refreshing SSL certs or TLS config.

RegisterTLSRefreshCallback registers callback for refreshing TLS config.

ResetSvc marks service's db as stale.

SetExpectedClusterUuid sets the expected UUID of the cluster we are connecting to.

SetTransport allows to change RoundTripper for Svc.

VerifyOnBehalf authenticates http request with on behalf header.

VerifyOnServer authenticates http request by calling POST /_cbauth REST endpoint.

VerifyPassword verifies given user/password creds against cbauth password database.

ErrCallbackAlreadyRegistered is used to signal that certificate refresh callback is already registered.

ErrNoAuth is an error that is returned when the user credentials are not recognized.

ErrNoUuid is an error that is returned when the uuid for user is empty.

ErrUserNotFound is used to signal when username can't be extracted from client certificate.

Cache is a structure into which the revrpc json is unmarshalled.

Cache is a structure into which the revrpc json is unmarshalled if used from external service.

ClusterEncryptionConfig contains info about whether to use SSL ports for communication channels and whether to disable non-SSL ports.

CredsImpl implements cbauth.Creds interface.

GuardrailStatus contains the current status for a resource that we want a service to be aware of.

Node struct is used as part of Cache messages to describe creds and ports of some cluster node.

Svc is a struct that holds state of cbauth service.

TLSConfig contains tls settings to be used by cbauth clients When something in tls config changes user is notified via TLSRefreshCallback.

ConfigRefreshCallback type describes the callback called when any of the following are updated: 1.

TLSRefreshCallback type describes callback for reinitializing TLSConfig when ssl certificate or client cert auth setting changes.