authz

package
v0.0.0-...-42d02a7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnauthorized = apierror.Errorf("You are authenticated, but your account is not authorized to perform this action.")

Functions

func AssignRoleToServiceAccount 

func AssignRoleToServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, roleName string) error

func CanAssignRole 

func CanAssignRole(ctx context.Context, roleName string, targetTeamSlug *slug.Slug) (bool, error)

func CanCreateRepositories 

func CanCreateRepositories(ctx context.Context, teamSlug slug.Slug) error

func CanCreateSecrets 

func CanCreateSecrets(ctx context.Context, teamSlug slug.Slug) error

func CanCreateServiceAccounts 

func CanCreateServiceAccounts(ctx context.Context, teamSlug *slug.Slug) error

func CanCreateTeam 

func CanCreateTeam(ctx context.Context) error

func CanCreateUnleash 

func CanCreateUnleash(ctx context.Context, teamSlug slug.Slug) error

func CanDeleteApplications 

func CanDeleteApplications(ctx context.Context, teamSlug slug.Slug) error

func CanDeleteJobs 

func CanDeleteJobs(ctx context.Context, teamSlug slug.Slug) error

func CanDeleteRepositories 

func CanDeleteRepositories(ctx context.Context, teamSlug slug.Slug) error

func CanDeleteSecrets 

func CanDeleteSecrets(ctx context.Context, teamSlug slug.Slug) error

func CanDeleteServiceAccounts 

func CanDeleteServiceAccounts(ctx context.Context, teamSlug *slug.Slug) error

func CanDeleteTeam 

func CanDeleteTeam(ctx context.Context, teamSlug slug.Slug) error

func CanManageTeamMembers 

func CanManageTeamMembers(ctx context.Context, teamSlug slug.Slug) error

func CanReadDeployKey 

func CanReadDeployKey(ctx context.Context, teamSlug slug.Slug) error

func CanReadSecrets 

func CanReadSecrets(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateApplications 

func CanUpdateApplications(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateDeployKey 

func CanUpdateDeployKey(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateJobs 

func CanUpdateJobs(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateSecrets 

func CanUpdateSecrets(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateServiceAccounts 

func CanUpdateServiceAccounts(ctx context.Context, teamSlug *slug.Slug) error

func CanUpdateTeamMetadata 

func CanUpdateTeamMetadata(ctx context.Context, teamSlug slug.Slug) error

func CanUpdateUnleash 

func CanUpdateUnleash(ctx context.Context, teamSlug slug.Slug) error

func ContextWithActor 

func ContextWithActor(ctx context.Context, user AuthenticatedUser, roles []*Role) context.Context

ContextWithActor Return a context with an actor attached to it.

func MakeUserTeamMember 

func MakeUserTeamMember(ctx context.Context, userID uuid.UUID, teamSlug slug.Slug) error

func MakeUserTeamOwner 

func MakeUserTeamOwner(ctx context.Context, userID uuid.UUID, teamSlug slug.Slug) error

func NewLoaderContext 

func NewLoaderContext(ctx context.Context, dbConn *pgxpool.Pool) context.Context

func RequireGlobalAdmin 

func RequireGlobalAdmin(ctx context.Context) error

func RevokeRoleFromServiceAccount 

func RevokeRoleFromServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, roleName string) error

func ServiceAccountHasRole 

func ServiceAccountHasRole(ctx context.Context, serviceAccountID uuid.UUID, roleName string) (bool, error)

Types

type Actor 

type Actor struct {
	User  AuthenticatedUser
	Roles []*Role
}

func ActorFromContext 

func ActorFromContext(ctx context.Context) *Actor

ActorFromContext Get the actor stored in the context. Requires that a middleware has stored an actor in the first place.

type AuthenticatedUser 

type AuthenticatedUser interface {
	GetID() uuid.UUID
	Identity() string
	IsServiceAccount() bool
	IsAdmin() bool
}

type ContextKey 

type ContextKey string

type ErrMissingAuthorization 

type ErrMissingAuthorization struct {
	// contains filtered or unexported fields
}

func (ErrMissingAuthorization) Error 

func (e ErrMissingAuthorization) Error() string

func (ErrMissingAuthorization) GraphError 

func (e ErrMissingAuthorization) GraphError() string

type MockAuthenticatedUser 

type MockAuthenticatedUser struct {
	mock.Mock
}

MockAuthenticatedUser is an autogenerated mock type for the AuthenticatedUser type

func NewMockAuthenticatedUser 

func NewMockAuthenticatedUser(t interface {
	mock.TestingT
	Cleanup(func())
},
) *MockAuthenticatedUser

NewMockAuthenticatedUser creates a new instance of MockAuthenticatedUser. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. The first argument is typically a *testing.T value.

func (*MockAuthenticatedUser) EXPECT 

func (_m *MockAuthenticatedUser) EXPECT() *MockAuthenticatedUser_Expecter

func (*MockAuthenticatedUser) GetID 

func (_m *MockAuthenticatedUser) GetID() uuid.UUID

GetID provides a mock function with no fields

func (*MockAuthenticatedUser) Identity 

func (_m *MockAuthenticatedUser) Identity() string

Identity provides a mock function with no fields

func (*MockAuthenticatedUser) IsAdmin 

func (_m *MockAuthenticatedUser) IsAdmin() bool

IsAdmin provides a mock function with no fields

func (*MockAuthenticatedUser) IsServiceAccount 

func (_m *MockAuthenticatedUser) IsServiceAccount() bool

IsServiceAccount provides a mock function with no fields

type MockAuthenticatedUser_Expecter 

type MockAuthenticatedUser_Expecter struct {
	// contains filtered or unexported fields
}

func (*MockAuthenticatedUser_Expecter) GetID 

func (_e *MockAuthenticatedUser_Expecter) GetID() *MockAuthenticatedUser_GetID_Call

GetID is a helper method to define mock.On call

func (*MockAuthenticatedUser_Expecter) Identity 

func (_e *MockAuthenticatedUser_Expecter) Identity() *MockAuthenticatedUser_Identity_Call

Identity is a helper method to define mock.On call

func (*MockAuthenticatedUser_Expecter) IsAdmin 

func (_e *MockAuthenticatedUser_Expecter) IsAdmin() *MockAuthenticatedUser_IsAdmin_Call

IsAdmin is a helper method to define mock.On call

func (*MockAuthenticatedUser_Expecter) IsServiceAccount 

func (_e *MockAuthenticatedUser_Expecter) IsServiceAccount() *MockAuthenticatedUser_IsServiceAccount_Call

IsServiceAccount is a helper method to define mock.On call

type MockAuthenticatedUser_GetID_Call 

type MockAuthenticatedUser_GetID_Call struct {
	*mock.Call
}

MockAuthenticatedUser_GetID_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetID'

func (*MockAuthenticatedUser_GetID_Call) Return 

func (_c *MockAuthenticatedUser_GetID_Call) Return(_a0 uuid.UUID) *MockAuthenticatedUser_GetID_Call

func (*MockAuthenticatedUser_GetID_Call) Run 

func (_c *MockAuthenticatedUser_GetID_Call) Run(run func()) *MockAuthenticatedUser_GetID_Call

func (*MockAuthenticatedUser_GetID_Call) RunAndReturn 

func (_c *MockAuthenticatedUser_GetID_Call) RunAndReturn(run func() uuid.UUID) *MockAuthenticatedUser_GetID_Call

type MockAuthenticatedUser_Identity_Call 

type MockAuthenticatedUser_Identity_Call struct {
	*mock.Call
}

MockAuthenticatedUser_Identity_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Identity'

func (*MockAuthenticatedUser_Identity_Call) Return 

func (_c *MockAuthenticatedUser_Identity_Call) Return(_a0 string) *MockAuthenticatedUser_Identity_Call

func (*MockAuthenticatedUser_Identity_Call) Run 

func (_c *MockAuthenticatedUser_Identity_Call) Run(run func()) *MockAuthenticatedUser_Identity_Call

func (*MockAuthenticatedUser_Identity_Call) RunAndReturn 

func (_c *MockAuthenticatedUser_Identity_Call) RunAndReturn(run func() string) *MockAuthenticatedUser_Identity_Call

type MockAuthenticatedUser_IsAdmin_Call 

type MockAuthenticatedUser_IsAdmin_Call struct {
	*mock.Call
}

MockAuthenticatedUser_IsAdmin_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'IsAdmin'

func (*MockAuthenticatedUser_IsAdmin_Call) Return 

func (_c *MockAuthenticatedUser_IsAdmin_Call) Return(_a0 bool) *MockAuthenticatedUser_IsAdmin_Call

func (*MockAuthenticatedUser_IsAdmin_Call) Run 

func (_c *MockAuthenticatedUser_IsAdmin_Call) Run(run func()) *MockAuthenticatedUser_IsAdmin_Call

func (*MockAuthenticatedUser_IsAdmin_Call) RunAndReturn 

func (_c *MockAuthenticatedUser_IsAdmin_Call) RunAndReturn(run func() bool) *MockAuthenticatedUser_IsAdmin_Call

type MockAuthenticatedUser_IsServiceAccount_Call 

type MockAuthenticatedUser_IsServiceAccount_Call struct {
	*mock.Call
}

MockAuthenticatedUser_IsServiceAccount_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'IsServiceAccount'

func (*MockAuthenticatedUser_IsServiceAccount_Call) Return 

func (_c *MockAuthenticatedUser_IsServiceAccount_Call) Return(_a0 bool) *MockAuthenticatedUser_IsServiceAccount_Call

func (*MockAuthenticatedUser_IsServiceAccount_Call) Run 

func (_c *MockAuthenticatedUser_IsServiceAccount_Call) Run(run func()) *MockAuthenticatedUser_IsServiceAccount_Call

func (*MockAuthenticatedUser_IsServiceAccount_Call) RunAndReturn 

func (_c *MockAuthenticatedUser_IsServiceAccount_Call) RunAndReturn(run func() bool) *MockAuthenticatedUser_IsServiceAccount_Call

type Role 

type Role struct {
	Name           string     `json:"name"`
	Description    string     `json:"description"`
	TargetTeamSlug *slug.Slug `json:"target_team_slug"`
	OnlyGlobal     bool       `json:"-"`
}

func ForServiceAccount 

func ForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID) ([]*Role, error)

func ForUser 

func ForUser(ctx context.Context, userID uuid.UUID) ([]*Role, error)

func GetRole 

func GetRole(ctx context.Context, name string) (*Role, error)

func (*Role) ID 

func (r *Role) ID() ident.Ident

func (*Role) IsNode 

func (r *Role) IsNode()

type RoleConnection 

type RoleConnection = pagination.Connection[*Role]

func ListRoles 

func ListRoles(ctx context.Context, page *pagination.Pagination) (*RoleConnection, error)

func ListRolesForServiceAccount 

func ListRolesForServiceAccount(ctx context.Context, serviceAccountID uuid.UUID, page *pagination.Pagination) (*RoleConnection, error)

type RoleEdge 

type RoleEdge = pagination.Edge[*Role]

type ServiceAccountRoles 

type ServiceAccountRoles struct {
	ServiceAccountID uuid.UUID
	Roles            []*Role
}

type UserRoles 

type UserRoles struct {
	UserID uuid.UUID
	Roles  []*Role
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.