Documentation ¶
Overview ¶
Package auth provides functionality related to authentication and authorization
Index ¶
- Constants
- func CreatePermission(ctx context.Context, clientsEndpoint string, clientID string, ...) (string, error)
- func CreatePolicy(ctx context.Context, clientsEndpoint string, clientID string, ...) (string, error)
- func CreateResource(ctx context.Context, resource KeycloakResource, authzEndpoint string, ...) (string, error)
- func DeletePermission(ctx context.Context, clientsEndpoint string, clientID string, ...) error
- func DeletePolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, ...) error
- func DeleteResource(ctx context.Context, kcResourceID string, authzEndpoint string, ...) error
- func GetClientID(ctx context.Context, clientsEndpoint string, publicClientID string, ...) (string, error)
- func GetEntitlement(ctx context.Context, entitlementEndpoint string, ...) (*string, error)
- func GetProtectedAPIToken(ctx context.Context, openidConnectTokenURL string, clientID string, ...) (string, error)
- func UpdatePolicy(ctx context.Context, clientsEndpoint string, clientID string, ...) error
- func ValidateKeycloakUser(ctx context.Context, adminEndpoint string, userID, protectionAPIToken string) (bool, error)
- func VerifyResourceUser(ctx context.Context, token string, resourceName string, ...) (bool, error)
- type AuthzPolicyManager
- type AuthzResourceManager
- type EntitlementMeta
- type EntitlementResource
- type GormOauthStateReferenceRepository
- func (r *GormOauthStateReferenceRepository) Create(ctx context.Context, reference *OauthStateReference) (*OauthStateReference, error)
- func (r *GormOauthStateReferenceRepository) Delete(ctx context.Context, ID uuid.UUID) error
- func (r *GormOauthStateReferenceRepository) Load(ctx context.Context, id uuid.UUID) (*OauthStateReference, error)
- type KeycloakConfiguration
- type KeycloakPermission
- type KeycloakPolicy
- type KeycloakPolicyManager
- func (m *KeycloakPolicyManager) AddUserToPolicy(p *KeycloakPolicy, userID string) bool
- func (m *KeycloakPolicyManager) GetPolicy(ctx context.Context, request *goa.RequestData, policyID string) (*KeycloakPolicy, *string, error)
- func (m *KeycloakPolicyManager) RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool
- func (m *KeycloakPolicyManager) UpdatePolicy(ctx context.Context, request *goa.RequestData, policy KeycloakPolicy, ...) error
- type KeycloakResource
- type KeycloakResourceManager
- type OauthStateReference
- type OauthStateReferenceRepository
- type PermissionConfigData
- type PolicyConfigData
- type Resource
- type ResourceSet
- type Token
- type UserInfo
Constants ¶
const ( // PermissionTypeResource is to used in a Keycloak Permission payload: {"type":"resource"} PermissionTypeResource = "resource" // PolicyTypeUser is to used in a Keycloak Policy payload: {"type":"user"} PolicyTypeUser = "user" // PolicyLogicPossitive is to used in a Keycloak Policy payload: {"logic":""POSITIVE"} PolicyLogicPossitive = "POSITIVE" // PolicyDecisionStrategyUnanimous is to used in a Keycloak Policy payload: {"decisionStrategy":""UNANIMOUS"} PolicyDecisionStrategyUnanimous = "UNANIMOUS" // EntitlementLimit is used to specify the number of entitlement resources info in the RPT EntitlementLimit = "1" )
Variables ¶
This section is empty.
Functions ¶
func CreatePermission ¶
func CreatePermission(ctx context.Context, clientsEndpoint string, clientID string, permission KeycloakPermission, protectionAPIToken string) (string, error)
CreatePermission creates a Keycloak permission
func CreatePolicy ¶
func CreatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) (string, error)
CreatePolicy creates a Keycloak policy
func CreateResource ¶
func CreateResource(ctx context.Context, resource KeycloakResource, authzEndpoint string, protectionAPIToken string) (string, error)
CreateResource creates a Keycloak resource
func DeletePermission ¶
func DeletePermission(ctx context.Context, clientsEndpoint string, clientID string, permissionID string, protectionAPIToken string) error
DeletePermission deletes the Keycloak permission
func DeletePolicy ¶
func DeletePolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) error
DeletePolicy deletes the Keycloak policy
func DeleteResource ¶
func DeleteResource(ctx context.Context, kcResourceID string, authzEndpoint string, protectionAPIToken string) error
DeleteResource deletes the Keycloak resource assosiated with the space
func GetClientID ¶
func GetClientID(ctx context.Context, clientsEndpoint string, publicClientID string, protectionAPIToken string) (string, error)
GetClientID obtains the internal client ID associated with keycloak client
func GetEntitlement ¶
func GetEntitlement(ctx context.Context, entitlementEndpoint string, entitlementResource *EntitlementResource, userAccesToken string) (*string, error)
GetEntitlement obtains Entitlement for specific resource. If entitlementResource == nil then Entitlement for all resources available to the user is returned. Returns (nil, nil) if response status == Forbiden which means the user doesn't have permissions to obtain Entitlement
func GetProtectedAPIToken ¶
func GetProtectedAPIToken(ctx context.Context, openidConnectTokenURL string, clientID string, clientSecret string) (string, error)
GetProtectedAPIToken obtains a Protected API Token (PAT) from Keycloak
func UpdatePolicy ¶
func UpdatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) error
UpdatePolicy updates the Keycloak policy
Types ¶
type AuthzPolicyManager ¶
type AuthzPolicyManager interface { GetPolicy(ctx context.Context, request *goa.RequestData, policyID string) (*KeycloakPolicy, *string, error) UpdatePolicy(ctx context.Context, request *goa.RequestData, policy KeycloakPolicy, pat string) error AddUserToPolicy(p *KeycloakPolicy, userID string) bool RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool }
AuthzPolicyManager represents a space collaborators policy manager
type AuthzResourceManager ¶
type AuthzResourceManager interface { CreateResource(ctx context.Context, request *goa.RequestData, name string, rType string, uri *string, scopes *[]string, userID string) (*Resource, error) DeleteResource(ctx context.Context, request *goa.RequestData, resource Resource) error }
AuthzResourceManager represents a space resource manager
type EntitlementMeta ¶
type EntitlementMeta struct {
Limit string `json:"limit"`
}
EntitlementMeta represents the part of the payload where entitlement metadata is defined.
type EntitlementResource ¶
type EntitlementResource struct { Permissions []ResourceSet `json:"permissions"` MetaInformation EntitlementMeta `json:"metadata"` }
EntitlementResource represents a payload for obtaining entitlement for specific resource
type GormOauthStateReferenceRepository ¶
type GormOauthStateReferenceRepository struct {
// contains filtered or unexported fields
}
GormOauthStateReferenceRepository implements OauthStateReferenceRepository using gorm
func NewOauthStateReferenceRepository ¶
func NewOauthStateReferenceRepository(db *gorm.DB) *GormOauthStateReferenceRepository
NewOauthStateReferenceRepository creates a new oauth state reference repo
func (*GormOauthStateReferenceRepository) Create ¶
func (r *GormOauthStateReferenceRepository) Create(ctx context.Context, reference *OauthStateReference) (*OauthStateReference, error)
Create creates a new oauth state reference in the DB returns InternalError
func (*GormOauthStateReferenceRepository) Delete ¶
Delete deletes the reference with the given id returns NotFoundError or InternalError
func (*GormOauthStateReferenceRepository) Load ¶
func (r *GormOauthStateReferenceRepository) Load(ctx context.Context, id uuid.UUID) (*OauthStateReference, error)
Load loads state reference by ID
type KeycloakConfiguration ¶
type KeycloakConfiguration interface { GetKeycloakEndpointAuthzResourceset(*goa.RequestData) (string, error) GetKeycloakEndpointToken(*goa.RequestData) (string, error) GetKeycloakEndpointClients(*goa.RequestData) (string, error) GetKeycloakEndpointAdmin(*goa.RequestData) (string, error) GetKeycloakEndpointEntitlement(*goa.RequestData) (string, error) GetKeycloakClientID() string GetKeycloakSecret() string }
KeycloakConfiguration represents a keycloak configuration
type KeycloakPermission ¶
type KeycloakPermission struct { ID *string `json:"id,omitempty"` Name string `json:"name"` Type string `json:"type"` Logic string `json:"logic"` DecisionStrategy string `json:"decisionStrategy"` Config PermissionConfigData `json:"config"` }
KeycloakPermission represents a keycloak permission payload
type KeycloakPolicy ¶
type KeycloakPolicy struct { ID *string `json:"id,omitempty"` Name string `json:"name"` Type string `json:"type"` Logic string `json:"logic"` DecisionStrategy string `json:"decisionStrategy"` Config PolicyConfigData `json:"config"` }
KeycloakPolicy represents a keycloak policy payload
func GetPolicy ¶
func GetPolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) (*KeycloakPolicy, error)
GetPolicy obtains a policy from Keycloak
func (*KeycloakPolicy) AddUserToPolicy ¶
func (p *KeycloakPolicy) AddUserToPolicy(userID string) bool
AddUserToPolicy adds the user ID to the policy
func (*KeycloakPolicy) RemoveUserFromPolicy ¶
func (p *KeycloakPolicy) RemoveUserFromPolicy(userID string) bool
RemoveUserFromPolicy removes the user ID from the policy
type KeycloakPolicyManager ¶
type KeycloakPolicyManager struct {
// contains filtered or unexported fields
}
KeycloakPolicyManager implements AuthzPolicyManager interface
func NewKeycloakPolicyManager ¶
func NewKeycloakPolicyManager(config KeycloakConfiguration) *KeycloakPolicyManager
NewKeycloakPolicyManager constructs KeycloakPolicyManager
func (*KeycloakPolicyManager) AddUserToPolicy ¶
func (m *KeycloakPolicyManager) AddUserToPolicy(p *KeycloakPolicy, userID string) bool
AddUserToPolicy adds the user ID to the policy
func (*KeycloakPolicyManager) GetPolicy ¶
func (m *KeycloakPolicyManager) GetPolicy(ctx context.Context, request *goa.RequestData, policyID string) (*KeycloakPolicy, *string, error)
GetPolicy obtains the space collaborators policy
func (*KeycloakPolicyManager) RemoveUserFromPolicy ¶
func (m *KeycloakPolicyManager) RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool
RemoveUserFromPolicy removes the user ID from the policy
func (*KeycloakPolicyManager) UpdatePolicy ¶
func (m *KeycloakPolicyManager) UpdatePolicy(ctx context.Context, request *goa.RequestData, policy KeycloakPolicy, pat string) error
UpdatePolicy updates the space collaborators policy
type KeycloakResource ¶
type KeycloakResource struct { Name string `json:"name"` Owner *string `json:"owner,omitempty"` Type string `json:"type"` Scopes *[]string `json:"scopes,omitempty"` URI *string `json:"uri,omitempty"` }
KeycloakResource represents a keycloak resource payload
type KeycloakResourceManager ¶
type KeycloakResourceManager struct {
// contains filtered or unexported fields
}
KeycloakResourceManager implements AuthzResourceManager interface
func NewKeycloakResourceManager ¶
func NewKeycloakResourceManager(config KeycloakConfiguration) *KeycloakResourceManager
NewKeycloakResourceManager constructs KeycloakResourceManager
func (*KeycloakResourceManager) CreateResource ¶
func (m *KeycloakResourceManager) CreateResource(ctx context.Context, request *goa.RequestData, name string, rType string, uri *string, scopes *[]string, userID string) (*Resource, error)
CreateResource creates a keycloak resource and associated permission and policy
func (*KeycloakResourceManager) DeleteResource ¶
func (m *KeycloakResourceManager) DeleteResource(ctx context.Context, request *goa.RequestData, resource Resource) error
DeleteResource deletes the keycloak resource and associated permission and policy
type OauthStateReference ¶
type OauthStateReference struct { gormsupport.Lifecycle ID uuid.UUID `sql:"type:uuid default uuid_generate_v4()" gorm:"primary_key"` Referrer string }
OauthStateReference represents a oauth state reference
func (OauthStateReference) Equal ¶
func (r OauthStateReference) Equal(u convert.Equaler) bool
Equal returns true if two States objects are equal; otherwise false is returned.
func (OauthStateReference) TableName ¶
func (r OauthStateReference) TableName() string
TableName implements gorm.tabler
type OauthStateReferenceRepository ¶
type OauthStateReferenceRepository interface { Create(ctx context.Context, state *OauthStateReference) (*OauthStateReference, error) Delete(ctx context.Context, ID uuid.UUID) error Load(ctx context.Context, ID uuid.UUID) (*OauthStateReference, error) }
OauthStateReferenceRepository encapsulate storage & retrieval of state references
type PermissionConfigData ¶
type PermissionConfigData struct { Resources string `json:"resources"` ApplyPolicies string `json:"applyPolicies"` }
PermissionConfigData represents a config in the keycloak permission payload
type PolicyConfigData ¶
type PolicyConfigData struct { //"users":"[\"<ID>\",\"<ID>\"]" UserIDs string `json:"users"` }
PolicyConfigData represents a config in the keycloak policy payload
type ResourceSet ¶
type ResourceSet struct { Name string `json:"resource_set_name"` ID *string `json:"resource_set_id,omitempty"` }
ResourceSet represents a resource set for Entitlement payload
type Token ¶
type Token struct { AccessToken *string `json:"access_token,omitempty"` ExpiresIn *int64 `json:"expires_in,omitempty"` NotBeforePolicy *int64 `json:"not-before-policy,omitempty"` RefreshExpiresIn *int64 `json:"refresh_expires_in,omitempty"` RefreshToken *string `json:"refresh_token,omitempty"` TokenType *string `json:"token_type,omitempty"` }
Token represents a Keycloak token response