Affected by GO-2024-3010 and 2 other vulnerabilities

GO-2024-3010: CVE-2024-6984 in github.com/juju/juju

GO-2024-3040: Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm in github.com/juju/juju

GO-2024-3175: Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju

httpserverargs

package

v0.0.0-...-0a82276 Latest Latest Go to latest Published: Nov 29, 2024 License: AGPL-3.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juju/juju

Documentation ¶

Index ¶

func Manifold(config ManifoldConfig) dependency.Manifold
func NewStateAuthenticator(ctx context.Context, statePool *state.StatePool, controllerModelUUID string, ...) (macaroon.LocalMacaroonAuthenticator, error)
type AccessService
type BakeryConfigService
type ControllerConfigService
type MacaroonService
type ManifoldConfig
- func (config ManifoldConfig) Validate() error
type NewStateAuthenticatorFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Manifold ¶

func Manifold(config ManifoldConfig) dependency.Manifold

Manifold returns a dependency.Manifold to run a worker to hold the http server mux and authenticator. This means that we can ensure that all workers that need to register with them can be finished starting up before the httpserver responds to connections.

func NewStateAuthenticator ¶

func NewStateAuthenticator(
	ctx context.Context,
	statePool *state.StatePool,
	controllerModelUUID string,
	controllerConfigService ControllerConfigService,
	accessService AccessService,
	macaroonService MacaroonService,
	mux *apiserverhttp.Mux,
	clock clock.Clock,
	abort <-chan struct{},
) (macaroon.LocalMacaroonAuthenticator, error)

NewStateAuthenticator returns a new LocalMacaroonAuthenticator that authenticates users and agents using the given state pool. The authenticator will register handlers into the mux for dealing with local macaroon logins.

Types ¶

type AccessService ¶

type AccessService interface {
	// GetUserByAuth returns the user with the given name and password.
	GetUserByAuth(ctx context.Context, name coreuser.Name, password auth.Password) (coreuser.User, error)

	// GetUserByName returns the user with the given name.
	GetUserByName(ctx context.Context, name coreuser.Name) (coreuser.User, error)

	// UpdateLastModelLogin updates the last login time for the user with the
	// given name on the given model.
	UpdateLastModelLogin(ctx context.Context, name coreuser.Name, modelUUID coremodel.UUID) error

	// EnsureExternalUserIfAuthorized checks if an external user is missing from the
	// database and has permissions on an object. If they do then they will be
	// added. This ensures that juju has a record of external users that have
	// inherited their permissions from everyone@external.
	EnsureExternalUserIfAuthorized(ctx context.Context, subject coreuser.Name, target permission.ID) error

	// ReadUserAccessLevelForTarget returns the user access level for the given
	// user on the given target. A NotValid error is returned if the subject
	// (user) string is empty, or the target is not valid. Any errors from the
	// state layer are passed through. If the access level of a user cannot be
	// found then [accesserrors.AccessNotFound] is returned.
	ReadUserAccessLevelForTarget(ctx context.Context, subject coreuser.Name, target permission.ID) (permission.Access, error)
}

AccessService defines a interface for interacting the users and permissions of a controller.

type BakeryConfigService ¶

type BakeryConfigService interface {
	GetLocalUsersKey(context.Context) (*bakery.KeyPair, error)
	GetLocalUsersThirdPartyKey(context.Context) (*bakery.KeyPair, error)
	GetExternalUsersThirdPartyKey(context.Context) (*bakery.KeyPair, error)
}

type ControllerConfigService ¶

type ControllerConfigService interface {
	ControllerConfig(context.Context) (controller.Config, error)
}

ControllerConfigService is an interface that can be implemented by types that can return a controller config.

type MacaroonService ¶

type MacaroonService interface {
	dbrootkeystore.ContextBacking
	BakeryConfigService
}

type ManifoldConfig ¶

type ManifoldConfig struct {
	ClockName          string
	StateName          string
	DomainServicesName string

	NewStateAuthenticator NewStateAuthenticatorFunc
}

ManifoldConfig holds the resources needed to run an httpserverargs worker.

func (ManifoldConfig) Validate ¶

func (config ManifoldConfig) Validate() error

Validate checks that we have all of the things we need.

type NewStateAuthenticatorFunc ¶

type NewStateAuthenticatorFunc func(
	ctx context.Context,
	statePool *state.StatePool,
	controllerModelUUID string,
	controllerConfigService ControllerConfigService,
	accessService AccessService,
	macaroonService MacaroonService,
	mux *apiserverhttp.Mux,
	clock clock.Clock,
	abort <-chan struct{},
) (macaroon.LocalMacaroonAuthenticator, error)

NewStateAuthenticatorFunc is a function type satisfied by NewStateAuthenticator.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL