datamodel

package
v0.0.0-...-49e565d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2015 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// Users is the name of the user keyspace
	Users = "users"

	// Namespaces is the name of the namespace keyspace
	Namespaces = "namespaces"
)
View Source
const SaltSize = 16

SaltSize is the size of the salt for encrypting passwords

Variables

View Source
var (

	// ErrUserDoesNotExist signifies that a user does not exist
	ErrUserDoesNotExist = fmt.Errorf("user does not exist")

	// ErrInvalidCertificate is returned when the certificate can't be decoded
	ErrInvalidCertificate = fmt.Errorf("unable to load certificate")

	// ErrFailedKeyConvertion means that the public key could not be converted to an SSH key
	ErrFailedKeyConvertion = fmt.Errorf("error converting public key to SSH key format")
)
View Source
var (

	// ErrNamespaceDoesNotExist is returned if a namespace does not exist when an operation is attempted to be performed on it
	ErrNamespaceDoesNotExist = fmt.Errorf("namespace does not exist")
)

Functions

func GenerateSalt

func GenerateSalt(secret []byte) ([]byte, []byte, error)

GenerateSalt creates a new salt and encodes the given password. It returns the new salt, the ecrypted password and a possible error

func SecureCompare

func SecureCompare(given, actual []byte) bool

SecureCompare compares salted passwords in constant time http://stackoverflow.com/questions/20663468/secure-compare-of-strings-in-go

Types

type BoltSystemStore

type BoltSystemStore struct {
	// contains filtered or unexported fields
}

BoltSystemStore implements the System interface on top of a boltdb connection

func (BoltSystemStore) Close

func (s BoltSystemStore) Close()

Close closes the database connection

func (BoltSystemStore) Namespaces

func (s BoltSystemStore) Namespaces() (NamespaceStore, error)

Namespaces returns a NamespaceStore

func (BoltSystemStore) Users

func (s BoltSystemStore) Users() (UserStore, error)

Users returns a UserStore

type Namespace

type Namespace interface {

	// AddRole adds a new role to the namespace
	AddRole(name string) error

	// RemoveRole deletes a roel from the namespace
	RemoveRole(name string) error

	// Roles returns a list of roles for user permissions
	Roles() []string

	// GrantPermissions appends permissions for the given role
	GrantPermissions(role string, permissions ...string) error

	// RevokePermission removes a permission from the given role
	RevokePermission(role string, permission string) error

	// HasPermission detmines if the given role has a certain permission
	HasPermission(role string, permission string) bool

	// AddUser registers a user with the namespace
	AddUser(username string) error

	// RemoveUser unregisters a user with the namespace
	RemoveUser(username string) error

	// HasAccess determines if the namespace grants access to the given user
	HasAccess(username string) bool

	// Users returns a list of authorized users
	Users() []string

	// CreateChild makes a new child namespace with the same users and roles
	CreateChild(child string) (Namespace, error)
}

Namespace represents a namespace in the database. Each Namespace has users, logs and views.

type NamespaceStore

type NamespaceStore interface {

	// Get returns a Namespace by name
	Get(name string) (Namespace, error)

	// Create inserts a new namespace
	Create(name string) (Namespace, error)

	// Delete removes a namespace
	Delete(name string) error

	// Stream returns a channel of namespaces
	Stream() chan string
}

NamespaceStore contains namespace information

func NewBoltNamespaceStore

func NewBoltNamespaceStore(ks leaf.Keyspace) NamespaceStore

NewBoltNamespaceStore creates a new NamespaceStore using the given keyspace

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey wraps an ssh.PublicKey byte array and simply provides methods for validation.

func (*PublicKey) Equals

func (p *PublicKey) Equals(key []byte) bool

Equals determines the equivalence of two PublicKeys

func (*PublicKey) Fingerprint

func (p *PublicKey) Fingerprint() string

Fingerprint provides a string hash representing a PublicKey

type PublicKeyRing

type PublicKeyRing interface {

	// AddPublicKey simply adds a public key to the user's key ring
	AddPublicKey(pemBytes []byte) (string, error)

	// RemovePublicKey will remove a public key from a user's key ring
	RemovePublicKey(fingerprint string) error

	// ListPublicKey returns all of a user's public keys
	ListPublicKeys() []PublicKey

	// Contains determines if a key exists in the ring. The provided bytes should be the output of ssh.PublicKey.Marshal.
	Contains(key []byte) bool
}

PublicKeyRing provides an interface for interacting with a user's public keys

type System

type System interface {
	Users() (UserStore, error)
	Namespaces() (NamespaceStore, error)

	Close()
}

System provides an interface for accessing information about the database.

func NewSystem

func NewSystem(filename string) (System, error)

NewSystem creates a database connection to access system metadata

type User

type User interface {

	// Username returns the user alias
	Username() string

	// IsAdmin returns whether the user has admin priviliges
	IsAdmin() bool

	// ValidatePassword determines the validity of a password.
	ValidatePassword(password string) bool

	// UpdatePassword updates a user's password. This password is only used to log into the web ui.
	UpdatePassword(password string) error

	// KeyRing returns a PublicKeyRing containing all of a user's public keys
	KeyRing() PublicKeyRing

	// Namespaces returns a list of namespaces for which the user has access
	Namespaces() []string

	// Roles returns the user's roles for the given namespace
	Roles(namespace string) []string

	// AddRole appends a role to namespace
	AddRole(namespace, role string) error

	// RemoveRole removed a role for a namespace
	RemoveRole(namespace, role string) error
}

User represents a database user

type UserStore

type UserStore interface {

	// Get returns a User by username
	Get(username string) (User, error)

	// Create inserts a new user
	Create(username string) (User, error)

	// Delete removes a user account from a namespace
	Delete(username string) error
}

UserStore stores all user information

func NewBoltUserStore

func NewBoltUserStore(ks leaf.Keyspace) UserStore

NewBoltUserStore returns a UserStore backed by boltdb. If the user keyspace does not already exist, it will be created.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL