rpc

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 2, 2018 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrRequestorUnqualified is returned when a caller has
	// attempted to perform some action that requires
	// authorization and the caller is either not authorized, was
	// unable to present a token, or the token did not contain
	// sufficient capabilities.
	ErrRequestorUnqualified = errors.New("the requestor is not qualified to perform that action")

	// ErrMalformedRequest is returned when a caller makes some
	// request to the server but has failed to provide a complete
	// request, or has provided a request that is in conflict with
	// itself.
	ErrMalformedRequest = errors.New("the request is malformed and cannot be processed")

	// ErrInternalError is a catchall for errors that are
	// otherwise unidentified and unrecoverable in the server.
	ErrInternalError = errors.New("An internal error has occurred")
)

Functions

This section is empty.

Types

type EntityTree 

type EntityTree interface {
	GetEntity(string) (*pb.Entity, error)
	ValidateSecret(string, string) error
	MakeBootstrap(string, string)
	DisableBootstrap()
	SetEntitySecretByID(string, string) error

	LockEntity(string) error
	UnlockEntity(string) error

	NewEntity(string, int32, string) error
	DeleteEntityByID(string) error
	UpdateEntityMeta(string, *pb.EntityMeta) error
	UpdateEntityKeys(string, string, string, string) ([]string, error)
	ManageUntypedEntityMeta(string, string, string, string) ([]string, error)

	NewGroup(string, string, string, int32) error
	DeleteGroup(string) error
	ListGroups() ([]*pb.Group, error)
	GetGroupByName(string) (*pb.Group, error)
	UpdateGroupMeta(string, *pb.Group) error
	ManageUntypedGroupMeta(string, string, string, string) ([]string, error)
	GetMemberships(*pb.Entity, bool) []string

	AddEntityToGroup(string, string) error
	RemoveEntityFromGroup(string, string) error
	ListMembers(string) ([]*pb.Entity, error)

	ModifyGroupExpansions(string, string, pb.ExpansionMode) error

	SetEntityCapabilityByID(string, string) error
	RemoveEntityCapabilityByID(string, string) error
	SetGroupCapabilityByName(string, string) error
	RemoveGroupCapabilityByName(string, string) error
}

An EntityTree is a mechanism for storing entities and information about them.

type NetAuthServer 

type NetAuthServer struct {
	Tree  EntityTree
	Token token.Service
}

A NetAuthServer is a collection of methods that satisfy the requirements of the NetAuthServer protocol buffer.

func (*NetAuthServer) AddEntityToGroup 

func (s *NetAuthServer) AddEntityToGroup(ctx context.Context, r *pb.ModEntityMembershipRequest) (*pb.SimpleResult, error)

AddEntityToGroup will add an existing entity to an existing group if they are not already a direct member. If they are a direct member this call is idempotent. This action must be authorized by the presentation of a token containing the appropriate capability.

func (*NetAuthServer) AuthEntity 

func (s *NetAuthServer) AuthEntity(ctx context.Context, r *pb.NetAuthRequest) (*pb.SimpleResult, error)

AuthEntity performs entity authentication and returns boolean status for the authentication attempt. This method should be preferred for systems that will not need a token, or will issue a token of their own on the authority of this response.

func (*NetAuthServer) ChangeSecret 

func (s *NetAuthServer) ChangeSecret(ctx context.Context, r *pb.ModEntityRequest) (*pb.SimpleResult, error)

ChangeSecret allows an entity secret to be reset. There are two possible flows through this function based on whether or not the request is self-modifying or not. In the case of a self modifying request (entity requests change of its own secret) then the entity must be in possession of the old secret, not a token, to authorize the change. In the event the request is administrative (the entity is requesting the change of another entity's secret) then the entity must posses a token with the right capability.

func (*NetAuthServer) DeleteGroup 

func (s *NetAuthServer) DeleteGroup(ctx context.Context, r *pb.ModGroupRequest) (*pb.SimpleResult, error)

DeleteGroup removes a group from the NetAuth server. This action must be authorized by the presentation of a token containing appropriate capabilities. This call will not CASCADE deletes and will not check if the group is empty before proceeding. Other methods *should* safely handle this and check that they aren't pointing to a group that doesn't exist anymore, but its still good form to clean up references before calling this action.

func (*NetAuthServer) EntityInfo 

func (s *NetAuthServer) EntityInfo(ctx context.Context, r *pb.NetAuthRequest) (*pb.Entity, error)

EntityInfo returns as much information about an entity is as known. This response will not include information about the entity's memberships in groups within the tree, but will include all fields in the EntityMeta section.

func (*NetAuthServer) GetToken 

func (s *NetAuthServer) GetToken(ctx context.Context, r *pb.NetAuthRequest) (*pb.TokenResult, error)

GetToken is functionally identical to AuthEntity above, but will also return a token that can be used to perform further requests to the NetAuth server.

func (*NetAuthServer) GroupInfo 

func (s *NetAuthServer) GroupInfo(ctx context.Context, r *pb.ModGroupRequest) (*pb.GroupInfoResult, error)

GroupInfo returns as much information as is known about a group. This does not include group membership.

func (*NetAuthServer) ListGroupMembers 

func (s *NetAuthServer) ListGroupMembers(ctx context.Context, r *pb.GroupMemberRequest) (*pb.EntityList, error)

ListGroupMembers lists the members that are in a particular group. This call requires computing fairly large chunks of the membership graph.

func (*NetAuthServer) ListGroups 

func (s *NetAuthServer) ListGroups(ctx context.Context, r *pb.GroupListRequest) (*pb.GroupList, error)

ListGroups lists the groups a particular entity is in, or all groups on the server if no entity is specified. In the case of calculating the groups a specific entity is in this can be quite expensive since large chunks of the membership tree will need to be calculated.

func (*NetAuthServer) LockEntity added in v0.0.11 

func (s *NetAuthServer) LockEntity(ctx context.Context, r *pb.NetAuthRequest) (*pb.SimpleResult, error)

LockEntity locks an entity. This action must be authorized with an appropriate token.

func (*NetAuthServer) ManageCapabilities 

func (s *NetAuthServer) ManageCapabilities(ctx context.Context, r *pb.ModCapabilityRequest) (*pb.SimpleResult, error)

ManageCapabilities permits the assignment and removal of capabilities from an entity or group. If the entity and group are both specified, then the group will be ignored and the modification will be performed on the named entity.

func (*NetAuthServer) ModifyEntityKeys 

func (s *NetAuthServer) ModifyEntityKeys(ctx context.Context, r *pb.ModEntityKeyRequest) (*pb.KeyList, error)

ModifyEntityKeys can be used to add, remove, or retrieve the keys associated with an entity. This action must be authorized by the presentation of a token with appropriate capabilities.

func (*NetAuthServer) ModifyEntityMeta 

func (s *NetAuthServer) ModifyEntityMeta(ctx context.Context, r *pb.ModEntityRequest) (*pb.SimpleResult, error)

ModifyEntityMeta can be used to modify the EntityMeta section of an Entity. This request must be authorized by a token that contains the correct capabilities to modify others. Some fields cannot be changed by this mechanism and must be changed via other calls which perform more authorization and validation checks.

func (*NetAuthServer) ModifyGroupMeta 

func (s *NetAuthServer) ModifyGroupMeta(ctx context.Context, r *pb.ModGroupRequest) (*pb.SimpleResult, error)

ModifyGroupMeta allows metadata stored on the group to be rewritten. Some fields may not be changed using this action and must use more specialized calls which perform additional authorization and validation checks. This action must be authorized by the presentation of a token containing appropriate capabilities.

func (*NetAuthServer) ModifyGroupNesting 

func (s *NetAuthServer) ModifyGroupNesting(ctx context.Context, r *pb.ModGroupNestingRequest) (*pb.SimpleResult, error)

ModifyGroupNesting permits changing the rules for group expansions. These expansions can either include a group's members, or prune the members of one group from another. Expansions are checked to ensure they do not exist already, and that the addition of an expansion would not create a cycle in the membership graph.

func (*NetAuthServer) ModifyUntypedEntityMeta added in v0.0.10 

func (s *NetAuthServer) ModifyUntypedEntityMeta(ctx context.Context, r *pb.ModEntityMetaRequest) (*pb.UntypedMetaResult, error)

ModifyUntypedEntityMeta alters the data stored in the untyped K/V segment of an entity's metadata. This action must be authorized by the presentation of a token with appropriate capabilities.

func (*NetAuthServer) ModifyUntypedGroupMeta added in v0.0.10 

func (s *NetAuthServer) ModifyUntypedGroupMeta(ctx context.Context, r *pb.ModGroupMetaRequest) (*pb.UntypedMetaResult, error)

ModifyUntypedGroupMeta alters the data stored in the untyped K/V segment of an entity's metadata. This action must be authorized by the presentation of a token with appropriate capabilities.

func (*NetAuthServer) NewEntity 

func (s *NetAuthServer) NewEntity(ctx context.Context, r *pb.ModEntityRequest) (*pb.SimpleResult, error)

NewEntity creates a new entity. This action must be authorized by the presentation of a valid token containing appropriate capabilities.

func (*NetAuthServer) NewGroup 

func (s *NetAuthServer) NewGroup(ctx context.Context, r *pb.ModGroupRequest) (*pb.SimpleResult, error)

NewGroup creates a new group on the NetAuth server. This action must be authorized by the presentation of a token containing appropriate capabilities.

func (*NetAuthServer) Ping 

func (s *NetAuthServer) Ping(ctx context.Context, pingRequest *pb.PingRequest) (*pb.PingResponse, error)

Ping requests the health status of the server and returns it to the client. This is designed to be a virtually free action that should be safe to invoke at any time to see if the server is available.

func (*NetAuthServer) RemoveEntity 

func (s *NetAuthServer) RemoveEntity(ctx context.Context, r *pb.ModEntityRequest) (*pb.SimpleResult, error)

RemoveEntity removes an entity. This action must be authorized by the presentation of a valid token containing appropriate capabilities.

func (*NetAuthServer) RemoveEntityFromGroup 

func (s *NetAuthServer) RemoveEntityFromGroup(ctx context.Context, r *pb.ModEntityMembershipRequest) (*pb.SimpleResult, error)

RemoveEntityFromGroup will remove an existing entity from an existing group. This action must be authorized by the presentation of a token containing appropriate capabilities.

func (*NetAuthServer) UnlockEntity added in v0.0.11 

func (s *NetAuthServer) UnlockEntity(ctx context.Context, r *pb.NetAuthRequest) (*pb.SimpleResult, error)

UnlockEntity locks an entity. This action must be authorized with an appropriate token.

func (*NetAuthServer) ValidateToken 

func (s *NetAuthServer) ValidateToken(ctx context.Context, r *pb.NetAuthRequest) (*pb.SimpleResult, error)

ValidateToken will attempt to determine the validity of a token previously issued by the NetAuth server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.