auth

package
v0.3.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 4, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AddonRole = []string{
	"applications:get",
	"applications:put",
	"applications.tags:*",
	"applications.facts:*",
	"applications.bucket:*",
	"applications.analyses:*",
	"identities:get",
	"identities:decrypt",
	"proxies:get",
	"settings:get",
	"tags:*",
	"tagcategories:*",
	"tasks:get",
	"tasks.report:*",
	"tasks.bucket:get",
	"files:get",
	"rulesets:get",
}

AddonRole defines the addon scopes.

View Source
var Settings = &settings.Settings
View Source
var Validators []Validator

Validators provide token validation based on claims.

Functions

This section is empty.

Types

type BaseScope

type BaseScope struct {
	Resource string
	Method   string
}

BaseScope provides base behavior.

func (*BaseScope) Match

func (r *BaseScope) Match(resource string, method string) (b bool)

Match returns whether the scope is a match.

func (*BaseScope) String

func (r *BaseScope) String() (s string)

String representations of the scope.

func (*BaseScope) With

func (r *BaseScope) With(s string)

With parses a scope and populate fields. Format: <resource>:<method>

type Builtin

type Builtin struct {
}

Builtin auth provider.

func (*Builtin) Authenticate

func (r *Builtin) Authenticate(request *Request) (jwToken *jwt.Token, err error)

Authenticate the token

func (*Builtin) Login

func (r *Builtin) Login(user, password string) (token Token, err error)

Login and obtain a token.

func (*Builtin) NewToken

func (r *Builtin) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)

NewToken creates a new signed token.

func (*Builtin) Refresh added in v0.2.0

func (r *Builtin) Refresh(refresh string) (token Token, err error)

Refresh token.

func (*Builtin) Scopes

func (r *Builtin) Scopes(jwToken *jwt.Token) (scopes []Scope)

Scopes returns a list of scopes.

func (*Builtin) User

func (r *Builtin) User(jwToken *jwt.Token) (user string)

User returns the user associated with the token.

type Keycloak

type Keycloak struct {
	// contains filtered or unexported fields
}

Keycloak auth provider

func (*Keycloak) Authenticate

func (r *Keycloak) Authenticate(request *Request) (jwToken *jwt.Token, err error)

Authenticate the token

func (*Keycloak) Login

func (r *Keycloak) Login(user, password string) (token Token, err error)

Login and obtain a token.

func (Keycloak) NewToken

func (r Keycloak) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)

NewToken creates a new signed token.

func (*Keycloak) Refresh added in v0.2.0

func (r *Keycloak) Refresh(refresh string) (token Token, err error)

Refresh token.

func (*Keycloak) Scopes

func (r *Keycloak) Scopes(jwToken *jwt.Token) (scopes []Scope)

Scopes decodes a list of scopes from the token.

func (*Keycloak) User

func (r *Keycloak) User(jwToken *jwt.Token) (user string)

User resolves token to Keycloak username.

type NoAuth

type NoAuth struct {
}

NoAuth provider always permits access.

func (*NoAuth) Authenticate

func (r *NoAuth) Authenticate(_ *Request) (jwToken *jwt.Token, err error)

Authenticate the token

func (*NoAuth) Login

func (r *NoAuth) Login(user, password string) (token Token, err error)

Login and obtain a token.

func (NoAuth) NewToken

func (r NoAuth) NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)

NewToken creates a new signed token.

func (*NoAuth) Refresh added in v0.2.0

func (r *NoAuth) Refresh(refresh string) (token Token, err error)

Refresh token.

func (*NoAuth) Scopes

func (r *NoAuth) Scopes(jwToken *jwt.Token) (scopes []Scope)

Scopes decodes a list of scopes from the token. For the NoAuth provider, this just returns a single wildcard scope matching everything.

func (*NoAuth) User

func (r *NoAuth) User(jwToken *jwt.Token) (name string)

User mocks username for NoAuth

type NotAuthenticated

type NotAuthenticated struct {
	Token string
}

NotAuthenticated is returned when a token cannot be authenticated.

func (*NotAuthenticated) Error

func (e *NotAuthenticated) Error() (s string)

func (*NotAuthenticated) Is

func (e *NotAuthenticated) Is(err error) (matched bool)

type NotValid

type NotValid struct {
	Token string
}

NotValid is returned when a token is not valid.

func (*NotValid) Error

func (e *NotValid) Error() (s string)

func (*NotValid) Is

func (e *NotValid) Is(err error) (matched bool)

type Provider

type Provider interface {
	// NewToken creates a signed token.
	NewToken(user string, scopes []string, claims jwt.MapClaims) (signed string, err error)
	// Authenticate authenticates and validates the token.
	Authenticate(r *Request) (jwToken *jwt.Token, err error)
	// Scopes extracts a list of scopes from the token.
	Scopes(jwToken *jwt.Token) []Scope
	// User extracts the user from token.
	User(jwToken *jwt.Token) (user string)
	// Login and obtain a token.
	Login(user, password string) (token Token, err error)
	// Refresh token.
	Refresh(refresh string) (token Token, err error)
}

Provider provides RBAC.

var (
	// Log logger.
	Log = logr.WithName("auth")
	// Hub provider.
	Hub Provider
	// Remote provider.
	Remote Provider
)

func NewKeycloak

func NewKeycloak(host, realm string) (p Provider)

NewKeycloak builds a new Keycloak auth provider.

type Realm

type Realm struct {
	Users  map[string]gocloak.User
	Scopes map[string]gocloak.ClientScope
	Roles  map[string]gocloak.Role
}

Realm is a container for the users, scopes, and roles that exist in the hub's keycloak realm.

type Reconciler

type Reconciler struct {
	// contains filtered or unexported fields
}

Keycloak realm reconciler

func NewReconciler

func NewReconciler(host, realm, id, secret, admin, pass, adminRealm string) (r Reconciler)

NewReconciler builds a new Keycloak realm reconciler.

func (*Reconciler) Reconcile

func (r *Reconciler) Reconcile() (err error)

Reconcile ensures that the Hub realm exists and the expected clients, roles, scopes, and users are present in it.

type Request added in v0.1.0

type Request struct {
	Token  string
	Scope  string
	Method string
	DB     *gorm.DB
}

Request auth request.

func (*Request) Permit added in v0.1.0

func (r *Request) Permit() (result Result, err error)

Permit the specified request.

type Resource

type Resource struct {
	Name  string   `yaml:"name"`
	Verbs []string `yaml:"verbs"`
}

Resource is a set of permissions for a hub resource that a role may have.

type Result added in v0.1.0

type Result struct {
	Authenticated bool
	Authorized    bool
	User          string
	Scopes        []Scope
}

Result - auth result.

type Role

type Role struct {
	Name      string     `yaml:"role"`
	Resources []Resource `yaml:"resources"`
}

Role represents a RBAC role which grants access to particular resources in the hub.

func LoadRoles

func LoadRoles(path string) (roles []Role, err error)

LoadRoles loads a list of Role structs from a yaml file that is located at the given path.

type Scope

type Scope interface {
	// Match returns whether the scope is a match.
	Match(resource string, method string) bool
	//String representations of the scope.
	String() (s string)
}

Scope represents an authorization scope.

type Token added in v0.2.0

type Token struct {
	Access  string
	Refresh string
	Expiry  int
}

type User

type User struct {
	// Username
	Name string `yaml:"name"`
	// Default password
	Password string `yaml:"password"`
	// List of roles specified by name
	Roles []string `yaml:"roles"`
}

User is a hub user which may have Roles.

func LoadUsers

func LoadUsers(path string) (users []User, err error)

LoadUsers loads a list of User structs from a yaml file that is located at the given path.

type Validator

type Validator interface {
	// Valid determines if the token is valid.
	Valid(token *jwt.Token, db *gorm.DB) (valid bool)
}

Validator provides token validation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL