models

package
v0.5.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	InfraAdminRole     = "admin"
	InfraUserRole      = "user"
	InfraConnectorRole = "connector"
)
View Source 
const (
	CreatedBySystem = 0
	CreatedByConfig = 1
)

Variables

View Source 
var (
	AccessKeyKeyLength    = 10
	AccessKeySecretLength = 24
)
View Source 
var SymmetricKey *secrets.SymmetricKey

SymmetricKey is the key used to encrypt and decrypt this field.

Functions

This section is empty.

Types

type AccessKey 

type AccessKey struct {
	Model
	Name      string            `gorm:"uniqueIndex:,where:deleted_at is NULL"`
	IssuedFor uid.PolymorphicID `validate:"required"`

	ExpiresAt         time.Time     `validate:"required"`
	Extension         time.Duration // how long to increase the lifetime extension deadline by
	ExtensionDeadline time.Time

	Key            string `gorm:"<-;uniqueIndex:,where:deleted_at is NULL"`
	Secret         string `gorm:"-"`
	SecretChecksum []byte
}

AccessKey is a session token presented to the Infra server as proof of authentication

type Base64 added in v0.5.9 

type Base64 []byte

func (Base64) GormDataType added in v0.5.9 

func (f Base64) GormDataType() string

func (*Base64) Scan added in v0.5.9 

func (f *Base64) Scan(v interface{}) error

func (Base64) Value added in v0.5.9 

func (f Base64) Value() (driver.Value, error)

type Destination 

type Destination struct {
	Model

	Name     string `validate:"required"`
	UniqueID string `gorm:"uniqueIndex:,where:deleted_at is NULL"`

	ConnectionURL string
	ConnectionCA  string
}

func (*Destination) ToAPI 

func (d *Destination) ToAPI() *api.Destination

type EncryptedAtRest 

type EncryptedAtRest string

EncryptedAtRest defines a field that knows how to encrypt and decrypt itself with Gorm it depends on the SymmetricKey being set for this package.

func (*EncryptedAtRest) Scan 

func (s *EncryptedAtRest) Scan(v interface{}) error

func (EncryptedAtRest) Value 

func (s EncryptedAtRest) Value() (driver.Value, error)

type EncryptionKey 

type EncryptionKey struct {
	Model

	KeyID     int32 `gorm:"uniqueIndex"` // a short identifier for the key that can be embedded with the encrypted payload
	Name      string
	Encrypted []byte
	Algorithm string
	RootKeyID string
}

type Grant 

type Grant struct {
	Model

	Identity  uid.PolymorphicID `validate:"required"`
	Privilege string            `validate:"required"` // role or permission
	Resource  string            `validate:"required"` // Universal Resource Notation

	CreatedBy uid.ID

	ExpiresAt          *time.Time
	LastUsedAt         *time.Time
	ExpiresAfterUnused time.Duration
}

Grant is a lean tuple of identity <-> privilege <-> resource (URN) relationships. bloat should be avoided here since this model is going to be used heavily.

Identity 

Identity is a string specifying a user, group, the name of a role, or another grant
	- a user: u:E97WmsYfvo
	- a group: g:CCoJ1ornpf
	- a role: ?
	- a grant: ?

Privilege 

Privilege is a predicate that describes what sort of access the identity has to the resource

URN 

URN is Universal Resource Notation.

Expiry 

time you want the grant to expire at

Defining

func (*Grant) ToAPI 

func (r *Grant) ToAPI() api.Grant

type Group 

type Group struct {
	Model

	Name string `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	ProviderID uid.ID `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`

	Users []User `gorm:"many2many:users_groups"`
}

func (*Group) PolymorphicIdentifier added in v0.5.8 

func (g *Group) PolymorphicIdentifier() uid.PolymorphicID

func (*Group) ToAPI 

func (g *Group) ToAPI() *api.Group

type Machine 

type Machine struct {
	Model

	Name        string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
	Description string
	LastSeenAt  time.Time // updated on when machine uses a session token
}

func (*Machine) FromAPI 

func (m *Machine) FromAPI(from interface{}) error

func (*Machine) PolymorphicIdentifier added in v0.5.8 

func (m *Machine) PolymorphicIdentifier() uid.PolymorphicID

func (*Machine) ToAPI 

func (m *Machine) ToAPI() *api.Machine

type Model 

type Model struct {
	ID        uid.ID
	CreatedAt time.Time
	UpdatedAt time.Time
	DeletedAt gorm.DeletedAt
}

func (*Model) BeforeCreate 

func (m *Model) BeforeCreate(tx *gorm.DB) error

Set an ID if one does not already exist. Unfortunately, we can use `gorm:"default"` tags since the ID must be dynamically generated and not all databases support UUID generation

func (Model) IsAModel 

func (Model) IsAModel()

type Modelable 

type Modelable interface {
	IsAModel() // there's nothing specific about this function except that all Model structs will have it.
}

Modelable is an interface that determines if a struct is a model. It's simply models that compose models.Model

type Provider 

type Provider struct {
	Model

	Name         string `gorm:"uniqueIndex:,where:deleted_at is NULL" validate:"required"`
	URL          string `validate:"required"`
	ClientID     string
	ClientSecret EncryptedAtRest

	Users  []User
	Groups []Group
}

func (*Provider) ToAPI 

func (p *Provider) ToAPI() *api.Provider

type ProviderToken 

type ProviderToken struct {
	Model

	UserID      uid.ID
	ProviderID  uid.ID
	RedirectURL string `validate:"required"` // needs to match the redirect URL specified when the token was issued for refreshing

	AccessToken  EncryptedAtRest
	RefreshToken EncryptedAtRest
	ExpiresAt    time.Time
}

ProviderToken tracks the access and refresh tokens from an identity provider associated with a user

type RootCertificate added in v0.5.9 

type RootCertificate struct {
	Model

	KeyAlgorithm     string          `validate:"required"`
	SigningAlgorithm string          `validate:"required"`
	PublicKey        Base64          `validate:"required"`
	PrivateKey       EncryptedAtRest `validate:"required"`
	SignedCert       EncryptedAtRest `validate:"required"` // contains private key? probably not pem encoded
	ExpiresAt        time.Time       `validate:"required"`
}

type Settings 

type Settings struct {
	Model

	PrivateJWK []byte
	PublicJWK  []byte

	SetupRequired bool
}

type Token 

type Token struct {
	Token   string
	Expires time.Time
}

Token is presented at a resource managed by Infra (ex: an Infra engine) to assert claims

type TrustedCertificate added in v0.5.9 

type TrustedCertificate struct {
	Model

	KeyAlgorithm     string `validate:"required"`
	SigningAlgorithm string `validate:"required"`
	PublicKey        Base64 `validate:"required"`
	CertPEM          []byte `validate:"required"` // pem encoded
	Identity         string `validate:"required"`
	ExpiresAt        time.Time
	OneTimeUse       bool
}

type User 

type User struct {
	Model

	Email      string    `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`
	LastSeenAt time.Time // updated on when user uses a session token

	ProviderID uid.ID `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`

	Groups []Group `gorm:"many2many:users_groups"`
}

func (*User) PolymorphicIdentifier added in v0.5.8 

func (u *User) PolymorphicIdentifier() uid.PolymorphicID

func (*User) ToAPI 

func (u *User) ToAPI() *api.User

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.