Documentation ¶
Index ¶
Constants ¶
const ( // Users is the name of the user keyspace Users = "users" // Namespaces is the name of the namespace keyspace Namespaces = "namespaces" )
const SaltSize = 16
SaltSize is the size of the salt for encrypting passwords
Variables ¶
var ( // ErrUserDoesNotExist signifies that a user does not exist ErrUserDoesNotExist = fmt.Errorf("user does not exist") // ErrInvalidCertificate is returned when the certificate can't be decoded ErrInvalidCertificate = fmt.Errorf("unable to load certificate") // ErrFailedKeyConvertion means that the public key could not be converted to an SSH key ErrFailedKeyConvertion = fmt.Errorf("error converting public key to SSH key format") )
var ( // ErrNamespaceDoesNotExist is returned if a namespace does not exist when an operation is attempted to be performed on it ErrNamespaceDoesNotExist = fmt.Errorf("namespace does not exist") )
Functions ¶
func GenerateSalt ¶
GenerateSalt creates a new salt and encodes the given password. It returns the new salt, the ecrypted password and a possible error
func SecureCompare ¶
SecureCompare compares salted passwords in constant time http://stackoverflow.com/questions/20663468/secure-compare-of-strings-in-go
Types ¶
type BoltSystemStore ¶
type BoltSystemStore struct {
// contains filtered or unexported fields
}
BoltSystemStore implements the System interface on top of a boltdb connection
func (BoltSystemStore) Close ¶
func (s BoltSystemStore) Close()
Close closes the database connection
func (BoltSystemStore) Namespaces ¶
func (s BoltSystemStore) Namespaces() (NamespaceStore, error)
Namespaces returns a NamespaceStore
func (BoltSystemStore) Users ¶
func (s BoltSystemStore) Users() (UserStore, error)
Users returns a UserStore
type Namespace ¶
type Namespace interface { // AddRole adds a new role to the namespace AddRole(name string) error // RemoveRole deletes a roel from the namespace RemoveRole(name string) error // Roles returns a list of roles for user permissions Roles() []string // GrantPermissions appends permissions for the given role GrantPermissions(role string, permissions ...string) error // RevokePermission removes a permission from the given role RevokePermission(role string, permission string) error // HasPermission detmines if the given role has a certain permission HasPermission(role string, permission string) bool // AddUser registers a user with the namespace AddUser(username string) error // RemoveUser unregisters a user with the namespace RemoveUser(username string) error // HasAccess determines if the namespace grants access to the given user HasAccess(username string) bool // Users returns a list of authorized users Users() []string // CreateChild makes a new child namespace with the same users and roles CreateChild(child string) (Namespace, error) }
Namespace represents a namespace in the database. Each Namespace has users, logs and views.
type NamespaceStore ¶
type NamespaceStore interface { // Get returns a Namespace by name Get(name string) (Namespace, error) // Create inserts a new namespace Create(name string) (Namespace, error) // Delete removes a namespace Delete(name string) error // Stream returns a channel of namespaces Stream() chan string }
NamespaceStore contains namespace information
func NewBoltNamespaceStore ¶
func NewBoltNamespaceStore(ks leaf.Keyspace) NamespaceStore
NewBoltNamespaceStore creates a new NamespaceStore using the given keyspace
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey wraps an ssh.PublicKey byte array and simply provides methods for validation.
func (*PublicKey) Fingerprint ¶
Fingerprint provides a string hash representing a PublicKey
type PublicKeyRing ¶
type PublicKeyRing interface { // AddPublicKey simply adds a public key to the user's key ring AddPublicKey(pemBytes []byte) (string, error) // RemovePublicKey will remove a public key from a user's key ring RemovePublicKey(fingerprint string) error // ListPublicKey returns all of a user's public keys ListPublicKeys() []PublicKey // Contains determines if a key exists in the ring. The provided bytes should be the output of ssh.PublicKey.Marshal. Contains(key []byte) bool }
PublicKeyRing provides an interface for interacting with a user's public keys
type System ¶
type System interface { Users() (UserStore, error) Namespaces() (NamespaceStore, error) Close() }
System provides an interface for accessing information about the database.
type User ¶
type User interface { // Username returns the user alias Username() string // IsAdmin returns whether the user has admin priviliges IsAdmin() bool // ValidatePassword determines the validity of a password. ValidatePassword(password string) bool // UpdatePassword updates a user's password. This password is only used to log into the web ui. UpdatePassword(password string) error // KeyRing returns a PublicKeyRing containing all of a user's public keys KeyRing() PublicKeyRing // Namespaces returns a list of namespaces for which the user has access Namespaces() []string // Roles returns the user's roles for the given namespace Roles(namespace string) []string // AddRole appends a role to namespace AddRole(namespace, role string) error // RemoveRole removed a role for a namespace RemoveRole(namespace, role string) error }
User represents a database user
type UserStore ¶
type UserStore interface { // Get returns a User by username Get(username string) (User, error) // Create inserts a new user Create(username string) (User, error) // Delete removes a user account from a namespace Delete(username string) error }
UserStore stores all user information
func NewBoltUserStore ¶
NewBoltUserStore returns a UserStore backed by boltdb. If the user keyspace does not already exist, it will be created.