serviceuser

package

v0.30.1 Latest Latest Go to latest Published: Aug 27, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/raystack/frontier

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Credential
type CredentialRepository
type CredentialType
- func (c CredentialType) String() string
type Filter
type RelationService
type Repository
type Secret
type Service
- func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service
type ServiceUser
type State
- func (s State) String() string
type Token

Constants ¶

View Source

const (
	DefaultKeyType = "sv_rsa"
)

Variables ¶

View Source

var (
	ErrNotExist     = errors.New("service user doesn't exist")
	ErrCredNotExist = errors.New("service user credential doesn't exist")
	ErrInvalidCred  = errors.New("service user credential is invalid")
	ErrInvalidID    = errors.New("service user id is invalid")
	ErrInvalidKeyID = errors.New("service user key is invalid")
	ErrConflict     = errors.New("service user already exist")
	ErrEmptyKey     = errors.New("empty key")
	ErrDisabled     = errors.New("service user is disabled")
)

Functions ¶

This section is empty.

Types ¶

type Credential ¶

type Credential struct {
	// ID is the unique identifier of the credential.
	// This is also used as kid in JWT, the spec doesn't
	// state how the kid should be generated as anyway this token
	// is owned by frontier, and we are in control of key generation
	// any arbitrary string can be used as kid as long as its unique
	ID            string
	ServiceUserID string
	Type          CredentialType

	// SecretHash used for basic auth
	SecretHash string

	// PublicKey used for JWT verification using RSA
	PublicKey jwk.Set
	// PrivateKey used for JWT signing using RSA, this is not stored and
	// only generated and returned when creating a new credential
	PrivateKey []byte

	Title     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type CredentialRepository ¶

type CredentialRepository interface {
	List(ctx context.Context, flt Filter) ([]Credential, error)
	Create(ctx context.Context, credential Credential) (Credential, error)
	Get(ctx context.Context, id string) (Credential, error)
	Delete(ctx context.Context, id string) error
}

type CredentialType ¶ added in v0.9.1

type CredentialType string

const (
	ClientSecretCredentialType CredentialType = "client_credential"
	JWTCredentialType          CredentialType = "jwt_bearer"
	OpaqueTokenCredentialType  CredentialType = "opaque_token"
)

func (CredentialType) String ¶ added in v0.9.1

func (c CredentialType) String() string

type Filter ¶

type Filter struct {
	ServiceUserID  string
	ServiceUserIDs []string

	OrgID    string
	IsKey    bool
	IsSecret bool
	State    State
}

type RelationService ¶

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
	LookupSubjects(ctx context.Context, rel relation.Relation) ([]string, error)
	CheckPermission(ctx context.Context, rel relation.Relation) (bool, error)
}

type Repository ¶

type Repository interface {
	List(ctx context.Context, flt Filter) ([]ServiceUser, error)
	Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
	GetByID(ctx context.Context, id string) (ServiceUser, error)
	GetByIDs(ctx context.Context, id []string) ([]ServiceUser, error)
	Delete(ctx context.Context, id string) error
}

type Secret ¶

type Secret struct {
	ID        string
	Title     string
	Value     string
	CreatedAt time.Time
}

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

func NewService ¶

func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service

func (Service) Create ¶

func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)

func (Service) CreateKey ¶

func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)

CreateKey creates a key pair for the service user

func (Service) CreateSecret ¶

func (s Service) CreateSecret(ctx context.Context, credential Credential) (Secret, error)

CreateSecret creates a secret for the service user

func (Service) CreateToken ¶ added in v0.9.1

func (s Service) CreateToken(ctx context.Context, credential Credential) (Token, error)

CreateToken creates an opaque token for the service user

func (Service) Delete ¶

func (s Service) Delete(ctx context.Context, id string) error

func (Service) DeleteKey ¶

func (s Service) DeleteKey(ctx context.Context, credID string) error

func (Service) DeleteSecret ¶

func (s Service) DeleteSecret(ctx context.Context, credID string) error

func (Service) DeleteToken ¶ added in v0.9.1

func (s Service) DeleteToken(ctx context.Context, credID string) error

func (Service) Get ¶

func (s Service) Get(ctx context.Context, id string) (ServiceUser, error)

func (Service) GetByIDs ¶ added in v0.7.5

func (s Service) GetByIDs(ctx context.Context, ids []string) ([]ServiceUser, error)

func (Service) GetByJWT ¶ added in v0.9.1

func (s Service) GetByJWT(ctx context.Context, token string) (ServiceUser, error)

GetByJWT returns the service user by verifying the token

func (Service) GetBySecret ¶

func (s Service) GetBySecret(ctx context.Context, credID string, reqSecret string) (ServiceUser, error)

GetBySecret matches the secret with the secret hash stored in the database of the service user and if the secret matches, returns the service user

func (Service) GetKey ¶

func (s Service) GetKey(ctx context.Context, credID string) (Credential, error)

func (Service) IsSudo ¶ added in v0.8.0

func (s Service) IsSudo(ctx context.Context, id string, permissionName string) (bool, error)

IsSudo checks platform permissions. Platform permissions are: - superuser - check

func (Service) List ¶

func (s Service) List(ctx context.Context, flt Filter) ([]ServiceUser, error)

func (Service) ListByOrg ¶

func (s Service) ListByOrg(ctx context.Context, orgID string) ([]ServiceUser, error)

func (Service) ListKeys ¶

func (s Service) ListKeys(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListSecret ¶

func (s Service) ListSecret(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListToken ¶ added in v0.9.1

func (s Service) ListToken(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) Sudo ¶ added in v0.8.0

func (s Service) Sudo(ctx context.Context, id string, relationName string) error

Sudo add platform permissions to user

func (Service) UnSudo ¶ added in v0.14.0

func (s Service) UnSudo(ctx context.Context, id string) error

UnSudo remove platform permissions to user only remove the 'member' relation if it exists

type ServiceUser ¶

type ServiceUser struct {
	ID       string
	OrgID    string
	Title    string
	State    string
	Metadata metadata.Metadata

	// CreatedByUser is a transient field that is used to track the user who created this service user
	// this doesn't have any impact on the service user itself
	CreatedByUser string

	CreatedAt time.Time
	UpdatedAt time.Time
}

type State ¶

type State string

const (
	Enabled  State = "enabled"
	Disabled State = "disabled"
)

func (State) String ¶

func (s State) String() string

type Token ¶ added in v0.9.1

type Token struct {
	ID        string
	Title     string
	Value     string
	CreatedAt time.Time
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL