Documentation ¶
Overview ¶
Package dbauthz provides an authorization layer on top of the database. This package exposes an interface that is currently a 1:1 mapping with database.Store.
The same cultural rules apply to this package as they do to database.Store. Meaning that each method implemented should keep the number of database queries as close to 1 as possible. Each method should do 1 thing, with no unexpected side effects (eg: updating multiple tables in a single method).
Do not implement business logic in this package. Only authorization related logic should be implemented here. In most cases, this should only be a call to the rbac authorizer.
When a new database method is added to database.Store, it should be added to this package as well. The unit test "Accounting" will ensure all methods are tested. See other unit tests for examples on how to write these.
Index ¶
- Variables
- func ActorFromContext(ctx context.Context) (rbac.Subject, bool)
- func As(ctx context.Context, actor rbac.Subject) context.Context
- func AsAutostart(ctx context.Context) context.Context
- func AsProvisionerd(ctx context.Context) context.Context
- func AsSystemRestricted(ctx context.Context) context.Context
- func IsNotAuthorizedError(err error) bool
- func New(db database.Store, authorizer rbac.Authorizer, logger slog.Logger) database.Store
- type NotAuthorizedError
Constants ¶
This section is empty.
Variables ¶
var AsRemoveActor = rbac.Subject{
ID: "remove-actor",
}
var NoActorError = xerrors.Errorf("no authorization actor in context: %w", sql.ErrNoRows)
NoActorError wraps ErrNoRows for the api to return a 404. This is the correct response when the user is not authorized.
Functions ¶
func ActorFromContext ¶
ActorFromContext returns the authorization subject from the context. All authentication flows should set the authorization subject in the context. If no actor is present, the function returns false.
func As ¶
As returns a context with the given actor stored in the context. This is used for cases where the actor touching the database is not the actor stored in the context. When you use this function, be sure to add a //nolint comment explaining why it is necessary.
func AsAutostart ¶ added in v0.17.4
AsAutostart returns a context with an actor that has permissions required for autostart to function.
func AsProvisionerd ¶ added in v0.17.4
AsProvisionerd returns a context with an actor that has permissions required for provisionerd to function.
func AsSystemRestricted ¶ added in v0.17.4
AsSystemRestricted returns a context with an actor that has permissions required for various system operations (login, logout, metrics cache).
func IsNotAuthorizedError ¶ added in v0.20.0
Types ¶
type NotAuthorizedError ¶
type NotAuthorizedError struct {
Err error
}
NotAuthorizedError is a sentinel error that unwraps to sql.ErrNoRows. This allows the internal error to be read by the caller if needed. Otherwise it will be handled as a 404.
func (NotAuthorizedError) Error ¶
func (e NotAuthorizedError) Error() string
func (NotAuthorizedError) Unwrap ¶
func (e NotAuthorizedError) Unwrap() error
Unwrap will always unwrap to a sql.ErrNoRows so the API returns a 404. So 'errors.Is(err, sql.ErrNoRows)' will always be true.