Documentation
¶
Overview ¶
grp contains methods to parse the various group-formats for
ActiveDirectory and UNIX LDAP.
ActiveDirectory: TnPg_Srv_Appkaas-clustername-namespace-role_full
UNIX-LDAP: tnnt_kaas-clustername-namespace-role
Tn, tnnt are the tenant-prefixes
For group policies all that matters are the elements of the stripped
"inner" group-name, in this case "clustername", "namespace", "role"
Index ¶
- Constants
- func ParseConnectorId(connectorId string) (jwtTenant string, directory string, err error)
- type Config
- type Group
- type GroupContext
- type GroupContextParseFunc
- type GroupExpression
- type Grpr
- func (g *Grpr) GroupEncodeName(name string) string
- func (g *Grpr) GroupEncodeNames(names []string) []string
- func (g *Grpr) IsProviderTenant(tenant string, directoryType string) (bool, error)
- func (g *Grpr) NewGroup(app, clusterTenant, cluster, namespace, role string) *Group
- func (g *Grpr) ParseADGroup(groupname string) (*GroupContext, error)
- func (g *Grpr) ParseGroupName(groupname string) (*Group, error)
- func (g *Grpr) ParseUnixLDAPGroup(groupname string) (*GroupContext, error)
- func (g *Grpr) SelectGroupParseFunc(directoryType string) (GroupContextParseFunc, error)
Constants ¶
const (
// "wildcard" for allowing all variants
All = "all"
)
Naming conventions for groups:
ActiveDirectory: TnPg_Srv_Appkaas-clustername-namespace-role_full
TenantPrefix: Tn = Tenant-Prefix GroupType: Pg = PermissionGroup SecondLevelOU: Srv Referenz: App (App-Permission) innerGroupName: kaas-clustername-namespace-role Permission: Full | Mod | Read
UNIX-LDAP: tnnt_kaas-clustername-namespace-role TenantPrefix: tnnt innerGroupName: kaas-clustername-namespace-role
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
// tenant-prefixes are dependant on directory-environment
ProviderTenant string
}
type Group ¶
type Group struct {
// Application
AppPrefix string
// Tenant of the cluster, if is not the same as the tenant prefix (example: ddd of group tnnt_ddd#dev-all-admin)
ClusterTenant string
// name of the cluster
ClusterName string
// namespace in the cluster
Namespace string
// role in the given context
Role string
}
Group information
func (*Group) ToCanonicalGroupString ¶
ToCanonicalGroupString returns formatted group [app]-[clustername]-[namespace]-[role], the clusterTenant is left out!
func (*Group) ToFullGroupString ¶
ToFullGroupString returns formatted group [app]-[opt. clustertenant][clustername]-[namespace]-[role]
func (*Group) ToPrefixedGroupString ¶
returns formatted group [prefix][namespace]-[role]
type GroupContext ¶
type GroupContext struct {
// tenant of the group (example: tnnt of group tnns_all_all_admin)
TenantPrefix string
// group
Group
}
Group with Context (Tenant)
type GroupContextParseFunc ¶
type GroupContextParseFunc func(group string) (*GroupContext, error)
common signature for the GroupContext parsing funcs
type GroupExpression ¶
type GroupExpression struct {
// Application
AppPrefix string
// name of the cluster
ClusterName string
// namespace in the cluster
Namespace string
// role in the given context
Role string
}
GroupExpression can be used to find matching groups all fields support "*" as wildcard if they should match everything
func (*GroupExpression) Matches ¶
func (g *GroupExpression) Matches(group Group) bool
Matches returns if the given groupExpression matches this Group
type Grpr ¶
type Grpr struct {
// contains filtered or unexported fields
}
Grpr encapsulates conversion from and to groups.
func MustNewGrpr ¶
Init configures the Grpr and panics if an error occurs.
func (*Grpr) GroupEncodeName ¶
encodes the name so that it can be used in groups, i.e. "-" are replaced by "$"
func (*Grpr) GroupEncodeNames ¶
encodes the names so that it can be used in groups, i.e. "-" are replaced by "$"
func (*Grpr) IsProviderTenant ¶
IsProviderTenant returns true, if the given tenant is the provider/operator of the service i.e. "tnnt" or "Tn" in our case
func (*Grpr) NewGroup ¶
NewGroup creates the Group with the given content. Clustername and Namespace will be groupname-encoded.
func (*Grpr) ParseADGroup ¶
func (g *Grpr) ParseADGroup(groupname string) (*GroupContext, error)
Parse parses and structurally validates a group. The result contains normalized (toLower) results. TnPg_Srv_Appkaas-cluster-namespace-role_full
func (*Grpr) ParseGroupName ¶
parses the "inner" groupname with stripped tenant prefixes and idm-suffixes example kaas-clustername-namespace-role
func (*Grpr) ParseUnixLDAPGroup ¶
func (g *Grpr) ParseUnixLDAPGroup(groupname string) (*GroupContext, error)
Parse parses and structurally validates a group. The result contains normalized (toLower) results. tnnt_kaas-clustername-namespace-role
func (*Grpr) SelectGroupParseFunc ¶
func (g *Grpr) SelectGroupParseFunc(directoryType string) (GroupContextParseFunc, error)
SelectGroupParseFunc selects the parsing func according to the given directoryType, see constants
Source Files