registry

package
v0.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2021 License: Apache-2.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrExistingKey            = Error("a key with this name already exists")
	ErrUnkownKey              = Error("an API key with this ID does not exist")
	ErrKeyPermissionsNotFound = Error("api-key permissions are required")
)
View Source 
const (
	DefaultProvidersSyncInterval    time.Duration = time.Second * 60
	DefaultDestinationsSyncInterval time.Duration = time.Minute * 5
)
View Source 
const AssetDebug = false

AssetDebug is true if the assets were built with the debug flag enabled.

Variables

View Source 
var (
	RoleKindKubernetesRole        = "role"
	RoleKindKubernetesClusterRole = "cluster-role"
)
View Source 
var (
	TokenSecretLen = 24
	TokenLen       = IdLen + TokenSecretLen
)
View Source 
var (
	CookieTokenName = "token"
	CookieLoginName = "login"
)
View Source 
var APIKeyLen = 24
View Source 
var DestinationKindKubernetes = "kubernetes"
View Source 
var IdLen = 12
View Source 
var ProviderKindOkta = "okta"
View Source 
var (
	SessionDuration time.Duration = time.Hour * 24
)

Functions

func ApplyGroupMappings added in v0.0.15 

func ApplyGroupMappings(db *gorm.DB, groups []ConfigGroupMapping) (modifiedRoleIDs []string, err error)

func ApplyUserMappings added in v0.3.3 

func ApplyUserMappings(db *gorm.DB, users []ConfigUserMapping) (modifiedRoleIDs []string, err error)

func Asset 

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDigest 

func AssetDigest(name string) ([sha256.Size]byte, error)

AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.

func AssetDir 

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy: 

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.

func AssetInfo 

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames 

func AssetNames() []string

AssetNames returns the names of the assets.

func AssetString 

func AssetString(name string) (string, error)

AssetString returns the asset contents as a string (instead of a []byte).

func Digests 

func Digests() (map[string][sha256.Size]byte, error)

Digests returns a map of all known files and their checksums.

func Healthz added in v0.1.3 

func Healthz(w http.ResponseWriter, r *http.Request)

func ImportProviders added in v0.4.0 

func ImportProviders(db *gorm.DB, providers []ConfigIdentityProvider) error

func ImportRoleMappings added in v0.3.3 

func ImportRoleMappings(db *gorm.DB, groups []ConfigGroupMapping, users []ConfigUserMapping) error

ImportRoleMappings iterates over user and group config and applies a role mapping to them

func MustAsset 

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func MustAssetString 

func MustAssetString(name string) string

MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.

func NewAPIMux added in v0.4.0 

func NewAPIMux(reg *Registry) *mux.Router

func NewDB 

func NewDB(dbpath string) (*gorm.DB, error)

func NewToken 

func NewToken(db *gorm.DB, userId string, sessionDuration time.Duration, token *Token) (secret string, err error)

func RestoreAsset 

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory.

func RestoreAssets 

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively.

func Run 

func Run(options Options) (err error)

Types

type API added in v0.4.0 

type API struct {
	// contains filtered or unexported fields
}

func (*API) CreateAPIKey added in v0.4.0 

func (a *API) CreateAPIKey(w http.ResponseWriter, r *http.Request)

func (*API) CreateDestination added in v0.4.0 

func (a *API) CreateDestination(w http.ResponseWriter, r *http.Request)

func (*API) CreateToken added in v0.4.0 

func (a *API) CreateToken(w http.ResponseWriter, r *http.Request)

func (*API) DeleteAPIKey added in v0.4.0 

func (a *API) DeleteAPIKey(w http.ResponseWriter, r *http.Request)

func (*API) GetDestination added in v0.4.0 

func (a *API) GetDestination(w http.ResponseWriter, r *http.Request)

func (*API) GetGroup added in v0.4.0 

func (a *API) GetGroup(w http.ResponseWriter, r *http.Request)

func (*API) GetProvider added in v0.4.0 

func (a *API) GetProvider(w http.ResponseWriter, r *http.Request)

func (*API) GetRole added in v0.4.0 

func (a *API) GetRole(w http.ResponseWriter, r *http.Request)

func (*API) GetUser added in v0.4.0 

func (a *API) GetUser(w http.ResponseWriter, r *http.Request)

func (*API) ListAPIKeys added in v0.4.0 

func (a *API) ListAPIKeys(w http.ResponseWriter, r *http.Request)

func (*API) ListDestinations added in v0.4.0 

func (a *API) ListDestinations(w http.ResponseWriter, r *http.Request)

func (*API) ListGroups added in v0.4.0 

func (a *API) ListGroups(w http.ResponseWriter, r *http.Request)

func (*API) ListProviders added in v0.4.0 

func (a *API) ListProviders(w http.ResponseWriter, r *http.Request)

func (*API) ListRoles added in v0.4.0 

func (a *API) ListRoles(w http.ResponseWriter, r *http.Request)

func (*API) ListUsers added in v0.4.0 

func (a *API) ListUsers(w http.ResponseWriter, r *http.Request)

func (*API) Login added in v0.4.0 

func (a *API) Login(w http.ResponseWriter, r *http.Request)

func (*API) Logout added in v0.4.0 

func (a *API) Logout(w http.ResponseWriter, r *http.Request)

func (*API) Version added in v0.4.0 

func (a *API) Version(w http.ResponseWriter, r *http.Request)

type APIKey 

type APIKey struct {
	Id          string `gorm:"primaryKey"`
	Created     int64  `gorm:"autoCreateTime"`
	Updated     int64  `gorm:"autoUpdateTime"`
	Name        string `gorm:"unique"`
	Key         string
	Permissions string // space separated list of permissions/scopes that a token can perform
}

func (*APIKey) BeforeCreate 

func (a *APIKey) BeforeCreate(tx *gorm.DB) (err error)

type Config 

type Config struct {
	Secrets   []ConfigSecretProvider   `yaml:"secrets"`
	Providers []ConfigIdentityProvider `yaml:"providers"`
	Groups    []ConfigGroupMapping     `yaml:"groups"`
	Users     []ConfigUserMapping      `yaml:"users"`
}

type ConfigDestination added in v0.2.3 

type ConfigDestination struct {
	Name       string   `yaml:"name"`
	Namespaces []string `yaml:"namespaces"` // optional in the case of a cluster-role
}

type ConfigGroupMapping added in v0.0.15 

type ConfigGroupMapping struct {
	Name     string                 `yaml:"name"`
	Provider string                 `yaml:"provider"`
	Roles    []ConfigRoleKubernetes `yaml:"roles"`
}

type ConfigIdentityProvider added in v0.4.0 

type ConfigIdentityProvider struct {
	Kind         string      `yaml:"kind"`
	Domain       string      `yaml:"domain"`
	ClientID     string      `yaml:"clientID"`
	ClientSecret string      `yaml:"clientSecret"`
	Config       interface{} // contains identity-provider-specific config
}

func (*ConfigIdentityProvider) UnmarshalYAML added in v0.4.0 

func (idp *ConfigIdentityProvider) UnmarshalYAML(unmarshal func(interface{}) error) error

type ConfigOkta added in v0.4.0 

type ConfigOkta struct {
	APIToken string `yaml:"apiToken"`
}

type ConfigRoleKubernetes added in v0.0.13 

type ConfigRoleKubernetes struct {
	Name         string              `yaml:"name"`
	Kind         string              `yaml:"kind"`
	Destinations []ConfigDestination `yaml:"destinations"`
}

type ConfigSecretProvider added in v0.4.0 

type ConfigSecretProvider struct {
	Kind   string      `yaml:"kind"`
	Name   string      `yaml:"name"` // optional
	Config interface{} // contains secret-provider-specific config
}

func (*ConfigSecretProvider) UnmarshalYAML added in v0.4.0 

func (sp *ConfigSecretProvider) UnmarshalYAML(unmarshal func(interface{}) error) error

type ConfigUserMapping added in v0.0.13 

type ConfigUserMapping struct {
	Email  string                 `yaml:"email"`
	Roles  []ConfigRoleKubernetes `yaml:"roles"`
	Groups []string               `yaml:"groups"`
}

type CustomJWTClaims added in v0.2.4 

type CustomJWTClaims struct {
	Email       string `json:"email" validate:"required"`
	Destination string `json:"dest" validate:"required"`
	Nonce       string `json:"nonce" validate:"required"`
}

type Destination 

type Destination struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Name    string `gorm:"unique"`
	Kind    string

	KubernetesCa       string
	KubernetesEndpoint string
}

func (*Destination) AfterCreate 

func (d *Destination) AfterCreate(tx *gorm.DB) error

func (*Destination) BeforeCreate 

func (d *Destination) BeforeCreate(tx *gorm.DB) (err error)

func (*Destination) BeforeDelete 

func (d *Destination) BeforeDelete(tx *gorm.DB) (err error)

TODO (jmorganca): use foreign constraints instead?

type Error added in v0.2.5 

type Error string

func (Error) Error added in v0.2.5 

func (e Error) Error() string

type Group added in v0.0.15 

type Group struct {
	Id         string `gorm:"primaryKey"`
	Created    int64  `gorm:"autoCreateTime"`
	Updated    int64  `gorm:"autoUpdateTime"`
	Name       string
	ProviderId string
	Provider   Provider `gorm:"foreignKey:ProviderId;references:Id"`

	Roles []Role `gorm:"many2many:groups_roles"`
	Users []User `gorm:"many2many:groups_users"`
}

func (*Group) AfterCreate added in v0.3.1 

func (g *Group) AfterCreate(tx *gorm.DB) error

func (*Group) BeforeCreate added in v0.0.15 

func (g *Group) BeforeCreate(tx *gorm.DB) (err error)

func (*Group) BeforeDelete added in v0.3.1 

func (g *Group) BeforeDelete(tx *gorm.DB) error

type Http added in v0.0.6 

type Http struct {
	// contains filtered or unexported fields
}

func (*Http) WellKnownJWKs added in v0.0.6 

func (h *Http) WellKnownJWKs(w http.ResponseWriter, r *http.Request)

type Okta added in v0.0.12 

type Okta interface {
	ValidateOktaConnection(domain string, clientID string, apiToken string) error
	Emails(domain string, clientID string, apiToken string) ([]string, error)
	Groups(domain string, clientID string, apiToken string) (map[string][]string, error)
	EmailFromCode(code string, domain string, clientID string, clientSecret string) (string, error)
}

func NewOkta added in v0.0.12 

func NewOkta() Okta

type Options 

type Options struct {
	ConfigPath   string `mapstructure:"config-path"`
	DBFile       string `mapstructure:"db-file"`
	TLSCache     string `mapstructure:"tls-cache"`
	RootAPIKey   string `mapstructure:"root-api-key"`
	EngineAPIKey string `mapstructure:"engine-api-key"`

	EnableUI bool   `mapstructure:"enable-ui"`
	UIProxy  string `mapstructure:"ui-proxy"`

	EnableTelemetry      bool `mapstructure:"enable-telemetry"`
	EnableCrashReporting bool `mapstructure:"enable-crash-reporting"`

	ProvidersSyncInterval    time.Duration `mapstructure:"providers-sync-interval"`
	DestinationsSyncInterval time.Duration `mapstructure:"destinations-sync-interval"`

	internal.Options `mapstructure:",squash"`
}

type Provider added in v0.4.0 

type Provider struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Kind    string `yaml:"kind"`

	Domain       string
	ClientID     string
	ClientSecret string

	// used for okta sync
	APIToken string

	Users []User `gorm:"many2many:users_providers"`
}

func (*Provider) BeforeCreate added in v0.4.0 

func (p *Provider) BeforeCreate(tx *gorm.DB) (err error)

func (*Provider) BeforeDelete added in v0.4.0 

func (p *Provider) BeforeDelete(tx *gorm.DB) error

func (*Provider) CreateUser added in v0.4.0 

func (p *Provider) CreateUser(db *gorm.DB, user *User, email string) error

CreateUser will create a user and associate them with the provider If the user already exists, they will not be created, instead an association will be added instead

func (*Provider) DeleteUser added in v0.4.0 

func (p *Provider) DeleteUser(db *gorm.DB, u User) error

Delete will delete a user's association with a provider If this is their only provider, then the user will be deleted entirely TODO (jmorganca): wrap this in a transaction or at least find out why there seems to cause a bug when used in a nested transaction

func (*Provider) SyncGroups added in v0.4.0 

func (p *Provider) SyncGroups(r *Registry) error

func (*Provider) SyncUsers added in v0.4.0 

func (p *Provider) SyncUsers(r *Registry) error

func (*Provider) Validate added in v0.4.0 

func (p *Provider) Validate(r *Registry) error

Validate checks that an Okta provider is valid

type Registry added in v0.4.0 

type Registry struct {
	// contains filtered or unexported fields
}

func (*Registry) GetSecret added in v0.4.0 

func (r *Registry) GetSecret(name string) (string, error)

GetSecret implements the secret definition scheme for Infra. eg plaintext:pass123, or kubernetes:infra-okta/apiToken it's an abstraction around all secret providers

type Role added in v0.0.13 

type Role struct {
	Id            string `gorm:"primaryKey"`
	Created       int64  `gorm:"autoCreateTime"`
	Updated       int64  `gorm:"autoUpdateTime"`
	Name          string
	Kind          string
	Namespace     string
	DestinationId string
	Destination   Destination `gorm:"foreignKey:DestinationId;references:Id"`
	Groups        []Group     `gorm:"many2many:groups_roles"`
	Users         []User      `gorm:"many2many:users_roles"`
}

func (*Role) BeforeCreate added in v0.0.13 

func (r *Role) BeforeCreate(tx *gorm.DB) (err error)

type Settings 

type Settings struct {
	Id         string `gorm:"primaryKey"`
	Created    int64  `gorm:"autoCreateTime"`
	Updated    int64  `gorm:"autoUpdateTime"`
	PrivateJWK []byte
	PublicJWK  []byte
}

func (*Settings) BeforeCreate 

func (s *Settings) BeforeCreate(tx *gorm.DB) (err error)

func (*Settings) BeforeSave 

func (s *Settings) BeforeSave(tx *gorm.DB) error

type StaticFileSystem 

type StaticFileSystem struct {
	// contains filtered or unexported fields
}

func (StaticFileSystem) Open 

func (sfs StaticFileSystem) Open(name string) (http.File, error)

type Telemetry added in v0.3.3 

type Telemetry struct {
	// contains filtered or unexported fields
}

func NewTelemetry added in v0.3.3 

func NewTelemetry(db *gorm.DB) (*Telemetry, error)

func (*Telemetry) Close added in v0.3.3 

func (t *Telemetry) Close()

func (*Telemetry) Enqueue added in v0.3.3 

func (t *Telemetry) Enqueue(track analytics.Track) error

func (*Telemetry) EnqueueHeartbeat added in v0.3.3 

func (t *Telemetry) EnqueueHeartbeat() error

func (*Telemetry) SetEnabled added in v0.3.3 

func (t *Telemetry) SetEnabled(enabled bool)

type Token 

type Token struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Expires int64
	Secret  []byte

	UserId string
	User   User `gorm:"foreignKey:UserId;references:Id;"`
}

func ValidateAndGetToken added in v0.0.13 

func ValidateAndGetToken(db *gorm.DB, in string) (*Token, error)

func (*Token) BeforeCreate 

func (t *Token) BeforeCreate(tx *gorm.DB) (err error)

func (*Token) CheckExpired added in v0.2.4 

func (t *Token) CheckExpired() (err error)

func (*Token) CheckSecret 

func (t *Token) CheckSecret(secret string) (err error)

type User 

type User struct {
	Id      string `gorm:"primaryKey"`
	Created int64  `gorm:"autoCreateTime"`
	Updated int64  `gorm:"autoUpdateTime"`
	Email   string `gorm:"unique"`

	Providers []Provider `gorm:"many2many:users_providers"`
	Roles     []Role     `gorm:"many2many:users_roles"`
	Groups    []Group    `gorm:"many2many:groups_users"`
}

func (*User) AfterCreate 

func (u *User) AfterCreate(tx *gorm.DB) error

func (*User) BeforeCreate 

func (u *User) BeforeCreate(tx *gorm.DB) (err error)

func (*User) BeforeDelete 

func (u *User) BeforeDelete(tx *gorm.DB) error

TODO (jmorganca): use foreign constraints instead?

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.