Documentation
¶
Index ¶
Constants ¶
const ( InfraAdminRole = "admin" InfraUserRole = "user" InfraConnectorRole = "connector" )
const ( CreatedBySystem = 0 CreatedByConfig = 1 )
const BasePermissionConnect = "connect"
BasePermissionConnect is the first-principle permission that all other permissions are defined from. This permission gives you permission to authenticate with a destination
const InternalInfraProviderName = "infra"
Variables ¶
var ( AccessKeyKeyLength = 10 AccessKeySecretLength = 24 )
var SymmetricKey *secrets.SymmetricKey
SymmetricKey is the key used to encrypt and decrypt this field.
Functions ¶
This section is empty.
Types ¶
type AccessKey ¶
type AccessKey struct {
Model
Name string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
IssuedFor uid.PolymorphicID `validate:"required"`
ExpiresAt time.Time `validate:"required"`
Extension time.Duration // how long to increase the lifetime extension deadline by
ExtensionDeadline time.Time
KeyID string `gorm:"<-;uniqueIndex:,where:deleted_at is NULL"`
Secret string `gorm:"-"`
SecretChecksum []byte
}
AccessKey is a session token presented to the Infra server as proof of authentication
type Credential ¶ added in v0.6.0
type Destination ¶
type Destination struct {
Model
Name string `validate:"required"`
UniqueID string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
ConnectionURL string
ConnectionCA string
}
func (*Destination) ToAPI ¶
func (d *Destination) ToAPI() *api.Destination
type EncryptedAtRest ¶
type EncryptedAtRest string
EncryptedAtRest defines a field that knows how to encrypt and decrypt itself with Gorm it depends on the SymmetricKey being set for this package.
func (*EncryptedAtRest) Scan ¶
func (s *EncryptedAtRest) Scan(v interface{}) error
type EncryptionKey ¶
type Grant ¶
type Grant struct {
Model
Subject uid.PolymorphicID `validate:"required"` // usually an identity, but could be a role definition
Privilege string `validate:"required"` // role or permission
Resource string `validate:"required"` // Universal Resource Notation
CreatedBy uid.ID
ExpiresAt *time.Time
LastUsedAt *time.Time
ExpiresAfterUnused time.Duration
}
Grant is a lean tuple of subject(identity) <-> privilege <-> resource (URN) relationships. field bloat should be avoided here since this model is going to be used heavily.
Subject
Subject is mostly an Identity, which is a string specifying a user, group, the name of a role, or another grant - a user: u:E97WmsYfvo - a user reference - a group: g:CCoJ1ornpf - a group reference - a role: r:role-name - a role definition - a permission: p:permissionn-name - a permission definition
Privilege
Privilege is a predicate that describes what sort of access the identity has to the resource
URN
URN is Universal Resource Notation.
Expiry
time you want the grant to expire at
type Group ¶
type Group struct {
Model
Name string `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`
ProviderID uid.ID `gorm:"uniqueIndex:idx_groups_name_provider_id,where:deleted_at is NULL"`
Users []User `gorm:"many2many:users_groups"`
}
func (*Group) PolyID ¶ added in v0.8.0
func (g *Group) PolyID() uid.PolymorphicID
type Machine ¶
type Machine struct {
Model
Name string `gorm:"uniqueIndex:,where:deleted_at is NULL"`
Description string
LastSeenAt time.Time // updated on when machine uses a session token
}
func (*Machine) PolyID ¶ added in v0.8.0
func (m *Machine) PolyID() uid.PolymorphicID
type Model ¶
func (*Model) BeforeCreate ¶
Set an ID if one does not already exist. Unfortunately, we can use `gorm:"default"` tags since the ID must be dynamically generated and not all databases support UUID generation
type Modelable ¶
type Modelable interface {
IsAModel() // there's nothing specific about this function except that all Model structs will have it.
}
Modelable is an interface that determines if a struct is a model. It's simply models that compose models.Model
type Provider ¶
type ProviderToken ¶
type ProviderToken struct {
Model
UserID uid.ID
ProviderID uid.ID
RedirectURL string `validate:"required"` // needs to match the redirect URL specified when the token was issued for refreshing
AccessToken EncryptedAtRest
RefreshToken EncryptedAtRest
ExpiresAt time.Time
}
ProviderToken tracks the access and refresh tokens from an identity provider associated with a user
type RootCertificate ¶ added in v0.5.9
type RootCertificate struct {
Model
KeyAlgorithm string `validate:"required"`
SigningAlgorithm string `validate:"required"`
PublicKey Base64 `validate:"required"`
PrivateKey EncryptedAtRest `validate:"required"`
SignedCert EncryptedAtRest `validate:"required"` // contains private key? probably not pem encoded
ExpiresAt time.Time `validate:"required"`
}
type Token ¶
Token is presented at a resource managed by Infra (ex: an Infra connector) to assert claims
type TrustedCertificate ¶ added in v0.5.9
type User ¶
type User struct {
Model
Email string `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`
LastSeenAt time.Time // updated on when user uses a session token
ProviderID uid.ID `gorm:"uniqueIndex:idx_users_email_provider_id,where:deleted_at is NULL"`
Groups []Group `gorm:"many2many:users_groups"`
}
func (*User) PolyID ¶ added in v0.8.0
func (u *User) PolyID() uid.PolymorphicID
PolyID is a polymorphic identifier that points to both a model type and an ID
Source Files