client

package
v0.0.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2018 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	// ErrNoSuchTokenStore is returned in the case when the token
	// store requested does not actually exist.
	ErrNoSuchTokenStore = errors.New("no token store with that name exists")

	// ErrTokenUnavailable is returned when there is no token
	// available to be returned.
	ErrTokenUnavailable = errors.New("the stored token is unavailable")
)
View Source 
var (
	// ErrConfigError is returned when the configuration was
	// loaded but was missing required values.
	ErrConfigError = errors.New("Required configuration values are missing")
)

Functions

func Register 

func Register(name string, impl TokenStore)

Register is called by implementations to register into the token system.

Types

type NACLConfig 

type NACLConfig struct {
	Server    string
	Port      int
	ServiceID string
	ClientID  string

	// This could just be "Insecure", but this makes it a bit more
	// clear that you're a fool to be running with this set.
	WildlyInsecure bool

	ServerCert string
}

The NACLConfig configures the library to make connections to a remote NetAuth servers.

func LoadConfig 

func LoadConfig(cfgpath string) (*NACLConfig, error)

LoadConfig fetches the configuration file from disk in the default location, or the provided path if specified.

type NetAuthClient 

type NetAuthClient struct {
	// contains filtered or unexported fields
}

The NetAuthClient is the logical abstraction on top of the gRPC client form the Protobuf. This includes the additional components such as the TokenService and the TokenStore, as well as the config structures that drive the client.

func New 

func New(cfg *NACLConfig) (*NetAuthClient, error)

New takes in a NACLConfig pointer and uses this to bootstrap a client. If the pointer is nil, then the config will be loaded from disk from the default location.

func (*NetAuthClient) AddEntityToGroup 

func (n *NetAuthClient) AddEntityToGroup(t, g, e string) (*pb.SimpleResult, error)

AddEntityToGroup modifies direct membership of entities. This action must be authorized.

func (*NetAuthClient) Authenticate 

func (n *NetAuthClient) Authenticate(entity string, secret string) (*pb.SimpleResult, error)

Authenticate takes in an entity and a secret and tries to validate that the identity is legitimate by verifying the secret provided.

func (*NetAuthClient) ChangeSecret 

func (n *NetAuthClient) ChangeSecret(e, s, me, ms, t string) (*pb.SimpleResult, error)

ChangeSecret crafts a modEntity request with the correct fields to change an entity secret either via self authentication or via token authentication which is held by an appropriate administrator.

func (*NetAuthClient) DeleteGroup 

func (n *NetAuthClient) DeleteGroup(name, t string) (*pb.SimpleResult, error)

DeleteGroup removes a group by name. This action must be authorized.

func (*NetAuthClient) DestroyToken 

func (n *NetAuthClient) DestroyToken(name string) error

DestroyToken proxies inwards to the tokenStore to shield the client API for the future.

func (*NetAuthClient) EntityInfo 

func (n *NetAuthClient) EntityInfo(id string) (*pb.Entity, error)

EntityInfo btains the entity object with the secure fields redacted. This is primarily used for displaying the values of the metadata struct internally.

func (*NetAuthClient) GetToken 

func (n *NetAuthClient) GetToken(entity, secret string) (string, error)

GetToken is identical to Authenticate except on success it will return a token which can be used to authorize additional later requests.

func (*NetAuthClient) GroupInfo 

func (n *NetAuthClient) GroupInfo(name string) (*pb.GroupInfoResult, error)

GroupInfo provides information about a single group.

func (*NetAuthClient) InspectToken 

func (n *NetAuthClient) InspectToken(t string) (token.Claims, error)

InspectToken proxies through to the tokenService since the inner function may oneday be significantly more complicated, but hte function in the client should not change.

func (*NetAuthClient) ListGroupMembers 

func (n *NetAuthClient) ListGroupMembers(g string) ([]*pb.Entity, error)

ListGroupMembers returns a list of members for the requested group. This action does not require authorization.

func (*NetAuthClient) ListGroups 

func (n *NetAuthClient) ListGroups(entity string, indirects bool) ([]*pb.Group, error)

ListGroups returns a list of groups to the caller. This action does not require authorization.

func (*NetAuthClient) LockEntity added in v0.0.11 

func (n *NetAuthClient) LockEntity(t, e string) (*pb.SimpleResult, error)

LockEntity locks an entity which prevents validation of an entity secret.

func (*NetAuthClient) ManageCapabilities 

func (n *NetAuthClient) ManageCapabilities(t, e, g, c, m string) (*pb.SimpleResult, error)

ManageCapabilities modifies the capabilities present on an entity or group. This action must be authorized.

func (*NetAuthClient) ModifyEntityKeys 

func (n *NetAuthClient) ModifyEntityKeys(t, e, m, kt, kv string) ([]string, error)

ModifyEntityKeys modifies the keys on an entity, this action must be authorized.

func (*NetAuthClient) ModifyEntityMeta 

func (n *NetAuthClient) ModifyEntityMeta(id, t string, meta *pb.EntityMeta) (*pb.SimpleResult, error)

ModifyEntityMeta makes an authenticated request to the server to update the metadata of an entity.

func (*NetAuthClient) ModifyGroupExpansions 

func (n *NetAuthClient) ModifyGroupExpansions(t, p, c, m string) (*pb.SimpleResult, error)

ModifyGroupExpansions modifies the parent/child status of the provided groups. This action must be authorized.

func (*NetAuthClient) ModifyGroupMeta 

func (n *NetAuthClient) ModifyGroupMeta(group *pb.Group, token string) (*pb.SimpleResult, error)

ModifyGroupMeta allows a group's metadata to be altered after the fact. This action must be authorized.

func (*NetAuthClient) ModifyUntypedEntityMeta added in v0.0.10 

func (n *NetAuthClient) ModifyUntypedEntityMeta(t, e, m, k, v string) (map[string]string, error)

ModifyUntypedEntityMeta manages actions on the untyped metadata storage.

func (*NetAuthClient) ModifyUntypedGroupMeta added in v0.0.10 

func (n *NetAuthClient) ModifyUntypedGroupMeta(t, g, m, k, v string) (map[string]string, error)

ModifyUntypedGroupMeta manages actions on the untyped metadata storage.

func (*NetAuthClient) NewEntity 

func (n *NetAuthClient) NewEntity(id string, uidn int32, secret, t string) (*pb.SimpleResult, error)

NewEntity crafts a modEntity request with the correct fields to create a new entity.

func (*NetAuthClient) NewGroup 

func (n *NetAuthClient) NewGroup(name, displayname, managedby, t string, number int) (*pb.SimpleResult, error)

NewGroup creates a new group with the given name, display name, and group number. This action must be authorized.

func (*NetAuthClient) Ping 

func (n *NetAuthClient) Ping() (*pb.PingResponse, error)

Ping very simply pings the server. The reply will contain the health status of the server as a server that replies and a server that can serve are two very different things (data might be reloading during the request).

func (*NetAuthClient) RemoveEntity 

func (n *NetAuthClient) RemoveEntity(id, token string) (*pb.SimpleResult, error)

RemoveEntity removes an entity by the given name. Only the 'entity' field of the modEntityRequest is required.

func (*NetAuthClient) RemoveEntityFromGroup 

func (n *NetAuthClient) RemoveEntityFromGroup(t, g, e string) (*pb.SimpleResult, error)

RemoveEntityFromGroup modifies direct membership of entities. This action must be authorized.

func (*NetAuthClient) SetServiceID 

func (n *NetAuthClient) SetServiceID(id string)

SetServiceID allows the service ID to be changed on an initialized client. This allows the general case to source everything from the config file and then set the service ID after the client is initialized.

func (*NetAuthClient) UnlockEntity added in v0.0.11 

func (n *NetAuthClient) UnlockEntity(t, e string) (*pb.SimpleResult, error)

UnlockEntity unlocks an entity which was previously locked.

func (*NetAuthClient) ValidateToken 

func (n *NetAuthClient) ValidateToken(entity string) (*pb.SimpleResult, error)

ValidateToken sends the token to the server for validation. This is effectively asking the server to authenticate the token and not do anything else. Returns a comment from the server and an error.

type TokenStore 

type TokenStore interface {
	StoreToken(string, string) error
	GetToken(string) (string, error)
	DestroyToken(string) error
}

The TokenStore is a convenient way to securely store tokens for entities. Care should be taken with all implementations to avoid loosing security of the token, since a token attack can be escalated to persistent root in the right circumstances.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.