auth

package
v0.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Overview

Package auth provides authentication and authorization constructs.

Index

Constants

View Source
const (
	AccessLevelNone   = acl.AccessLevelNone
	AccessLevelRead   = acl.AccessLevelRead   // RO access
	AccessLevelAppend = acl.AccessLevelAppend // RO + create new
	AccessLevelFull   = acl.AccessLevelFull   // read/write/delete
)

Access levels forwarded to 'acl' package to allow it to easily implement AuthorizationInfo interface.

Variables

ContentRule is a special target rule that targets contents instead of manifests.

DefaultACLs specifies default ACLs.

Functions

This section is empty.

Types

type AccessLevel

type AccessLevel = acl.AccessLevel

AccessLevel specifies access level when accessing repository objects.

type Authenticator

type Authenticator interface {
	IsValid(ctx context.Context, rep repo.Repository, username, password string) bool
	Refresh(ctx context.Context) error
}

Authenticator verifies that the provided username/password is valid.

func AuthenticateHtpasswdFile

func AuthenticateHtpasswdFile(f *htpasswd.File) Authenticator

AuthenticateHtpasswdFile returns an authenticator that accepts users in the provided htpasswd file.

func AuthenticateRepositoryUsers

func AuthenticateRepositoryUsers() Authenticator

AuthenticateRepositoryUsers returns authenticator that accepts username/password combinations stored in 'user' manifests in the repository.

func AuthenticateSingleUser

func AuthenticateSingleUser(expectedUsername, expectedPassword string) Authenticator

AuthenticateSingleUser returns an Authenticator that only allows one username/password combination.

func CombineAuthenticators

func CombineAuthenticators(authenticators ...Authenticator) Authenticator

CombineAuthenticators return authenticator that applies the provided authenticators in order and returns true if any of them accepts given username/password combination.

type AuthorizationInfo

type AuthorizationInfo interface {
	// ContentAccessLevel determines whether the user can read/write contents.
	ContentAccessLevel() AccessLevel

	// ManifestAccessLevel determines whether the user has access to a manifest with given labels.
	ManifestAccessLevel(labels map[string]string) AccessLevel
}

AuthorizationInfo determines logged in user's access level.

func NoAccess

func NoAccess() AuthorizationInfo

NoAccess returns AuthorizationInfo which grants no permissions.

type Authorizer

type Authorizer interface {
	Authorize(ctx context.Context, rep repo.Repository, username string) AuthorizationInfo
	Refresh(ctx context.Context) error
}

Authorizer gets authorization info for logged in user.

func DefaultAuthorizer

func DefaultAuthorizer() Authorizer

DefaultAuthorizer returns Authorizer that will fetch ACLs from the repository and evaluate them in the context of current user to determine their permission levels. It will fall back to legacy authorizer if no ACL entries are defined in the repository.

func LegacyAuthorizer

func LegacyAuthorizer() Authorizer

LegacyAuthorizer is an Authorizer that returns authorizer with legacy (pre-ACL) authorization rules (authenticated users can see their own snapshots/policies only).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL