Documentation ¶
Index ¶
- Constants
- Variables
- type Authn
- type Authz
- type AuthzReq
- type Backup
- type Group
- type GroupPoliciesPage
- type GroupPolicy
- type GroupPolicyByID
- type GroupsPage
- type Identity
- type Key
- type KeyRepository
- type Org
- type OrgGroup
- type OrgGroupsPage
- type OrgMember
- type OrgMembersPage
- type OrgMetadata
- type OrgRepository
- type Orgs
- type OrgsPage
- type PageMetadata
- type Policies
- type PoliciesRepository
- type Roles
- type RolesRepository
- type Service
- type Tokenizer
- type User
Constants ¶
const ( // LoginKey is temporary User key received on successful login. LoginKey uint32 = iota // RecoveryKey represents a key for resseting password. RecoveryKey // APIKey enables the one to act on behalf of the user. APIKey )
const ( // RoleRootAdmin is the super admin role. RoleRootAdmin = "root" // RoleAdmin is the admin role. RoleAdmin = "admin" )
const ( ViewerRole = "viewer" AdminRole = "admin" OwnerRole = "owner" EditorRole = "editor" RootSubject = "root" GroupSubject = "group" ReadAction = "read" WriteAction = "read_write" RPolicy = "read" RwPolicy = "read_write" )
Variables ¶
var ( // ErrInvalidKeyIssuedAt indicates that the Key is being used before it's issued. ErrInvalidKeyIssuedAt = errors.New("invalid issue time") // ErrKeyExpired indicates that the Key is expired. ErrKeyExpired = errors.New("use of expired key") // ErrAPIKeyExpired indicates that the Key is expired // and that the key type is API key. ErrAPIKeyExpired = errors.New("use of expired API key") )
var ( // ErrAssignMember indicates failure to assign member to org. ErrAssignMember = errors.New("failed to assign member to org") // ErrUnassignMember indicates failure to unassign member from an org. ErrUnassignMember = errors.New("failed to unassign member from org") // ErrAssignGroup indicates failure to assign group to org. ErrAssignGroup = errors.New("failed to assign group to org") // ErrUnassignGroup indicates failure to unassign group from org. ErrUnassignGroup = errors.New("failed to unassign group from org") // ErrOrgNotEmpty indicates org is not empty, can't be deleted. ErrOrgNotEmpty = errors.New("org is not empty") // ErrOrgMemberAlreadyAssigned indicates that members is already assigned. ErrOrgMemberAlreadyAssigned = errors.New("org member is already assigned") // ErrOrgGroupAlreadyAssigned indicates that group is already assigned. ErrOrgGroupAlreadyAssigned = errors.New("org group is already assigned") )
var ( // ErrFailedToRetrieveMembers failed to retrieve group members. ErrFailedToRetrieveMembers = errors.New("failed to retrieve org members") // ErrFailedToRetrieveMembership failed to retrieve memberships ErrFailedToRetrieveMembership = errors.New("failed to retrieve memberships") )
Functions ¶
This section is empty.
Types ¶
type Authn ¶
type Authn interface { // Issue issues a new Key, returning its token value alongside. Issue(ctx context.Context, token string, key Key) (Key, string, error) // Revoke removes the Key with the provided id that is // issued by the user identified by the provided key. Revoke(ctx context.Context, token, id string) error // RetrieveKey retrieves data for the Key identified by the provided // ID, that is issued by the user identified by the provided key. RetrieveKey(ctx context.Context, token, id string) (Key, error) // Identify validates token token. If token is valid, content // is returned. If token is invalid, or invocation failed for some // other reason, non-nil error value is returned in response. Identify(ctx context.Context, token string) (Identity, error) }
Authn specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics). Token is a string value of the actual Key and is used to authenticate an Auth service request.
type Authz ¶
type Authz interface { Authorize(ctx context.Context, ar AuthzReq) error AddPolicy(ctx context.Context, token, groupID, policy string) error }
Authz represents a authorization service. It exposes functionalities through `auth` to perform authorization.
type Backup ¶
type Backup struct { Orgs []Org OrgMembers []OrgMember OrgGroups []OrgGroup GroupPolicies []GroupPolicy }
type GroupPoliciesPage ¶
type GroupPoliciesPage struct { PageMetadata GroupPolicies []GroupPolicy }
type GroupPolicy ¶
type GroupPolicyByID ¶
type GroupsPage ¶
type GroupsPage struct { PageMetadata Groups []Group }
type Key ¶
type Key struct { ID string Type uint32 IssuerID string Subject string IssuedAt time.Time ExpiresAt time.Time }
Key represents API key.
type KeyRepository ¶
type KeyRepository interface { // Save persists the Key. A non-nil error is returned to indicate // operation failure Save(context.Context, Key) (string, error) // Retrieve retrieves Key by its unique identifier. Retrieve(context.Context, string, string) (Key, error) // Remove removes Key with provided ID. Remove(context.Context, string, string) error }
KeyRepository specifies Key persistence API.
type Org ¶
type Org struct { ID string OwnerID string Name string Description string Metadata OrgMetadata CreatedAt time.Time UpdatedAt time.Time }
Org represents the org information.
type OrgGroupsPage ¶
type OrgGroupsPage struct { PageMetadata OrgGroups []OrgGroup }
type OrgMembersPage ¶
type OrgMembersPage struct { PageMetadata OrgMembers []OrgMember }
OrgMembersPage contains page related metadata as well as list of members that belong to this page.
type OrgRepository ¶
type OrgRepository interface { // Save orgs Save(ctx context.Context, orgs ...Org) error // Update an org Update(ctx context.Context, org Org) error // Delete an org Delete(ctx context.Context, owner, id string) error // RetrieveByID retrieves org by its id RetrieveByID(ctx context.Context, id string) (Org, error) // RetrieveByOwner retrieves orgs by owner. RetrieveByOwner(ctx context.Context, ownerID string, pm PageMetadata) (OrgsPage, error) // RetrieveAll retrieves all orgs. RetrieveAll(ctx context.Context) ([]Org, error) // RetrieveByAdmin retrieves all orgs with pagination. RetrieveByAdmin(ctx context.Context, pm PageMetadata) (OrgsPage, error) // RetrieveMemberships list of orgs that member belongs to RetrieveMemberships(ctx context.Context, memberID string, pm PageMetadata) (OrgsPage, error) // AssignMembers adds members to an org. AssignMembers(ctx context.Context, oms ...OrgMember) error // UnassignMembers removes members from an org UnassignMembers(ctx context.Context, orgID string, memberIDs ...string) error // UpdateMembers updates members role in an org. UpdateMembers(ctx context.Context, oms ...OrgMember) error // RetrieveRole retrieves role of member identified by memberID in org identified by orgID. RetrieveRole(ctx context.Context, memberID, orgID string) (string, error) // RetrieveMembers retrieves members assigned to an org identified by orgID. RetrieveMembers(ctx context.Context, orgID string, pm PageMetadata) (OrgMembersPage, error) // RetrieveAllOrgMembers retrieves all org members. RetrieveAllOrgMembers(ctx context.Context) ([]OrgMember, error) // AssignGroups adds groups to an org. AssignGroups(ctx context.Context, ogs ...OrgGroup) error // UnassignGroups removes groups from an org UnassignGroups(ctx context.Context, orgID string, groupIDs ...string) error // RetrieveGroups retrieves groups assigned to an org identified by orgID. RetrieveGroups(ctx context.Context, orgID string, pm PageMetadata) (OrgGroupsPage, error) // RetrieveByGroupID retrieves org where group is assigned. RetrieveByGroupID(ctx context.Context, groupID string) (Org, error) // RetrieveAllOrgGroups retrieves all org groups. RetrieveAllOrgGroups(ctx context.Context) ([]OrgGroup, error) }
OrgRepository specifies an org persistence API.
type Orgs ¶
type Orgs interface { // CreateOrg creates new org. CreateOrg(ctx context.Context, token string, org Org) (Org, error) // UpdateOrg updates the org identified by the provided ID. UpdateOrg(ctx context.Context, token string, org Org) (Org, error) // ViewOrg retrieves data about the org identified by ID. ViewOrg(ctx context.Context, token, id string) (Org, error) // ListOrgs retrieves orgs. ListOrgs(ctx context.Context, token string, pm PageMetadata) (OrgsPage, error) // ListOrgMemberships retrieves all orgs for member that is identified with memberID belongs to. ListOrgMemberships(ctx context.Context, token, memberID string, pm PageMetadata) (OrgsPage, error) // RemoveOrg removes the org identified with the provided ID. RemoveOrg(ctx context.Context, token, id string) error // AssignMembers adds members with member emails into the org identified by orgID. AssignMembers(ctx context.Context, token, orgID string, oms ...OrgMember) error // UnassignMembers removes members with member ids from org identified by orgID. UnassignMembers(ctx context.Context, token string, orgID string, memberIDs ...string) error // UpdateMembers updates members role in an org. UpdateMembers(ctx context.Context, token, orgID string, oms ...OrgMember) error // ListOrgMembers retrieves members assigned to an org identified by orgID. ListOrgMembers(ctx context.Context, token, orgID string, pm PageMetadata) (OrgMembersPage, error) // ViewMember retrieves member identified by memberID in org identified by orgID. ViewMember(ctx context.Context, token, orgID, memberID string) (OrgMember, error) // AssignGroups adds groups with groupIDs into the org identified by orgID. AssignGroups(ctx context.Context, token, orgID string, groupIDs ...string) error // UnassignGroups removes groups with groupIDs from org identified by orgID. UnassignGroups(ctx context.Context, token, orgID string, groupIDs ...string) error //ViewGroupMembership retrieves orgs where group is assigned. ViewGroupMembership(ctx context.Context, token, groupID string) (Org, error) // ListOrgGroups retrieves groups assigned to an org identified by orgID. ListOrgGroups(ctx context.Context, token, orgID string, pm PageMetadata) (GroupsPage, error) // Backup retrieves all orgs, org members and org groups. Only accessible by admin. Backup(ctx context.Context, token string) (Backup, error) // Restore adds orgs, org members and org groups from a backup. Only accessible by admin. Restore(ctx context.Context, token string, backup Backup) error }
Orgs specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics).
type OrgsPage ¶
type OrgsPage struct { PageMetadata Orgs []Org }
OrgsPage contains page related metadata as well as list of orgs that belong to this page.
type PageMetadata ¶
type PageMetadata struct { Total uint64 Offset uint64 Limit uint64 Name string Metadata OrgMetadata }
PageMetadata contains page metadata that helps navigation.
type Policies ¶
type Policies interface { // CreateGroupPolicies creates group policies. CreateGroupPolicies(ctx context.Context, token, groupID string, gps ...GroupPolicyByID) error // ListGroupPolicies retrieves page of group policies. ListGroupPolicies(ctx context.Context, token, groupID string, pm PageMetadata) (GroupPoliciesPage, error) // UpdateGroupPolicies updates group policies. UpdateGroupPolicies(ctx context.Context, token, groupID string, gps ...GroupPolicyByID) error // RemoveGroupPolicies removes group policies. RemoveGroupPolicies(ctx context.Context, token, groupID string, memberIDs ...string) error }
type PoliciesRepository ¶
type PoliciesRepository interface { // SaveGroupPolicies saves group policies. SaveGroupPolicies(ctx context.Context, groupID string, gps ...GroupPolicyByID) error // RetrieveGroupPolicy retrieves group policy. RetrieveGroupPolicy(ctc context.Context, gp GroupPolicy) (string, error) // RetrieveGroupPolicies retrieves page of group policies. RetrieveGroupPolicies(ctx context.Context, groupID string, pm PageMetadata) (GroupPoliciesPage, error) // RetrieveAllGroupPolicies retrieves all group policies. This is used for backup. RetrieveAllGroupPolicies(ctx context.Context) ([]GroupPolicy, error) // RemoveGroupPolicies removes group policies. RemoveGroupPolicies(ctx context.Context, groupID string, memberIDs ...string) error // UpdateGroupPolicies updates group policies. UpdateGroupPolicies(ctx context.Context, groupID string, gps ...GroupPolicyByID) error }
type RolesRepository ¶
type RolesRepository interface { // SaveRole saves the user role. SaveRole(ctx context.Context, id, role string) error // RetrieveRole retrieves the user role. RetrieveRole(ctx context.Context, id string) (string, error) // UpdateRole updates the user role. UpdateRole(ctx context.Context, id, role string) error // RemoveRole removes the user role. RemoveRole(ctx context.Context, id string) error }
type Service ¶
Service specifies an API that must be fulfilled by the domain service implementation, and all of its decorators (e.g. logging & metrics). Token is a string value of the actual Key and is used to authenticate an Auth service request.
func New ¶
func New(orgs OrgRepository, tc mainflux.ThingsServiceClient, uc mainflux.UsersServiceClient, keys KeyRepository, roles RolesRepository, policies PoliciesRepository, idp mainflux.IDProvider, tokenizer Tokenizer, duration time.Duration) Service
New instantiates the auth service implementation.
Directories ¶
Path | Synopsis |
---|---|
Package api contains implementation of Auth service HTTP API.
|
Package api contains implementation of Auth service HTTP API. |
grpc
Package grpc contains implementation of Auth service gRPC API.
|
Package grpc contains implementation of Auth service gRPC API. |
Package postgres contains Key repository implementations using PostgreSQL as the underlying database.
|
Package postgres contains Key repository implementations using PostgreSQL as the underlying database. |
Package tracing contains middlewares that will add spans to existing traces.
|
Package tracing contains middlewares that will add spans to existing traces. |