stateauthenticator

package
v0.0.0-...-0a271de Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2025 License: AGPL-3.0 Imports: 40 Imported by: 5

Documentation

Overview

Package stateauthenticator is a generated GoMock package.

Index

Constants

This section is empty.

Variables

View Source 
var AgentTags = []string{
	names.MachineTagKind,
	names.ControllerAgentTagKind,
	names.UnitTagKind,
	names.ApplicationTagKind,
	names.ModelTagKind,
}

AgentTags are those used by any Juju agent.

Functions

func LoginRequest 

func LoginRequest(req *http.Request) (params.LoginRequest, error)

LoginRequest extracts basic auth login details from an http.Request.

TODO(axw) we shouldn't be using params types here.

Types

type AccessService 

type AccessService interface {
	// GetUserByAuth returns the user with the given name and password.
	GetUserByAuth(ctx context.Context, name coreuser.Name, password auth.Password) (coreuser.User, error)

	// GetUserByName returns the user with the given name.
	GetUserByName(ctx context.Context, name coreuser.Name) (coreuser.User, error)

	// UpdateLastModelLogin updates the last login time for the user with the
	// given name.
	UpdateLastModelLogin(ctx context.Context, name coreuser.Name, modelUUID coremodel.UUID) error

	// EnsureExternalUserIfAuthorized checks if an external user is missing from the
	// database and has permissions on an object. If they do then they will be
	// added. This ensures that juju has a record of external users that have
	// inherited their permissions from everyone@external.
	EnsureExternalUserIfAuthorized(ctx context.Context, subject coreuser.Name, target corepermission.ID) error

	// ReadUserAccessLevelForTarget returns the user access level for the given
	// user on the given target. A NotValid error is returned if the subject
	// (user) string is empty, or the target is not valid. Any errors from the
	// state layer are passed through. If the access level of a user cannot be
	// found then [accesserrors.AccessNotFound] is returned.
	ReadUserAccessLevelForTarget(ctx context.Context, subject coreuser.Name, target corepermission.ID) (corepermission.Access, error)
}

AccessService defines a interface for interacting the users and permissions of a controller.

type AgentAuthenticatorFactory 

type AgentAuthenticatorFactory interface {
	// Authenticator returns an authenticator using the factory's state.
	Authenticator() authentication.EntityAuthenticator

	// AuthenticatorForState returns an authenticator for the given state.
	AuthenticatorForState(st *state.State) authentication.EntityAuthenticator
}

AgentAuthenticatorFactory is a factory for creating authenticators, which can create authenticators for a given state.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator is an implementation of httpcontext.Authenticator, using *state.State for authentication.

This Authenticator only works with requests that have been handled by one of the httpcontext.*ModelHandler handlers.

func NewAuthenticator 

func NewAuthenticator(
	ctx context.Context,
	statePool *state.StatePool,
	controllerModelUUID string,
	controllerConfigService ControllerConfigService,
	accessService AccessService,
	macaroonService MacaroonService,
	agentAuthFactory AgentAuthenticatorFactory,
	clock clock.Clock,
) (*Authenticator, error)

NewAuthenticator returns a new Authenticator using the given StatePool.

func (*Authenticator) AddHandlers 

func (a *Authenticator) AddHandlers(mux *apiserverhttp.Mux) error

AddHandlers adds the handlers to the given mux for handling local macaroon logins.

func (*Authenticator) Authenticate 

func (a *Authenticator) Authenticate(req *http.Request) (authentication.AuthInfo, error)

Authenticate is part of the httpcontext.Authenticator interface.

func (*Authenticator) AuthenticateLoginRequest 

func (a *Authenticator) AuthenticateLoginRequest(
	ctx context.Context,
	serverHost string,
	modelUUID model.UUID,
	authParams authentication.AuthParams,
) (_ authentication.AuthInfo, err error)

AuthenticateLoginRequest authenticates a LoginRequest.

func (*Authenticator) CreateLocalLoginMacaroon 

func (a *Authenticator) CreateLocalLoginMacaroon(ctx context.Context, tag names.UserTag, version bakery.Version) (*macaroon.Macaroon, error)

CreateLocalLoginMacaroon is part of the httpcontext.LocalMacaroonAuthenticator interface.

func (*Authenticator) Maintain 

func (a *Authenticator) Maintain(done <-chan struct{})

Maintain periodically expires local login interactions.

type BakeryConfigService 

type BakeryConfigService interface {
	GetLocalUsersKey(context.Context) (*bakery.KeyPair, error)
	GetLocalUsersThirdPartyKey(context.Context) (*bakery.KeyPair, error)
	GetExternalUsersThirdPartyKey(context.Context) (*bakery.KeyPair, error)
}

type ControllerConfigService 

type ControllerConfigService interface {
	ControllerConfig(context.Context) (controller.Config, error)
}

ControllerConfigService is an interface that can be implemented by types that can return a controller config.

type MacaroonService 

type MacaroonService interface {
	dbrootkeystore.ContextBacking
	BakeryConfigService
}

MacaroonService defines the method required to manage macaroons.

type MockExpirableStorage 

type MockExpirableStorage struct {
	// contains filtered or unexported fields
}

MockExpirableStorage is a mock of ExpirableStorage interface.

func NewMockExpirableStorage 

func NewMockExpirableStorage(ctrl *gomock.Controller) *MockExpirableStorage

NewMockExpirableStorage creates a new mock instance.

func (*MockExpirableStorage) EXPECT 

func (m *MockExpirableStorage) EXPECT() *MockExpirableStorageMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockExpirableStorage) ExpireAfter 

func (m *MockExpirableStorage) ExpireAfter(arg0 time.Duration) macaroon.ExpirableStorage

ExpireAfter mocks base method.

func (*MockExpirableStorage) Get 

func (m *MockExpirableStorage) Get(arg0 context.Context, arg1 []byte) ([]byte, error)

Get mocks base method.

func (*MockExpirableStorage) RootKey 

func (m *MockExpirableStorage) RootKey(arg0 context.Context) ([]byte, []byte, error)

RootKey mocks base method.

type MockExpirableStorageExpireAfterCall 

type MockExpirableStorageExpireAfterCall struct {
	*gomock.Call
}

MockExpirableStorageExpireAfterCall wrap *gomock.Call

func (*MockExpirableStorageExpireAfterCall) Do 

func (c *MockExpirableStorageExpireAfterCall) Do(f func(time.Duration) macaroon.ExpirableStorage) *MockExpirableStorageExpireAfterCall

Do rewrite *gomock.Call.Do

func (*MockExpirableStorageExpireAfterCall) DoAndReturn 

func (c *MockExpirableStorageExpireAfterCall) DoAndReturn(f func(time.Duration) macaroon.ExpirableStorage) *MockExpirableStorageExpireAfterCall

DoAndReturn rewrite *gomock.Call.DoAndReturn

func (*MockExpirableStorageExpireAfterCall) Return 

func (c *MockExpirableStorageExpireAfterCall) Return(arg0 macaroon.ExpirableStorage) *MockExpirableStorageExpireAfterCall

Return rewrite *gomock.Call.Return

type MockExpirableStorageGetCall 

type MockExpirableStorageGetCall struct {
	*gomock.Call
}

MockExpirableStorageGetCall wrap *gomock.Call

func (*MockExpirableStorageGetCall) Do 

func (c *MockExpirableStorageGetCall) Do(f func(context.Context, []byte) ([]byte, error)) *MockExpirableStorageGetCall

Do rewrite *gomock.Call.Do

func (*MockExpirableStorageGetCall) DoAndReturn 

func (c *MockExpirableStorageGetCall) DoAndReturn(f func(context.Context, []byte) ([]byte, error)) *MockExpirableStorageGetCall

DoAndReturn rewrite *gomock.Call.DoAndReturn

func (*MockExpirableStorageGetCall) Return 

func (c *MockExpirableStorageGetCall) Return(arg0 []byte, arg1 error) *MockExpirableStorageGetCall

Return rewrite *gomock.Call.Return

type MockExpirableStorageMockRecorder 

type MockExpirableStorageMockRecorder struct {
	// contains filtered or unexported fields
}

MockExpirableStorageMockRecorder is the mock recorder for MockExpirableStorage.

func (*MockExpirableStorageMockRecorder) ExpireAfter 

func (mr *MockExpirableStorageMockRecorder) ExpireAfter(arg0 any) *MockExpirableStorageExpireAfterCall

ExpireAfter indicates an expected call of ExpireAfter.

func (*MockExpirableStorageMockRecorder) Get 

func (mr *MockExpirableStorageMockRecorder) Get(arg0, arg1 any) *MockExpirableStorageGetCall

Get indicates an expected call of Get.

func (*MockExpirableStorageMockRecorder) RootKey 

func (mr *MockExpirableStorageMockRecorder) RootKey(arg0 any) *MockExpirableStorageRootKeyCall

RootKey indicates an expected call of RootKey.

type MockExpirableStorageRootKeyCall 

type MockExpirableStorageRootKeyCall struct {
	*gomock.Call
}

MockExpirableStorageRootKeyCall wrap *gomock.Call

func (*MockExpirableStorageRootKeyCall) Do 

func (c *MockExpirableStorageRootKeyCall) Do(f func(context.Context) ([]byte, []byte, error)) *MockExpirableStorageRootKeyCall

Do rewrite *gomock.Call.Do

func (*MockExpirableStorageRootKeyCall) DoAndReturn 

func (c *MockExpirableStorageRootKeyCall) DoAndReturn(f func(context.Context) ([]byte, []byte, error)) *MockExpirableStorageRootKeyCall

DoAndReturn rewrite *gomock.Call.DoAndReturn

func (*MockExpirableStorageRootKeyCall) Return 

func (c *MockExpirableStorageRootKeyCall) Return(arg0, arg1 []byte, arg2 error) *MockExpirableStorageRootKeyCall

Return rewrite *gomock.Call.Return

type OpenLoginAuthorizer 

type OpenLoginAuthorizer struct{}

OpenLoginAuthorizer authorises any login operation presented to it.

func (OpenLoginAuthorizer) AuthorizeOps 

func (OpenLoginAuthorizer) AuthorizeOps(ctx context.Context, authorizedOp bakery.Op, queryOps []bakery.Op) ([]bool, []checkers.Caveat, error)

AuthorizeOps implements OpsAuthorizer.AuthorizeOps.

type PermissionDelegator 

type PermissionDelegator struct {
	AccessService AccessService
}

PermissionDelegator implements authentication.PermissionDelegator

func (*PermissionDelegator) PermissionError 

func (p *PermissionDelegator) PermissionError(_ names.Tag, _ permission.Access) error

func (*PermissionDelegator) SubjectPermissions 

func (p *PermissionDelegator) SubjectPermissions(
	ctx context.Context, userName string, target permission.ID,
) (permission.Access, error)

SubjectPermissions ensures that the input entity is a user, then returns that user's access to the input subject.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.