Documentation ¶
Index ¶
- Variables
- func CreateJWTForTokenRequest(subject string, audience string, privateKey *rsa.PrivateKey) (string, error)
- func ExportRsaPrivateKeyAsPem(key *rsa.PrivateKey) (string, error)
- func ExportRsaPublicKeyAsPem(key *rsa.PublicKey) (string, error)
- func GenerateRsaKeyPair() (*rsa.PrivateKey, *rsa.PublicKey)
- func ParseRsaPrivateKeyFromPem(pemValue []byte) (*rsa.PrivateKey, error)
- func ParseRsaPublicKeyFromPem(pemValue []byte) (*rsa.PublicKey, error)
- type AccessControl
- type BasicProvider
- type ClientCredentialsProvider
- type ClientIDClaim
- type ClientInfo
- type CustomClaims
- type KeyPair
- type NodeInfo
- type NodeJwtBearerProvider
- type Provider
- type ProviderConfig
- type ProviderManager
- func (pm *ProviderManager) AddProvider(providerConfig ProviderConfig) error
- func (pm *ProviderManager) DeleteProvider(name string) error
- func (pm *ProviderManager) FindByName(name string) (*ProviderConfig, error)
- func (pm *ProviderManager) ListProviders() ([]ProviderConfig, error)
- func (pm *ProviderManager) LoadValue(vp *ValueReader) string
- type ServiceCore
- func (serviceCore *ServiceCore) CheckGranted(ac *AccessControl, resource string, action string) bool
- func (serviceCore *ServiceCore) CreateJWTForTokenRequest(audience string) (string, error)
- func (serviceCore *ServiceCore) DeleteClientAccessControls(clientID string)
- func (serviceCore *ServiceCore) FilterDatasets(datasets []server.DatasetName, subject string) ([]server.DatasetName, error)
- func (serviceCore *ServiceCore) GetAccessControls(clientID string) []*AccessControl
- func (serviceCore *ServiceCore) GetActiveKeyPair() *KeyPair
- func (serviceCore *ServiceCore) GetAllAccessControls() map[string][]*AccessControl
- func (serviceCore *ServiceCore) GetClients() map[string]*ClientInfo
- func (serviceCore *ServiceCore) Init() error
- func (serviceCore *ServiceCore) MakeAdminJWT(clientKey string, clientSecret string) (string, error)
- func (serviceCore *ServiceCore) RegisterClient(clientInfo *ClientInfo)
- func (serviceCore *ServiceCore) SetClientAccessControls(clientID string, acls []*AccessControl)
- func (serviceCore *ServiceCore) ValidateClientJWTMakeJWTAccessToken(clientJWT string) (string, error)
- type TokenProviders
- func (providers *TokenProviders) Add(providerConfig ProviderConfig) error
- func (providers *TokenProviders) DeleteProvider(name string) error
- func (providers *TokenProviders) Get(providerName string) (Provider, bool)
- func (providers *TokenProviders) GetProviderConfig(name string) (*ProviderConfig, error)
- func (providers *TokenProviders) ListProviders() ([]ProviderConfig, error)
- func (providers *TokenProviders) UpdateProvider(name string, provider ProviderConfig) error
- type ValueReader
Constants ¶
This section is empty.
Variables ¶
var ErrLoginProviderNotFound = errors.New("login provider not found")
Functions ¶
func ExportRsaPrivateKeyAsPem ¶
func ExportRsaPrivateKeyAsPem(key *rsa.PrivateKey) (string, error)
func GenerateRsaKeyPair ¶
func GenerateRsaKeyPair() (*rsa.PrivateKey, *rsa.PublicKey)
func ParseRsaPrivateKeyFromPem ¶
func ParseRsaPrivateKeyFromPem(pemValue []byte) (*rsa.PrivateKey, error)
Types ¶
type AccessControl ¶
AccessControl allows or denies action on a resource Allowed actions are: read, write (write implies delete) Resources are: nodeid/datasets/[name] with * nodeid/* gives access to all endpoints nodeid/jobs/* nodeid/content/name or *
type BasicProvider ¶
func (BasicProvider) Authorize ¶
func (p BasicProvider) Authorize(req *http.Request)
type ClientCredentialsProvider ¶
type ClientCredentialsProvider struct {
// contains filtered or unexported fields
}
ClientCredentialsProvider contains the auth0 configuration
func NewClientCredentialsProvider ¶
func NewClientCredentialsProvider(logger *zap.SugaredLogger, conf ProviderConfig, pm *ProviderManager) *ClientCredentialsProvider
NewClientCredentialsProvider creates a new ClientCredentialsProvider struct, populated with the values from Viper.
func (*ClientCredentialsProvider) Authorize ¶
func (tp *ClientCredentialsProvider) Authorize(req *http.Request)
type ClientIDClaim ¶
type ClientIDClaim struct { Message []byte // encrypted message MessageHashSum int // signed Signature []byte Algorithm string // contains filtered or unexported fields }
ClientIDClaim used by a client to assert it is who they say they are.
type ClientInfo ¶
type CustomClaims ¶
type CustomClaims struct { Scope string `json:"scope"` Scp []string `json:"scp"` Gty string `json:"gty"` Adm bool `json:"adm"` Roles []string `json:"roles"` ClientID string `json:"client_id"` jwt.RegisteredClaims }
func (CustomClaims) Scopes ¶
func (claims CustomClaims) Scopes() []string
type KeyPair ¶
type KeyPair struct { PrivateKey *rsa.PrivateKey PublicKey *rsa.PublicKey Active bool Expires uint64 }
func NewKeyPair ¶
type NodeInfo ¶
NodeInfo is a data structure that represents a node in the security topology
func NewNodeInfo ¶
type NodeJwtBearerProvider ¶
type NodeJwtBearerProvider struct {
// contains filtered or unexported fields
}
NodeJwtBearerProvider contains the auth0 configuration
func NewNodeJwtBearerProvider ¶
func NewNodeJwtBearerProvider( logger *zap.SugaredLogger, serviceCore *ServiceCore, conf ProviderConfig, ) *NodeJwtBearerProvider
func (*NodeJwtBearerProvider) Authorize ¶
func (nodeTokenProvider *NodeJwtBearerProvider) Authorize(req *http.Request)
type ProviderConfig ¶
type ProviderConfig struct { Name string `json:"name"` Type string `json:"type"` User *ValueReader `json:"user,omitempty"` Password *ValueReader `json:"password,omitempty"` ClientID *ValueReader `json:"key,omitempty"` ClientSecret *ValueReader `json:"secret,omitempty"` Audience *ValueReader `json:"audience,omitempty"` Endpoint *ValueReader `json:"endpoint,omitempty"` }
type ProviderManager ¶
type ProviderManager struct {
// contains filtered or unexported fields
}
func NewProviderManager ¶
func NewProviderManager(env *conf.Config, store *server.Store, log *zap.SugaredLogger) *ProviderManager
func (*ProviderManager) AddProvider ¶
func (pm *ProviderManager) AddProvider(providerConfig ProviderConfig) error
func (*ProviderManager) DeleteProvider ¶
func (pm *ProviderManager) DeleteProvider(name string) error
func (*ProviderManager) FindByName ¶
func (pm *ProviderManager) FindByName(name string) (*ProviderConfig, error)
func (*ProviderManager) ListProviders ¶
func (pm *ProviderManager) ListProviders() ([]ProviderConfig, error)
func (*ProviderManager) LoadValue ¶
func (pm *ProviderManager) LoadValue(vp *ValueReader) string
type ServiceCore ¶
type ServiceCore struct { // admin client key for node admin AdminClientKey string // admin client secret for node admin AdminClientSecret string // storage location for this node's data Location string // this node info NodeInfo *NodeInfo // contains filtered or unexported fields }
ServiceCore provides core logic for management of data and verification of client claims and requests for access of resources.
func NewServiceCore ¶
func NewServiceCore(env *conf.Config) *ServiceCore
func (*ServiceCore) CheckGranted ¶
func (serviceCore *ServiceCore) CheckGranted(ac *AccessControl, resource string, action string) bool
func (*ServiceCore) CreateJWTForTokenRequest ¶
func (serviceCore *ServiceCore) CreateJWTForTokenRequest(audience string) (string, error)
CreateJWTForTokenRequest returns a JWT token that can be used to get an access token to a remote endpoint
func (*ServiceCore) DeleteClientAccessControls ¶
func (serviceCore *ServiceCore) DeleteClientAccessControls(clientID string)
func (*ServiceCore) FilterDatasets ¶
func (serviceCore *ServiceCore) FilterDatasets( datasets []server.DatasetName, subject string, ) ([]server.DatasetName, error)
FilterDatasets given a list of datasets returns the ones that the user has access to
func (*ServiceCore) GetAccessControls ¶
func (serviceCore *ServiceCore) GetAccessControls(clientID string) []*AccessControl
func (*ServiceCore) GetActiveKeyPair ¶
func (serviceCore *ServiceCore) GetActiveKeyPair() *KeyPair
func (*ServiceCore) GetAllAccessControls ¶
func (serviceCore *ServiceCore) GetAllAccessControls() map[string][]*AccessControl
func (*ServiceCore) GetClients ¶
func (serviceCore *ServiceCore) GetClients() map[string]*ClientInfo
func (*ServiceCore) Init ¶
func (serviceCore *ServiceCore) Init() error
Init ensures that local storage is available
func (*ServiceCore) MakeAdminJWT ¶
func (serviceCore *ServiceCore) MakeAdminJWT(clientKey string, clientSecret string) (string, error)
func (*ServiceCore) RegisterClient ¶
func (serviceCore *ServiceCore) RegisterClient(clientInfo *ClientInfo)
func (*ServiceCore) SetClientAccessControls ¶
func (serviceCore *ServiceCore) SetClientAccessControls(clientID string, acls []*AccessControl)
func (*ServiceCore) ValidateClientJWTMakeJWTAccessToken ¶
func (serviceCore *ServiceCore) ValidateClientJWTMakeJWTAccessToken(clientJWT string) (string, error)
type TokenProviders ¶
type TokenProviders struct { Providers *map[string]Provider ServiceCore *ServiceCore // contains filtered or unexported fields }
func NewTokenProviders ¶
func NewTokenProviders( logger *zap.SugaredLogger, providerManager *ProviderManager, serviceCore *ServiceCore, ) *TokenProviders
NewTokenProviders provides a map of token providers, keyed on the name of the token provider struct as lower_case.
func (*TokenProviders) Add ¶
func (providers *TokenProviders) Add(providerConfig ProviderConfig) error
func (*TokenProviders) DeleteProvider ¶
func (providers *TokenProviders) DeleteProvider(name string) error
func (*TokenProviders) Get ¶
func (providers *TokenProviders) Get(providerName string) (Provider, bool)
func (*TokenProviders) GetProviderConfig ¶
func (providers *TokenProviders) GetProviderConfig(name string) (*ProviderConfig, error)
func (*TokenProviders) ListProviders ¶
func (providers *TokenProviders) ListProviders() ([]ProviderConfig, error)
func (*TokenProviders) UpdateProvider ¶
func (providers *TokenProviders) UpdateProvider(name string, provider ProviderConfig) error