domain

Documentation

Index

• Constants
• Variables
• type Access
• type Certificate
• type DatabaseConfig
• type HttpServerConfig
• type Identity
• type Metadata
• type Namespace
• type Password
• type Role
• type RootConfig
• type Rule
  • func (r *Rule) AsPermissive(other *Rule) bool
  • func (r *Rule) CheckAccess(namespace, name, objectType, operation string, instances []Metadata) error
• type SOIDConfig
• type Session
  • func (s *Session) AddAccess(ctx context.Context, access *Access)
• type User

Constants

const (
	RuleSetUnknown = "unknown"
	RuleSetRoot    = "root"
	RuleSetAdmin   = "admin"
	RuleSetGuest   = "guest"
)

const (
	UnknownRole = "Unknown"
	RootRole    = "root"
	GuestRole   = "guest"
	AdminRole   = "admin"
)

Variables

var (
	ErrNotFound        = errors.New("not found")
	ErrSessionTimedOut = errors.New("session timed out")
	ErrNotAllowed      = errors.New("not allowed")
)

Errors

Types

type Access

type Access struct {
	Metadata  `gorm:"embedded;embeddedPrefix:metadata_"`
	SessionID uint
	IPAddress string
}

type Certificate

type Certificate struct {
	Metadata   `gorm:"embedded;embeddedPrefix:metadata_"`
	IdentityID uint
}

type DatabaseConfig

type DatabaseConfig struct {
	Path     string
	Username string
	Password string
}

type HttpServerConfig

type HttpServerConfig struct {
	Address        string   `yaml:"address"`
	AllowedOrigins []string `yaml:"allowed_origins"`
	PrivateKey     string   `yaml:"private_key"`
	Certificate    string   `yaml:"certificate"`
	CaCert         string   `yaml:"ca_cert"`
	WebRoot        string   `yaml:"webroot"`
}

type Identity

type Identity struct {
	Metadata     `gorm:"embedded;embeddedPrefix:metadata_"`
	Password     Password      `gorm:"embedded"`
	Certificates []Certificate `gorm:"many2many:identity_certificates;"`
	Roles        []Role        `gorm:"many2many:identity_roles;"`
}

type Metadata

type Metadata struct {
	Namespace string
	Name      string
	Type      string
	ID        uint      `gorm:"primarykey"`
	CreatedAt time.Time `yaml:"created_at"`
	UpdatedAt time.Time `yaml:"updated_at"`
}

type Namespace

type Namespace struct {
	// The namespace field of Metadata will be empty
	Metadata `gorm:"embedded;embeddedPrefix:metadata_"`
}

type Password

type Password struct {
	Username string
	Password string
}

type Role

type Role struct {
	Metadata `gorm:"embedded;embeddedPrefix:metadata_"`
	Rules    []Rule `gorm:"many2many:role_rules;"`
}

type RootConfig

type RootConfig struct {
	Username string
	Password string
}

type Rule

type Rule struct {
	Metadata   `gorm:"embedded;embeddedPrefix:metadata_"`
	Namespace  string
	Name       string
	ObjectType string
	Operation  string
	Instances  []Metadata `gorm:"many2many:Rule_instances;"`
}

A Rule is needed to permit something. Default everything is denied

func (*Rule) AsPermissive

func (r *Rule) AsPermissive(other *Rule) bool

AsPermissive assert this rule is as permissive as the other rule The other rule can be less permissive, but not more permissive.

func (*Rule) CheckAccess

func (r *Rule) CheckAccess(namespace, name, objectType, operation string, instances []Metadata) error

CheckAccess compares the parameters with the rule and returns nil if the rule is not broken

type SOIDConfig

type SOIDConfig struct {
	Metadata                `gorm:"embedded;embeddedPrefix:metadata_"`
	SoidNamespace           string `yaml:"soid_namespace"`
	SystemAdminUserPassword string `yaml:"system_admin_password"`
	Root                    RootConfig
	Database                DatabaseConfig   `yaml:"database"`
	HTTPServer              HttpServerConfig `yaml:"http_server"`
}

type Session

type Session struct {
	Metadata   `gorm:"embedded;embeddedPrefix:metadata_"`
	IdentityID uint
	Access     []*Access
	ValidUntil time.Time
}

func (*Session) AddAccess

func (s *Session) AddAccess(ctx context.Context, access *Access)

type User

type User struct {
	Metadata   `gorm:"embedded;embeddedPrefix:metadata_"`
	IdentityID uint
	Email      string
	Phone      string
	FirstName  string
	LastName   string
	Country    string
}