Documentation ¶
Overview ¶
Package scim implements a SCIM-like interface for group and user management.
Index ¶
- func GroupFactory(store storage.Store, groupPath string) *handlerfactory.Options
- func GroupsFactory(store storage.Store, path string) *handlerfactory.Options
- func MeFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
- func NewAccount(ctx context.Context, encryption kms.Encryption, id *ga4gh.Identity, ...) (*pb.Account, *pb.AccountLookup, error)
- func UpdateIdentityInAccount(ctx context.Context, id *ga4gh.Identity, provider string, acct *pb.Account, ...) (*pb.Account, error)
- func UserFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
- func UsersFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
- type GroupHandler
- func (h *GroupHandler) CheckIntegrity(*http.Request) *status.Status
- func (h *GroupHandler) Get(r *http.Request, name string) (proto.Message, error)
- func (h *GroupHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool
- func (h *GroupHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
- func (h *GroupHandler) Patch(r *http.Request, name string) (proto.Message, error)
- func (h *GroupHandler) Post(r *http.Request, name string) (proto.Message, error)
- func (h *GroupHandler) Put(r *http.Request, name string) (proto.Message, error)
- func (h *GroupHandler) Remove(r *http.Request, name string) (proto.Message, error)
- func (h *GroupHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, ...) error
- func (h *GroupHandler) Setup(r *http.Request, tx storage.Tx) (int, error)
- type GroupsHandler
- func (h *GroupsHandler) CheckIntegrity(*http.Request) *status.Status
- func (h *GroupsHandler) Get(r *http.Request, name string) (proto.Message, error)
- func (h *GroupsHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool
- func (h *GroupsHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
- func (h *GroupsHandler) Patch(r *http.Request, name string) (proto.Message, error)
- func (h *GroupsHandler) Post(r *http.Request, name string) (proto.Message, error)
- func (h *GroupsHandler) Put(r *http.Request, name string) (proto.Message, error)
- func (h *GroupsHandler) Remove(r *http.Request, name string) (proto.Message, error)
- func (h *GroupsHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, ...) error
- func (h *GroupsHandler) Setup(r *http.Request, tx storage.Tx) (int, error)
- type Scim
- func (s *Scim) LoadAccount(name, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)
- func (s *Scim) LoadAccountLookup(realm, acct string, tx storage.Tx) (*cpb.AccountLookup, error)
- func (s *Scim) LoadGroup(name, realm string, tx storage.Tx) (*spb.Group, error)
- func (s *Scim) LoadGroupMember(groupName, memberName, realm string, tx storage.Tx) (*spb.Member, error)
- func (s *Scim) LoadGroupMembershipForUser(user *spb.User, realm string, resolveDisplayName bool, tx storage.Tx) error
- func (s *Scim) LookupAccount(fedAcct, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)
- func (s *Scim) RemoveAccountLookup(rev int64, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, ...) error
- func (s *Scim) SaveAccount(oldAcct, newAcct *cpb.Account, desc, subject, realm string, r *http.Request, ...) error
- func (s *Scim) SaveAccountLookup(lookup *cpb.AccountLookup, realm, fedAcct string, r *http.Request, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GroupFactory ¶
func GroupFactory(store storage.Store, groupPath string) *handlerfactory.Options
GroupFactory creates handlers for group requests.
func GroupsFactory ¶
func GroupsFactory(store storage.Store, path string) *handlerfactory.Options
GroupsFactory creates handlers for group requests.
func MeFactory ¶
func MeFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
MeFactory creates SCIM /Me request handlers.
func NewAccount ¶ added in v0.9.6
func NewAccount(ctx context.Context, encryption kms.Encryption, id *ga4gh.Identity, provider, accountNamePrefix string, genAccountNameLen int) (*pb.Account, *pb.AccountLookup, error)
NewAccount for given identity.
func UpdateIdentityInAccount ¶ added in v0.9.6
func UpdateIdentityInAccount(ctx context.Context, id *ga4gh.Identity, provider string, acct *pb.Account, encryption kms.Encryption) (*pb.Account, error)
UpdateIdentityInAccount updates the identity in a existing account.
func UserFactory ¶
func UserFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
UserFactory creates SCIM /Users/<id> request handlers
func UsersFactory ¶
func UsersFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
UsersFactory creates SCIM Users request handlers.
Types ¶
type GroupHandler ¶
type GroupHandler struct {
// contains filtered or unexported fields
}
GroupHandler handles SCIM group requests.
func NewGroupHandler ¶
func NewGroupHandler(store storage.Store) *GroupHandler
NewGroupHandler handles one SCIM group request.
func (*GroupHandler) CheckIntegrity ¶
func (h *GroupHandler) CheckIntegrity(*http.Request) *status.Status
CheckIntegrity checks that any modifications make sense before applying them.
func (*GroupHandler) LookupItem ¶
LookupItem looks up the item in the storage layer.
func (*GroupHandler) NormalizeInput ¶
NormalizeInput sets up basic structure of request input objects if absent.
type GroupsHandler ¶
type GroupsHandler struct {
// contains filtered or unexported fields
}
GroupsHandler handles SCIM group requests.
func NewGroupsHandler ¶
func NewGroupsHandler(store storage.Store) *GroupsHandler
NewGroupsHandler handles the SCIM groups request.
func (*GroupsHandler) CheckIntegrity ¶
func (h *GroupsHandler) CheckIntegrity(*http.Request) *status.Status
CheckIntegrity checks that any modifications make sense before applying them.
func (*GroupsHandler) LookupItem ¶
LookupItem returns true if the named object is found.
func (*GroupsHandler) NormalizeInput ¶
NormalizeInput sets up basic structure of request input objects if absent.
type Scim ¶
type Scim struct {
// contains filtered or unexported fields
}
Scim is a System for Cross-domain Identity Management. It bridges the internal account representation with an externally facing API based on the SCIM v2 standard.
func (*Scim) LoadAccount ¶
func (s *Scim) LoadAccount(name, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)
LoadAccount loads one internal account from storage. It will filter disabled or deleted accounts unless `anyState` is set to true.
func (*Scim) LoadAccountLookup ¶
LoadAccountLookup loads an account reference structure (AccountLookup) that points an federated account identifier such as an email address with where the account is stored internally. Note that multiple external identifiers or emails can map to one internal account (i.e. account linking).
func (*Scim) LoadGroupMember ¶
func (s *Scim) LoadGroupMember(groupName, memberName, realm string, tx storage.Tx) (*spb.Member, error)
LoadGroupMember loads a user membership record as part of a group.
func (*Scim) LoadGroupMembershipForUser ¶ added in v0.9.9
func (s *Scim) LoadGroupMembershipForUser(user *spb.User, realm string, resolveDisplayName bool, tx storage.Tx) error
LoadGroupMembershipForUser populates the Groups field with a set of group metadata to which the user belongs based on email addresses. resolveDisplayName will fill in the group's UI label by doing extra storage lookups when this information is for use by an end user.
func (*Scim) LookupAccount ¶
func (s *Scim) LookupAccount(fedAcct, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)
LookupAccount loads one internal account based on supplying a federated account identitifer such as an email address. It will filter disabled or deleted accounts unless `anyState` is set to true.
func (*Scim) RemoveAccountLookup ¶
func (s *Scim) RemoveAccountLookup(rev int64, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, tx storage.Tx) error
RemoveAccountLookup removes an account lookup reference structure from storage by marking it as DELETED. Providence is maintained by not fully deleting the data.