Documentation ¶
Index ¶
- Constants
- Variables
- func ApplyGroupMappings(db *gorm.DB, groups []ConfigGroupMapping) (groupIds []string, roleIds []string, err error)
- func ApplyUserMapping(db *gorm.DB, users []ConfigUserMapping) ([]string, error)
- func Asset(name string) ([]byte, error)
- func AssetDigest(name string) ([sha256.Size]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func AssetString(name string) (string, error)
- func Digests() (map[string][sha256.Size]byte, error)
- func ImportConfig(db *gorm.DB, bs []byte) error
- func ImportMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error
- func ImportSources(db *gorm.DB, sources []ConfigSource) error
- func MustAsset(name string) []byte
- func MustAssetString(name string) string
- func NewDB(dbpath string) (*gorm.DB, error)
- func NewToken(db *gorm.DB, userId string, token *Token) (secret string, err error)
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func Run(options Options) error
- func ZapLoggerHttpMiddleware(logger *zap.Logger, next http.Handler) http.HandlerFunc
- type ApiKey
- type Config
- type ConfigGroupMapping
- type ConfigRoleKubernetes
- type ConfigSource
- type ConfigUserMapping
- type Destination
- type Group
- type Http
- type Okta
- type Options
- type Role
- type Settings
- type Source
- func (s *Source) BeforeCreate(tx *gorm.DB) (err error)
- func (s *Source) BeforeDelete(tx *gorm.DB) error
- func (s *Source) CreateUser(db *gorm.DB, user *User, email string, password string, makeAdmin bool) error
- func (s *Source) DeleteUser(db *gorm.DB, u *User) error
- func (s *Source) SyncUsers(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
- func (s *Source) Validate(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
- type StaticFileSystem
- type Token
- type User
- type UserIdContextKey
- type V1Server
- func (v *V1Server) CreateCred(ctx context.Context, in *emptypb.Empty) (*v1.CreateCredResponse, error)
- func (v *V1Server) CreateDestination(ctx context.Context, in *v1.CreateDestinationRequest) (*v1.Destination, error)
- func (v *V1Server) CreateSource(ctx context.Context, in *v1.CreateSourceRequest) (*v1.Source, error)
- func (v *V1Server) CreateUser(ctx context.Context, in *v1.CreateUserRequest) (*v1.User, error)
- func (v *V1Server) DeleteSource(ctx context.Context, in *v1.DeleteSourceRequest) (*emptypb.Empty, error)
- func (v *V1Server) DeleteUser(ctx context.Context, in *v1.DeleteUserRequest) (*empty.Empty, error)
- func (v *V1Server) ListApiKeys(ctx context.Context, in *emptypb.Empty) (*v1.ListApiKeyResponse, error)
- func (v *V1Server) ListDestinations(ctx context.Context, _ *emptypb.Empty) (*v1.ListDestinationsResponse, error)
- func (v *V1Server) ListRoles(ctx context.Context, in *v1.ListRolesRequest) (*v1.ListRolesResponse, error)
- func (v *V1Server) ListSources(context.Context, *emptypb.Empty) (*v1.ListSourcesResponse, error)
- func (v *V1Server) ListUsers(ctx context.Context, in *v1.ListUsersRequest) (*v1.ListUsersResponse, error)
- func (v *V1Server) Login(ctx context.Context, in *v1.LoginRequest) (*v1.LoginResponse, error)
- func (v *V1Server) Logout(ctx context.Context, in *emptypb.Empty) (*emptypb.Empty, error)
- func (v *V1Server) Signup(ctx context.Context, in *v1.SignupRequest) (*v1.LoginResponse, error)
- func (v *V1Server) Status(ctx context.Context, in *emptypb.Empty) (*v1.StatusResponse, error)
- func (v *V1Server) Version(ctx context.Context, in *emptypb.Empty) (*v1.VersionResponse, error)
Constants ¶
const AssetDebug = false
AssetDebug is true if the assets were built with the debug flag enabled.
Variables ¶
var ( SOURCE_TYPE_INFRA = "infra" SOURCE_TYPE_OKTA = "okta" )
var ( ROLE_KIND_K8S_ROLE = "role" ROLE_KIND_K8S_CLUSTER_ROLE = "cluster-role" )
var ( TOKEN_SECRET_LEN = 24 TOKEN_LEN = ID_LEN + TOKEN_SECRET_LEN )
var ( CookieTokenName = "token" CookieLoginName = "login" )
var (
API_KEY_LEN = 24
)
var (
DESTINATION_TYPE_KUBERNERNETES = "kubernetes"
)
var (
ID_LEN = 12
)
var (
SessionDuration = time.Hour * 24
)
Functions ¶
func ApplyGroupMappings ¶ added in v0.0.15
func ApplyUserMapping ¶ added in v0.0.13
func ApplyUserMapping(db *gorm.DB, users []ConfigUserMapping) ([]string, error)
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDigest ¶
AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetString ¶
AssetString returns the asset contents as a string (instead of a []byte).
func ImportConfig ¶
ImportConfig tries to import all valid fields in a config file
func ImportMappings ¶ added in v0.0.15
func ImportMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error
ImportMappings imports the group and user role mappings and removes previously created roles if they no longer exist
func ImportSources ¶
func ImportSources(db *gorm.DB, sources []ConfigSource) error
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func MustAssetString ¶
MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory.
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively.
func ZapLoggerHttpMiddleware ¶ added in v0.0.13
Types ¶
type ApiKey ¶ added in v0.0.6
type Config ¶
type Config struct { Sources []ConfigSource `yaml:"sources"` Groups []ConfigGroupMapping `yaml:"groups"` Users []ConfigUserMapping `yaml:"users"` }
type ConfigGroupMapping ¶ added in v0.0.15
type ConfigGroupMapping struct { Name string `yaml:"name"` Sources []string `yaml:"sources"` Roles []ConfigRoleKubernetes `yaml:"roles"` }
type ConfigRoleKubernetes ¶ added in v0.0.13
type ConfigSource ¶ added in v0.0.6
type ConfigUserMapping ¶ added in v0.0.13
type ConfigUserMapping struct { Name string `yaml:"name"` Roles []ConfigRoleKubernetes `yaml:"roles"` Groups []string `yaml:"groups"` }
type Destination ¶
type Destination struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string `gorm:"unique"` Type string KubernetesCa string KubernetesEndpoint string KubernetesNamespace string KubernetesSaToken string }
func (*Destination) AfterCreate ¶
func (d *Destination) AfterCreate(tx *gorm.DB) error
func (*Destination) AfterSave ¶ added in v0.0.6
func (d *Destination) AfterSave(tx *gorm.DB) (err error)
func (*Destination) BeforeCreate ¶
func (r *Destination) BeforeCreate(tx *gorm.DB) (err error)
func (*Destination) BeforeDelete ¶
func (d *Destination) BeforeDelete(tx *gorm.DB) (err error)
TODO (jmorganca): use foreign constraints instead?
type Group ¶ added in v0.0.15
type Http ¶ added in v0.0.6
type Http struct {
// contains filtered or unexported fields
}
func (*Http) Healthz ¶ added in v0.0.6
func (h *Http) Healthz(w http.ResponseWriter, r *http.Request)
func (*Http) WellKnownJWKs ¶ added in v0.0.6
func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request)
type Okta ¶ added in v0.0.12
type Role ¶ added in v0.0.13
type Role struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string Kind string DestinationId string Destination Destination `gorm:"foreignKey:DestinationId;references:Id"` Groups []Group `gorm:"many2many:groups_roles"` Users []User `gorm:"many2many:users_roles"` FromConfig bool FromDefault bool }
type Settings ¶
type Source ¶
type Source struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Type string `yaml:"type"` Domain string ClientId string ClientSecret string ApiToken string Users []User `gorm:"many2many:users_sources"` Groups []Group `gorm:"many2many:groups_sources"` FromConfig bool }
func (*Source) CreateUser ¶
func (s *Source) CreateUser(db *gorm.DB, user *User, email string, password string, makeAdmin bool) error
CreateUser will create a user and associate them with the source If the user already exists, they will not be created, instead an association will be added instead
func (*Source) DeleteUser ¶
Delete will delete a user's association with a source If this is their only source, then the user will be deleted entirely TODO (jmorganca): wrap this in a transaction or at least find out why there seems to cause a bug when used in a nested transaction
func (*Source) SyncUsers ¶
func (s *Source) SyncUsers(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
func (*Source) Validate ¶ added in v0.1.1
func (s *Source) Validate(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
Validate checks that an Okta source is valid
type StaticFileSystem ¶
type StaticFileSystem struct {
// contains filtered or unexported fields
}
type Token ¶
type Token struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Expires int64 Secret []byte UserId string User User `gorm:"foreignKey:UserId;references:Id;"` }
func ValidateAndGetToken ¶ added in v0.0.13
func (*Token) CheckSecret ¶
type User ¶
type User struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Email string `gorm:"unique"` Password []byte Admin bool Sources []Source `gorm:"many2many:users_sources"` Roles []Role `gorm:"many2many:users_roles"` Groups []Group `gorm:"many2many:groups_users"` }
type UserIdContextKey ¶ added in v0.0.6
type UserIdContextKey struct{}
type V1Server ¶ added in v0.0.6
type V1Server struct { v1.UnimplementedV1Server // contains filtered or unexported fields }
func (*V1Server) CreateCred ¶ added in v0.0.6
func (*V1Server) CreateDestination ¶ added in v0.0.6
func (v *V1Server) CreateDestination(ctx context.Context, in *v1.CreateDestinationRequest) (*v1.Destination, error)
func (*V1Server) CreateSource ¶ added in v0.0.6
func (*V1Server) CreateUser ¶ added in v0.0.6
func (*V1Server) DeleteSource ¶ added in v0.0.6
func (*V1Server) DeleteUser ¶ added in v0.0.6
func (*V1Server) ListApiKeys ¶ added in v0.0.6
func (*V1Server) ListDestinations ¶ added in v0.0.6
func (*V1Server) ListRoles ¶ added in v0.0.13
func (v *V1Server) ListRoles(ctx context.Context, in *v1.ListRolesRequest) (*v1.ListRolesResponse, error)
func (*V1Server) ListSources ¶ added in v0.0.6
func (*V1Server) ListUsers ¶ added in v0.0.6
func (v *V1Server) ListUsers(ctx context.Context, in *v1.ListUsersRequest) (*v1.ListUsersResponse, error)
func (*V1Server) Login ¶ added in v0.0.6
func (v *V1Server) Login(ctx context.Context, in *v1.LoginRequest) (*v1.LoginResponse, error)
func (*V1Server) Signup ¶ added in v0.0.6
func (v *V1Server) Signup(ctx context.Context, in *v1.SignupRequest) (*v1.LoginResponse, error)