GO-2024-2703: Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output in github.com/kopia/kopia

auth

package

v0.8.0-beta1 Latest Latest Go to latest Published: Mar 12, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kopia/kopia

Documentation ¶

Overview ¶

Package auth provides authentication and authorization constructs.

Index ¶

type AccessLevel
type Authenticator
type AuthorizationInfo
- func LegacyAuthorizerForUser(ctx context.Context, rep repo.Repository, usernameAtHostname string) AuthorizationInfo
- func NoAccess() AuthorizationInfo
type AuthorizerFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessLevel ¶

type AccessLevel int

AccessLevel specifies access level when accessing repository objects.

const (
	AccessLevelNone   AccessLevel = iota
	AccessLevelRead               // RO access
	AccessLevelAppend             // RO + create new
	AccessLevelFull               // read/write/delete
)

Access levels.

type Authenticator ¶

type Authenticator func(ctx context.Context, rep repo.Repository, username, password string) bool

Authenticator verifies that the provided username/password is valid.

func AuthenticateRepositoryUsers ¶

func AuthenticateRepositoryUsers() Authenticator

AuthenticateRepositoryUsers returns authenticator that accepts username/password combinations stored in 'user' manifests in the repository.

func AuthenticateSingleUser ¶

func AuthenticateSingleUser(expectedUsername, expectedPassword string) Authenticator

AuthenticateSingleUser returns an Authenticator that only allows one username/password combination.

func CombineAuthenticators ¶

func CombineAuthenticators(authenticators ...Authenticator) Authenticator

CombineAuthenticators return authenticator that applies the provided authenticators in order and returns true if any of them accepts given username/password combination.

type AuthorizationInfo ¶

type AuthorizationInfo interface {
	// ContentAccessLevel determines whether the user can read/write contents.
	ContentAccessLevel() AccessLevel

	// ManifestAccessLevel determines whether the user has access to a manifest with given labels.
	ManifestAccessLevel(labels map[string]string) AccessLevel
}

AuthorizationInfo determines logged in user's access level.

func LegacyAuthorizerForUser ¶

func LegacyAuthorizerForUser(ctx context.Context, rep repo.Repository, usernameAtHostname string) AuthorizationInfo

LegacyAuthorizerForUser is an AuthorizerFunc that returns authorizer with legacy (pre-ACL) authorization rules (authenticated users can see their own snapshots/policies only).

func NoAccess ¶

func NoAccess() AuthorizationInfo

NoAccess returns AuthorizationInfo which grants no permissions.

type AuthorizerFunc ¶

type AuthorizerFunc func(ctx context.Context, rep repo.Repository, username string) AuthorizationInfo

AuthorizerFunc gets the authorizations for given user.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL