models

package
v0.5.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 5, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	InfraAdminRole     = "admin"
	InfraUserRole      = "user"
	InfraConnectorRole = "connector"
)
View Source
const (
	CreatedBySystem = 0
	CreatedByConfig = 1
)

Variables

View Source
var (
	AccessKeyKeyLength    = 10
	AccessKeySecretLength = 24
)
View Source
var SymmetricKey *secrets.SymmetricKey

SymmetricKey is the key used to encrypt and decrypt this field.

Functions

This section is empty.

Types

type AccessKey

type AccessKey struct {
	Model
	Name      string            `gorm:"uniqueIndex:,where:deleted_at is NULL"`
	IssuedFor uid.PolymorphicID `validate:"required"`

	ExpiresAt         time.Time     `validate:"required"`
	Extension         time.Duration // how long to increase the lifetime extension deadline by
	ExtensionDeadline time.Time

	Key            string `gorm:"<-;uniqueIndex:,where:deleted_at is NULL"`
	Secret         string `gorm:"-"`
	SecretChecksum []byte
}

AccessKey is a session token presented to the Infra server as proof of authentication

type Base64 added in v0.5.9

type Base64 []byte

func (Base64) GormDataType added in v0.5.9

func (f Base64) GormDataType() string

func (*Base64) Scan added in v0.5.9

func (f *Base64) Scan(v interface{}) error

func (Base64) Value added in v0.5.9

func (f Base64) Value() (driver.Value, error)

type Destination

type Destination struct {
	Model

	Name     string `validate:"required"`
	UniqueID string `gorm:"uniqueIndex:,where:deleted_at is NULL"`

	ConnectionURL string
	ConnectionCA  string
}

func (*Destination) ToAPI

func (d *Destination) ToAPI() *api.Destination

type EncryptedAtRest

type EncryptedAtRest string

EncryptedAtRest defines a field that knows how to encrypt and decrypt itself with Gorm it depends on the SymmetricKey being set for this package.

func (*EncryptedAtRest) Scan

func (s *EncryptedAtRest) Scan(v interface{}) error

func (EncryptedAtRest) Value

func (s EncryptedAtRest) Value() (driver.Value, error)

type EncryptionKey

type EncryptionKey struct {
	Model

	KeyID     int32 `gorm:"uniqueIndex"` // a short identifier for the key that can be embedded with the encrypted payload
	Name      string
	Encrypted []byte
	Algorithm string
	RootKeyID string
}

type Grant

type Grant struct {
	Model

	Identity  uid.PolymorphicID `validate:"required"`
	Privilege string            `validate:"required"` // role or permission
	Resource  string            `validate:"required"` // Universal Resource Notation

	CreatedBy uid.ID

	ExpiresAt          *time.Time
	LastUsedAt         *time.Time
	ExpiresAfterUnused time.Duration
}

Grant is a lean tuple of identity <-> privilege <-> resource (URN) relationships. bloat should be avoided here since this model is going to be used heavily.

Identity

Identity is a string specifying a user, group, the name of a role, or another grant
	- a user: u:E97WmsYfvo
	- a group: g:CCoJ1ornpf
	- a role: ?
	- a grant: ?

Privilege

Privilege is a predicate that describes what sort of access the identity has to the resource

URN

URN is Universal Resource Notation.

Expiry

time you want the grant to expire at

Defining

func (*Grant) ToAPI

func (r *Grant) ToAPI() api.Grant

type Group

type Group struct {
	Model

	Name string `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	ProviderID uid.ID `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	Users []User `gorm:"many2many:users_groups"`
}

func (*Group) PolymorphicIdentifier added in v0.5.8

func (g *Group) PolymorphicIdentifier() uid.PolymorphicID

func (*Group) ToAPI

func (g *Group) ToAPI() *api.Group

type Machine

type Machine struct {
	Model

	Name        string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
	Description string
	LastSeenAt  time.Time // updated on when machine uses a session token
}

func (*Machine) FromAPI

func (m *Machine) FromAPI(from interface{}) error

func (*Machine) PolymorphicIdentifier added in v0.5.8

func (m *Machine) PolymorphicIdentifier() uid.PolymorphicID

func (*Machine) ToAPI

func (m *Machine) ToAPI() *api.Machine

type Model

type Model struct {
	ID        uid.ID
	CreatedAt time.Time
	UpdatedAt time.Time
	DeletedAt gorm.DeletedAt
}

func (*Model) BeforeCreate

func (m *Model) BeforeCreate(tx *gorm.DB) error

Set an ID if one does not already exist. Unfortunately, we can use `gorm:"default"` tags since the ID must be dynamically generated and not all databases support UUID generation

func (Model) IsAModel

func (Model) IsAModel()

type Modelable

type Modelable interface {
	IsAModel() // there's nothing specific about this function except that all Model structs will have it.
}

Modelable is an interface that determines if a struct is a model. It's simply models that compose models.Model

type Provider

type Provider struct {
	Model

	Name         string `gorm:"uniqueIndex:,where:deleted_at is NULL" validate:"required"`
	URL          string `validate:"required"`
	ClientID     string
	ClientSecret EncryptedAtRest

	Users  []User
	Groups []Group
}

func (*Provider) ToAPI

func (p *Provider) ToAPI() *api.Provider

type ProviderToken

type ProviderToken struct {
	Model

	UserID      uid.ID
	ProviderID  uid.ID
	RedirectURL string `validate:"required"` // needs to match the redirect URL specified when the token was issued for refreshing

	AccessToken  EncryptedAtRest
	RefreshToken EncryptedAtRest
	ExpiresAt    time.Time
}

ProviderToken tracks the access and refresh tokens from an identity provider associated with a user

type RootCertificate added in v0.5.9

type RootCertificate struct {
	Model

	KeyAlgorithm     string          `validate:"required"`
	SigningAlgorithm string          `validate:"required"`
	PublicKey        Base64          `validate:"required"`
	PrivateKey       EncryptedAtRest `validate:"required"`
	SignedCert       EncryptedAtRest `validate:"required"` // contains private key? probably not pem encoded
	ExpiresAt        time.Time       `validate:"required"`
}

type Settings

type Settings struct {
	Model

	PrivateJWK []byte
	PublicJWK  []byte

	SetupRequired bool
}

type Token

type Token struct {
	Token   string
	Expires time.Time
}

Token is presented at a resource managed by Infra (ex: an Infra engine) to assert claims

type TrustedCertificate added in v0.5.9

type TrustedCertificate struct {
	Model

	KeyAlgorithm     string `validate:"required"`
	SigningAlgorithm string `validate:"required"`
	PublicKey        Base64 `validate:"required"`
	CertPEM          []byte `validate:"required"` // pem encoded
	Identity         string `validate:"required"`
	ExpiresAt        time.Time
	OneTimeUse       bool
}

type User

type User struct {
	Model

	Email      string    `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`
	LastSeenAt time.Time // updated on when user uses a session token

	ProviderID uid.ID `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`

	Groups []Group `gorm:"many2many:users_groups"`
}

func (*User) PolymorphicIdentifier added in v0.5.8

func (u *User) PolymorphicIdentifier() uid.PolymorphicID

func (*User) ToAPI

func (u *User) ToAPI() *api.User

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL