grp

package
v0.8.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2021 License: MIT Imports: 3 Imported by: 1

Documentation

Overview

	grp contains methods to parse the various group-formats for
	ActiveDirectory and UNIX LDAP.

	ActiveDirectory: 	TnPg_Srv_Appkaas-clustername-namespace-role_full
	UNIX-LDAP:			tnnt_kaas-clustername-namespace-role

	Tn, tnnt are the tenant-prefixes

	For group policies all that matters are the elements of the stripped
    "inner" group-name, in this case "clustername", "namespace", "role"

Index

Constants

View Source
const (

	// "wildcard" for allowing all variants
	All = "all"
)

Naming conventions for groups:

ActiveDirectory: TnPg_Srv_Appkaas-clustername-namespace-role_full

TenantPrefix: Tn = Tenant-Prefix GroupType: Pg = PermissionGroup SecondLevelOU: Srv Referenz: App (App-Permission) innerGroupName: kaas-clustername-namespace-role Permission: Full | Mod | Read

UNIX-LDAP: tnnt_kaas-clustername-namespace-role TenantPrefix: tnnt innerGroupName: kaas-clustername-namespace-role

View Source
const Any = "*"

Variables

This section is empty.

Functions

func ParseConnectorId

func ParseConnectorId(connectorId string) (jwtTenant string, directory string, err error)

parses the connectorId, convention is "[tenant]_[directory]" optionally there can be arbitrary additional fields that are ignored

Types

type Config

type Config struct {
	// tenant-prefixes are dependant on directory-environment
	ProviderTenant string
}

type Group

type Group struct {
	// AppPrefix is id of the Application, e.g. kaas, k8s,... (example: 'app' for group 'app-ddd#dev-all-admin')
	AppPrefix string
	// OnBehalfTenant is the id of the tenant of the resource this group grants permissions on (example: 'ddd' for group 'app-ddd#dev-all-admin')
	OnBehalfTenant string
	// FirstScope e.g. for app kaas name of the project, for app k8s name of the cluster (example: 'dev' for group 'app-ddd#dev-all-admin')
	FirstScope string
	// SecondScope e.g. for app kaas name of the cluster, for app k8s namespace in the cluster (example: 'all' for group 'app-ddd#dev-all-admin')
	SecondScope string
	// Role is the in the given context (example: 'admin' for group 'app-ddd#dev-all-admin')
	Role string
}

Group information

func (*Group) ToCanonicalGroupString

func (g *Group) ToCanonicalGroupString() string

ToCanonicalGroupString returns formatted group [app]-[firstScope]-[secondScope]-[role], the onBehalfTenant is left out!

func (*Group) ToFullGroupString

func (g *Group) ToFullGroupString() string

ToFullGroupString returns formatted group [app]-[opt. onBehalfTenant][firstScope]-[secondScope]-[role]

func (*Group) ToPrefixedGroupString

func (g *Group) ToPrefixedGroupString(prefix string) string

returns formatted group [prefix][secondScope]-[role]

type GroupContext

type GroupContext struct {
	// tenant of the group (example: tnnt of group tnnt_api-all-all-admin)
	TenantPrefix string

	// group
	Group
}

Group with Context (Tenant)

type GroupContextParseFunc

type GroupContextParseFunc func(group string) (*GroupContext, error)

common signature for the GroupContext parsing funcs

type GroupExpression

type GroupExpression struct {
	// Application
	AppPrefix string
	// first resource scope
	FirstScope string
	// second resource scope
	SecondScope string
	// role in the given context
	Role string
}

GroupExpression can be used to find matching groups of the schema "[appPrefix]-[firstScope]-[secondScope]-[role]" all fields support "*" as wildcard if they should match everything

func (*GroupExpression) Matches

func (g *GroupExpression) Matches(group Group) bool

Matches returns if the given groupExpression matches this Group

type Grpr

type Grpr struct {
	// contains filtered or unexported fields
}

Grpr encapsulates conversion from and to groups.

func MustNewGrpr

func MustNewGrpr(cfg Config) *Grpr

Init configures the Grpr and panics if an error occurs.

func NewGrpr

func NewGrpr(cfg Config) (*Grpr, error)

Init configures the Grpr

func (*Grpr) GroupEncodeName

func (g *Grpr) GroupEncodeName(name string) string

encodes the name so that it can be used in groups, i.e. "-" are replaced by "$"

func (*Grpr) GroupEncodeNames

func (g *Grpr) GroupEncodeNames(names []string) []string

encodes the names so that it can be used in groups, i.e. "-" are replaced by "$"

func (*Grpr) IsProviderTenant

func (g *Grpr) IsProviderTenant(tenant string, directoryType string) (bool, error)

IsProviderTenant returns true, if the given tenant is the provider/operator of the service i.e. "tnnt" or "Tn" in our case

func (*Grpr) NewGroup

func (g *Grpr) NewGroup(app, onBehalfTenant, firstScope, secondScope, role string) *Group

NewGroup creates the Group with the given content. FirstScope and SecondScope will be groupname-encoded.

func (*Grpr) ParseADGroup

func (g *Grpr) ParseADGroup(groupname string) (*GroupContext, error)

Parse parses and structurally validates a group. The result contains normalized (toLower) results. TnPg_Srv_Appkaas-cluster-namespace-role_full

func (*Grpr) ParseGroupName

func (g *Grpr) ParseGroupName(groupname string) (*Group, error)

parses the "inner" groupname with stripped tenant prefixes and idm-suffixes example kaas-clustername-namespace-role

func (*Grpr) ParseUnixLDAPGroup

func (g *Grpr) ParseUnixLDAPGroup(groupname string) (*GroupContext, error)

Parse parses and structurally validates a group. The result contains normalized (toLower) results. tnnt_kaas-clustername-namespace-role

func (*Grpr) SelectGroupParseFunc

func (g *Grpr) SelectGroupParseFunc(directoryType string) (GroupContextParseFunc, error)

SelectGroupParseFunc selects the parsing func according to the given directoryType, see constants

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL