serviceuser

package
v0.41.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultKeyType = "sv_rsa"
)

Variables

View Source
var (
	ErrNotExist     = errors.New("service user doesn't exist")
	ErrCredNotExist = errors.New("service user credential doesn't exist")
	ErrInvalidCred  = errors.New("service user credential is invalid")
	ErrInvalidID    = errors.New("service user id is invalid")
	ErrInvalidKeyID = errors.New("service user key is invalid")
	ErrConflict     = errors.New("service user already exist")
	ErrEmptyKey     = errors.New("empty key")
	ErrDisabled     = errors.New("service user is disabled")
)

Functions

This section is empty.

Types

type Credential

type Credential struct {
	// ID is the unique identifier of the credential.
	// This is also used as kid in JWT, the spec doesn't
	// state how the kid should be generated as anyway this token
	// is owned by frontier, and we are in control of key generation
	// any arbitrary string can be used as kid as long as its unique
	ID            string
	ServiceUserID string
	Type          CredentialType

	// SecretHash used for basic auth
	SecretHash string

	// PublicKey used for JWT verification using RSA
	PublicKey jwk.Set
	// PrivateKey used for JWT signing using RSA, this is not stored and
	// only generated and returned when creating a new credential
	PrivateKey []byte

	Title     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type CredentialRepository

type CredentialRepository interface {
	List(ctx context.Context, flt Filter) ([]Credential, error)
	Create(ctx context.Context, credential Credential) (Credential, error)
	Get(ctx context.Context, id string) (Credential, error)
	Delete(ctx context.Context, id string) error
}

type CredentialType added in v0.9.1

type CredentialType string
const (
	ClientSecretCredentialType CredentialType = "client_credential"
	JWTCredentialType          CredentialType = "jwt_bearer"
	OpaqueTokenCredentialType  CredentialType = "opaque_token"
)

func (CredentialType) String added in v0.9.1

func (c CredentialType) String() string

type Filter

type Filter struct {
	ServiceUserID  string
	ServiceUserIDs []string

	OrgID    string
	IsKey    bool
	IsSecret bool
	State    State
}

type RelationService

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
	LookupSubjects(ctx context.Context, rel relation.Relation) ([]string, error)
	CheckPermission(ctx context.Context, rel relation.Relation) (bool, error)
}

type Repository

type Repository interface {
	List(ctx context.Context, flt Filter) ([]ServiceUser, error)
	Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
	GetByID(ctx context.Context, id string) (ServiceUser, error)
	GetByIDs(ctx context.Context, id []string) ([]ServiceUser, error)
	Delete(ctx context.Context, id string) error
}

type Secret

type Secret struct {
	ID        string
	Title     string
	Value     string
	CreatedAt time.Time
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service

func (Service) Create

func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)

func (Service) CreateKey

func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)

CreateKey creates a key pair for the service user

func (Service) CreateSecret

func (s Service) CreateSecret(ctx context.Context, credential Credential) (Secret, error)

CreateSecret creates a secret for the service user

func (Service) CreateToken added in v0.9.1

func (s Service) CreateToken(ctx context.Context, credential Credential) (Token, error)

CreateToken creates an opaque token for the service user

func (Service) Delete

func (s Service) Delete(ctx context.Context, id string) error

func (Service) DeleteKey

func (s Service) DeleteKey(ctx context.Context, credID string) error

func (Service) DeleteSecret

func (s Service) DeleteSecret(ctx context.Context, credID string) error

func (Service) DeleteToken added in v0.9.1

func (s Service) DeleteToken(ctx context.Context, credID string) error

func (Service) Get

func (s Service) Get(ctx context.Context, id string) (ServiceUser, error)

func (Service) GetByIDs added in v0.7.5

func (s Service) GetByIDs(ctx context.Context, ids []string) ([]ServiceUser, error)

func (Service) GetByJWT added in v0.9.1

func (s Service) GetByJWT(ctx context.Context, token string) (ServiceUser, error)

GetByJWT returns the service user by verifying the token

func (Service) GetBySecret

func (s Service) GetBySecret(ctx context.Context, credID string, reqSecret string) (ServiceUser, error)

GetBySecret matches the secret with the secret hash stored in the database of the service user and if the secret matches, returns the service user

func (Service) GetKey

func (s Service) GetKey(ctx context.Context, credID string) (Credential, error)

func (Service) IsSudo added in v0.8.0

func (s Service) IsSudo(ctx context.Context, id string, permissionName string) (bool, error)

IsSudo checks platform permissions. Platform permissions are: - superuser - check

func (Service) List

func (s Service) List(ctx context.Context, flt Filter) ([]ServiceUser, error)

func (Service) ListByOrg

func (s Service) ListByOrg(ctx context.Context, orgID string) ([]ServiceUser, error)

func (Service) ListKeys

func (s Service) ListKeys(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListSecret

func (s Service) ListSecret(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListToken added in v0.9.1

func (s Service) ListToken(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) Sudo added in v0.8.0

func (s Service) Sudo(ctx context.Context, id string, relationName string) error

Sudo add platform permissions to user

func (Service) UnSudo added in v0.14.0

func (s Service) UnSudo(ctx context.Context, id string) error

UnSudo remove platform permissions to user only remove the 'member' relation if it exists

type ServiceUser

type ServiceUser struct {
	ID       string
	OrgID    string
	Title    string
	State    string
	Metadata metadata.Metadata

	// CreatedByUser is a transient field that is used to track the user who created this service user
	// this doesn't have any impact on the service user itself
	CreatedByUser string

	CreatedAt time.Time
	UpdatedAt time.Time
}

type State

type State string
const (
	Enabled  State = "enabled"
	Disabled State = "disabled"
)

func (State) String

func (s State) String() string

type Token added in v0.9.1

type Token struct {
	ID        string
	Title     string
	Value     string
	CreatedAt time.Time
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL