serviceuser

package
v0.8.27 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultKeyType = "sv_rsa"
)

Variables

View Source 
var (
	ErrNotExist     = errors.New("service user doesn't exist")
	ErrCredNotExist = errors.New("service user credential doesn't exist")
	ErrInvalidCred  = errors.New("service user credential is invalid")
	ErrInvalidID    = errors.New("service user id is invalid")
	ErrInvalidKeyID = errors.New("service user key is invalid")
	ErrConflict     = errors.New("service user already exist")
	ErrEmptyKey     = errors.New("empty key")
	ErrDisabled     = errors.New("service user is disabled")
)

Functions

This section is empty.

Types

type Credential 

type Credential struct {
	// ID is the unique identifier of the credential.
	// This is also used as kid in JWT, the spec doesn't
	// state how the kid should be generated as anyway this token
	// is owned by frontier, and we are in control of key generation
	// any arbitrary string can be used as kid as long as its unique
	ID            string
	ServiceUserID string

	// SecretHash used for basic auth
	SecretHash []byte

	// PublicKey used for JWT verification using RSA
	PublicKey jwk.Set
	// PrivateKey used for JWT signing using RSA, this is not stored and
	// only generated and returned when creating a new credential
	PrivateKey []byte

	Title     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type CredentialRepository 

type CredentialRepository interface {
	List(ctx context.Context, flt Filter) ([]Credential, error)
	Create(ctx context.Context, credential Credential) (Credential, error)
	Get(ctx context.Context, id string) (Credential, error)
	Delete(ctx context.Context, id string) error
}

type Filter 

type Filter struct {
	ServiceUserID  string
	ServiceUserIDs []string

	OrgID    string
	IsKey    bool
	IsSecret bool
	State    State
}

type RelationService 

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
	LookupSubjects(ctx context.Context, rel relation.Relation) ([]string, error)
	CheckPermission(ctx context.Context, rel relation.Relation) (bool, error)
}

type Repository 

type Repository interface {
	List(ctx context.Context, flt Filter) ([]ServiceUser, error)
	Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
	GetByID(ctx context.Context, id string) (ServiceUser, error)
	GetByIDs(ctx context.Context, id []string) ([]ServiceUser, error)
	Delete(ctx context.Context, id string) error
}

type Secret 

type Secret struct {
	ID        string
	Value     []byte
	CreatedAt time.Time
}

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service

func (Service) Create 

func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)

func (Service) CreateKey 

func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)

CreateKey creates a key pair for the service user

func (Service) CreateSecret 

func (s Service) CreateSecret(ctx context.Context, credential Credential) (Secret, error)

CreateSecret creates a secret for the service user

func (Service) Delete 

func (s Service) Delete(ctx context.Context, id string) error

func (Service) DeleteKey 

func (s Service) DeleteKey(ctx context.Context, credID string) error

func (Service) DeleteSecret 

func (s Service) DeleteSecret(ctx context.Context, credID string) error

func (Service) Get 

func (s Service) Get(ctx context.Context, id string) (ServiceUser, error)

func (Service) GetByIDs added in v0.7.5 

func (s Service) GetByIDs(ctx context.Context, ids []string) ([]ServiceUser, error)

func (Service) GetBySecret 

func (s Service) GetBySecret(ctx context.Context, credID string, credSecret string) (ServiceUser, error)

GetBySecret matches the secret with the secret hash stored in the database of the service user and if the secret matches, returns the service user

func (Service) GetByToken 

func (s Service) GetByToken(ctx context.Context, token string) (ServiceUser, error)

GetByToken returns the service user by verifying the token

func (Service) GetKey 

func (s Service) GetKey(ctx context.Context, credID string) (Credential, error)

func (Service) IsSudo added in v0.8.0 

func (s Service) IsSudo(ctx context.Context, id string, permissionName string) (bool, error)

IsSudo checks platform permissions. Platform permissions are: - superuser - check

func (Service) List 

func (s Service) List(ctx context.Context, flt Filter) ([]ServiceUser, error)

func (Service) ListByOrg 

func (s Service) ListByOrg(ctx context.Context, orgID string) ([]ServiceUser, error)

func (Service) ListKeys 

func (s Service) ListKeys(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListSecret 

func (s Service) ListSecret(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) Sudo added in v0.8.0 

func (s Service) Sudo(ctx context.Context, id string, relationName string) error

Sudo add platform permissions to user

type ServiceUser 

type ServiceUser struct {
	ID        string
	OrgID     string
	Title     string
	State     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type State 

type State string
const (
	Enabled  State = "enabled"
	Disabled State = "disabled"
)

func (State) String 

func (s State) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.