scim

package
v0.9.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2021 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package scim implements a SCIM-like interface for group and user management.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GroupFactory

func GroupFactory(store storage.Store, groupPath string) *handlerfactory.Options

GroupFactory creates handlers for group requests.

func GroupsFactory

func GroupsFactory(store storage.Store, path string) *handlerfactory.Options

GroupsFactory creates handlers for group requests.

func MeFactory

func MeFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

MeFactory creates SCIM /Me request handlers.

func NewAccount added in v0.9.6

func NewAccount(ctx context.Context, encryption kms.Encryption, id *ga4gh.Identity, provider, accountNamePrefix string, genAccountNameLen int) (*pb.Account, *pb.AccountLookup, error)

NewAccount for given identity.

func UpdateIdentityInAccount added in v0.9.6

func UpdateIdentityInAccount(ctx context.Context, id *ga4gh.Identity, provider string, acct *pb.Account, encryption kms.Encryption) (*pb.Account, error)

UpdateIdentityInAccount updates the identity in a existing account.

func UserFactory

func UserFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

UserFactory creates SCIM /Users/<id> request handlers

func UsersFactory

func UsersFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

UsersFactory creates SCIM Users request handlers.

Types

type GroupHandler

type GroupHandler struct {
	// contains filtered or unexported fields
}

GroupHandler handles SCIM group requests.

func NewGroupHandler

func NewGroupHandler(store storage.Store) *GroupHandler

NewGroupHandler handles one SCIM group request.

func (*GroupHandler) CheckIntegrity

func (h *GroupHandler) CheckIntegrity(*http.Request) *status.Status

CheckIntegrity checks that any modifications make sense before applying them.

func (*GroupHandler) Get

func (h *GroupHandler) Get(r *http.Request, name string) (proto.Message, error)

Get is a GET request.

func (*GroupHandler) LookupItem

func (h *GroupHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool

LookupItem looks up the item in the storage layer.

func (*GroupHandler) NormalizeInput

func (h *GroupHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error

NormalizeInput sets up basic structure of request input objects if absent.

func (*GroupHandler) Patch

func (h *GroupHandler) Patch(r *http.Request, name string) (proto.Message, error)

Patch is a PATCH request.

func (*GroupHandler) Post

func (h *GroupHandler) Post(r *http.Request, name string) (proto.Message, error)

Post is a POST request.

func (*GroupHandler) Put

func (h *GroupHandler) Put(r *http.Request, name string) (proto.Message, error)

Put is a PUT request.

func (*GroupHandler) Remove

func (h *GroupHandler) Remove(r *http.Request, name string) (proto.Message, error)

Remove is a DELETE request.

func (*GroupHandler) Save

func (h *GroupHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, desc, typeName string) error

Save will save any modifications done for the request.

func (*GroupHandler) Setup

func (h *GroupHandler) Setup(r *http.Request, tx storage.Tx) (int, error)

Setup sets up the handler.

type GroupsHandler

type GroupsHandler struct {
	// contains filtered or unexported fields
}

GroupsHandler handles SCIM group requests.

func NewGroupsHandler

func NewGroupsHandler(store storage.Store) *GroupsHandler

NewGroupsHandler handles the SCIM groups request.

func (*GroupsHandler) CheckIntegrity

func (h *GroupsHandler) CheckIntegrity(*http.Request) *status.Status

CheckIntegrity checks that any modifications make sense before applying them.

func (*GroupsHandler) Get

func (h *GroupsHandler) Get(r *http.Request, name string) (proto.Message, error)

Get is a GET request.

func (*GroupsHandler) LookupItem

func (h *GroupsHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool

LookupItem returns true if the named object is found.

func (*GroupsHandler) NormalizeInput

func (h *GroupsHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error

NormalizeInput sets up basic structure of request input objects if absent.

func (*GroupsHandler) Patch

func (h *GroupsHandler) Patch(r *http.Request, name string) (proto.Message, error)

Patch is a PATCH request.

func (*GroupsHandler) Post

func (h *GroupsHandler) Post(r *http.Request, name string) (proto.Message, error)

Post is a POST request.

func (*GroupsHandler) Put

func (h *GroupsHandler) Put(r *http.Request, name string) (proto.Message, error)

Put is a PUT request.

func (*GroupsHandler) Remove

func (h *GroupsHandler) Remove(r *http.Request, name string) (proto.Message, error)

Remove is a DELETE request.

func (*GroupsHandler) Save

func (h *GroupsHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, desc, typeName string) error

Save will save any modifications done for the request.

func (*GroupsHandler) Setup

func (h *GroupsHandler) Setup(r *http.Request, tx storage.Tx) (int, error)

Setup sets up the handler.

type Scim

type Scim struct {
	// contains filtered or unexported fields
}

Scim is a System for Cross-domain Identity Management. It bridges the internal account representation with an externally facing API based on the SCIM v2 standard.

func New

func New(store storage.Store) *Scim

New creates a new SCIM.

func (*Scim) LoadAccount

func (s *Scim) LoadAccount(name, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)

LoadAccount loads one internal account from storage. It will filter disabled or deleted accounts unless `anyState` is set to true.

func (*Scim) LoadAccountLookup

func (s *Scim) LoadAccountLookup(realm, acct string, tx storage.Tx) (*cpb.AccountLookup, error)

LoadAccountLookup loads an account reference structure (AccountLookup) that points an federated account identifier such as an email address with where the account is stored internally. Note that multiple external identifiers or emails can map to one internal account (i.e. account linking).

func (*Scim) LoadGroup

func (s *Scim) LoadGroup(name, realm string, tx storage.Tx) (*spb.Group, error)

LoadGroup loads a user group.

func (*Scim) LoadGroupMember

func (s *Scim) LoadGroupMember(groupName, memberName, realm string, tx storage.Tx) (*spb.Member, error)

LoadGroupMember loads a user membership record as part of a group.

func (*Scim) LoadGroupMembershipForUser added in v0.9.9

func (s *Scim) LoadGroupMembershipForUser(user *spb.User, realm string, resolveDisplayName bool, tx storage.Tx) error

LoadGroupMembershipForUser populates the Groups field with a set of group metadata to which the user belongs based on email addresses. resolveDisplayName will fill in the group's UI label by doing extra storage lookups when this information is for use by an end user.

func (*Scim) LookupAccount

func (s *Scim) LookupAccount(fedAcct, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)

LookupAccount loads one internal account based on supplying a federated account identitifer such as an email address. It will filter disabled or deleted accounts unless `anyState` is set to true.

func (*Scim) RemoveAccountLookup

func (s *Scim) RemoveAccountLookup(rev int64, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, tx storage.Tx) error

RemoveAccountLookup removes an account lookup reference structure from storage by marking it as DELETED. Providence is maintained by not fully deleting the data.

func (*Scim) SaveAccount

func (s *Scim) SaveAccount(oldAcct, newAcct *cpb.Account, desc, subject, realm string, r *http.Request, tx storage.Tx) error

SaveAccount puts an internal account structure in storage.

func (*Scim) SaveAccountLookup

func (s *Scim) SaveAccountLookup(lookup *cpb.AccountLookup, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, tx storage.Tx) error

SaveAccountLookup puts an account lookup reference structure in storage.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL