Documentation ¶
Index ¶
- Constants
- Variables
- func Asset(name string) ([]byte, error)
- func AssetDigest(name string) ([sha256.Size]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func AssetString(name string) (string, error)
- func Digests() (map[string][sha256.Size]byte, error)
- func Healthz(w http.ResponseWriter, r *http.Request)
- func ImportConfig(db *gorm.DB, bs []byte) error
- func ImportGroupMapping(db *gorm.DB, groups []ConfigGroupMapping) error
- func ImportSources(db *gorm.DB, sources []ConfigSource) error
- func ImportUserMapping(db *gorm.DB, users []ConfigUserMapping) error
- func MustAsset(name string) []byte
- func MustAssetString(name string) string
- func NewApiMux(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) *mux.Router
- func NewDB(dbpath string) (*gorm.DB, error)
- func NewToken(db *gorm.DB, userId string, sessionDuration time.Duration, token *Token) (secret string, err error)
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func Run(options Options) error
- func ZapLoggerHttpMiddleware(next http.Handler) http.HandlerFunc
- type Api
- func (a *Api) CreateAPIKey(w http.ResponseWriter, r *http.Request)
- func (a *Api) CreateDestination(w http.ResponseWriter, r *http.Request)
- func (a *Api) CreateToken(w http.ResponseWriter, r *http.Request)
- func (a *Api) DeleteApiKey(w http.ResponseWriter, r *http.Request)
- func (a *Api) GetDestination(w http.ResponseWriter, r *http.Request)
- func (a *Api) GetGroup(w http.ResponseWriter, r *http.Request)
- func (a *Api) GetRole(w http.ResponseWriter, r *http.Request)
- func (a *Api) GetSource(w http.ResponseWriter, r *http.Request)
- func (a *Api) GetUser(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListApiKeys(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListDestinations(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListGroups(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListRoles(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListSources(w http.ResponseWriter, r *http.Request)
- func (a *Api) ListUsers(w http.ResponseWriter, r *http.Request)
- func (a *Api) Login(w http.ResponseWriter, r *http.Request)
- func (a *Api) Logout(w http.ResponseWriter, r *http.Request)
- func (a *Api) Version(w http.ResponseWriter, r *http.Request)
- type ApiKey
- type Config
- type ConfigDestination
- type ConfigGroupMapping
- type ConfigRoleKubernetes
- type ConfigSource
- type ConfigUserMapping
- type CustomJWTClaims
- type Destination
- type Error
- type Group
- type Http
- type Okta
- type Options
- type Role
- type Settings
- type Source
- func (s *Source) BeforeCreate(tx *gorm.DB) (err error)
- func (s *Source) BeforeDelete(tx *gorm.DB) error
- func (s *Source) CreateUser(db *gorm.DB, user *User, email string) error
- func (s *Source) DeleteUser(db *gorm.DB, u User) error
- func (s *Source) SyncGroups(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
- func (s *Source) SyncUsers(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
- func (s *Source) Validate(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
- type StaticFileSystem
- type Token
- type User
Constants ¶
const ( ErrExistingKey = Error("a key with this name already exists") ErrUnkownKey = Error("an API key with this ID does not exist") ErrKeyPermissionsNotFound = Error("api-key permissions are required") )
const AssetDebug = false
AssetDebug is true if the assets were built with the debug flag enabled.
Variables ¶
var ( RoleKindKubernetesRole = "role" RoleKindKubernetesClusterRole = "cluster-role" )
var ( TokenSecretLen = 24 TokenLen = IdLen + TokenSecretLen )
var ( CookieTokenName = "token" CookieLoginName = "login" )
var ApiKeyLen = 24
var DestinationKindKubernetes = "kubernetes"
var IdLen = 12
var (
SessionDuration time.Duration = time.Hour * 24
)
var SourceKindOkta = "okta"
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDigest ¶
AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetString ¶
AssetString returns the asset contents as a string (instead of a []byte).
func ImportConfig ¶
ImportConfig tries to import all valid fields in a config file
func ImportGroupMapping ¶ added in v0.3.1
func ImportGroupMapping(db *gorm.DB, groups []ConfigGroupMapping) error
func ImportSources ¶
func ImportSources(db *gorm.DB, sources []ConfigSource) error
func ImportUserMapping ¶ added in v0.3.1
func ImportUserMapping(db *gorm.DB, users []ConfigUserMapping) error
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func MustAssetString ¶
MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewApiMux ¶ added in v0.1.3
func NewApiMux(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) *mux.Router
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory.
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively.
func ZapLoggerHttpMiddleware ¶ added in v0.0.13
func ZapLoggerHttpMiddleware(next http.Handler) http.HandlerFunc
Types ¶
type Api ¶ added in v0.1.3
type Api struct {
// contains filtered or unexported fields
}
func (*Api) CreateAPIKey ¶ added in v0.2.5
func (a *Api) CreateAPIKey(w http.ResponseWriter, r *http.Request)
func (*Api) CreateDestination ¶ added in v0.1.3
func (a *Api) CreateDestination(w http.ResponseWriter, r *http.Request)
func (*Api) CreateToken ¶ added in v0.3.0
func (a *Api) CreateToken(w http.ResponseWriter, r *http.Request)
func (*Api) DeleteApiKey ¶ added in v0.2.5
func (a *Api) DeleteApiKey(w http.ResponseWriter, r *http.Request)
func (*Api) GetDestination ¶ added in v0.3.2
func (a *Api) GetDestination(w http.ResponseWriter, r *http.Request)
func (*Api) GetGroup ¶ added in v0.3.2
func (a *Api) GetGroup(w http.ResponseWriter, r *http.Request)
func (*Api) GetSource ¶ added in v0.3.2
func (a *Api) GetSource(w http.ResponseWriter, r *http.Request)
func (*Api) ListApiKeys ¶ added in v0.1.3
func (a *Api) ListApiKeys(w http.ResponseWriter, r *http.Request)
func (*Api) ListDestinations ¶ added in v0.1.3
func (a *Api) ListDestinations(w http.ResponseWriter, r *http.Request)
func (*Api) ListGroups ¶ added in v0.1.3
func (a *Api) ListGroups(w http.ResponseWriter, r *http.Request)
func (*Api) ListRoles ¶ added in v0.1.3
func (a *Api) ListRoles(w http.ResponseWriter, r *http.Request)
func (*Api) ListSources ¶ added in v0.1.3
func (a *Api) ListSources(w http.ResponseWriter, r *http.Request)
type ApiKey ¶ added in v0.0.6
type Config ¶
type Config struct { Sources []ConfigSource `yaml:"sources"` Groups []ConfigGroupMapping `yaml:"groups"` Users []ConfigUserMapping `yaml:"users"` }
type ConfigDestination ¶ added in v0.2.3
type ConfigGroupMapping ¶ added in v0.0.15
type ConfigGroupMapping struct { Name string `yaml:"name"` Source string `yaml:"source"` Roles []ConfigRoleKubernetes `yaml:"roles"` }
type ConfigRoleKubernetes ¶ added in v0.0.13
type ConfigRoleKubernetes struct { Name string `yaml:"name"` Kind string `yaml:"kind"` Destinations []ConfigDestination `yaml:"destinations"` }
type ConfigSource ¶ added in v0.0.6
type ConfigUserMapping ¶ added in v0.0.13
type ConfigUserMapping struct { Email string `yaml:"email"` Roles []ConfigRoleKubernetes `yaml:"roles"` Groups []string `yaml:"groups"` }
type CustomJWTClaims ¶ added in v0.2.4
type Destination ¶
type Destination struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string `gorm:"unique"` Kind string KubernetesCa string KubernetesEndpoint string }
func (*Destination) AfterCreate ¶
func (d *Destination) AfterCreate(tx *gorm.DB) error
func (*Destination) BeforeCreate ¶
func (d *Destination) BeforeCreate(tx *gorm.DB) (err error)
func (*Destination) BeforeDelete ¶
func (d *Destination) BeforeDelete(tx *gorm.DB) (err error)
TODO (jmorganca): use foreign constraints instead?
type Group ¶ added in v0.0.15
type Group struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string SourceId string Source Source `gorm:"foreignKey:SourceId;references:Id"` Roles []Role `gorm:"many2many:groups_roles"` Users []User `gorm:"many2many:groups_users"` }
type Http ¶ added in v0.0.6
type Http struct {
// contains filtered or unexported fields
}
func (*Http) WellKnownJWKs ¶ added in v0.0.6
func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request)
type Okta ¶ added in v0.0.12
type Okta interface { ValidateOktaConnection(domain string, clientID string, apiToken string) error Emails(domain string, clientID string, apiToken string) ([]string, error) Groups(domain string, clientID string, apiToken string) (map[string][]string, error) EmailFromCode(code string, domain string, clientID string, clientSecret string) (string, error) }
type Role ¶ added in v0.0.13
type Role struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string Kind string Namespace string DestinationId string Destination Destination `gorm:"foreignKey:DestinationId;references:Id"` Groups []Group `gorm:"many2many:groups_roles"` Users []User `gorm:"many2many:users_roles"` }
type Settings ¶
type Source ¶
type Source struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Kind string `yaml:"kind"` Domain string ClientId string ClientSecret string ApiToken string Users []User `gorm:"many2many:users_sources"` }
func (*Source) CreateUser ¶
CreateUser will create a user and associate them with the source If the user already exists, they will not be created, instead an association will be added instead
func (*Source) DeleteUser ¶
Delete will delete a user's association with a source If this is their only source, then the user will be deleted entirely TODO (jmorganca): wrap this in a transaction or at least find out why there seems to cause a bug when used in a nested transaction
func (*Source) SyncGroups ¶ added in v0.1.3
func (s *Source) SyncGroups(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
func (*Source) SyncUsers ¶
func (s *Source) SyncUsers(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
func (*Source) Validate ¶ added in v0.1.1
func (s *Source) Validate(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error
Validate checks that an Okta source is valid
type StaticFileSystem ¶
type StaticFileSystem struct {
// contains filtered or unexported fields
}
type Token ¶
type Token struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Expires int64 Secret []byte UserId string User User `gorm:"foreignKey:UserId;references:Id;"` }