models

package
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SecretLength = 32
	SaltLength   = 16
)
View Source 
const (
	// AdminRole is the label of the admin role
	AdminRole = Label("admin")

	// UserRole is the label of the global role
	UserRole = Label("user")

	ProjectOwnerRole       = Label("project-owner")
	ProjectContributorRole = Label("project-contributor")
	ProjectReaderRole      = Label("project-reader")
)
View Source 
const MaxPasswordLength = 128

MaxPasswordLength represents the maximum length of a Cape password

View Source 
const MinPasswordLength = 8

MinPasswordLength represents the minimum length of a Cape password

View Source 
const PasswordByteLength = 24

PasswordByteLength represents the number of bytes used to generate a Cape password

Variables

View Source 
var (
	InvalidAlgType          = errors.NewCause(errors.BadRequestCategory, "invalid_alg_type")
	InvalidLabelCause       = errors.NewCause(errors.BadRequestCategory, "invalid_label")
	InvalidNameCause        = errors.NewCause(errors.BadRequestCategory, "invalid_name")
	InvalidURLCause         = errors.NewCause(errors.BadRequestCategory, "invalid_url")
	InvalidEmail            = errors.NewCause(errors.BadRequestCategory, "invalid_email")
	InvalidPasswordCause    = errors.NewCause(errors.BadRequestCategory, "invalid_password")
	InvalidDBURLCause       = errors.NewCause(errors.BadRequestCategory, "invalid_db_url")
	InvalidTargetCause      = errors.NewCause(errors.BadRequestCategory, "invalid_target")
	InvalidPolicySpecCause  = errors.NewCause(errors.BadRequestCategory, "invalid_policy_spec")
	InvalidPolicyCause      = errors.NewCause(errors.BadRequestCategory, "invalid_policy")
	InvalidFieldCause       = errors.NewCause(errors.BadRequestCategory, "invalid_field")
	InvalidConfigCause      = errors.NewCause(errors.BadRequestCategory, "invalid_config")
	InvalidSessionCause     = errors.NewCause(errors.BadRequestCategory, "invalid_session")
	InvalidTokenCause       = errors.NewCause(errors.BadRequestCategory, "invalid_token")
	InvalidCredentialsCause = errors.NewCause(errors.BadRequestCategory, "invalid_credentials")
	InvalidUserCause        = errors.NewCause(errors.BadRequestCategory, "invalid_user")
	SystemErrorCause        = errors.NewCause(errors.InternalServerErrorCategory, "system_error")
	InvalidProjectNameCause = errors.NewCause(errors.BadRequestCategory, "invalid_project_name")
	InvalidRecoveryCause    = errors.NewCause(errors.BadRequestCategory, "invalid_recovery")
)
View Source 
var (
	DefaultPermissions = map[Label]Permission{
		AdminRole:              adminRules,
		UserRole:               userRules,
		ProjectOwnerRole:       projectOwnerRules,
		ProjectContributorRole: projectContributorRules,
		ProjectReaderRole:      projectReaderRules,
	}
)
View Source 
var EmptyPassword = Password("")
View Source 
var OrgRoles = []Label{AdminRole, UserRole}

OrgRoles are roles that can occur outside the scope of a project. There are currently only admin and user roles.

View Source 
var ProjectRoles = []Label{ProjectOwnerRole, ProjectContributorRole, ProjectReaderRole}

ProjectRoles are roles that are only related to projects. Currently there is a project owner, a contributor and a reader.

View Source 
var RecoveryExpiration = 30 * time.Minute

RecoveryExpiration is the amount of time that has passed since a recovery was created before it's no longer valid.

View Source 
var SystemRoles = append(OrgRoles, ProjectRoles...)

SystemRoles are all builtin roles

Functions

func GenerateToken added in v0.0.2 

func GenerateToken(user User) (Password, Token)

GenerateToken returns an instantiated token for use in unit testing.

This function _should only ever_ be used inside of a test.

func GenerateUser 

func GenerateUser(name, email string) (Password, User)

GenerateUser returns an instantiated user for use in unit testing

This function _should only ever_ be used inside of a test.

func NewID 

func NewID() string

func ValidOrgRole 

func ValidOrgRole(role Label) bool

func ValidProjectRole 

func ValidProjectRole(role Label) bool

Types

type Action 

type Action struct {
	Transform Transformation `json:"transform"`
}

type Assignment 

type Assignment struct {
	ID        string    `json:"id"`
	UserID    string    `json:"user_id"`
	RoleID    string    `json:"role_id"`
	ProjectID string    `json:"project_id"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

Assignment represents a policy being applied/attached to a role

func (*Assignment) GetEncryptable 

func (a *Assignment) GetEncryptable() bool

type Collection 

type Collection string

Collection for this target

func (Collection) String 

func (c Collection) String() string

String returns the string form of the collection

type Config 

type Config struct {
	ID        string    `json:"id"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`

	Setup bool `json:"setup"`

	// EncryptionKey is used to encrypt data in the system.
	// Specifically we're using envelope encryption which
	// can be read more about here
	// https://cloud.google.com/kms/docs/envelope-encryption.
	// Here it is encrypted and will be decrypted by the
	// root key.
	EncryptionKey *base64.Value `json:"encryption_key"`

	// AuthKeypair is encrypted using the root key, similar, to how the
	// EncryptionKey is encrypted.
	AuthKeypair *base64.Value `json:"auth_keypair"`
}

func NewConfig 

func NewConfig(encryptionKey *base64.Value, authKeypair *base64.Value) (*Config, error)

NewConfig returns a new Config

func (*Config) Validate 

func (c *Config) Validate() error

type Contributor 

type Contributor struct {
	ID        string    `json:"id"`
	UserID    string    `json:"user_id"`
	ProjectID string    `json:"project_id"`
	Version   uint8     `json:"version"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

type Credentials 

type Credentials struct {
	// Secret is the "scrypt'ed" secret which we store in the database.
	Secret *base64.Value      `json:"secret"`
	Salt   *base64.Value      `json:"salt"`
	Alg    CredentialsAlgType `json:"alg"`
}

func GenerateCredentials added in v0.0.2 

func GenerateCredentials() *Credentials

GenerateCredentials returns an instantiated Credentials for use in unit testing.

This function _should only ever_ be used inside of a test.

type CredentialsAlgType 

type CredentialsAlgType string

CredentialsAlgType enum holding the supported crypto algorithms 

var (
	// UnknownAlg represents the empty state of the CredentialsAlgType
	UnknownAlg CredentialsAlgType = ""

	// EDDSA is used for generating asymmetric keypairs for signing tokens and
	// other items within the cape ecosystem.
	EDDSA CredentialsAlgType = "eddsa"

	// Argon2ID exists for production usage, it's the most recent winner of the
	// Password Hashing Competition and is tuned inside of the auth package.
	Argon2ID CredentialsAlgType = "argon2id"

	// SHA256 only exists for internal testing, it should never be used in any
	// production scenario.
	//
	// SHA256 is used as a password hashing algorithm
	SHA256 CredentialsAlgType = "sha256"
)

func (CredentialsAlgType) MarshalGQL 

func (c CredentialsAlgType) MarshalGQL(w io.Writer)

MarshalGQL marshals a CredentailsAlgType enum to string

func (*CredentialsAlgType) String 

func (c *CredentialsAlgType) String() string

String returns the string represented by the enum value

func (*CredentialsAlgType) UnmarshalGQL 

func (c *CredentialsAlgType) UnmarshalGQL(v interface{}) error

UnmarshalGQL unmarshals a string in the CredentialsAlgType enum

type DBURL added in v0.0.2 

type DBURL struct {
	*url.URL
}

DBURL contains a url for a database

func DBURLFromURL added in v0.0.2 

func DBURLFromURL(u *url.URL) (*DBURL, error)

DBURLFromURL returns a DBURL from a net/url.URL

func NewDBURL added in v0.0.2 

func NewDBURL(in string) (*DBURL, error)

NewDBURL parses the given string and returns a database url.

func (*DBURL) Copy added in v0.0.2 

func (d *DBURL) Copy() (*DBURL, error)

Copy creates a copy of this DBURL

func (DBURL) MarshalGQL added in v0.0.2 

func (d DBURL) MarshalGQL(w io.Writer)

MarshalGQL implements the interface required to unmarshal this type from GraphQL

func (*DBURL) MarshalJSON added in v0.0.2 

func (d *DBURL) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON.Marshaller interface

func (*DBURL) SetPassword added in v0.0.2 

func (d *DBURL) SetPassword(pw string)

SetPassword sets the password

func (*DBURL) ToURL added in v0.0.2 

func (d *DBURL) ToURL() *url.URL

ToURL returns the underlying url.URL

func (*DBURL) UnmarshalGQL added in v0.0.2 

func (d *DBURL) UnmarshalGQL(v interface{}) error

UnmarshalGQL impements the interface required to marshal this type to GraphQL

func (*DBURL) UnmarshalJSON added in v0.0.2 

func (d *DBURL) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the JSON.Unmarshaller interface

func (*DBURL) Validate added in v0.0.2 

func (d *DBURL) Validate() error

Validate returns an error if the uri is not a valid database uri

type Effect 

type Effect string

Effect represents what kind of effect this policy has, e.g. allow or deny 

const (
	Allow Effect = "allow"
	Deny  Effect = "deny"
)

type Email 

type Email string

func (Email) String 

func (e Email) String() string

type EncryptedToken added in v0.0.2 

type EncryptedToken struct {
	*Token
	Credentials *base64.Value `json:"credentials"`
}

type Entity 

type Entity string

Entity for a collection

func (Entity) String 

func (e Entity) String() string

String returns the string form of the entity

type Field 

type Field string

Field represents a column in a database 

const Star Field = "*"

func NewField 

func NewField(in string) (Field, error)

NewField validates and returns a new field

func (Field) String 

func (f Field) String() string

String turns the field into a string

func (Field) Validate 

func (f Field) Validate() error

Validate the field

type Label 

type Label string

func (Label) String 

func (l Label) String() string

type Match 

type Match struct {
	Name string `json:"name"`
}

type Name 

type Name string

func (Name) String 

func (n Name) String() string

type NamedTransformation 

type NamedTransformation struct {
	Name string `json:"name"`
	Type string `json:"type"`
	Args map[string]interface{}
}

func (NamedTransformation) MarshalGQL 

func (n NamedTransformation) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface

func (NamedTransformation) MarshalJSON 

func (n NamedTransformation) MarshalJSON() ([]byte, error)

func (*NamedTransformation) UnmarshalGQL 

func (n *NamedTransformation) UnmarshalGQL(v interface{}) error

UnmarshalGQL implements the graphql.Unmarshaler interfacemin

func (*NamedTransformation) UnmarshalJSON 

func (n *NamedTransformation) UnmarshalJSON(data []byte) error

type Password added in v0.0.2 

type Password string

Password represents a password used by a user to log into a cape account.

func GeneratePassword added in v0.0.2 

func GeneratePassword() Password

GeneratePassword returns a new password using random data sourced from a cryptographically strong pseudorandom source.

func NewPassword added in v0.0.2 

func NewPassword(input string) (Password, error)

NewPassword returns a new Password for the given string. If the string isn't a valid password an error is returned.

func (Password) Bytes added in v0.0.2 

func (p Password) Bytes() []byte

Bytes returns the password as a byte array

func (Password) String added in v0.0.2 

func (p Password) String() string

String returns the password as a string

func (Password) Validate added in v0.0.2 

func (p Password) Validate() error

Validate returns an error if the given password has an incorrect length.

type Permission 

type Permission uint64
const (
	WritePolicy Permission = 1 << iota
	CreateProject

	// Tokens
	CreateOwnToken
	CreateAnyToken
	RemoveOwnToken
	RemoveAnyToken
	ListOwnTokens
	ListAnyTokens

	// Projects
	ArchiveProject
	UnarchiveProject
	DeleteOwnedProject
	DeleteAnyProject

	AddUser
	DeleteUser
	UpdateProject
	SuggestPolicy
	AcceptPolicy
	RejectPolicy
	ReadPolicy
	ListPolicySuggestions

	// Roles
	ChangeRole
	ChangeProjectRole

	ReadAuditLog
)

type Policy 

type Policy struct {
	ID              string                 `json:"id"`
	ProjectID       string                 `json:"project_id,omitempty"`
	ParentID        *string                `json:"parent_id"`
	Transformations []*NamedTransformation `json:"transformations"`
	Rules           []*Rule                `json:"rules"`
	Version         uint8                  `json:"version"`
	CreatedAt       time.Time              `json:"created_at"`
	UpdatedAt       time.Time              `json:"updated_at"`
}

func CompilePolicies added in v0.0.2 

func CompilePolicies(policies ...Policy) Policy

func NewPolicy 

func NewPolicy(
	projectID string,
	parent *string,
	rules []*Rule,
	named []*NamedTransformation,
) Policy

func (*Policy) Validate 

func (p *Policy) Validate() error

type PolicyFile 

type PolicyFile struct {
	Transformations []NamedTransformation `json:"transformations"`
	Rules           []*Rule               `json:"rules"`
}

func ParseProjectSpecFile 

func ParseProjectSpecFile(data []byte) (*PolicyFile, error)

type Project 

type Project struct {
	ID            string             `json:"id"`
	Label         Label              `json:"label"`
	Name          ProjectDisplayName `json:"name"`
	Description   ProjectDescription `json:"description"`
	Status        ProjectStatus      `json:"status"`
	CurrentSpecID string
	CreatedAt     time.Time `json:"created_at"`
	UpdatedAt     time.Time `json:"updated_at"`
}

func NewProject 

func NewProject(name ProjectDisplayName, label Label, description ProjectDescription) Project

type ProjectDescription 

type ProjectDescription string

func (ProjectDescription) String 

func (p ProjectDescription) String() string

type ProjectDisplayName 

type ProjectDisplayName string

func (ProjectDisplayName) String 

func (p ProjectDisplayName) String() string

type ProjectRolesMap 

type ProjectRolesMap map[Label]Role

func (ProjectRolesMap) Get 

func (p ProjectRolesMap) Get(l Label) (*Role, error)

type ProjectStatus 

type ProjectStatus string
const (
	ProjectPending  ProjectStatus = "Pending"
	ProjectActive   ProjectStatus = "Active"
	ProjectArchived ProjectStatus = "Archived"

	Any ProjectStatus = "any"
)

func (ProjectStatus) String 

func (p ProjectStatus) String() string

func (ProjectStatus) Validate 

func (p ProjectStatus) Validate() error

type Recovery added in v0.0.2 

type Recovery struct {
	ID          string       `json:"id"`
	UserID      string       `json:"user_id"`
	Credentials *Credentials `json:"-" gqlgen:"-"`
	ExpiresAt   time.Time    `json:"expires_at"`
	CreatedAt   time.Time    `json:"created_at"`
	UpdatedAt   time.Time    `json:"updated_at"`
}

func GenerateRecovery added in v0.0.2 

func GenerateRecovery() Recovery

func NewRecovery added in v0.0.2 

func NewRecovery(userID string, creds *Credentials) Recovery

func (*Recovery) Expired added in v0.0.2 

func (r *Recovery) Expired() bool

func (*Recovery) Validate added in v0.0.2 

func (r *Recovery) Validate() error

type Role 

type Role struct {
	ID        string    `json:"id"`
	Version   uint8     `json:"version"`
	Label     Label     `json:"label"`
	System    bool      `json:"system"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

Role in a role in the system (e.g. Admin, user, etc)

func NewRole 

func NewRole(label Label, system bool) Role

NewRole returns a mutable role struct

func (*Role) Can 

func (r *Role) Can(action Permission) bool

Can checks to see if a role can do an action

type Rule 

type Rule struct {
	Match   Match    `json:"match"`
	Actions []Action `json:"actions"`
}

func (Rule) MarshalGQL 

func (r Rule) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface

func (*Rule) UnmarshalGQL 

func (r *Rule) UnmarshalGQL(v interface{}) error

UnmarshalGQL implements the graphql.Unmarshaler interface

type SecretArg 

type SecretArg struct {
	Type  string        `json:"type,omitempty"`
	Name  string        `json:"name"`
	Value *base64.Value `json:"value,omitempty"`
}

type Session added in v0.0.2 

type Session struct {
	ID        string    `json:"id"`
	UserID    string    `json:"user_id"`
	OwnerID   string    `json:"owner_id"`
	ExpiresAt time.Time `json:"expires_at"`
}

Session holds all the session data required to authenticate API calls with the server

func NewSession added in v0.0.2 

func NewSession(userID, ownerID string, validFor time.Duration) Session

NewSession returns a new Session struct

func (*Session) Validate added in v0.0.2 

func (s *Session) Validate() error

type Suggestion 

type Suggestion struct {
	ID          string          `json:"id"`
	ProjectID   string          `json:"project_id,omitempty"`
	PolicyID    string          `json:"project_spec_id"`
	State       SuggestionState `json:"state"`
	Title       string          `json:"title"`
	Description string          `json:"description"`
	CreatedAt   time.Time       `json:"created_at"`
	UpdatedAt   time.Time       `json:"updated_at"`
}

type SuggestionState 

type SuggestionState int
const (
	SuggestionPending SuggestionState = iota
	SuggestionApproved
	SuggestionRejected
)

func (SuggestionState) MarshalGQL 

func (ss SuggestionState) MarshalGQL(w io.Writer)

MarshalGQL marshals a URL to a strong for GraphQL

func (SuggestionState) String 

func (ss SuggestionState) String() string

func (*SuggestionState) UnmarshalGQL 

func (ss *SuggestionState) UnmarshalGQL(v interface{}) error

type Target 

type Target string

Target of a rule

func NewTarget 

func NewTarget(in string) (Target, error)

NewTarget validates that the target is valid label before returning it

func (Target) Collection 

func (t Target) Collection() Collection

Collection returns which collection this target refers to

func (Target) Entity 

func (t Target) Entity() Entity

Entity returns which entity this target refers to

func (Target) Matches 

func (t Target) Matches(other Target) bool

Matches checks if this target and the provided target match. This supports wildcards

func (Target) String 

func (t Target) String() string

String turns the Entity into a string

func (Target) Type 

func (t Target) Type() TargetType

Type returns what type this is targeting

func (Target) Validate 

func (t Target) Validate() error

Validate that target is valid

type TargetType 

type TargetType string

TargetType is the record type this target points at (e.g. records) 

const (
	Records TargetType = "records"
)

func (TargetType) String 

func (t TargetType) String() string

func (TargetType) Validate 

func (t TargetType) Validate() error

type Token added in v0.0.2 

type Token struct {
	ID     string `json:"id"`
	UserID string `json:"user_id"`

	// We never want to send Credentials over the wire!
	Credentials *Credentials `json:"-" gqlgen:"-"`
}

func NewToken added in v0.0.2 

func NewToken(userID string, creds *Credentials) Token

func (*Token) GetCredentials added in v0.0.2 

func (tc *Token) GetCredentials() (*Credentials, error)

func (*Token) GetStringID added in v0.0.2 

func (tc *Token) GetStringID() string

func (*Token) GetUserID added in v0.0.2 

func (tc *Token) GetUserID() string

func (*Token) Validate added in v0.0.2 

func (tc *Token) Validate() error

type Transformation 

type Transformation map[string]interface{}

func (Transformation) MarshalGQL 

func (t Transformation) MarshalGQL(w io.Writer)

MarshalGQL implements the graphql.Marshaler interface

func (*Transformation) UnmarshalGQL 

func (t *Transformation) UnmarshalGQL(v interface{}) error

UnmarshalGQL implements the graphql.Unmarshaler interface

type URL added in v0.0.2 

type URL struct {
	*url.URL
}

URL contains a url to a Cape coordinator

func NewURL added in v0.0.2 

func NewURL(in string) (*URL, error)

NewURL parses the given string and returns a URL if the given URL is a valid coordinator url. If it's not an error is returned.

func (*URL) Copy added in v0.0.2 

func (u *URL) Copy() (*URL, error)

Copy returns a copy of the URL

func (URL) MarshalGQL added in v0.0.2 

func (u URL) MarshalGQL(w io.Writer)

MarshalGQL marshals a URL to a strong for GraphQL

func (*URL) MarshalJSON added in v0.0.2 

func (u *URL) MarshalJSON() ([]byte, error)

MarshalJSON implements the JSON.Marshaller interface

func (*URL) UnmarshalGQL added in v0.0.2 

func (u *URL) UnmarshalGQL(v interface{}) error

UnmarshalGQL unmarshalls a string from GraphQL into the URL

func (*URL) UnmarshalJSON added in v0.0.2 

func (u *URL) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the JSON.Unmarshaller interface

func (*URL) Validate added in v0.0.2 

func (u *URL) Validate() error

Validate returns an error if the coordinator url is _not_ valid

type User 

type User struct {
	ID        string    `json:"id"`
	Version   uint8     `json:"version"`
	Email     Email     `json:"email"`
	Name      Name      `json:"name"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`

	// We never want to send Credentials over the wire!
	Credentials Credentials `json:"credentials" gqlgen:"-"`
}

User represents a user of the system

func NewUser 

func NewUser(name Name, email Email, creds Credentials) User

NewUser returns a new User struct

func (*User) GetCredentials 

func (u *User) GetCredentials() (*Credentials, error)

func (*User) GetStringID 

func (u *User) GetStringID() string

func (*User) GetUserID 

func (u *User) GetUserID() string

type UserRoles 

type UserRoles struct {
	// Global is the global role assigned to a user
	Global Role

	// Projects is a map between a projects Label and the role they have
	// in that project.
	Projects ProjectRolesMap
}

UserRoles represents the roles assigned to a user. A user can only have one global role and then one project role per project that they are a member of.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.