Documentation
¶
Index ¶
- Variables
- func IsSuperUser(ctx context.Context, username string) bool
- func Login(ctx context.Context, m models.AuthModel) (*models.User, error)
- func OnBoardGroup(ctx context.Context, userGroup *model.UserGroup, altGroupName string) error
- func OnBoardUser(ctx context.Context, user *models.User) error
- func PostAuthenticate(ctx context.Context, u *models.User) error
- func Register(name string, h AuthenticateHelper)
- func SearchAndOnBoardGroup(ctx context.Context, groupKey, altGroupName string) (int, error)
- func SearchAndOnBoardUser(ctx context.Context, username string) (int, error)
- func SearchGroup(ctx context.Context, groupKey string) (*model.UserGroup, error)
- func SearchUser(ctx context.Context, username string) (*models.User, error)
- type AuthenticateHelper
- type DefaultAuthenticateHelper
- func (d *DefaultAuthenticateHelper) Authenticate(_ context.Context, _ models.AuthModel) (*models.User, error)
- func (d *DefaultAuthenticateHelper) OnBoardGroup(_ context.Context, _ *model.UserGroup, _ string) error
- func (d *DefaultAuthenticateHelper) OnBoardUser(_ context.Context, _ *models.User) error
- func (d *DefaultAuthenticateHelper) PostAuthenticate(_ context.Context, _ *models.User) error
- func (d *DefaultAuthenticateHelper) SearchGroup(_ context.Context, groupKey string) (*model.UserGroup, error)
- func (d *DefaultAuthenticateHelper) SearchUser(_ context.Context, username string) (*models.User, error)
- type ErrAuth
- type UserLock
Constants ¶
This section is empty.
Variables ¶
var ErrDuplicateLDAPGroup = errors.New("a LDAP user group with same DN already exist")
ErrDuplicateLDAPGroup ...
var ErrInvalidLDAPGroupDN = errors.New("the LDAP group DN is invalid")
ErrInvalidLDAPGroupDN ...
var ErrNotSupported = errors.New("not supported")
ErrNotSupported ...
var ErrorGroupNotExist = errors.New("group does not exist")
ErrorGroupNotExist ...
var ErrorUserNotExist = errors.New("user does not exist")
ErrorUserNotExist ...
Functions ¶
func IsSuperUser ¶
IsSuperUser checks if the user is super user(conventionally id == 1) of Harbor
func OnBoardGroup ¶
OnBoardGroup - Create a user group in harbor db, if altGroupName is not empty, take the altGroupName as groupName in harbor DB
func OnBoardUser ¶
OnBoardUser will check if a user exists in user table, if not insert the user and put the id in the pointer of user model, if it does exist, return the user's profile.
func PostAuthenticate ¶
PostAuthenticate -
func Register ¶
func Register(name string, h AuthenticateHelper)
Register add different authenticators to registry map.
func SearchAndOnBoardGroup ¶
SearchAndOnBoardGroup ... if altGroupName is not empty, take the altGroupName as groupName in harbor DB
func SearchAndOnBoardUser ¶
SearchAndOnBoardUser ... Search user and OnBoard user, if user exist, return the ID of current user.
func SearchGroup ¶
SearchGroup -- Search group in authenticator, groupKey is the unique attribute of group in authenticator, for LDAP, the key is group DN
Types ¶
type AuthenticateHelper ¶
type AuthenticateHelper interface {
// Authenticate authenticate the user based on data in m. Only when the error returned is an instance
// of ErrAuth, it will be considered a bad credentials, other errors will be treated as server side error.
Authenticate(ctx context.Context, m models.AuthModel) (*models.User, error)
// OnBoardUser will check if a user exists in user table, if not insert the user and
// put the id in the pointer of user model, if it does exist, fill in the user model based
// on the data record of the user
OnBoardUser(ctx context.Context, u *models.User) error
// OnBoardGroup Create a group in harbor DB, if altGroupName is not empty, take the altGroupName as groupName in harbor DB.
OnBoardGroup(ctx context.Context, g *model.UserGroup, altGroupName string) error
// SearchUser Get user information from account repository
SearchUser(ctx context.Context, username string) (*models.User, error)
// SearchGroup Search a group based on specific authentication
SearchGroup(ctx context.Context, groupDN string) (*model.UserGroup, error)
// PostAuthenticate Update user information after authenticate, such as Onboard or sync info etc
PostAuthenticate(ctx context.Context, u *models.User) error
}
AuthenticateHelper provides interface for user management in different auth modes.
type DefaultAuthenticateHelper ¶
type DefaultAuthenticateHelper struct {
}
DefaultAuthenticateHelper - default AuthenticateHelper implementation
func (*DefaultAuthenticateHelper) Authenticate ¶
func (d *DefaultAuthenticateHelper) Authenticate(_ context.Context, _ models.AuthModel) (*models.User, error)
Authenticate ...
func (*DefaultAuthenticateHelper) OnBoardGroup ¶
func (d *DefaultAuthenticateHelper) OnBoardGroup(_ context.Context, _ *model.UserGroup, _ string) error
OnBoardGroup - OnBoardGroup, it will set the ID of the user group, if altGroupName is not empty, take the altGroupName as groupName in harbor DB.
func (*DefaultAuthenticateHelper) OnBoardUser ¶
OnBoardUser will check if a user exists in user table, if not insert the user and put the id in the pointer of user model, if it does exist, fill in the user model based on the data record of the user
func (*DefaultAuthenticateHelper) PostAuthenticate ¶
PostAuthenticate - Update user information after authenticate, such as OnBoard or sync info etc
func (*DefaultAuthenticateHelper) SearchGroup ¶
func (d *DefaultAuthenticateHelper) SearchGroup(_ context.Context, groupKey string) (*model.UserGroup, error)
SearchGroup - Search ldap group by group key, groupKey is the unique attribute of group in authenticator, for LDAP, the key is group DN
func (*DefaultAuthenticateHelper) SearchUser ¶
func (d *DefaultAuthenticateHelper) SearchUser(_ context.Context, username string) (*models.User, error)
SearchUser - Get user information from account repository
type ErrAuth ¶
type ErrAuth struct {
// contains filtered or unexported fields
}
ErrAuth is the type of error to indicate a failed authentication due to user's error.
type UserLock ¶
type UserLock struct {
// contains filtered or unexported fields
}
UserLock maintains a lock to block user from logging in within a short period of time.
Source Files
Directories