serviceuser

package
v0.8.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultKeyType = "sv_rsa"
)

Variables

View Source
var (
	ErrNotExist     = errors.New("service user doesn't exist")
	ErrCredNotExist = errors.New("service user credential doesn't exist")
	ErrInvalidCred  = errors.New("service user credential is invalid")
	ErrInvalidID    = errors.New("service user id is invalid")
	ErrInvalidKeyID = errors.New("service user key is invalid")
	ErrConflict     = errors.New("service user already exist")
	ErrEmptyKey     = errors.New("empty key")
	ErrDisabled     = errors.New("service user is disabled")
)

Functions

This section is empty.

Types

type Credential

type Credential struct {
	// ID is the unique identifier of the credential.
	// This is also used as kid in JWT, the spec doesn't
	// state how the kid should be generated as anyway this token
	// is owned by frontier, and we are in control of key generation
	// any arbitrary string can be used as kid as long as its unique
	ID            string
	ServiceUserID string

	// SecretHash used for basic auth
	SecretHash []byte

	// PublicKey used for JWT verification using RSA
	PublicKey jwk.Set
	// PrivateKey used for JWT signing using RSA, this is not stored and
	// only generated and returned when creating a new credential
	PrivateKey []byte

	Title     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type CredentialRepository

type CredentialRepository interface {
	List(ctx context.Context, flt Filter) ([]Credential, error)
	Create(ctx context.Context, credential Credential) (Credential, error)
	Get(ctx context.Context, id string) (Credential, error)
	Delete(ctx context.Context, id string) error
}

type Filter

type Filter struct {
	ServiceUserID  string
	ServiceUserIDs []string

	OrgID    string
	IsKey    bool
	IsSecret bool
	State    State
}

type RelationService

type RelationService interface {
	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
	Delete(ctx context.Context, rel relation.Relation) error
	LookupSubjects(ctx context.Context, rel relation.Relation) ([]string, error)
	CheckPermission(ctx context.Context, rel relation.Relation) (bool, error)
}

type Repository

type Repository interface {
	List(ctx context.Context, flt Filter) ([]ServiceUser, error)
	Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
	GetByID(ctx context.Context, id string) (ServiceUser, error)
	GetByIDs(ctx context.Context, id []string) ([]ServiceUser, error)
	Delete(ctx context.Context, id string) error
}

type Secret

type Secret struct {
	ID        string
	Value     []byte
	CreatedAt time.Time
}

type Service

type Service struct {
	// contains filtered or unexported fields
}

func NewService

func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service

func (Service) Create

func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)

func (Service) CreateKey

func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)

CreateKey creates a key pair for the service user

func (Service) CreateSecret

func (s Service) CreateSecret(ctx context.Context, credential Credential) (Secret, error)

CreateSecret creates a secret for the service user

func (Service) Delete

func (s Service) Delete(ctx context.Context, id string) error

func (Service) DeleteKey

func (s Service) DeleteKey(ctx context.Context, credID string) error

func (Service) DeleteSecret

func (s Service) DeleteSecret(ctx context.Context, credID string) error

func (Service) Get

func (s Service) Get(ctx context.Context, id string) (ServiceUser, error)

func (Service) GetByIDs added in v0.7.5

func (s Service) GetByIDs(ctx context.Context, ids []string) ([]ServiceUser, error)

func (Service) GetBySecret

func (s Service) GetBySecret(ctx context.Context, credID string, credSecret string) (ServiceUser, error)

GetBySecret matches the secret with the secret hash stored in the database of the service user and if the secret matches, returns the service user

func (Service) GetByToken

func (s Service) GetByToken(ctx context.Context, token string) (ServiceUser, error)

GetByToken returns the service user by verifying the token

func (Service) GetKey

func (s Service) GetKey(ctx context.Context, credID string) (Credential, error)

func (Service) IsSudo added in v0.8.0

func (s Service) IsSudo(ctx context.Context, id string, permissionName string) (bool, error)

IsSudo checks platform permissions. Platform permissions are: - superuser - check

func (Service) List

func (s Service) List(ctx context.Context, flt Filter) ([]ServiceUser, error)

func (Service) ListByOrg

func (s Service) ListByOrg(ctx context.Context, orgID string) ([]ServiceUser, error)

func (Service) ListKeys

func (s Service) ListKeys(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) ListSecret

func (s Service) ListSecret(ctx context.Context, serviceUserID string) ([]Credential, error)

func (Service) Sudo added in v0.8.0

func (s Service) Sudo(ctx context.Context, id string, relationName string) error

Sudo add platform permissions to user

type ServiceUser

type ServiceUser struct {
	ID        string
	OrgID     string
	Title     string
	State     string
	Metadata  metadata.Metadata
	CreatedAt time.Time
	UpdatedAt time.Time
}

type State

type State string
const (
	Enabled  State = "enabled"
	Disabled State = "disabled"
)

func (State) String

func (s State) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL