Documentation
¶
Overview ¶
Package auth is responsible for authentication
Index ¶
- Constants
- Variables
- func NewService(opts Options) *service
- func NewTeamCommand(api *otfapi.Client) *cobra.Command
- func NewUserCommand(api *otfapi.Client) *cobra.Command
- type AuthService
- type Authorizer
- type Client
- func (c *Client) AddTeamMembership(ctx context.Context, teamID string, usernames []string) error
- func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
- func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
- func (c *Client) DeleteTeam(ctx context.Context, id string) error
- func (c *Client) DeleteUser(ctx context.Context, username string) error
- func (c *Client) GetTeam(ctx context.Context, organization, name string) (*Team, error)
- func (c *Client) RemoveTeamMembership(ctx context.Context, teamID string, usernames []string) error
- type CreateTeamOptions
- type CreateUserOptions
- type NewUserOption
- type Options
- type OrganizationAccess
- type OrganizationAccessOptions
- type OrganizationService
- type Team
- func (t *Team) CanAccessOrganization(action rbac.Action, org string) bool
- func (t *Team) CanAccessSite(action rbac.Action) bool
- func (t *Team) CanAccessTeam(action rbac.Action, id string) bool
- func (t *Team) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (t *Team) IsOwner(organization string) bool
- func (t *Team) IsOwners() bool
- func (t *Team) IsSiteAdmin() bool
- func (t *Team) OrganizationAccess() OrganizationAccess
- func (t *Team) Organizations() []string
- func (t *Team) String() string
- func (t *Team) Update(opts UpdateTeamOptions) error
- type TeamCLI
- type TeamService
- type UpdateTeamOptions
- type User
- func (u *User) CanAccessOrganization(action rbac.Action, org string) bool
- func (u *User) CanAccessSite(action rbac.Action) bool
- func (u *User) CanAccessTeam(action rbac.Action, teamID string) bool
- func (u *User) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (u *User) IsOwner(organization string) bool
- func (u *User) IsSiteAdmin() bool
- func (u *User) IsTeamMember(teamID string) bool
- func (u *User) Organizations() []string
- func (u *User) String() string
- type UserCLI
- type UserListOptions
- type UserService
- type UserSpec
Constants ¶
View Source
const ( SiteAdminID = "user-site-admin" SiteAdminUsername = "site-admin" )
Variables ¶
View Source
var ErrCannotDeleteOnlyOwner = errors.New("cannot remove the last owner")
View Source
var ErrRemovingOwnersTeamNotPermitted = errors.New("the owners team cannot be deleted")
View Source
var (
SiteAdmin = User{ID: SiteAdminID, Username: SiteAdminUsername}
)
Functions ¶
func NewService ¶
func NewService(opts Options) *service
Types ¶
type AuthService ¶
type AuthService interface {
TeamService
UserService
}
type Authorizer ¶ added in v0.1.15
Authorizer authorizes access to a team
type Client ¶
type Client struct {
internal.JSONAPIClient
AuthService
}
func (*Client) AddTeamMembership ¶
AddTeamMembership adds users to a team via HTTP.
func (*Client) CreateTeam ¶
func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
CreateTeam creates a team via HTTP/JSONAPI.
func (*Client) CreateUser ¶
func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
CreateUser creates a user via HTTP/JSONAPI. Options are ignored.
func (*Client) DeleteTeam ¶
DeleteTeam deletes a team via HTTP/JSONAPI.
func (*Client) DeleteUser ¶
DeleteUser deletes a user via HTTP/JSONAPI.
type CreateTeamOptions ¶
type CreateTeamOptions struct {
// Name of team to create
Name *string `json:"name" schema:"name,required"`
OrganizationAccessOptions
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
SSOTeamID *string
Visibility *string
}
type CreateUserOptions ¶ added in v0.1.15
type CreateUserOptions struct {
Username string `json:"username"`
}
type NewUserOption ¶
type NewUserOption func(*User)
func WithTeams ¶
func WithTeams(memberships ...*Team) NewUserOption
type Options ¶
type Options struct {
*sql.DB
*tfeapi.Responder
html.Renderer
internal.HostnameService
organization.OrganizationService
logr.Logger
}
type OrganizationAccess ¶
type OrganizationAccess struct {
ManageWorkspaces bool // admin access on all workspaces
ManageVCS bool // manage VCS providers
ManageModules bool // manage module registry
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
ManageProviders bool
ManagePolicies bool
ManagePolicyOverrides bool
}
OrganizationAccess defines a team's organization access.
type OrganizationAccessOptions ¶ added in v0.0.50
type OrganizationAccessOptions struct {
ManageWorkspaces *bool `schema:"manage_workspaces"`
ManageVCS *bool `schema:"manage_vcs"`
ManageModules *bool `schema:"manage_modules"`
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
ManageProviders *bool
ManagePolicies *bool
ManagePolicyOverrides *bool
}
OrganizationAccessOptions defines access to be granted upon team creation or to grant/rescind to/from an existing team.
type OrganizationService ¶
type OrganizationService organization.Service
Aliases to disambiguate service names when embedded together.
type Team ¶
type Team struct {
ID string `jsonapi:"primary,teams"`
CreatedAt time.Time `jsonapi:"attribute" json:"created-at"`
Name string `jsonapi:"attribute" json:"name"`
Organization string `jsonapi:"attribute" json:"organization"`
Access OrganizationAccess
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
Visibility string
SSOTeamID *string
}
Team is a group of users sharing a level of authorization.
func CreateTestTeam ¶
func CreateTestTeam(t *testing.T, db *sql.DB, organization *organization.Organization) *Team
func (*Team) CanAccessOrganization ¶ added in v0.1.15
func (*Team) CanAccessTeam ¶ added in v0.1.15
func (*Team) CanAccessWorkspace ¶ added in v0.1.15
func (*Team) IsSiteAdmin ¶ added in v0.1.15
func (*Team) OrganizationAccess ¶
func (t *Team) OrganizationAccess() OrganizationAccess
func (*Team) Organizations ¶ added in v0.1.15
func (*Team) Update ¶
func (t *Team) Update(opts UpdateTeamOptions) error
type TeamCLI ¶ added in v0.1.9
type TeamCLI struct {
AuthService
}
type TeamService ¶
type TeamService interface {
CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
GetTeam(ctx context.Context, organization, team string) (*Team, error)
GetTeamByID(ctx context.Context, teamID string) (*Team, error)
GetTeamByTokenID(ctx context.Context, teamTokenID string) (*Team, error)
ListTeams(ctx context.Context, organization string) ([]*Team, error)
ListTeamMembers(ctx context.Context, teamID string) ([]*User, error)
UpdateTeam(ctx context.Context, teamID string, opts UpdateTeamOptions) (*Team, error)
DeleteTeam(ctx context.Context, teamID string) error
}
type UpdateTeamOptions ¶
type UpdateTeamOptions struct {
Name *string
OrganizationAccessOptions
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
SSOTeamID *string
Visibility *string
}
type User ¶
type User struct {
ID string `jsonapi:"primary,users"`
CreatedAt time.Time `jsonapi:"attribute" json:"created-at"`
UpdatedAt time.Time `jsonapi:"attribute" json:"updated-at"`
SiteAdmin bool `jsonapi:"attribute" json:"site-admin"`
// username is globally unique
Username string `jsonapi:"attribute" json:"username"`
// user belongs to many teams
Teams []*Team
}
User represents an OTF user account.
func NewUser ¶
func NewUser(username string, opts ...NewUserOption) *User
func UserFromContext ¶
UserFromContext retrieves a user from a context
func (*User) CanAccessOrganization ¶
func (*User) CanAccessTeam ¶ added in v0.1.15
func (*User) CanAccessWorkspace ¶
func (*User) IsSiteAdmin ¶
IsSiteAdmin determines whether user is a site admin. A user is a site admin in either of two cases: (1) their account has been promoted to site admin (think sudo) (2) the account is *the* site admin (think root)
func (*User) IsTeamMember ¶
IsTeamMember determines whether user is a member of the given team.
func (*User) Organizations ¶
Organizations returns the user's membership of organizations (indirectly via their membership of teams).
NOTE: always returns a non-nil slice
type UserCLI ¶ added in v0.1.9
type UserCLI struct {
UserService
}
type UserListOptions ¶
UserListOptions are options for the ListUsers endpoint.
type UserService ¶
type UserService interface {
CreateUser(ctx context.Context, username string, opts ...NewUserOption) (*User, error)
GetUser(ctx context.Context, spec UserSpec) (*User, error)
ListUsers(ctx context.Context) ([]*User, error)
ListOrganizationUsers(ctx context.Context, organization string) ([]*User, error)
DeleteUser(ctx context.Context, username string) error
AddTeamMembership(ctx context.Context, teamID string, usernames []string) error
RemoveTeamMembership(ctx context.Context, teamID string, usernames []string) error
SetSiteAdmins(ctx context.Context, usernames ...string) error
}
Source Files
Click to show internal directories.
Click to hide internal directories.