access

package
v0.0.0-...-3db709f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// GitlabKeyNamespace is the key namespace used in a user's "extra"
	// to represent the various Gitlab specific account attributes
	GitlabKeyNamespace = "gitlab-authn.kubernetes.io/"
	// GitlabAttributesKey is the key used in a user's "extra" to specify
	// the Gitlab specific account attributes
	GitlabAttributesKey = GitlabKeyNamespace + "user-attributes"
	// GitlabGroup is the group prefix for groups based on user attributes
	GitlabGroup = "gitlab"
)
View Source 
const (
	// Attribute2fa is the extra value added to authentication objects
	// when the user has 2FA enabled
	Attribute2fa = "2fa"
	// AttributeBot is the extra value added to authentication objects
	// when the user is a robot account
	AttributeBot = "bot"
	// AttributeAdmin is the extra value added to authentication objects
	// when the user is an administrator
	AttributeAdmin = "admin"
	// AttributeAuditor is the extra value added to authentication objects
	// when the user is an auditor
	AttributeAuditor = "auditor"
	// AttributeExternal is the extra value added to authentication objects
	// when the user is marked as external
	AttributeExternal = "external"
	// AttributePrivate is the extra value added to authentication objects
	// when the user account has the private flag set
	AttributePrivate = "private"
	// AttributeLocked is the extra value added to authentication objects
	// when the user account has been locked
	AttributeLocked = "locked"
	// AttributePristine is the extra value added to authentication objects
	// when the user has not yet confirmed their account
	AttributePristine = "pristine"
	// AttributeDormant is the extra value added to authentication objects
	// when the user has not shown any activity for an extended period of time
	AttributeDormant = "dormant"
)
View Source 
const (
	// Group2fa is the pseudo group added to authentication objects
	// when the user has 2FA enabled
	Group2fa = GitlabGroup + ":" + Attribute2fa
	// GroupBot is the pseudo group added to authentication objects
	// when the user is a robot account
	GroupBot = GitlabGroup + ":" + AttributeBot
	// GroupAdmin is the pseudo group added to authentication objects
	// when the user is an administrator
	GroupAdmin = GitlabGroup + ":" + AttributeAdmin
	// GroupAuditor is the pseudo group added to authentication objects
	// when the user is an auditor
	GroupAuditor = GitlabGroup + ":" + AttributeAuditor
	// GroupExternal is the pseudo group added to authentication objects
	// when the user is marked as external
	GroupExternal = GitlabGroup + ":" + AttributeExternal
	// GroupPrivate is the pseudo group added to authentication objects
	// when the user account has the private flag set
	GroupPrivate = GitlabGroup + ":" + AttributePrivate
	// GroupLocked is the pseudo group added to authentication objects
	// when the user account has been locked
	GroupLocked = GitlabGroup + ":" + AttributeLocked
	// GroupPristine is the pseudo group added to authentication objects
	// when the user has not yet confirmed their account
	GroupPristine = GitlabGroup + ":" + AttributePristine
	// GroupDormant is the extra value added to authentication objects
	// when the user has not shown any activity for an extended period of time
	GroupDormant = GitlabGroup + ":" + AttributeDormant
)

Variables

This section is empty.

Functions

func NewRejectBotAuthorizer 

func NewRejectBotAuthorizer() userauthz.Authorizer

NewRejectBotAuthorizer returns an userauthz.Authorizer which rejects users whose extra values contain AttributeBot

func NewRejectDormantAuthorizer 

func NewRejectDormantAuthorizer() userauthz.Authorizer

NewRejectDormantAuthorizer returns an userauthz.Authorizer which rejects users whose extra values contain AttributeDormant

func NewRejectGroupsAuthorizer 

func NewRejectGroupsAuthorizer(groups []string) userauthz.Authorizer

NewRejectGroupsAuthorizer returns an userauthz.Authorizer instance which rejects users with membership of at least on of the given groups.

func NewRejectLockedAuthorizer 

func NewRejectLockedAuthorizer() userauthz.Authorizer

NewRejectLockedAuthorizer returns an userauthz.Authorizer which rejects users whose extra values contain AttributeLocked

func NewRejectPristineAuthorizer 

func NewRejectPristineAuthorizer() userauthz.Authorizer

NewRejectPristineAuthorizer returns an userauthz.Authorizer which rejects users whose extra values contain AttributePristine

func NewRejectUsersAuthorizer 

func NewRejectUsersAuthorizer(users []string) userauthz.Authorizer

NewRejectUsersAuthorizer returns an userauthz.Authorizer instance which rejects a user if named in the given list.

func NewRequire2FAAuthorizer 

func NewRequire2FAAuthorizer() userauthz.Authorizer

NewRequire2FAAuthorizer returns an userauthz.Authorizer which rejects users whose extra values DO NOT contain Attribute2fa

func NewRequireGroupsAuthorizer 

func NewRequireGroupsAuthorizer(groups []string) userauthz.Authorizer

NewRequireGroupsAuthorizer returns an userauthz.Authorizer instance which requires a user to be a member of ALL given groups.

func NewRequireUsersAuthorizer 

func NewRequireUsersAuthorizer(users []string) userauthz.Authorizer

NewRequireUsersAuthorizer returns an userauthz.Authorizer instance which requires a user to be named in the given list.

func UserInfo 

func UserInfo(user *gitlab.User, groups []*gitlab.Group, opts UserInfoOptions) authentication.UserInfo

Types

type UserInfoOptions 

type UserInfoOptions struct {
	AttributesAsGroups bool
	DormantTimeout     time.Duration
	Now                func() time.Time
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.