state

package
v0.0.0-...-f88c608 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2025 License: AGPL-3.0 Imports: 20 Imported by: 6

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddUser 

func AddUser(
	ctx context.Context,
	tx *sqlair.TX,
	uuid user.UUID,
	name user.Name,
	displayName string,
	external bool,
	creatorUuid user.UUID,
) error

AddUser adds a new user to the database and enables the user. If the user already exists an error that satisfies accesserrors.UserAlreadyExists will be returned. If the creator does not exist an error that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func AddUserPermission 

func AddUserPermission(ctx context.Context, tx *sqlair.TX, spec AddUserPermissionArgs) error

AddUserPermission adds a permission for the given user on the given target. Validates that the target exists and that the Access level is appropriate for the target before insert.

func AddUserWithPassword 

func AddUserWithPassword(
	ctx context.Context,
	tx *sqlair.TX,
	uuid user.UUID,
	name user.Name,
	displayName string,
	creatorUUID user.UUID,
	permission permission.AccessSpec,
	passwordHash string,
	salt []byte,
) error

AddUserWithPassword adds a new user to the database with the provided password hash and salt. If the user already exists an error that satisfies accesserrors.UserAlreadyExists will be returned. if the creator does not exist that satisfies accesserrors.CreatorUUIDNotFound will be returned.

func AddUserWithPermission 

func AddUserWithPermission(
	ctx context.Context,
	tx *sqlair.TX,
	uuid user.UUID,
	name user.Name,
	displayName string,
	external bool,
	creatorUuid user.UUID,
	access permission.AccessSpec,
) error

AddUserWithPermission adds a new user to the database, enables the user and adds the given permission for the user. If the user already exists an error that satisfies accesserrors.UserAlreadyExists will be returned. If the creator does not exist an error that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func GetUserUUIDByName 

func GetUserUUIDByName(ctx context.Context, tx *sqlair.TX, name user.Name) (user.UUID, error)

GetUserUUIDByName will retrieve the user uuid for the user identifier by name. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned. Exported for use in credential.

Types

type AddUserPermissionArgs 

type AddUserPermissionArgs struct {
	PermissionUUID string
	UserUUID       string
	Access         corepermission.Access
	Target         corepermission.ID
}

AddUserPermissionArgs is a specification for adding a user permission.

type PermissionState 

type PermissionState struct {
	*domain.StateBase
	// contains filtered or unexported fields
}

PermissionState describes retrieval and persistence methods for storage.

func NewPermissionState 

func NewPermissionState(factory coredatabase.TxnRunnerFactory, logger logger.Logger) *PermissionState

NewPermissionState returns a new state reference.

func (*PermissionState) AllModelAccessForCloudCredential 

func (st *PermissionState) AllModelAccessForCloudCredential(ctx context.Context, key credential.Key) ([]access.CredentialOwnerModelAccess, error)

AllModelAccessForCloudCredential for a given (cloud) credential key, return all model name and model access level combinations.

func (*PermissionState) CreatePermission 

func (st *PermissionState) CreatePermission(ctx context.Context, newPermissionUUID uuid.UUID, spec corepermission.UserAccessSpec) (corepermission.UserAccess, error)

CreatePermission gives the user access per the provided spec. It requires the user/target combination has not already been created. UserAccess is returned on success. If the user provided does not exist or is marked removed, accesserrors.PermissionNotFound is returned. If the user provided exists but is marked disabled, accesserrors.UserAuthenticationDisabled is returned. If a permission for the user and target key already exists, accesserrors.PermissionAlreadyExists is returned.

func (*PermissionState) DeletePermission 

func (st *PermissionState) DeletePermission(ctx context.Context, subject user.Name, target corepermission.ID) error

DeletePermission removes the given subject's (user) access to the given target. If the specified subject does not exist, an accesserrors.NotFound is returned. If the permission does not exist, no error is returned.

func (*PermissionState) EnsureExternalUserIfAuthorized 

func (st *PermissionState) EnsureExternalUserIfAuthorized(
	ctx context.Context,
	subject user.Name,
	target corepermission.ID,
) error

EnsureExternalUserIfAuthorized checks if an external user is missing from the database and has permissions on an object. If they do then they will be added. This ensures that juju has a record of external users that have inherited their permissions from everyone@external.

func (*PermissionState) ReadAllAccessForUserAndObjectType 

func (st *PermissionState) ReadAllAccessForUserAndObjectType(
	ctx context.Context, subject user.Name, objectType corepermission.ObjectType,
) ([]corepermission.UserAccess, error)

ReadAllAccessForUserAndObjectType return a slice of user access for the subject (user) specified and of the given access type. E.G. All clouds the user has access to.

func (*PermissionState) ReadAllUserAccessForTarget 

func (st *PermissionState) ReadAllUserAccessForTarget(ctx context.Context, target corepermission.ID) ([]corepermission.UserAccess, error)

ReadAllUserAccessForTarget return a slice of user access for all users with access to the given target. An accesserrors.PermissionNotFound error is returned if no permissions can be found on the target.

func (*PermissionState) ReadAllUserAccessForUser 

func (st *PermissionState) ReadAllUserAccessForUser(ctx context.Context, subject user.Name) ([]corepermission.UserAccess, error)

ReadAllUserAccessForUser returns a slice of the user access the given subject's (user) has for any access type.

func (*PermissionState) ReadUserAccessForTarget 

func (st *PermissionState) ReadUserAccessForTarget(ctx context.Context, subject user.Name, target corepermission.ID) (corepermission.UserAccess, error)

ReadUserAccessForTarget returns the subject's (user) access for the given user on the given target. accesserrors.PermissionNotFound is returned the users permission cannot be found on the target.

func (*PermissionState) ReadUserAccessLevelForTarget 

func (st *PermissionState) ReadUserAccessLevelForTarget(ctx context.Context, subject user.Name, target corepermission.ID) (corepermission.Access, error)

ReadUserAccessLevelForTarget returns the subject's (user) access level for the given user on the given target. If the access level of a user cannot be found then accesserrors.AccessNotFound is returned.

func (*PermissionState) UpdatePermission 

func (st *PermissionState) UpdatePermission(ctx context.Context, args access.UpdatePermissionArgs) error

UpdatePermission updates the permission on the target for the given subject (user). If the subject is an external user, and they do not exist, they are created. Access can be granted or revoked. Revoking Read access will delete the permission. accesserrors.UserNotFound is returned if the user is local and does not exist in the users table. accesserrors.PermissionAccessGreater is returned if the user is being granted an access level greater or equal to what they already have.

type State 

type State struct {
	*UserState
	*PermissionState
}

State represents a type for interacting with the underlying state. Composes both user and permission state, so we can interact with both from the single state, whilst also keeping the concerns separate.

func NewState 

func NewState(factory database.TxnRunnerFactory, logger logger.Logger) *State

NewState returns a new State for interacting with the underlying state.

type UserState 

type UserState struct {
	*domain.StateBase
}

UserState represents a type for interacting with the underlying state.

func NewUserState 

func NewUserState(factory database.TxnRunnerFactory) *UserState

NewUserState returns a new State for interacting with the underlying state.

func (*UserState) AddUser 

func (st *UserState) AddUser(
	ctx context.Context,
	uuid user.UUID,
	name user.Name,
	displayName string,
	external bool,
	creatorUUID user.UUID,
) error

AddUser adds a new user to the database and enables the user. If the user already exists an error that satisfies accesserrors.UserAlreadyExists will be returned. If the creator does not exist an error that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func (*UserState) AddUserWithActivationKey 

func (st *UserState) AddUserWithActivationKey(
	ctx context.Context,
	uuid user.UUID,
	name user.Name,
	displayName string,
	creatorUUID user.UUID,
	permission permission.AccessSpec,
	activationKey []byte,
) error

AddUserWithActivationKey will add a new user to the database with the provided activation key. If the user already exists an error that satisfies accesserrors.UserAlreadyExists will be returned. if the users creator does not exist an error that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func (*UserState) AddUserWithPasswordHash 

func (st *UserState) AddUserWithPasswordHash(
	ctx context.Context,
	uuid user.UUID,
	name user.Name,
	displayName string,
	creatorUUID user.UUID,
	permission permission.AccessSpec,
	passwordHash string,
	salt []byte,
) error

AddUserWithPasswordHash will add a new user to the database with the provided password hash and salt. If the user already exists, an error that satisfies accesserrors.UserAlreadyExists will be returned. If the creator does not exist that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func (*UserState) AddUserWithPermission 

func (st *UserState) AddUserWithPermission(
	ctx context.Context,
	uuid user.UUID,
	name user.Name,
	displayName string,
	external bool,
	creatorUUID user.UUID,
	permission permission.AccessSpec,
) error

AddUserWithPermission will add a new user and a permission to the database. If the user already exists, an error that satisfies accesserrors.UserAlreadyExists will be returned. If the creator does not exist, an error that satisfies accesserrors.UserCreatorUUIDNotFound will be returned.

func (*UserState) DisableUserAuthentication 

func (st *UserState) DisableUserAuthentication(ctx context.Context, name user.Name) error

DisableUserAuthentication will disable the user with the supplied user name. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) EnableUserAuthentication 

func (st *UserState) EnableUserAuthentication(ctx context.Context, name user.Name) error

EnableUserAuthentication will enable the user with the supplied name. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) GetActivationKey 

func (st *UserState) GetActivationKey(ctx context.Context, name user.Name) ([]byte, error)

GetActivationKey retrieves the activation key for the user with the supplied user name. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) GetAllUsers 

func (st *UserState) GetAllUsers(ctx context.Context, includeDisabled bool) ([]user.User, error)

GetAllUsers will retrieve all users with authentication information (last login, disabled) from the database. If no users exist an empty slice will be returned.

func (*UserState) GetUser 

func (st *UserState) GetUser(ctx context.Context, uuid user.UUID) (user.User, error)

GetUser will retrieve the user with authentication information specified by UUID from the database. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) GetUserByAuth 

func (st *UserState) GetUserByAuth(ctx context.Context, name user.Name, password auth.Password) (user.User, error)

GetUserByAuth will retrieve the user with checking authentication information specified by UUID and password from the database. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned, otherwise unauthorized will be returned.

func (*UserState) GetUserByName 

func (st *UserState) GetUserByName(ctx context.Context, name user.Name) (user.User, error)

GetUserByName will retrieve the user with authentication information (last login, disabled) specified by name from the database. If the user does not exist an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) LastModelLogin 

func (st *UserState) LastModelLogin(ctx context.Context, name user.Name, modelUUID coremodel.UUID) (time.Time, error)

LastModelLogin returns when the specified user last connected to the specified model in UTC. The following errors can be returned: - accesserrors.UserNameNotValid when the username is not valid. - accesserrors.UserNotFound when the user cannot be found. - modelerrors.NotFound if no model by the given modelUUID exists. - accesserrors.UserNeverAccessedModel if there is no record of the user accessing the model.

func (*UserState) RemoveUser 

func (st *UserState) RemoveUser(ctx context.Context, name user.Name) error

RemoveUser marks the user as removed. This obviates the ability of a user to function, but keeps the user retaining provenance, i.e. auditing. RemoveUser will also remove any credentials and activation codes for the user. If no user exists for the given user name then an error that satisfies accesserrors.UserNotFound will be returned.

func (*UserState) SetActivationKey 

func (st *UserState) SetActivationKey(ctx context.Context, name user.Name, activationKey []byte) error

SetActivationKey removes any active passwords for the user and sets the activation key. If no user is found for the supplied user name an error is returned that satisfies accesserrors.UserNotFound.

func (*UserState) SetPasswordHash 

func (st *UserState) SetPasswordHash(ctx context.Context, name user.Name, passwordHash string, salt []byte) error

SetPasswordHash removes any active activation keys and sets the user password hash and salt. If no user is found for the supplied user name an error is returned that satisfies accesserrors.UserNotFound.

func (*UserState) UpdateLastModelLogin 

func (st *UserState) UpdateLastModelLogin(ctx context.Context, name user.Name, modelUUID coremodel.UUID, lastLogin time.Time) error

UpdateLastModelLogin updates the last login time for the user with the supplied uuid on the model with the supplied model uuid. The following error types are possible from this function: - accesserrors.UserNameNotValid when the username is not valid. - accesserrors.UserNotFound when the user cannot be found. - modelerrors.NotFound if no model by the given modelUUID exists.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.