Documentation
¶
Index ¶
- Constants
- Variables
- type AccessKey
- type Base64
- type Credential
- type Destination
- type EncryptedAtRest
- type EncryptionKey
- type Grant
- type Group
- type Identity
- type IdentityKind
- type Model
- type Modelable
- type Provider
- type ProviderToken
- type RootCertificate
- type Settings
- type Token
- type TrustedCertificate
Constants ¶
const ( InfraAdminRole = "admin" InfraViewRole = "view" InfraUserRole = "user" InfraConnectorRole = "connector" )
const ( CreatedBySystem = 0 CreatedByConfig = 1 )
const BasePermissionConnect = "connect"
BasePermissionConnect is the first-principle permission that all other permissions are defined from. This permission gives you permission to authenticate with a destination
const InternalInfraProviderName = "infra"
Variables ¶
var ( AccessKeyKeyLength = 10 AccessKeySecretLength = 24 )
var SymmetricKey *secrets.SymmetricKey
SymmetricKey is the key used to encrypt and decrypt this field.
Functions ¶
This section is empty.
Types ¶
type AccessKey ¶
type AccessKey struct {
Model
Name string `gorm:"uniqueIndex:,where:deleted_at is NULL" validate:"excludes= "`
IssuedFor uid.ID `validate:"required"`
ExpiresAt time.Time `validate:"required"`
Extension time.Duration // how long to increase the lifetime extension deadline by
ExtensionDeadline time.Time
KeyID string `gorm:"<-;uniqueIndex:,where:deleted_at is NULL"`
Secret string `gorm:"-"`
SecretChecksum []byte
}
AccessKey is a session token presented to the Infra server as proof of authentication
type Credential ¶ added in v0.6.0
type Destination ¶
type Destination struct {
Model
Name string `validate:"required"`
UniqueID string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
ConnectionURL string
ConnectionCA string
}
func (*Destination) ToAPI ¶
func (d *Destination) ToAPI() *api.Destination
type EncryptedAtRest ¶
type EncryptedAtRest string
EncryptedAtRest defines a field that knows how to encrypt and decrypt itself with Gorm it depends on the SymmetricKey being set for this package.
func (*EncryptedAtRest) Scan ¶
func (s *EncryptedAtRest) Scan(v interface{}) error
type EncryptionKey ¶
type Grant ¶
type Grant struct {
Model
Subject uid.PolymorphicID `validate:"required"` // usually an identity, but could be a role definition
Privilege string `validate:"required"` // role or permission
Resource string `validate:"required"` // Universal Resource Notation
CreatedBy uid.ID
}
Grant is a lean tuple of subject(identity) <-> privilege <-> resource (URN) relationships. field bloat should be avoided here since this model is going to be used heavily.
Subject
Subject is mostly an Identity, which is a string specifying a user, group, the name of a role, or another grant - an identity: i:E97WmsYfvo - a user reference - a group: g:CCoJ1ornpf - a group reference - a role: r:role-name - a role definition - a permission: p:permissionn-name - a permission definition
Privilege
Privilege is a predicate that describes what sort of access the identity has to the resource
URN
URN is Universal Resource Notation.
Expiry
time you want the grant to expire at
type Group ¶
type Group struct {
Model
Name string `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`
ProviderID uid.ID `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`
Identities []Identity `gorm:"many2many:identities_groups"`
}
func (*Group) PolyID ¶ added in v0.8.0
func (g *Group) PolyID() uid.PolymorphicID
type Identity ¶ added in v0.9.0
type Identity struct {
Model
Kind IdentityKind
Name string `gorm:"uniqueIndex:idx_identities_name_provider_id,where:deleted_at is NULL"`
LastSeenAt time.Time // updated on when an identity uses a session token
ProviderID uid.ID `gorm:"uniqueIndex:idx_identities_name_provider_id,where:deleted_at is NULL"`
Groups []Group `gorm:"many2many:identities_groups"`
}
func (*Identity) PolyID ¶ added in v0.9.0
func (i *Identity) PolyID() uid.PolymorphicID
PolyID is a polymorphic name that points to both a model type and an ID
type IdentityKind ¶ added in v0.9.0
type IdentityKind string
IdentityKind determines the use case of an identitiy, either a user or machine
const ( UserKind IdentityKind = "user" MachineKind IdentityKind = "machine" )
func ParseIdentityKind ¶ added in v0.9.0
func ParseIdentityKind(s string) (IdentityKind, error)
func (IdentityKind) String ¶ added in v0.9.0
func (ik IdentityKind) String() string
type Model ¶
func (*Model) BeforeCreate ¶
Set an ID if one does not already exist. Unfortunately, we can use `gorm:"default"` tags since the ID must be dynamically generated and not all databases support UUID generation
type Modelable ¶
type Modelable interface {
IsAModel() // there's nothing specific about this function except that all Model structs will have it.
}
Modelable is an interface that determines if a struct is a model. It's simply models that compose models.Model
type Provider ¶
type ProviderToken ¶
type ProviderToken struct {
Model
UserID uid.ID
ProviderID uid.ID
RedirectURL string `validate:"required"` // needs to match the redirect URL specified when the token was issued for refreshing
AccessToken EncryptedAtRest
RefreshToken EncryptedAtRest
ExpiresAt time.Time
}
ProviderToken tracks the access and refresh tokens from an identity provider associated with a user
type RootCertificate ¶ added in v0.5.9
type RootCertificate struct {
Model
KeyAlgorithm string `validate:"required"`
SigningAlgorithm string `validate:"required"`
PublicKey Base64 `validate:"required"`
PrivateKey EncryptedAtRest `validate:"required"`
SignedCert EncryptedAtRest `validate:"required"` // contains private key? probably not pem encoded
ExpiresAt time.Time `validate:"required"`
}
type Token ¶
Token is presented at a resource managed by Infra (ex: an Infra connector) to assert claims
Source Files