Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateScopeValidator ¶
func CreateScopeValidator(expectedScopes []TokenScope, all bool) jwt.ValidatorFunc
Creates a validator that checks if a token's scope matches the expectedScopes. If all=false, it checks if the tokenScopes have any one scope in expectedScopes; If all=true, it checks if tokenScopes is the same set as expectedScopes See `scopeContains` for detailed checking mechanism
func GetScopeString ¶
Get a string representation of a list of scopes, which can then be passed to the Claim builder of JWT constructor
func ScopeContains ¶
func ScopeContains(tokenScopes []string, expectedScopes []TokenScope, all bool) bool
Return if expectedScopes contains the tokenScope and it's case-insensitive. If all=false, it checks if the tokenScopes have any one scope in expectedScopes; If all=true, it checks if tokenScopes is the same set as expectedScopes
Types ¶
type ResourceScope ¶
type ResourceScope struct {
Authorization TokenScope
Resource string
}
A resourced scope is a scope whose privileges are narrowed to a specific resource. If there's the authorization for foo, then the ResourceScope of foo:/bar also contains foo:/bar/baz.
func NewResourceScope ¶
func NewResourceScope(authz TokenScope, resource string) ResourceScope
func ParseResourceScopeString ¶
func ParseResourceScopeString(tok jwt.Token) (scopes []ResourceScope)
Get a list of resource-style scopes from the token
func (ResourceScope) Contains ¶
func (rc ResourceScope) Contains(other ResourceScope) bool
func (ResourceScope) String ¶
func (rc ResourceScope) String() string
type Scope ¶
type Scope interface {
TokenScope | ResourceScope
String() string
}
type TokenScope ¶
type TokenScope string
const ( Pelican_Advertise TokenScope = "pelican.advertise" Pelican_DirectorTestReport TokenScope = "pelican.director_test_report" Pelican_DirectorServiceDiscovery TokenScope = "pelican.director_service_discovery" Pelican_NamespaceDelete TokenScope = "pelican.namespace_delete" WebUi_Access TokenScope = "web_ui.access" Registry_EditRegistration TokenScope = "registry.edit_registration" Monitoring_Scrape TokenScope = "monitoring.scrape" Monitoring_Query TokenScope = "monitoring.query" Broker_Reverse TokenScope = "broker.reverse" Broker_Retrieve TokenScope = "broker.retrieve" Broker_Callback TokenScope = "broker.callback" Localcache_Purge TokenScope = "localcache.purge" // Storage Scopes Storage_Read TokenScope = "storage.read" Storage_Create TokenScope = "storage.create" Storage_Modify TokenScope = "storage.modify" Storage_Stage TokenScope = "storage.stage" // Lotman Scopes Lot_Create TokenScope = "lot.create" Lot_Read TokenScope = "lot.read" Lot_Modify TokenScope = "lot.modify" Lot_Delete TokenScope = "lot.delete" )
func (TokenScope) Path ¶
func (s TokenScope) Path(path string) (TokenScope, error)
Interface that allows us to assign a path to some token scopes, such as "storage.read:/foo/bar"
func (TokenScope) String ¶
func (s TokenScope) String() string
Source Files