Documentation ¶
Index ¶
- Constants
- Variables
- func ApplyGroupMappings(db *gorm.DB, groups []ConfigGroupMapping) (modifiedRoleIDs []string, err error)
- func ApplyUserMappings(db *gorm.DB, users []ConfigUserMapping) (modifiedRoleIDs []string, err error)
- func Asset(name string) ([]byte, error)
- func AssetDigest(name string) ([sha256.Size]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func AssetString(name string) (string, error)
- func Digests() (map[string][sha256.Size]byte, error)
- func Healthz(w http.ResponseWriter, r *http.Request)
- func ImportProviders(db *gorm.DB, providers []ConfigProvider) error
- func ImportRoleMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error
- func MustAsset(name string) []byte
- func MustAssetString(name string) string
- func NewAPIMux(reg *Registry) *mux.Router
- func NewDB(dbpath string) (*gorm.DB, error)
- func NewToken(db *gorm.DB, userId string, sessionDuration time.Duration, token *Token) (secret string, err error)
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func Run(options Options) (err error)
- type API
- func (a *API) CreateAPIKey(w http.ResponseWriter, r *http.Request)
- func (a *API) CreateDestination(w http.ResponseWriter, r *http.Request)
- func (a *API) CreateToken(w http.ResponseWriter, r *http.Request)
- func (a *API) DeleteAPIKey(w http.ResponseWriter, r *http.Request)
- func (a *API) GetDestination(w http.ResponseWriter, r *http.Request)
- func (a *API) GetGroup(w http.ResponseWriter, r *http.Request)
- func (a *API) GetProvider(w http.ResponseWriter, r *http.Request)
- func (a *API) GetRole(w http.ResponseWriter, r *http.Request)
- func (a *API) GetUser(w http.ResponseWriter, r *http.Request)
- func (a *API) ListAPIKeys(w http.ResponseWriter, r *http.Request)
- func (a *API) ListDestinations(w http.ResponseWriter, r *http.Request)
- func (a *API) ListGroups(w http.ResponseWriter, r *http.Request)
- func (a *API) ListProviders(w http.ResponseWriter, r *http.Request)
- func (a *API) ListRoles(w http.ResponseWriter, r *http.Request)
- func (a *API) ListUsers(w http.ResponseWriter, r *http.Request)
- func (a *API) Login(w http.ResponseWriter, r *http.Request)
- func (a *API) Logout(w http.ResponseWriter, r *http.Request)
- func (a *API) Version(w http.ResponseWriter, r *http.Request)
- type APIKey
- type Config
- type ConfigDestination
- type ConfigGroupMapping
- type ConfigOkta
- type ConfigProvider
- type ConfigRole
- type ConfigSecretProvider
- type ConfigUserMapping
- type CustomJWTClaims
- type Destination
- type Error
- type Group
- type Http
- type Label
- type Okta
- type Options
- type Provider
- func (p *Provider) BeforeCreate(tx *gorm.DB) (err error)
- func (p *Provider) BeforeDelete(tx *gorm.DB) error
- func (p *Provider) CreateUser(db *gorm.DB, user *User, email string) error
- func (p *Provider) DeleteUser(db *gorm.DB, u User) error
- func (p *Provider) SyncGroups(r *Registry) error
- func (p *Provider) SyncUsers(r *Registry) error
- func (p *Provider) Validate(r *Registry) error
- type Registry
- type Role
- type Settings
- type StaticFileSystem
- type Telemetry
- type Token
- type User
Constants ¶
const ( ErrExistingKey = Error("a key with this name already exists") ErrUnkownKey = Error("an API key with this ID does not exist") ErrKeyPermissionsNotFound = Error("api-key permissions are required") )
const ( DefaultProvidersSyncInterval time.Duration = time.Second * 60 DefaultDestinationsSyncInterval time.Duration = time.Minute * 5 DefaultSessionDuration time.Duration = time.Hour * 12 )
const AssetDebug = false
AssetDebug is true if the assets were built with the debug flag enabled.
Variables ¶
var ( RoleKindKubernetesRole = "role" RoleKindKubernetesClusterRole = "cluster-role" )
var ( TokenSecretLen = 24 TokenLen = IdLen + TokenSecretLen )
var ( CookieTokenName = "token" CookieLoginName = "login" )
var APIKeyLen = 24
var DestinationKindKubernetes = "kubernetes"
var IdLen = 12
var ProviderKindOkta = "okta"
Functions ¶
func ApplyGroupMappings ¶ added in v0.0.15
func ApplyGroupMappings(db *gorm.DB, groups []ConfigGroupMapping) (modifiedRoleIDs []string, err error)
func ApplyUserMappings ¶ added in v0.3.3
func ApplyUserMappings(db *gorm.DB, users []ConfigUserMapping) (modifiedRoleIDs []string, err error)
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDigest ¶
AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetString ¶
AssetString returns the asset contents as a string (instead of a []byte).
func ImportProviders ¶ added in v0.4.0
func ImportProviders(db *gorm.DB, providers []ConfigProvider) error
func ImportRoleMappings ¶ added in v0.3.3
func ImportRoleMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error
ImportRoleMappings iterates over user and group config and applies a role mapping to them
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func MustAssetString ¶
MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory.
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively.
Types ¶
type API ¶ added in v0.4.0
type API struct {
// contains filtered or unexported fields
}
func (*API) CreateAPIKey ¶ added in v0.4.0
func (a *API) CreateAPIKey(w http.ResponseWriter, r *http.Request)
func (*API) CreateDestination ¶ added in v0.4.0
func (a *API) CreateDestination(w http.ResponseWriter, r *http.Request)
func (*API) CreateToken ¶ added in v0.4.0
func (a *API) CreateToken(w http.ResponseWriter, r *http.Request)
func (*API) DeleteAPIKey ¶ added in v0.4.0
func (a *API) DeleteAPIKey(w http.ResponseWriter, r *http.Request)
func (*API) GetDestination ¶ added in v0.4.0
func (a *API) GetDestination(w http.ResponseWriter, r *http.Request)
func (*API) GetGroup ¶ added in v0.4.0
func (a *API) GetGroup(w http.ResponseWriter, r *http.Request)
func (*API) GetProvider ¶ added in v0.4.0
func (a *API) GetProvider(w http.ResponseWriter, r *http.Request)
func (*API) ListAPIKeys ¶ added in v0.4.0
func (a *API) ListAPIKeys(w http.ResponseWriter, r *http.Request)
func (*API) ListDestinations ¶ added in v0.4.0
func (a *API) ListDestinations(w http.ResponseWriter, r *http.Request)
func (*API) ListGroups ¶ added in v0.4.0
func (a *API) ListGroups(w http.ResponseWriter, r *http.Request)
func (*API) ListProviders ¶ added in v0.4.0
func (a *API) ListProviders(w http.ResponseWriter, r *http.Request)
func (*API) ListRoles ¶ added in v0.4.0
func (a *API) ListRoles(w http.ResponseWriter, r *http.Request)
type APIKey ¶
type Config ¶
type Config struct { Secrets []ConfigSecretProvider `yaml:"secrets" validate:"dive"` Providers []ConfigProvider `yaml:"providers" validate:"dive"` Groups []ConfigGroupMapping `yaml:"groups" validate:"dive"` Users []ConfigUserMapping `yaml:"users" validate:"dive"` }
type ConfigDestination ¶ added in v0.2.3
type ConfigGroupMapping ¶ added in v0.0.15
type ConfigGroupMapping struct { Name string `yaml:"name" validate:"required"` Provider string `yaml:"provider" validate:"required"` Roles []ConfigRole `yaml:"roles" validate:"required,dive"` }
type ConfigOkta ¶ added in v0.4.0
type ConfigOkta struct {
APIToken string `yaml:"apiToken" validate:"required"`
}
type ConfigProvider ¶ added in v0.4.7
type ConfigProvider struct { Kind string `yaml:"kind" validate:"required"` Domain string `yaml:"domain" validate:"required"` ClientID string `yaml:"clientID" validate:"required"` ClientSecret string `yaml:"clientSecret" validate:"required"` Config interface{} // contains identity-provider-specific config }
func (*ConfigProvider) UnmarshalYAML ¶ added in v0.4.7
func (idp *ConfigProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type ConfigRole ¶ added in v0.4.7
type ConfigRole struct { Name string `yaml:"name" validate:"required"` Kind string `yaml:"kind" validate:"required,oneof=role cluster-role"` Destinations []ConfigDestination `yaml:"destinations" validate:"required,dive"` }
type ConfigSecretProvider ¶ added in v0.4.0
type ConfigSecretProvider struct { Kind string `yaml:"kind" validate:"required"` Name string `yaml:"name"` // optional Config interface{} // contains secret-provider-specific config }
func (*ConfigSecretProvider) UnmarshalYAML ¶ added in v0.4.0
func (sp *ConfigSecretProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type ConfigUserMapping ¶ added in v0.0.13
type ConfigUserMapping struct { Email string `yaml:"email" validate:"required,email"` Roles []ConfigRole `yaml:"roles" validate:"required,dive"` }
type CustomJWTClaims ¶ added in v0.2.4
type Destination ¶
type Destination struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` NodeID string `gorm:"unique"` Name string Kind string KubernetesCa string KubernetesEndpoint string Labels []Label `gorm:"many2many:destinations_labels"` }
func (*Destination) AfterCreate ¶
func (d *Destination) AfterCreate(tx *gorm.DB) error
func (*Destination) BeforeCreate ¶
func (d *Destination) BeforeCreate(tx *gorm.DB) (err error)
func (*Destination) BeforeDelete ¶
func (d *Destination) BeforeDelete(tx *gorm.DB) (err error)
TODO (jmorganca): use foreign constraints instead?
type Group ¶ added in v0.0.15
type Group struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string ProviderId string Provider Provider `gorm:"foreignKey:ProviderId;references:Id"` Roles []Role `gorm:"many2many:groups_roles"` Users []User `gorm:"many2many:groups_users"` }
type Http ¶ added in v0.0.6
type Http struct {
// contains filtered or unexported fields
}
func (*Http) WellKnownJWKs ¶ added in v0.0.6
func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request)
type Okta ¶ added in v0.0.12
type Okta interface { ValidateOktaConnection(domain string, clientID string, apiToken string) error Emails(domain string, clientID string, apiToken string) ([]string, error) Groups(domain string, clientID string, apiToken string) (map[string][]string, error) EmailFromCode(code string, domain string, clientID string, clientSecret string) (string, error) }
type Options ¶
type Options struct { ConfigPath string `mapstructure:"config-path"` DBFile string `mapstructure:"db-file"` TLSCache string `mapstructure:"tls-cache"` RootAPIKey string `mapstructure:"root-api-key"` EngineAPIKey string `mapstructure:"engine-api-key"` EnableUI bool `mapstructure:"enable-ui"` UIProxy string `mapstructure:"ui-proxy"` EnableTelemetry bool `mapstructure:"enable-telemetry"` EnableCrashReporting bool `mapstructure:"enable-crash-reporting"` ProvidersSyncInterval time.Duration `mapstructure:"providers-sync-interval"` DestinationsSyncInterval time.Duration `mapstructure:"destinations-sync-interval"` SessionDuration time.Duration `mapstructure:"session-duration"` internal.Options `mapstructure:",squash"` }
type Provider ¶ added in v0.4.0
type Provider struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Kind string `yaml:"kind"` Domain string ClientID string ClientSecret string // used for okta sync APIToken string Users []User `gorm:"many2many:users_providers"` }
func (*Provider) BeforeCreate ¶ added in v0.4.0
func (*Provider) CreateUser ¶ added in v0.4.0
CreateUser will create a user and associate them with the provider If the user already exists, they will not be created, instead an association will be added instead
func (*Provider) DeleteUser ¶ added in v0.4.0
Delete will delete a user's association with a provider If this is their only provider, then the user will be deleted entirely TODO (jmorganca): wrap this in a transaction or at least find out why there seems to cause a bug when used in a nested transaction
func (*Provider) SyncGroups ¶ added in v0.4.0
type Role ¶ added in v0.0.13
type Role struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Name string Kind string Namespace string DestinationId string Destination Destination `gorm:"foreignKey:DestinationId;references:Id"` Groups []Group `gorm:"many2many:groups_roles"` Users []User `gorm:"many2many:users_roles"` }
type Settings ¶
type StaticFileSystem ¶
type StaticFileSystem struct {
// contains filtered or unexported fields
}
type Telemetry ¶ added in v0.3.3
type Telemetry struct {
// contains filtered or unexported fields
}
func (*Telemetry) EnqueueHeartbeat ¶ added in v0.3.3
func (*Telemetry) SetEnabled ¶ added in v0.3.3
type Token ¶
type Token struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Expires int64 Secret []byte UserId string User User `gorm:"foreignKey:UserId;references:Id;"` }
func ValidateAndGetToken ¶ added in v0.0.13
func (*Token) CheckExpired ¶ added in v0.2.4
func (*Token) CheckSecret ¶
type User ¶
type User struct { Id string `gorm:"primaryKey"` Created int64 `gorm:"autoCreateTime"` Updated int64 `gorm:"autoUpdateTime"` Email string `gorm:"unique"` Providers []Provider `gorm:"many2many:users_providers"` Roles []Role `gorm:"many2many:users_roles"` Groups []Group `gorm:"many2many:groups_users"` }