models

package

v0.5.1 Latest Latest Go to latest Published: Feb 1, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infrahq/infra

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type APIToken
type Destination
- func (d *Destination) ToAPI() *api.Destination
type EncryptedAtRest
- func (s *EncryptedAtRest) Scan(v interface{}) error
- func (s EncryptedAtRest) Value() (driver.Value, error)
type Grant
- func (g *Grant) Matches(identity, privilege, resource string) bool
- func (r *Grant) ToAPI() api.Grant
type Group
- func (g *Group) ToAPI() *api.Group
type Key
type Model
- func (m *Model) BeforeCreate(tx *gorm.DB) error
- func (Model) IsAModel()
type Modelable
type Provider
- func (p *Provider) ToAPI() *api.Provider
type ProviderToken
type Settings
type Token
type User
- func (u *User) ToAPI() *api.User

Constants ¶

This section is empty.

Variables ¶

View Source

var APITokenSecretLength = 24

View Source

var SymmetricKey *secrets.SymmetricKey

SymmetricKey is the key used to encrypt and decrypt this field.

Functions ¶

This section is empty.

Types ¶

type APIToken ¶

type APIToken struct {
	Model
	Name      string // optional name
	UserID    uid.ID
	ExpiresAt time.Time

	// TODO: remove me with machine identities
	Permissions string

	Secret         string `gorm:"-"`
	SecretChecksum []byte
}

type Destination ¶

type Destination struct {
	Model

	Name     string `validate:"required"`
	UniqueID string `gorm:"uniqueIndex:,where:deleted_at is NULL"`

	ConnectionURL string
	ConnectionCA  string
}

func (*Destination) ToAPI ¶

func (d *Destination) ToAPI() *api.Destination

type EncryptedAtRest ¶

type EncryptedAtRest string

EncryptedAtRest defines a field that knows how to encrypt and decrypt itself with Gorm it depends on the SymmetricKey being set for this package.

func (*EncryptedAtRest) Scan ¶

func (s *EncryptedAtRest) Scan(v interface{}) error

func (EncryptedAtRest) Value ¶

func (s EncryptedAtRest) Value() (driver.Value, error)

type Grant ¶

type Grant struct {
	Model

	Identity  string `validate:"required"` // polymorphic reference. Format is "u:<idstr>" for users, "g:<idstr>" for groups, "m:<idstr>" for machines
	Privilege string `validate:"required"` // role or permission
	Resource  string `validate:"required"` // Universal Resource Notation

	CreatedBy uid.ID

	ExpiresAt          *time.Time
	LastUsedAt         *time.Time
	ExpiresAfterUnused time.Duration
}

Grant is a lean tuple of identity <-> privilege <-> resource (URN) relationships. bloat should be avoided here since this model is going to be used heavily.

Identity

Identity is a string specifying a user, group, the name of a role, or another grant
	- a user: u:E97WmsYfvo
	- a group: g:CCoJ1ornpf
	- a role: ?
	- a grant: ?

Privilege

Privilege is a predicate that describes what sort of access the identity has to the resource

URN

URN is Universal Resource Notation.

Expiry

time you want the grant to expire at

Defining

func (*Grant) Matches ¶

func (g *Grant) Matches(identity, privilege, resource string) bool

func (*Grant) ToAPI ¶

func (r *Grant) ToAPI() api.Grant

type Group ¶

type Group struct {
	Model

	Name string `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	ProviderID uid.ID `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	Users []User `gorm:"many2many:users_groups"`
}

func (*Group) ToAPI ¶

func (g *Group) ToAPI() *api.Group

type Key ¶

type Key struct {
	Model

	KeyID     int32 `gorm:"uniqueIndex"` // a short identifier for the key that can be embedded with the encrypted payload
	Name      string
	Encrypted []byte
	Algorithm string
	RootKeyID string
}

type Model ¶

type Model struct {
	ID        uid.ID
	CreatedAt time.Time
	UpdatedAt time.Time
	DeletedAt gorm.DeletedAt
}

func (*Model) BeforeCreate ¶

func (m *Model) BeforeCreate(tx *gorm.DB) error

Set an ID if one does not already exist. Unfortunately, we can use `gorm:"default"` tags since the ID must be dynamically generated and not all databases support UUID generation

func (Model) IsAModel ¶

func (Model) IsAModel()

type Modelable ¶

type Modelable interface {
	IsAModel() // there's nothing specific about this function except that all Model structs will have it.
}

Modelable is an interface that determines if a struct is a model. It's simply models that compose models.Model

type Provider ¶

type Provider struct {
	Model

	Name         string `gorm:"uniqueIndex:,where:deleted_at is NULL" validate:"required"`
	URL          string `validate:"required"`
	ClientID     string
	ClientSecret EncryptedAtRest

	Users  []User
	Groups []Group
}

func (*Provider) ToAPI ¶

func (p *Provider) ToAPI() *api.Provider

type ProviderToken ¶

type ProviderToken struct {
	Model

	UserID     uid.ID
	ProviderID uid.ID

	AccessToken  EncryptedAtRest
	RefreshToken EncryptedAtRest
	ExpiresAt    time.Time
}

ProviderToken tracks the access and refresh tokens from an identity provider associated with a user

type Settings ¶

type Settings struct {
	Model

	PrivateJWK []byte
	PublicJWK  []byte
}

type Token ¶

type Token struct {
	Token   string
	Expires time.Time
}

type User ¶

type User struct {
	Model

	Email       string `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`
	Permissions string
	LastSeenAt  time.Time // updated on when user uses a session token

	ProviderID uid.ID `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`

	Groups []Group `gorm:"many2many:users_groups"`
}

func (*User) ToAPI ¶

func (u *User) ToAPI() *api.User

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL