api

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2016 License: Apache-2.0 Imports: 8 Imported by: 9

Documentation

Index

Constants

View Source 
const (
	// Generic API error codes
	UNKNOWN_API_ERROR            = "UnknownApiError"
	INVALID_PARAMETER_ERROR      = "InvalidParameterError"
	UNAUTHORIZED_RESOURCES_ERROR = "UnauthorizedResourcesError"

	// User API error codes
	USER_BY_EXTERNAL_ID_NOT_FOUND = "UserWithExternalIDNotFound"
	USER_ALREADY_EXIST            = "UserAlreadyExist"

	// Group API error codes
	GROUP_BY_ORG_AND_NAME_NOT_FOUND = "GroupWithOrgAndNameNotFound"
	GROUP_ALREADY_EXIST             = "GroupAlreadyExist"

	// GroupMembers error codes
	USER_IS_ALREADY_A_MEMBER_OF_GROUP = "UserIsAlreadyAMemberOfGroup"
	USER_IS_NOT_A_MEMBER_OF_GROUP     = "UserIsNotAMemberOfGroup"

	// GroupPolicies error codes
	POLICY_IS_ALREADY_ATTACHED_TO_GROUP = "PolicyIsAlreadyAttachedToGroup"
	POLICY_IS_NOT_ATTACHED_TO_GROUP     = "PolicyIsNotAttachedToGroup"

	// Policy API error codes
	POLICY_ALREADY_EXIST             = "PolicyAlreadyExist"
	POLICY_BY_ORG_AND_NAME_NOT_FOUND = "PolicyWithOrgAndNameNotFound"

	// Regex error
	REGEX_NO_MATCH = "RegexNoMatch"
)
View Source 
const (
	// Resource types
	RESOURCE_GROUP  = "group"
	RESOURCE_USER   = "user"
	RESOURCE_POLICY = "policy"

	// Constraints
	MAX_EXTERNAL_ID_LENGTH = 128
	MAX_NAME_LENGTH        = 128
	MAX_ACTION_LENGTH      = 128
	MAX_PATH_LENGTH        = 512
	MAX_LIMIT_SIZE         = 1000
	DEFAULT_LIMIT_SIZE     = 20

	// User actions
	USER_ACTION_CREATE_USER          = "iam:CreateUser"
	USER_ACTION_DELETE_USER          = "iam:DeleteUser"
	USER_ACTION_GET_USER             = "iam:GetUser"
	USER_ACTION_LIST_USERS           = "iam:ListUsers"
	USER_ACTION_UPDATE_USER          = "iam:UpdateUser"
	USER_ACTION_LIST_GROUPS_FOR_USER = "iam:ListGroupsForUser"

	// Group actions
	GROUP_ACTION_CREATE_GROUP                 = "iam:CreateGroup"
	GROUP_ACTION_DELETE_GROUP                 = "iam:DeleteGroup"
	GROUP_ACTION_GET_GROUP                    = "iam:GetGroup"
	GROUP_ACTION_LIST_GROUPS                  = "iam:ListGroups"
	GROUP_ACTION_UPDATE_GROUP                 = "iam:UpdateGroup"
	GROUP_ACTION_LIST_MEMBERS                 = "iam:ListMembers"
	GROUP_ACTION_ADD_MEMBER                   = "iam:AddMember"
	GROUP_ACTION_REMOVE_MEMBER                = "iam:RemoveMember"
	GROUP_ACTION_ATTACH_GROUP_POLICY          = "iam:AttachGroupPolicy"
	GROUP_ACTION_DETACH_GROUP_POLICY          = "iam:DetachGroupPolicy"
	GROUP_ACTION_LIST_ATTACHED_GROUP_POLICIES = "iam:ListAttachedGroupPolicies"

	// Policy actions
	POLICY_ACTION_CREATE_POLICY        = "iam:CreatePolicy"
	POLICY_ACTION_DELETE_POLICY        = "iam:DeletePolicy"
	POLICY_ACTION_UPDATE_POLICY        = "iam:UpdatePolicy"
	POLICY_ACTION_GET_POLICY           = "iam:GetPolicy"
	POLICY_ACTION_LIST_ATTACHED_GROUPS = "iam:ListAttachedGroups"
	POLICY_ACTION_LIST_POLICIES        = "iam:ListPolicies"
)

Variables

This section is empty.

Functions

func AreValidActions 

func AreValidActions(actions []string) error

func AreValidResources 

func AreValidResources(resources []string) error

func AreValidStatements 

func AreValidStatements(statements *[]Statement) error

func CreateUrn 

func CreateUrn(org string, resource string, path string, name string) string

func GetUrnPrefix 

func GetUrnPrefix(org string, resource string, path string) string

func IsValidEffect 

func IsValidEffect(effect string) error

func IsValidName 

func IsValidName(name string) bool

this func validates group and policy names

func IsValidOrg 

func IsValidOrg(org string) bool

func IsValidPath 

func IsValidPath(path string) bool

func IsValidUserExternalID 

func IsValidUserExternalID(externalID string) bool

func LogErrorMessage 

func LogErrorMessage(logger *logrus.Logger, requestInfo RequestInfo, err *Error)

func LogOperation 

func LogOperation(logger *logrus.Logger, requestInfo RequestInfo, message string)

Types

type AuthAPI 

type AuthAPI struct {
	UserRepo   UserRepo
	GroupRepo  GroupRepo
	PolicyRepo PolicyRepo
	Logger     *log.Logger
}

Foulkon API that implements API interfaces using repositories

func (AuthAPI) AddGroup 

func (api AuthAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error)

func (AuthAPI) AddMember 

func (api AuthAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error

func (AuthAPI) AddPolicy 

func (api AuthAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error)

func (AuthAPI) AddUser 

func (api AuthAPI) AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error)

func (AuthAPI) AttachPolicyToGroup 

func (api AuthAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error

func (AuthAPI) DetachPolicyToGroup 

func (api AuthAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error

func (AuthAPI) GetAuthorizedExternalResources 

func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)

GetAuthorizedExternalResources returns the resources where the specified user has the action granted

func (AuthAPI) GetAuthorizedGroups 

func (api AuthAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)

GetAuthorizedGroups returns authorized users for specified user combined with resource+action

func (AuthAPI) GetAuthorizedPolicies 

func (api AuthAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)

GetAuthorizedPolicies returns authorized policies for specified user combined with resource+action

func (AuthAPI) GetAuthorizedUsers 

func (api AuthAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)

GetAuthorizedUsers returns authorized users for specified resource+action

func (AuthAPI) GetGroupByName 

func (api AuthAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error)

func (AuthAPI) GetPolicyByName 

func (api AuthAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error)

func (AuthAPI) GetUserByExternalID 

func (api AuthAPI) GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)

func (AuthAPI) ListAttachedGroupPolicies 

func (api AuthAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, org string, name string, filter *Filter) ([]string, int, error)

func (AuthAPI) ListAttachedGroups 

func (api AuthAPI) ListAttachedGroups(requestInfo RequestInfo, org string, name string, filter *Filter) ([]string, int, error)

func (AuthAPI) ListGroups 

func (api AuthAPI) ListGroups(requestInfo RequestInfo, org string, filter *Filter) ([]GroupIdentity, int, error)

func (AuthAPI) ListGroupsByUser 

func (api AuthAPI) ListGroupsByUser(requestInfo RequestInfo, externalId string, filter *Filter) ([]GroupIdentity, int, error)

func (AuthAPI) ListMembers 

func (api AuthAPI) ListMembers(requestInfo RequestInfo, org string, name string, filter *Filter) ([]string, int, error)

func (AuthAPI) ListPolicies 

func (api AuthAPI) ListPolicies(requestInfo RequestInfo, org string, filter *Filter) ([]PolicyIdentity, int, error)

func (AuthAPI) ListUsers 

func (api AuthAPI) ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

func (AuthAPI) RemoveGroup 

func (api AuthAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error

func (AuthAPI) RemoveMember 

func (api AuthAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error

func (AuthAPI) RemovePolicy 

func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error

func (AuthAPI) RemoveUser 

func (api AuthAPI) RemoveUser(requestInfo RequestInfo, externalId string) error

func (AuthAPI) UpdateGroup 

func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error)

func (AuthAPI) UpdatePolicy 

func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
	newStatements []Statement) (*Policy, error)

func (AuthAPI) UpdateUser 

func (api AuthAPI) UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error)

type AuthzAPI 

type AuthzAPI interface {
	// Retrieve list of authorized user resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)

	// Retrieve list of authorized group resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)

	// Retrieve list of authorized policies resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)

	// Retrieve list of authorized external resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
}

type EffectRestriction 

type EffectRestriction struct {
	Effect       string        `json:"effect, omitempty"`
	Restrictions *Restrictions `json:"restrictions, omitempty"`
}

type Error 

type Error struct {
	Code    string `json:"code, omitempty"`
	Message string `json:"message, omitempty"`
}

func (Error) Error 

func (e Error) Error() string

type ExternalResource 

type ExternalResource struct {
	Urn string `json:"urn, omitempty"`
}

func (ExternalResource) GetUrn 

func (e ExternalResource) GetUrn() string

type Filter 

type Filter struct {
	PathPrefix string
	// Pagination
	Offset int
	Limit  int
}

Filter properties for database search

type Group 

type Group struct {
	ID       string    `json:"id, omitempty"`
	Name     string    `json:"name, omitempty"`
	Path     string    `json:"path, omitempty"`
	Org      string    `json:"org, omitempty"`
	Urn      string    `json:"urn, omitempty"`
	CreateAt time.Time `json:"createAt, omitempty"`
}

Group domain

func (Group) GetUrn 

func (g Group) GetUrn() string

func (Group) String 

func (g Group) String() string

type GroupAPI 

type GroupAPI interface {
	// Store group in database. Throw error when the input parameters are invalid,
	// the group already exist or unexpected error happen.
	AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error)

	// Retrieve group from database. Throw error when the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error)

	// Retrieve group identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional.
	// Throw error if the input parameters are invalid or unexpected error happen.
	ListGroups(requestInfo RequestInfo, org string, filter *Filter) ([]GroupIdentity, int, error)

	// Update group stored in database with new name and pathPrefix.
	// Throw error if the input parameters are invalid, group to update doesn't exist,
	// target group already exist or unexpected error happen.
	UpdateGroup(requestInfo RequestInfo, org string, groupName string, newName string, newPath string) (*Group, error)

	// Remove group stored in database with its user and policy relationships.
	// Throw error if the input parameters are invalid, the group doesn't exist or unexpected error happen.
	RemoveGroup(requestInfo RequestInfo, org string, name string) error

	// Add new member to group. Throw error if the input parameters are invalid, user doesn't exist,
	// group doesn't exist, user is already a member of the group or unexpected error happen.
	AddMember(requestInfo RequestInfo, externalId string, groupName string, org string) error

	// Remove member from group. Throw error if the input parameters are invalid, user doesn't exist,
	// group doesn't exist, user isn't a member of the group or unexpected error happen.
	RemoveMember(requestInfo RequestInfo, externalId string, groupName string, org string) error

	// List user identifiers that belong to the group. Throw error if the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	ListMembers(requestInfo RequestInfo, org string, groupName string, filter *Filter) ([]string, int, error)

	// Attach policy to group. Throw error if the input parameters are invalid, policy doesn't exist,
	// group doesn't exist, policy is already attached to the group or unexpected error happen.
	AttachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error

	// Detach policy from group. Throw error if the input parameters are invalid, policy doesn't exist,
	// group doesn't exist, policy isn't attached to the group or unexpected error happen.
	DetachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error

	// Retrieve name of policies that are attached to the group. Throw error if the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	ListAttachedGroupPolicies(requestInfo RequestInfo, org string, groupName string, filter *Filter) ([]string, int, error)
}

type GroupIdentity 

type GroupIdentity struct {
	Org  string `json:"org, omitempty"`
	Name string `json:"name, omitempty"`
}

Group identifier to retrieve them from DB

type GroupMembers 

type GroupMembers struct {
	Users []User `json:"users, omitempty"`
}

type GroupRepo 

type GroupRepo interface {
	// Store group in database if there aren't errors.
	AddGroup(group Group) (*Group, error)

	// Retrieve group from database if it exists. Otherwise it throws an error.
	GetGroupByName(org string, name string) (*Group, error)

	// Retrieve groups from database filtered by org and pathPrefix optional parameters. Throw error
	// if there are problems with database.
	GetGroupsFiltered(org string, filter *Filter) ([]Group, int, error)

	// Update group stored in database with new name and pathPrefix.
	// Throw error if there are problems with database.
	UpdateGroup(group Group, newName string, newPath string, newUrn string) (*Group, error)

	// Remove group stored in database with its user and policy relationships.
	// Throw error if there are problems during transactions.
	RemoveGroup(groupID string) error

	// Add new member to group. It doesn't check restrictions about existence of group or user. It throws
	// errors if there are problems with database.
	AddMember(userID string, groupID string) error

	// Remove member from group. It doesn't check restrictions about existence of group or user. It throws
	// errors if there are problems with database.
	RemoveMember(userID string, groupID string) error

	// Check if user is member of group. It returns true if at least one relation exists. It throws
	// errors if there are problems with database.
	IsMemberOfGroup(userID string, groupID string) (bool, error)

	// Retrieve users that belong to the group. Throw error if there are problems with database.
	GetGroupMembers(groupID string, filter *Filter) ([]User, int, error)

	// Attach policy to group. It doesn't check restrictions about existence of group or policy. It throws
	// errors if there are problems with database.
	AttachPolicy(groupID string, policyID string) error

	// Detach policy from group. It doesn't check restrictions about existence of group or policy. It throws
	// errors if there are problems with database.
	DetachPolicy(groupID string, policyID string) error

	// Check if policy is attached to group. It returns true if at least one relation exists. It throws
	// errors if there are problems with database.
	IsAttachedToGroup(groupID string, policyID string) (bool, error)

	// Retrieve policies that are attached to the group. Throw error if there are problems with database.
	GetAttachedPolicies(groupID string, filter *Filter) ([]Policy, int, error)
}

GroupRepo contains all database operations

type Policy 

type Policy struct {
	ID         string       `json:"id, omitempty"`
	Name       string       `json:"name, omitempty"`
	Path       string       `json:"path, omitempty"`
	Org        string       `json:"org, omitempty"`
	Urn        string       `json:"urn, omitempty"`
	CreateAt   time.Time    `json:"createAt, omitempty"`
	Statements *[]Statement `json:"statements, omitempty"`
}

Policy domain

func (Policy) GetUrn 

func (p Policy) GetUrn() string

func (Policy) String 

func (p Policy) String() string

type PolicyAPI 

type PolicyAPI interface {
	// Store policy in database. Throw error when the input parameters are invalid,
	// the policy already exist or unexpected error happen.
	AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error)

	// Retrieve policy from database. Throw error when the input parameters are invalid,
	// policy doesn't exist or unexpected error happen.
	GetPolicyByName(requestInfo RequestInfo, org string, name string) (*Policy, error)

	// Retrieve policy identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional.
	// Throw error if the input parameters are invalid or unexpected error happen.
	ListPolicies(requestInfo RequestInfo, org string, filter *Filter) ([]PolicyIdentity, int, error)

	// Update policy stored in database with new name, new pathPrefix and new statements.
	// It overrides older statements. Throw error if the input parameters are invalid,
	// policy to update doesn't exist, target policy already exist or unexpected error happen.
	UpdatePolicy(requestInfo RequestInfo, org string, name string, newName string, newPath string,
		newStatements []Statement) (*Policy, error)

	// Remove policy stored in database with its groups relationships.
	// Throw error if the input parameters are invalid, the policy doesn't exist or unexpected error happen.
	RemovePolicy(requestInfo RequestInfo, org string, name string) error

	// Retrieve name of groups that are attached to the policy. Throw error if the input parameters are invalid,
	// policy doesn't exist or unexpected error happen.
	ListAttachedGroups(requestInfo RequestInfo, org string, name string, filter *Filter) ([]string, int, error)
}

type PolicyIdentity 

type PolicyIdentity struct {
	Org  string `json:"org, omitempty"`
	Name string `json:"name, omitempty"`
}

Policy identifier to retrieve them from DB

type PolicyRepo 

type PolicyRepo interface {
	// Store policy in database if there aren't errors.
	AddPolicy(policy Policy) (*Policy, error)

	// Retrieve policy from database if it exists. Otherwise it throws an error.
	GetPolicyByName(org string, name string) (*Policy, error)

	// Retrieve policies from database filtered by org and pathPrefix optional parameters. Throw error
	// if there are problems with database.
	GetPoliciesFiltered(org string, filter *Filter) ([]Policy, int, error)

	// Update policy stored in database with new name and pathPrefix. Also it overrides statements.
	// Throw error if there are problems with database.
	UpdatePolicy(policy Policy, newName string, newPath string, newUrn string, newStatements []Statement) (*Policy, error)

	// Remove policy stored in database with its groups relationships.
	// Throw error if there are problems during transactions.
	RemovePolicy(id string) error

	// Retrieve groups that are attached to the policy. Throw error if there are problems with database.
	GetAttachedGroups(policyID string, filter *Filter) ([]Group, int, error)
}

PolicyRepo contains all database operations

type RequestInfo 

type RequestInfo struct {
	Identifier string
	Admin      bool
	RequestID  string
}

type Resource 

type Resource interface {
	// This method must return resource URN
	GetUrn() string
}

Interface that all resource types have to implement

type Restrictions 

type Restrictions struct {
	AllowedUrnPrefixes []string `json:"allowedUrnPrefixes, omitempty"`
	AllowedFullUrns    []string `json:"allowedFullUrns, omitempty"`
	DeniedUrnPrefixes  []string `json:"deniedUrnPrefixes, omitempty"`
	DeniedFullUrns     []string `json:"deniedFullUrns, omitempty"`
}

type Statement 

type Statement struct {
	Effect    string   `json:"effect, omitempty"`
	Actions   []string `json:"actions, omitempty"`
	Resources []string `json:"resources, omitempty"`
}

func (Statement) String 

func (s Statement) String() string

type User 

type User struct {
	ID         string    `json:"id, omitempty"`
	ExternalID string    `json:"externalId, omitempty"`
	Path       string    `json:"path, omitempty"`
	Urn        string    `json:"urn, omitempty"`
	CreateAt   time.Time `json:"createAt, omitempty"`
}

User domain

func (User) GetUrn 

func (u User) GetUrn() string

func (User) String 

func (u User) String() string

type UserAPI 

type UserAPI interface {
	// Store user in database. Throw error when parameters are invalid,
	// user already exists or unexpected error happen.
	AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error)

	// Retrieve user from database. Throw error when parameter is invalid,
	// user doesn't exist or unexpected error happen.
	GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)

	// Retrieve user identifiers from database filtered by pathPrefix (optional parameter). Throw error
	// if pathPrefix is invalid or unexpected error happen.
	ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

	// Update user stored in database with new pathPrefix. Throw error if the input parameters
	// are invalid, user doesn't exist or unexpected error happen.
	UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error)

	// Remove user stored in database with its group relationships.
	// Throw error if externalId parameter is invalid, user doesn't exist or unexpected error happen.
	RemoveUser(requestInfo RequestInfo, externalId string) error

	// Retrieve groups that belongs to the user. Throw error if externalId parameter is invalid, user
	// doesn't exist or unexpected error happen.
	ListGroupsByUser(requestInfo RequestInfo, externalId string, filter *Filter) ([]GroupIdentity, int, error)
}

type UserRepo 

type UserRepo interface {
	// Store user in database if there aren't errors.
	AddUser(user User) (*User, error)

	// Retrieve user from database if it exists. Otherwise it throws an error.
	GetUserByExternalID(id string) (*User, error)

	// Retrieve user list from database filtered by pathPrefix optional parameter. Throw error
	// if there are problems with database.
	GetUsersFiltered(filter *Filter) ([]User, int, error)

	// Update user stored in database with new pathPrefix. Throw error if the database restrictions
	// are not satisfied or unexpected error happen.
	UpdateUser(user User, newPath string, newUrn string) (*User, error)

	// Remove user stored in database with its group relationships.
	// Throw error if there are problems during transactions.
	RemoveUser(id string) error

	// Retrieve groups that belong to the user. Throw error
	// if there are problems with database.
	GetGroupsByUserID(id string, filter *Filter) ([]Group, int, error)
}

UserRepo contains all database operations

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.