Documentation ¶
Index ¶
- Constants
- Variables
- func NewAccessor(verification Verification, requiredRole string, systemClaimKey string, ...) *access
- func NewClaimsCacher(accessTokenFetcher AccessTokenFetcher, maxCacheSizeBytes int) *claimsCacher
- func NewHandler(logger lager.Logger, action string, handler http.Handler, ...) http.Handler
- func NewTeamsCacher(logger lager.Logger, notifications Notifications, teamFactory db.TeamFactory, ...) *teamsCacher
- func NewVerifier(accessTokenFetcher AccessTokenFetcher, audience []string) *verifier
- type Access
- type AccessFactory
- type AccessTokenFetcher
- type Claims
- type Notifications
- type TeamFetcher
- type TokenVerifier
- type Verification
Constants ¶
View Source
const ( MemberRole = "member" OwnerRole = "owner" OperatorRole = "pipeline-operator" ViewerRole = "viewer" )
Variables ¶
View Source
var ( ErrVerificationNoToken = errors.New("token not provided") ErrVerificationInvalidToken = errors.New("token provided is invalid") ErrVerificationTokenExpired = errors.New("token is expired") ErrVerificationInvalidAudience = errors.New("token has invalid audience") )
View Source
var DefaultRoles = map[string]string{ atc.SaveConfig: MemberRole, atc.GetConfig: ViewerRole, atc.GetCC: ViewerRole, atc.GetBuild: ViewerRole, atc.GetBuildPlan: ViewerRole, atc.CreateBuild: MemberRole, atc.ListBuilds: ViewerRole, atc.BuildEvents: ViewerRole, atc.BuildResources: ViewerRole, atc.AbortBuild: OperatorRole, atc.GetBuildPreparation: ViewerRole, atc.GetJob: ViewerRole, atc.CreateJobBuild: OperatorRole, atc.RerunJobBuild: OperatorRole, atc.ListAllJobs: ViewerRole, atc.ListJobs: ViewerRole, atc.ListJobBuilds: ViewerRole, atc.ListJobInputs: ViewerRole, atc.GetJobBuild: ViewerRole, atc.PauseJob: OperatorRole, atc.UnpauseJob: OperatorRole, atc.ScheduleJob: OperatorRole, atc.GetVersionsDB: ViewerRole, atc.JobBadge: ViewerRole, atc.MainJobBadge: ViewerRole, atc.ClearTaskCache: OperatorRole, atc.ListAllResources: ViewerRole, atc.ListResources: ViewerRole, atc.ListResourceTypes: ViewerRole, atc.GetResource: ViewerRole, atc.UnpinResource: OperatorRole, atc.SetPinCommentOnResource: OperatorRole, atc.CheckResource: OperatorRole, atc.CheckResourceWebHook: OperatorRole, atc.CheckResourceType: OperatorRole, atc.ListResourceVersions: ViewerRole, atc.GetResourceVersion: ViewerRole, atc.EnableResourceVersion: OperatorRole, atc.DisableResourceVersion: OperatorRole, atc.PinResourceVersion: OperatorRole, atc.ListBuildsWithVersionAsInput: ViewerRole, atc.ListBuildsWithVersionAsOutput: ViewerRole, atc.GetResourceCausality: ViewerRole, atc.ListAllPipelines: ViewerRole, atc.ListPipelines: ViewerRole, atc.GetPipeline: ViewerRole, atc.DeletePipeline: MemberRole, atc.OrderPipelines: MemberRole, atc.PausePipeline: OperatorRole, atc.ArchivePipeline: OwnerRole, atc.UnpausePipeline: OperatorRole, atc.ExposePipeline: MemberRole, atc.HidePipeline: MemberRole, atc.RenamePipeline: MemberRole, atc.ListPipelineBuilds: ViewerRole, atc.CreatePipelineBuild: MemberRole, atc.PipelineBadge: ViewerRole, atc.RegisterWorker: MemberRole, atc.LandWorker: MemberRole, atc.RetireWorker: MemberRole, atc.PruneWorker: MemberRole, atc.HeartbeatWorker: MemberRole, atc.ListWorkers: ViewerRole, atc.DeleteWorker: MemberRole, atc.SetLogLevel: MemberRole, atc.GetLogLevel: ViewerRole, atc.DownloadCLI: ViewerRole, atc.GetInfo: ViewerRole, atc.GetInfoCreds: ViewerRole, atc.ListContainers: ViewerRole, atc.GetContainer: ViewerRole, atc.HijackContainer: MemberRole, atc.ListDestroyingContainers: ViewerRole, atc.ReportWorkerContainers: MemberRole, atc.ListVolumes: ViewerRole, atc.ListDestroyingVolumes: ViewerRole, atc.ReportWorkerVolumes: MemberRole, atc.ListTeams: ViewerRole, atc.GetTeam: ViewerRole, atc.SetTeam: OwnerRole, atc.RenameTeam: OwnerRole, atc.DestroyTeam: OwnerRole, atc.ListTeamBuilds: ViewerRole, atc.CreateArtifact: MemberRole, atc.GetArtifact: MemberRole, atc.ListBuildArtifacts: ViewerRole, atc.GetWall: ViewerRole, }
Functions ¶
func NewAccessor ¶
func NewClaimsCacher ¶
func NewClaimsCacher( accessTokenFetcher AccessTokenFetcher, maxCacheSizeBytes int, ) *claimsCacher
func NewHandler ¶
func NewTeamsCacher ¶
func NewTeamsCacher( logger lager.Logger, notifications Notifications, teamFactory db.TeamFactory, expiration time.Duration, cleanupInterval time.Duration, ) *teamsCacher
func NewVerifier ¶
func NewVerifier(accessTokenFetcher AccessTokenFetcher, audience []string) *verifier
Types ¶
type Access ¶
type Access interface { HasToken() bool IsAuthenticated() bool IsAuthorized(string) bool IsAdmin() bool IsSystem() bool TeamNames() []string TeamRoles() map[string][]string Claims() Claims }
func GetAccessor ¶
type AccessFactory ¶
func NewAccessFactory ¶
func NewAccessFactory( tokenVerifier TokenVerifier, teamFetcher TeamFetcher, systemClaimKey string, systemClaimValues []string, ) AccessFactory
type AccessTokenFetcher ¶
type AccessTokenFetcher interface {
GetAccessToken(rawToken string) (db.AccessToken, bool, error)
}
type Notifications ¶
type TeamFetcher ¶
type TokenVerifier ¶
type Verification ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.