()
| 37 | ) |
| 38 | |
| 39 | func main() { |
| 40 | // Start a fake Elasticsearch server with SPNEGO auth middleware |
| 41 | srv := fake.NewServer( |
| 42 | fake.WithLogFn(func(r *http.Request) { |
| 43 | auth := r.Header.Get("Authorization") |
| 44 | slog.Info("server received request", |
| 45 | slog.String("method", r.Method), |
| 46 | slog.String("path", r.URL.Path), |
| 47 | slog.String("authorization", auth), |
| 48 | ) |
| 49 | }), |
| 50 | fake.WithResponseBody([]byte(`{"cluster_name":"example"}`)), |
| 51 | fake.WithHeaders(func(h http.Header) { |
| 52 | h.Set("X-Elastic-Product", "Elasticsearch") |
| 53 | h.Set("Content-Type", "application/json") |
| 54 | }), |
| 55 | fake.WithMiddleware(SPNEGOAuthMiddleware), |
| 56 | ) |
| 57 | defer srv.Close() |
| 58 | |
| 59 | // Create an Elasticsearch client with the Kerberos interceptor |
| 60 | es, err := elasticsearch.New( |
| 61 | elasticsearch.WithAddresses(srv.URL()), |
| 62 | elasticsearch.WithTransportOptions(elastictransport.WithInterceptors( |
| 63 | KerberosInterceptor(MockTokenProvider), |
| 64 | )), |
| 65 | ) |
| 66 | if err != nil { |
| 67 | panic(err) |
| 68 | } |
| 69 | |
| 70 | // Send a request - the interceptor handles the 401 challenge automatically |
| 71 | fmt.Println(">>> Sending request (interceptor will handle SPNEGO challenge)") |
| 72 | resp, err := es.Info() |
| 73 | if err != nil { |
| 74 | panic(err) |
| 75 | } |
| 76 | fmt.Printf(">>> Response status: %s\n", resp.Status()) |
| 77 | } |
| 78 | |
| 79 | // KerberosInterceptor creates an interceptor that handles Kerberos/SPNEGO authentication. |
| 80 | // When a 401 response with WWW-Authenticate: Negotiate is received, it obtains a token |
nothing calls this directly
no test coverage detected