registry

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 22, 2021 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ErrExistingKey            = Error("a key with this name already exists")
	ErrUnkownKey              = Error("an API key with this ID does not exist")
	ErrKeyPermissionsNotFound = Error("api-key permissions are required")
)
View Source
const AssetDebug = false

AssetDebug is true if the assets were built with the debug flag enabled.

Variables

View Source
var (
	RoleKindKubernetesRole        = "role"
	RoleKindKubernetesClusterRole = "cluster-role"
)
View Source
var (
	TokenSecretLen = 24
	TokenLen       = IdLen + TokenSecretLen
)
View Source
var (
	CookieTokenName = "token"
	CookieLoginName = "login"
)
View Source
var ApiKeyLen = 24
View Source
var DestinationKindKubernetes = "kubernetes"
View Source
var IdLen = 12
View Source
var (
	SessionDuration time.Duration = time.Hour * 24
)
View Source
var SourceKindOkta = "okta"

Functions

func ApplyGroupMappings added in v0.0.15

func ApplyGroupMappings(db *gorm.DB, groups []ConfigGroupMapping) (modifiedRoleIDs []string, err error)

func ApplyUserMappings added in v0.3.3

func ApplyUserMappings(db *gorm.DB, users []ConfigUserMapping) (modifiedRoleIDs []string, err error)

func Asset

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDigest

func AssetDigest(name string) ([sha256.Size]byte, error)

AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.

func AssetDir

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.

func AssetInfo

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames

func AssetNames() []string

AssetNames returns the names of the assets.

func AssetString

func AssetString(name string) (string, error)

AssetString returns the asset contents as a string (instead of a []byte).

func Digests

func Digests() (map[string][sha256.Size]byte, error)

Digests returns a map of all known files and their checksums.

func Healthz added in v0.1.3

func Healthz(w http.ResponseWriter, r *http.Request)

func ImportConfig

func ImportConfig(db *gorm.DB, bs []byte) error

ImportConfig tries to import all valid fields in a config file and removes old config

func ImportRoleMappings added in v0.3.3

func ImportRoleMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error

ImportRoleMappings iterates over user and group config and applies a role mapping to them

func ImportSources

func ImportSources(db *gorm.DB, sources []ConfigSource) error

func MustAsset

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func MustAssetString

func MustAssetString(name string) string

MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.

func NewApiMux added in v0.1.3

func NewApiMux(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta, t *Telemetry) *mux.Router

func NewDB

func NewDB(dbpath string) (*gorm.DB, error)

func NewToken

func NewToken(db *gorm.DB, userId string, sessionDuration time.Duration, token *Token) (secret string, err error)

func RestoreAsset

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory.

func RestoreAssets

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively.

func Run

func Run(options Options) error

func ZapLoggerHttpMiddleware added in v0.0.13

func ZapLoggerHttpMiddleware(next http.Handler) http.HandlerFunc

Types

type Api added in v0.1.3

type Api struct {
	// contains filtered or unexported fields
}

func (*Api) CreateAPIKey added in v0.2.5

func (a *Api) CreateAPIKey(w http.ResponseWriter, r *http.Request)

func (*Api) CreateDestination added in v0.1.3

func (a *Api) CreateDestination(w http.ResponseWriter, r *http.Request)

func (*Api) CreateToken added in v0.3.0

func (a *Api) CreateToken(w http.ResponseWriter, r *http.Request)

func (*Api) DeleteApiKey added in v0.2.5

func (a *Api) DeleteApiKey(w http.ResponseWriter, r *http.Request)

func (*Api) GetDestination added in v0.3.2

func (a *Api) GetDestination(w http.ResponseWriter, r *http.Request)

func (*Api) GetGroup added in v0.3.2

func (a *Api) GetGroup(w http.ResponseWriter, r *http.Request)

func (*Api) GetRole added in v0.3.2

func (a *Api) GetRole(w http.ResponseWriter, r *http.Request)

func (*Api) GetSource added in v0.3.2

func (a *Api) GetSource(w http.ResponseWriter, r *http.Request)

func (*Api) GetUser added in v0.3.2

func (a *Api) GetUser(w http.ResponseWriter, r *http.Request)

func (*Api) ListApiKeys added in v0.1.3

func (a *Api) ListApiKeys(w http.ResponseWriter, r *http.Request)

func (*Api) ListDestinations added in v0.1.3

func (a *Api) ListDestinations(w http.ResponseWriter, r *http.Request)

func (*Api) ListGroups added in v0.1.3

func (a *Api) ListGroups(w http.ResponseWriter, r *http.Request)

func (*Api) ListRoles added in v0.1.3

func (a *Api) ListRoles(w http.ResponseWriter, r *http.Request)

func (*Api) ListSources added in v0.1.3

func (a *Api) ListSources(w http.ResponseWriter, r *http.Request)

func (*Api) ListUsers added in v0.1.3

func (a *Api) ListUsers(w http.ResponseWriter, r *http.Request)

func (*Api) Login added in v0.1.3

func (a *Api) Login(w http.ResponseWriter, r *http.Request)

func (*Api) Logout added in v0.1.3

func (a *Api) Logout(w http.ResponseWriter, r *http.Request)

func (*Api) Version added in v0.1.3

func (a *Api) Version(w http.ResponseWriter, r *http.Request)

type ApiKey added in v0.0.6

type ApiKey struct {
	Id          string `gorm:"primaryKey"`
	Created     int64  `gorm:"autoCreateTime"`
	Updated     int64  `gorm:"autoUpdateTime"`
	Name        string `gorm:"unique"`
	Key         string
	Permissions string // space separated list of permissions/scopes that a token can perform
}

func (*ApiKey) BeforeCreate added in v0.0.6

func (a *ApiKey) BeforeCreate(tx *gorm.DB) (err error)

type Config

type Config struct {
	Sources []ConfigSource       `yaml:"sources"`
	Groups  []ConfigGroupMapping `yaml:"groups"`
	Users   []ConfigUserMapping  `yaml:"users"`
}

type ConfigDestination added in v0.2.3

type ConfigDestination struct {
	Name       string   `yaml:"name"`
	Namespaces []string `yaml:"namespaces"` // optional in the case of a cluster-role
}

type ConfigGroupMapping added in v0.0.15

type ConfigGroupMapping struct {
	Name   string                 `yaml:"name"`
	Source string                 `yaml:"source"`
	Roles  []ConfigRoleKubernetes `yaml:"roles"`
}

type ConfigRoleKubernetes added in v0.0.13

type ConfigRoleKubernetes struct {
	Name         string              `yaml:"name"`
	Kind         string              `yaml:"kind"`
	Destinations []ConfigDestination `yaml:"destinations"`
}

type ConfigSource added in v0.0.6

type ConfigSource struct {
	Kind         string `yaml:"kind"`
	Domain       string `yaml:"domain"`
	ClientId     string `yaml:"clientId"`
	ClientSecret string `yaml:"clientSecret"`
	ApiToken     string `yaml:"apiToken"`
}

type ConfigUserMapping added in v0.0.13

type ConfigUserMapping struct {
	Email  string                 `yaml:"email"`
	Roles  []ConfigRoleKubernetes `yaml:"roles"`
	Groups []string               `yaml:"groups"`
}

type CustomJWTClaims added in v0.2.4

type CustomJWTClaims struct {
	Email       string `json:"email" validate:"required"`
	Destination string `json:"dest" validate:"required"`
	Nonce       string `json:"nonce" validate:"required"`
}

type Destination

type Destination struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Name    string `gorm:"unique"`
	Kind    string

	KubernetesCa       string
	KubernetesEndpoint string
}

func (*Destination) AfterCreate

func (d *Destination) AfterCreate(tx *gorm.DB) error

func (*Destination) BeforeCreate

func (d *Destination) BeforeCreate(tx *gorm.DB) (err error)

func (*Destination) BeforeDelete

func (d *Destination) BeforeDelete(tx *gorm.DB) (err error)

TODO (jmorganca): use foreign constraints instead?

type Error added in v0.2.5

type Error string

func (Error) Error added in v0.2.5

func (e Error) Error() string

type Group added in v0.0.15

type Group struct {
	Id       string `gorm:"primaryKey"`
	Created  int64  `gorm:"autoCreateTime"`
	Updated  int64  `gorm:"autoUpdateTime"`
	Name     string
	SourceId string
	Source   Source `gorm:"foreignKey:SourceId;references:Id"`

	Roles []Role `gorm:"many2many:groups_roles"`
	Users []User `gorm:"many2many:groups_users"`
}

func (*Group) AfterCreate added in v0.3.1

func (g *Group) AfterCreate(tx *gorm.DB) error

func (*Group) BeforeCreate added in v0.0.15

func (g *Group) BeforeCreate(tx *gorm.DB) (err error)

func (*Group) BeforeDelete added in v0.3.1

func (g *Group) BeforeDelete(tx *gorm.DB) error

type Http added in v0.0.6

type Http struct {
	// contains filtered or unexported fields
}

func (*Http) WellKnownJWKs added in v0.0.6

func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request)

type Okta added in v0.0.12

type Okta interface {
	ValidateOktaConnection(domain string, clientID string, apiToken string) error
	Emails(domain string, clientID string, apiToken string) ([]string, error)
	Groups(domain string, clientID string, apiToken string) (map[string][]string, error)
	EmailFromCode(code string, domain string, clientID string, clientSecret string) (string, error)
}

func NewOkta added in v0.0.12

func NewOkta() Okta

type Options

type Options struct {
	DBPath               string
	TLSCache             string
	RootApiKey           string
	EngineApiKey         string
	ConfigPath           string
	UI                   bool
	UIProxy              string
	SyncInterval         int
	EnableTelemetry      bool
	EnableCrashReporting bool
}

type Role added in v0.0.13

type Role struct {
	Id            string `gorm:"primaryKey"`
	Created       int64  `gorm:"autoCreateTime"`
	Updated       int64  `gorm:"autoUpdateTime"`
	Name          string
	Kind          string
	Namespace     string
	DestinationId string
	Destination   Destination `gorm:"foreignKey:DestinationId;references:Id"`
	Groups        []Group     `gorm:"many2many:groups_roles"`
	Users         []User      `gorm:"many2many:users_roles"`
}

func (*Role) BeforeCreate added in v0.0.13

func (r *Role) BeforeCreate(tx *gorm.DB) (err error)

type Settings

type Settings struct {
	Id         string `gorm:"primaryKey"`
	Created    int64  `gorm:"autoCreateTime"`
	Updated    int64  `gorm:"autoUpdateTime"`
	PrivateJWK []byte
	PublicJWK  []byte
}

func (*Settings) BeforeCreate

func (s *Settings) BeforeCreate(tx *gorm.DB) (err error)

func (*Settings) BeforeSave

func (s *Settings) BeforeSave(tx *gorm.DB) error

type Source

type Source struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Kind    string `yaml:"kind"`

	Domain       string
	ClientId     string
	ClientSecret string
	ApiToken     string

	Users []User `gorm:"many2many:users_sources"`
}

func (*Source) BeforeCreate

func (s *Source) BeforeCreate(tx *gorm.DB) (err error)

func (*Source) BeforeDelete

func (s *Source) BeforeDelete(tx *gorm.DB) error

func (*Source) CreateUser

func (s *Source) CreateUser(db *gorm.DB, user *User, email string) error

CreateUser will create a user and associate them with the source If the user already exists, they will not be created, instead an association will be added instead

func (*Source) DeleteUser

func (s *Source) DeleteUser(db *gorm.DB, u User) error

Delete will delete a user's association with a source If this is their only source, then the user will be deleted entirely TODO (jmorganca): wrap this in a transaction or at least find out why there seems to cause a bug when used in a nested transaction

func (*Source) SyncGroups added in v0.1.3

func (s *Source) SyncGroups(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error

func (*Source) SyncUsers

func (s *Source) SyncUsers(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error

func (*Source) Validate added in v0.1.1

func (s *Source) Validate(db *gorm.DB, k8s *kubernetes.Kubernetes, okta Okta) error

Validate checks that an Okta source is valid

type StaticFileSystem

type StaticFileSystem struct {
	// contains filtered or unexported fields
}

func (StaticFileSystem) Open

func (sfs StaticFileSystem) Open(name string) (http.File, error)

type Telemetry added in v0.3.3

type Telemetry struct {
	// contains filtered or unexported fields
}

func NewTelemetry added in v0.3.3

func NewTelemetry(db *gorm.DB) (*Telemetry, error)

func (*Telemetry) Close added in v0.3.3

func (t *Telemetry) Close()

func (*Telemetry) Enqueue added in v0.3.3

func (t *Telemetry) Enqueue(track analytics.Track) error

func (*Telemetry) EnqueueHeartbeat added in v0.3.3

func (t *Telemetry) EnqueueHeartbeat() error

func (*Telemetry) SetEnabled added in v0.3.3

func (t *Telemetry) SetEnabled(enabled bool)

type Token

type Token struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Expires int64
	Secret  []byte

	UserId string
	User   User `gorm:"foreignKey:UserId;references:Id;"`
}

func ValidateAndGetToken added in v0.0.13

func ValidateAndGetToken(db *gorm.DB, in string) (*Token, error)

func (*Token) BeforeCreate

func (t *Token) BeforeCreate(tx *gorm.DB) (err error)

func (*Token) CheckExpired added in v0.2.4

func (t *Token) CheckExpired() (err error)

func (*Token) CheckSecret

func (t *Token) CheckSecret(secret string) (err error)

type User

type User struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Email   string `gorm:"unique"`

	Sources []Source `gorm:"many2many:users_sources"`
	Roles   []Role   `gorm:"many2many:users_roles"`
	Groups  []Group  `gorm:"many2many:groups_users"`
}

func (*User) AfterCreate

func (u *User) AfterCreate(tx *gorm.DB) error

func (*User) BeforeCreate

func (u *User) BeforeCreate(tx *gorm.DB) (err error)

func (*User) BeforeDelete

func (u *User) BeforeDelete(tx *gorm.DB) error

TODO (jmorganca): use foreign constraints instead?

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL