Documentation ¶
Overview ¶
Package dam contains data access management service.
Index ¶
- Variables
- func ImportConfig(store storage.Store, service string, warehouse clouds.ResourceTokenCreator, ...) (ferr error)
- func NewConfigHandler(s *Service) *configHandler
- func NewConfigIssuerHandler(s *Service) *configIssuerHandler
- func NewConfigOptionsHandler(s *Service) *configOptionsHandler
- func NewConfigPersonaHandler(s *Service) *configPersonaHandler
- func NewConfigPolicyHandler(s *Service) *configPolicyHandler
- func NewConfigResourceHandler(s *Service) *configResourceHandler
- func NewConfigServiceTemplateHandler(s *Service) *configServiceTemplateHandler
- func NewConfigSourceHandler(s *Service) *configSourceHandler
- func NewConfigViewHandler(s *Service) *configViewHandler
- func NewConfigVisaTypeHandler(s *Service) *configVisaTypeHandler
- func NewProcessHandler(s *Service) *processHandler
- func NewProcessesHandler(s *Service) *processesHandler
- func ValidateDAMConfig(cfg *pb.DamConfig, vopts ValidateCfgOpts) *status.Status
- type Options
- type Service
- func (s *Service) AcceptInformationRelease(w http.ResponseWriter, r *http.Request)
- func (s *Service) CheckIntegrity(cfg *pb.DamConfig, realm string, tx storage.Tx) *status.Status
- func (s *Service) ConfigHistory(w http.ResponseWriter, r *http.Request)
- func (s *Service) ConfigHistoryRevision(w http.ResponseWriter, r *http.Request)
- func (s *Service) ConfigReset(w http.ResponseWriter, r *http.Request)
- func (s *Service) ConfigTestPersonas(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetDamRoleCategories(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetFlatViews(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetInfo(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetLocaleMetadata(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetPassportTranslators(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetResource(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetResources(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetServiceDescriptors(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetStore() storage.Store
- func (s *Service) GetTestPersonas(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetView(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetViewRole(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetViewRoles(w http.ResponseWriter, r *http.Request)
- func (s *Service) GetViews(w http.ResponseWriter, r *http.Request)
- func (s *Service) HydraConsent(w http.ResponseWriter, r *http.Request)
- func (s *Service) HydraLogin(w http.ResponseWriter, r *http.Request)
- func (s *Service) LoggedInHandler(w http.ResponseWriter, r *http.Request)
- func (s *Service) OidcKeys(w http.ResponseWriter, r *http.Request)
- func (s *Service) OidcWellKnownConfig(w http.ResponseWriter, r *http.Request)
- func (s *Service) RejectInformationRelease(w http.ResponseWriter, r *http.Request)
- func (s *Service) ResourceTokens(w http.ResponseWriter, r *http.Request)
- func (s *Service) ValidateCfgOpts(realm string, tx storage.Tx) ValidateCfgOpts
- type ServiceHandler
- type SyncClientsHandler
- func (h *SyncClientsHandler) CheckIntegrity(*http.Request) *status.Status
- func (h *SyncClientsHandler) Get(r *http.Request, name string) (proto.Message, error)
- func (h *SyncClientsHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool
- func (h *SyncClientsHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
- func (h *SyncClientsHandler) Patch(r *http.Request, name string) (proto.Message, error)
- func (h *SyncClientsHandler) Post(r *http.Request, name string) (proto.Message, error)
- func (h *SyncClientsHandler) Put(r *http.Request, name string) (proto.Message, error)
- func (h *SyncClientsHandler) Remove(r *http.Request, name string) (proto.Message, error)
- func (h *SyncClientsHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, ...) error
- func (h *SyncClientsHandler) Setup(r *http.Request, tx storage.Tx) (int, error)
- type TokenHandler
- func (h *TokenHandler) CheckIntegrity(*http.Request) *status.Status
- func (h *TokenHandler) Get(r *http.Request, name string) (proto.Message, error)
- func (h *TokenHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool
- func (h *TokenHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
- func (h *TokenHandler) Patch(r *http.Request, name string) (proto.Message, error)
- func (h *TokenHandler) Post(r *http.Request, name string) (proto.Message, error)
- func (h *TokenHandler) Put(r *http.Request, name string) (proto.Message, error)
- func (h *TokenHandler) Remove(r *http.Request, name string) (proto.Message, error)
- func (h *TokenHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, ...) error
- func (h *TokenHandler) Setup(r *http.Request, tx storage.Tx) (int, error)
- type TokensHandler
- func (h *TokensHandler) CheckIntegrity(*http.Request) *status.Status
- func (h *TokensHandler) Get(r *http.Request, name string) (proto.Message, error)
- func (h *TokensHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool
- func (h *TokensHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
- func (h *TokensHandler) Patch(r *http.Request, name string) (proto.Message, error)
- func (h *TokensHandler) Post(r *http.Request, name string) (proto.Message, error)
- func (h *TokensHandler) Put(r *http.Request, name string) (proto.Message, error)
- func (h *TokensHandler) Remove(r *http.Request, name string) (proto.Message, error)
- func (h *TokensHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, ...) error
- func (h *TokensHandler) Setup(r *http.Request, tx storage.Tx) (int, error)
- type ValidateCfgOpts
Constants ¶
This section is empty.
Variables ¶
var ( // BuiltinPolicies contains the set of policies that are managed by DAM directly (not the administrator). BuiltinPolicies = map[string]*pb.Policy{ // contains filtered or unexported fields } )
Functions ¶
func ImportConfig ¶ added in v0.8.4
func ImportConfig(store storage.Store, service string, warehouse clouds.ResourceTokenCreator, cfgVars map[string]string, importConfig, importSecrets, importPermission bool) (ferr error)
ImportConfig ingests bootstrap configuration files to the DAM's storage sytem.
func NewConfigHandler ¶
func NewConfigHandler(s *Service) *configHandler
func NewConfigIssuerHandler ¶
func NewConfigIssuerHandler(s *Service) *configIssuerHandler
func NewConfigOptionsHandler ¶
func NewConfigOptionsHandler(s *Service) *configOptionsHandler
func NewConfigPersonaHandler ¶
func NewConfigPersonaHandler(s *Service) *configPersonaHandler
func NewConfigPolicyHandler ¶
func NewConfigPolicyHandler(s *Service) *configPolicyHandler
func NewConfigResourceHandler ¶
func NewConfigResourceHandler(s *Service) *configResourceHandler
func NewConfigServiceTemplateHandler ¶
func NewConfigServiceTemplateHandler(s *Service) *configServiceTemplateHandler
func NewConfigSourceHandler ¶
func NewConfigSourceHandler(s *Service) *configSourceHandler
func NewConfigViewHandler ¶
func NewConfigViewHandler(s *Service) *configViewHandler
func NewConfigVisaTypeHandler ¶ added in v0.8.4
func NewConfigVisaTypeHandler(s *Service) *configVisaTypeHandler
func NewProcessHandler ¶
func NewProcessHandler(s *Service) *processHandler
func NewProcessesHandler ¶
func NewProcessesHandler(s *Service) *processesHandler
func ValidateDAMConfig ¶ added in v0.8.4
func ValidateDAMConfig(cfg *pb.DamConfig, vopts ValidateCfgOpts) *status.Status
ValidateDAMConfig checks that the provided config is valid.
Types ¶
type Options ¶
type Options struct { // HTTPClient: http client for making http request. HTTPClient *http.Client // Domain: domain used to host DAM service Domain string // ServiceName: name of this service instance including environment (example: "dam-staging") ServiceName string // DefaultBroker: default identity broker DefaultBroker string // Store: data storage and configuration storage Store storage.Store // Warehouse: resource token creator service Warehouse clouds.ResourceTokenCreator // AWSClient: a client for interacting with the AWS API AWSClient aws.APIClient ServiceAccountManager *saw.AccountWarehouse // Logger: audit log logger Logger *logging.Client // SDLC: gRPC client to StackDriver Logging. SDLC lgrpcpb.LoggingServiceV2Client // AuditLogProject is the GCP project id where audit logs are written to. AuditLogProject string // SkipInformationReleasePage: set true if want to skip the information release page. SkipInformationReleasePage bool // UseHydra: service use hydra integrated OIDC. UseHydra bool // HydraAdminURL: hydra admin endpoints url HydraAdminURL string // HydraPublicURL: hydra public endpoints url HydraPublicURL string // HydraPublicProxy: proxy for hydra public endpoint. HydraPublicProxy *hydraproxy.Service // HydraSyncFreq: how often to allow clients:sync to be called HydraSyncFreq time.Duration // HidePolicyBasis: do not send policy basis to client HidePolicyBasis bool // HideRejectDetail: do not send rejected visas details HideRejectDetail bool // Signer: the signer use for signing jwt. Signer kms.Signer // Encryption: used to encrypt the jwt in account Encryption kms.Encryption // ConsentDashboardURL is url to frontend consent dashboard, will replace // ${USER_ID} with userID. ConsentDashboardURL string // LRO: the long running operation background process LRO lro.LRO }
Options contains parameters to New DAM Service.
type Service ¶
type Service struct { Handler *ServiceHandler // contains filtered or unexported fields }
func (*Service) AcceptInformationRelease ¶ added in v0.9.7
func (s *Service) AcceptInformationRelease(w http.ResponseWriter, r *http.Request)
AcceptInformationRelease is the HTTP handler for "dam/inforelease/accept" endpoint.
func (*Service) CheckIntegrity ¶
CheckIntegrity returns an error status if the config is invalid.
func (*Service) ConfigHistory ¶
func (s *Service) ConfigHistory(w http.ResponseWriter, r *http.Request)
ConfigHistory implements the HistoryConfig RPC method.
func (*Service) ConfigHistoryRevision ¶
func (s *Service) ConfigHistoryRevision(w http.ResponseWriter, r *http.Request)
ConfigHistoryRevision implements the HistoryRevisionConfig RPC method.
func (*Service) ConfigReset ¶
func (s *Service) ConfigReset(w http.ResponseWriter, r *http.Request)
ConfigReset implements the corresponding method in the DAM API.
func (*Service) ConfigTestPersonas ¶
func (s *Service) ConfigTestPersonas(w http.ResponseWriter, r *http.Request)
ConfigTestPersonas implements the ConfigTestPersonas RPC method.
func (*Service) GetDamRoleCategories ¶
func (s *Service) GetDamRoleCategories(w http.ResponseWriter, r *http.Request)
GetDamRoleCategories implements the corresponding REST API method.
func (*Service) GetFlatViews ¶
func (s *Service) GetFlatViews(w http.ResponseWriter, r *http.Request)
GetFlatViews implements the corresponding REST API endpoint.
func (*Service) GetLocaleMetadata ¶ added in v0.9.8
func (s *Service) GetLocaleMetadata(w http.ResponseWriter, r *http.Request)
GetLocaleMetadata implements the corresponding REST API endpoint.
func (*Service) GetPassportTranslators ¶
func (s *Service) GetPassportTranslators(w http.ResponseWriter, r *http.Request)
GetPassportTranslators implements the corresponding REST API endpoint.
func (*Service) GetResource ¶
func (s *Service) GetResource(w http.ResponseWriter, r *http.Request)
GetResource implements the corresponding endpoint in the REST API.
func (*Service) GetResources ¶
func (s *Service) GetResources(w http.ResponseWriter, r *http.Request)
GetResources implements the GetResources RPC method.
func (*Service) GetServiceDescriptors ¶ added in v0.8.4
func (s *Service) GetServiceDescriptors(w http.ResponseWriter, r *http.Request)
GetServiceDescriptors implements the corresponding REST API endpoint.
func (*Service) GetTestPersonas ¶
func (s *Service) GetTestPersonas(w http.ResponseWriter, r *http.Request)
GetTestPersonas implements the corresponding REST API method.
func (*Service) GetView ¶
func (s *Service) GetView(w http.ResponseWriter, r *http.Request)
GetView implements the corresponding endpoint in the REST API.
func (*Service) GetViewRole ¶
func (s *Service) GetViewRole(w http.ResponseWriter, r *http.Request)
GetViewRole implements the corresponding endpoint in the REST API.
func (*Service) GetViewRoles ¶
func (s *Service) GetViewRoles(w http.ResponseWriter, r *http.Request)
GetViewRoles implements the corresponding endpoint in the REST API.
func (*Service) GetViews ¶
func (s *Service) GetViews(w http.ResponseWriter, r *http.Request)
GetViews implements the corresponding endpoint in the REST API.
func (*Service) HydraConsent ¶
func (s *Service) HydraConsent(w http.ResponseWriter, r *http.Request)
HydraConsent handles consent request from hydra.
func (*Service) HydraLogin ¶
func (s *Service) HydraLogin(w http.ResponseWriter, r *http.Request)
HydraLogin handles login request from hydra.
func (*Service) LoggedInHandler ¶
func (s *Service) LoggedInHandler(w http.ResponseWriter, r *http.Request)
LoggedInHandler implements endpoint "/loggedin" for broker auth code redirect.
func (*Service) OidcKeys ¶ added in v0.9.2
func (s *Service) OidcKeys(w http.ResponseWriter, r *http.Request)
OidcKeys handle OpenID Provider jwks request.
func (*Service) OidcWellKnownConfig ¶ added in v0.9.2
func (s *Service) OidcWellKnownConfig(w http.ResponseWriter, r *http.Request)
OidcWellKnownConfig handle OpenID Provider configuration request.
func (*Service) RejectInformationRelease ¶ added in v0.9.7
func (s *Service) RejectInformationRelease(w http.ResponseWriter, r *http.Request)
RejectInformationRelease is the HTTP handler for "dam/inforelease/reject" endpoint.
func (*Service) ResourceTokens ¶
func (s *Service) ResourceTokens(w http.ResponseWriter, r *http.Request)
ResourceTokens returns a set of access tokens for a set of resources.
func (*Service) ValidateCfgOpts ¶ added in v0.8.4
func (s *Service) ValidateCfgOpts(realm string, tx storage.Tx) ValidateCfgOpts
ValidateCfgOpts returns the options for checking validity of configuration.
type ServiceHandler ¶
func (*ServiceHandler) ServeHTTP ¶
func (sh *ServiceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type SyncClientsHandler ¶ added in v0.8.6
type SyncClientsHandler struct {
// contains filtered or unexported fields
}
SyncClientsHandler is a handler for sync client.
func NewSyncClientsHandler ¶ added in v0.8.4
func NewSyncClientsHandler(s *Service) *SyncClientsHandler
NewSyncClientsHandler implements the sync Hydra clients RPC method.
func (*SyncClientsHandler) CheckIntegrity ¶ added in v0.8.6
func (h *SyncClientsHandler) CheckIntegrity(*http.Request) *status.Status
CheckIntegrity checks integrity.
func (*SyncClientsHandler) LookupItem ¶ added in v0.8.6
LookupItem looks up item.
func (*SyncClientsHandler) NormalizeInput ¶ added in v0.8.6
func (h *SyncClientsHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error
NormalizeInput normalizes.
type TokenHandler ¶ added in v0.8.6
type TokenHandler struct {
// contains filtered or unexported fields
}
TokenHandler is handler for token.
func NewTokenHandler ¶
func NewTokenHandler(s *Service) *TokenHandler
NewTokenHandler is the handler for the tokens/{name} endpoint.
func (*TokenHandler) CheckIntegrity ¶ added in v0.8.6
func (h *TokenHandler) CheckIntegrity(*http.Request) *status.Status
CheckIntegrity checks integrity.
func (*TokenHandler) LookupItem ¶ added in v0.8.6
LookupItem looks up item.
func (*TokenHandler) NormalizeInput ¶ added in v0.8.6
NormalizeInput normalizes.
type TokensHandler ¶ added in v0.8.6
type TokensHandler struct {
// contains filtered or unexported fields
}
TokensHandler is hanlder for tokens.
func NewTokensHandler ¶
func NewTokensHandler(s *Service) *TokensHandler
NewTokensHandler creates a new TokensHandler.
func (*TokensHandler) CheckIntegrity ¶ added in v0.8.6
func (h *TokensHandler) CheckIntegrity(*http.Request) *status.Status
CheckIntegrity checks integrity.
func (*TokensHandler) LookupItem ¶ added in v0.8.6
LookupItem looks up item.
func (*TokensHandler) NormalizeInput ¶ added in v0.8.6
NormalizeInput normalizes.
type ValidateCfgOpts ¶ added in v0.8.4
type ValidateCfgOpts struct { Services *adapter.ServiceAdapters DefaultBroker string RoleCategories map[string]*pb.RoleCategory HidePolicyBasis bool HideRejectDetail bool Scim *scim.Scim Realm string Tx storage.Tx }
ValidateCfgOpts contains options for ValidateDAMConfig.