authmodel

package
v8.0.0-...-c526a22 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Middleware

func Middleware(a Authenticator) func(http.Handler) http.Handler

Middleware checks each request for authentication. If successful, the user's information is appended to the log context and request context. If not, an error is returned and the inner handler is skipped.

Types

type AuthMetadata

type AuthMetadata struct {
	Type AuthType `json:"type"`
	// azure AD
	Authority string   `json:"authority,omitempty"`
	ClientID  string   `json:"client_id,omitempty"`
	Scopes    []string `json:"scopes,omitempty"`
}

type AuthType

type AuthType string
const (
	AuthTypeCertificate AuthType = "https://relic.sas.com/auth/certificate"
	AuthTypeBearerToken AuthType = "https://relic.sas.com/auth/bearer-token"
	AuthTypeAzureAD     AuthType = "https://relic.sas.com/auth/azure-ad"
)

type Authenticator

type Authenticator interface {
	Authenticate(req *http.Request) (UserInfo, error)
}

func New

func New(conf *config.Config) (Authenticator, error)

New creates an authenticator based on the provided server configuration

type CertificateAuth

type CertificateAuth struct {
	Config *config.Config
}

CertificateAuth requires all callers have a client certificate that either has its fingerprint explicitly configured with access, or is signed by a configured CA.

func (*CertificateAuth) Authenticate

func (a *CertificateAuth) Authenticate(req *http.Request) (UserInfo, error)

type CertificateInfo

type CertificateInfo struct {
	Name    string
	Subject string
	Roles   []string
}

func (*CertificateInfo) Allowed

func (c *CertificateInfo) Allowed(keyConf *config.KeyConfig) bool

func (*CertificateInfo) AuditContext

func (c *CertificateInfo) AuditContext(info *audit.Info)

type Metadata

type Metadata struct {
	Hosts []string       `json:"hosts"`
	Auth  []AuthMetadata `json:"auth"`
}

type PolicyAuth

type PolicyAuth struct {
	// contains filtered or unexported fields
}

func (*PolicyAuth) Authenticate

func (a *PolicyAuth) Authenticate(req *http.Request) (UserInfo, error)

type PolicyInfo

type PolicyInfo struct {
	Subject     string
	Roles       []string
	AllowedKeys []string

	Claims     map[string]interface{}
	DecisionID string
}

func (*PolicyInfo) Allowed

func (i *PolicyInfo) Allowed(keyConf *config.KeyConfig) bool

Allowed checks whether the named key is visible to the current user

func (*PolicyInfo) AuditContext

func (i *PolicyInfo) AuditContext(info *audit.Info)

AuditContext amends an audit record with the authenticated user's name and other relevant details

type UserInfo

type UserInfo interface {
	// Allowed checks whether the named key is visible to the current user
	Allowed(*config.KeyConfig) bool
	// AuditContext amends an audit record with the authenticated user's name
	// and other relevant details
	AuditContext(info *audit.Info)
}

func RequestInfo

func RequestInfo(req *http.Request) UserInfo

RequestInfo returns information about the calling user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL