Documentation
¶
Index ¶
- func AuthenticationMethodFromIdentityType(identityType string) (string, error)
- func IsFineGrainedIdentityType(identityType string) bool
- func IsRestrictedIdentityType(identityType string) (bool, error)
- func ValidateAuthenticationMethod(authenticationMethod string) error
- type Cache
- func (c *Cache) Get(authenticationMethod string, identifier string) (*CacheEntry, error)
- func (c *Cache) GetByAuthenticationMethod(authenticationMethod string) map[string]CacheEntry
- func (c *Cache) GetByOIDCSubject(subject string) (*CacheEntry, error)
- func (c *Cache) GetByType(identityType string) map[string]CacheEntry
- func (c *Cache) GetIdentityProviderGroupMapping(idpGroup string) ([]string, error)
- func (c *Cache) ReplaceAll(entries []CacheEntry, idpGroups map[string][]string) error
- func (c *Cache) X509Certificates(identityTypes ...string) map[string]x509.Certificate
- type CacheEntry
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticationMethodFromIdentityType ¶
AuthenticationMethodFromIdentityType returns the authentication method corresponding to the given identity type. All identity types must correspond to an authentication method. An error is returned if the identity type is not recognised.
func IsFineGrainedIdentityType ¶
IsFineGrainedIdentityType returns true if permissions of the identity type are managed via group membership.
func IsRestrictedIdentityType ¶
IsRestrictedIdentityType returns whether the given identity is restricted or not. Identity types that are not restricted have full access to LXD. An error is returned if the identity type is not recognised.
func ValidateAuthenticationMethod ¶
ValidateAuthenticationMethod returns an api.StatusError with http.StatusBadRequest if the given authentication method is not recognised.
Types ¶
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache represents a thread-safe in-memory cache of the identities in the database.
func (*Cache) Get ¶
func (c *Cache) Get(authenticationMethod string, identifier string) (*CacheEntry, error)
Get returns a single CacheEntry by its authentication method and identifier.
func (*Cache) GetByAuthenticationMethod ¶
func (c *Cache) GetByAuthenticationMethod(authenticationMethod string) map[string]CacheEntry
GetByAuthenticationMethod returns a map of identifier to CacheEntry, where all entries have the given authentication method.
func (*Cache) GetByOIDCSubject ¶
func (c *Cache) GetByOIDCSubject(subject string) (*CacheEntry, error)
GetByOIDCSubject returns a CacheEntry with the given subject or returns an api.StatusError with http.StatusNotFound.
func (*Cache) GetByType ¶
func (c *Cache) GetByType(identityType string) map[string]CacheEntry
GetByType returns a map of identifier to CacheEntry, where all entries have the given identity type.
func (*Cache) GetIdentityProviderGroupMapping ¶
GetIdentityProviderGroupMapping returns the auth groups that the given identity provider group maps to or an api.StatusError with http.StatusNotFound.
func (*Cache) ReplaceAll ¶
func (c *Cache) ReplaceAll(entries []CacheEntry, idpGroups map[string][]string) error
ReplaceAll deletes all entries and identity provider groups from the cache and replaces them with the given values.
func (*Cache) X509Certificates ¶
func (c *Cache) X509Certificates(identityTypes ...string) map[string]x509.Certificate
X509Certificates returns a map of certificate fingerprint to the x509 certificates of TLS identities. Identity types can be passed in to filter the results. If no identity types are given, all certificates are returned.
type CacheEntry ¶
type CacheEntry struct {
Identifier string
Name string
AuthenticationMethod string
IdentityType string
Projects []string
Groups []string
// Certificate is optional. It is pre-computed for identities with AuthenticationMethod api.AuthenticationMethodTLS.
Certificate *x509.Certificate
// Subject is optional. It is only set when AuthenticationMethod is api.AuthenticationMethodOIDC.
Subject string
}
CacheEntry represents an identity.
Source Files