auth

package

v0.0.0-...-4450389 Latest Latest Go to latest Published: Nov 4, 2019 License: MIT Imports: 2 Imported by: 0

Details

Package `auth` contains basic types for authentication and authorization.

Rules for scope-based path authorization:

Normalized resource paths have no trailing slash, e.g. a root is named `/foo` not `/foo/`; like a directory realpath or an AWS S3 bucket; but unlike Vault's listing policy.
The only normalized path that ends with slash is the root path `/`.
Paths can be normalized in Go by `path.Clean()` aka `slashpath.Clean()`, not `filepath.Clean()`.
Callers should call authorize with normalized resource paths.
Authorizers should normalize paths before checking access.
A token that wants to grant access to a path `/foo` and all paths below must include two path patterns: `/foo` and `/foo/*`; i.e. `/foo/*` does not match `/foo`.

This section is empty.

This section is empty.

This section is empty.

type Action string

func (a Action) String() string

type ActionDetails map[string]interface{}

type AnyAuthorizer interface {
	AuthorizeAny(Identity, ...ScopedAction) error
}

type Authenticator interface {
	Authenticate(context.Context) (Identity, error)
}

type Authorizer interface {
	Authorize(Identity, Action, ActionDetails) error
}

type Identity map[string]interface{}

type Scope struct {
	Actions []string
	Paths   []string
	Names   []string
}

type ScopedAction struct {
	Action
	Details ActionDetails
}

func (sa ScopedAction) String() string

type SimpleScope struct {
	Action string `json:"action"`
	Path   string `json:"path,omitempty"`
	Name   string `json:"name,omitempty"`
}

type UnixIdentities []UnixIdentity

func (ids UnixIdentities) FindDomain(dom string) (UnixIdentity, bool)

type UnixIdentity struct {
	Domain     string
	Username   string
	Groupnames []string
}