Documentation ¶
Index ¶
- Constants
- Variables
- type Credential
- type CredentialRepository
- type CredentialType
- type Filter
- type RelationService
- type Repository
- type Secret
- type Service
- func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
- func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)
- func (s Service) CreateSecret(ctx context.Context, credential Credential) (Secret, error)
- func (s Service) CreateToken(ctx context.Context, credential Credential) (Token, error)
- func (s Service) Delete(ctx context.Context, id string) error
- func (s Service) DeleteKey(ctx context.Context, credID string) error
- func (s Service) DeleteSecret(ctx context.Context, credID string) error
- func (s Service) DeleteToken(ctx context.Context, credID string) error
- func (s Service) Get(ctx context.Context, id string) (ServiceUser, error)
- func (s Service) GetByIDs(ctx context.Context, ids []string) ([]ServiceUser, error)
- func (s Service) GetByJWT(ctx context.Context, token string) (ServiceUser, error)
- func (s Service) GetBySecret(ctx context.Context, credID string, reqSecret string) (ServiceUser, error)
- func (s Service) GetKey(ctx context.Context, credID string) (Credential, error)
- func (s Service) IsSudo(ctx context.Context, id string, permissionName string) (bool, error)
- func (s Service) List(ctx context.Context, flt Filter) ([]ServiceUser, error)
- func (s Service) ListByOrg(ctx context.Context, orgID string) ([]ServiceUser, error)
- func (s Service) ListKeys(ctx context.Context, serviceUserID string) ([]Credential, error)
- func (s Service) ListSecret(ctx context.Context, serviceUserID string) ([]Credential, error)
- func (s Service) ListToken(ctx context.Context, serviceUserID string) ([]Credential, error)
- func (s Service) Sudo(ctx context.Context, id string, relationName string) error
- type ServiceUser
- type State
- type Token
Constants ¶
View Source
const (
DefaultKeyType = "sv_rsa"
)
Variables ¶
View Source
var ( ErrNotExist = errors.New("service user doesn't exist") ErrCredNotExist = errors.New("service user credential doesn't exist") ErrInvalidCred = errors.New("service user credential is invalid") ErrInvalidID = errors.New("service user id is invalid") ErrInvalidKeyID = errors.New("service user key is invalid") ErrConflict = errors.New("service user already exist") ErrEmptyKey = errors.New("empty key") ErrDisabled = errors.New("service user is disabled") )
Functions ¶
This section is empty.
Types ¶
type Credential ¶
type Credential struct { // ID is the unique identifier of the credential. // This is also used as kid in JWT, the spec doesn't // state how the kid should be generated as anyway this token // is owned by frontier, and we are in control of key generation // any arbitrary string can be used as kid as long as its unique ID string ServiceUserID string Type CredentialType // SecretHash used for basic auth SecretHash string // PublicKey used for JWT verification using RSA PublicKey jwk.Set // PrivateKey used for JWT signing using RSA, this is not stored and // only generated and returned when creating a new credential PrivateKey []byte Title string Metadata metadata.Metadata CreatedAt time.Time UpdatedAt time.Time }
type CredentialRepository ¶
type CredentialRepository interface { List(ctx context.Context, flt Filter) ([]Credential, error) Create(ctx context.Context, credential Credential) (Credential, error) Get(ctx context.Context, id string) (Credential, error) Delete(ctx context.Context, id string) error }
type CredentialType ¶ added in v0.9.1
type CredentialType string
const ( ClientSecretCredentialType CredentialType = "client_credential" JWTCredentialType CredentialType = "jwt_bearer" OpaqueTokenCredentialType CredentialType = "opaque_token" )
func (CredentialType) String ¶ added in v0.9.1
func (c CredentialType) String() string
type RelationService ¶
type RelationService interface { Create(ctx context.Context, rel relation.Relation) (relation.Relation, error) Delete(ctx context.Context, rel relation.Relation) error LookupSubjects(ctx context.Context, rel relation.Relation) ([]string, error) CheckPermission(ctx context.Context, rel relation.Relation) (bool, error) }
type Repository ¶
type Repository interface { List(ctx context.Context, flt Filter) ([]ServiceUser, error) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error) GetByID(ctx context.Context, id string) (ServiceUser, error) GetByIDs(ctx context.Context, id []string) ([]ServiceUser, error) Delete(ctx context.Context, id string) error }
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(repo Repository, credRepo CredentialRepository, relService RelationService) *Service
func (Service) Create ¶
func (s Service) Create(ctx context.Context, serviceUser ServiceUser) (ServiceUser, error)
func (Service) CreateKey ¶
func (s Service) CreateKey(ctx context.Context, credential Credential) (Credential, error)
CreateKey creates a key pair for the service user
func (Service) CreateSecret ¶
CreateSecret creates a secret for the service user
func (Service) CreateToken ¶ added in v0.9.1
CreateToken creates an opaque token for the service user
func (Service) DeleteSecret ¶
func (Service) DeleteToken ¶ added in v0.9.1
func (Service) GetBySecret ¶
func (s Service) GetBySecret(ctx context.Context, credID string, reqSecret string) (ServiceUser, error)
GetBySecret matches the secret with the secret hash stored in the database of the service user and if the secret matches, returns the service user
func (Service) IsSudo ¶ added in v0.8.0
IsSudo checks platform permissions. Platform permissions are: - superuser - check
func (Service) ListSecret ¶
type ServiceUser ¶
type ServiceUser struct { ID string OrgID string Title string State string Metadata metadata.Metadata // CreatedByUser is a transient field that is used to track the user who created this service user // this doesn't have any impact on the service user itself CreatedByUser string CreatedAt time.Time UpdatedAt time.Time }
Click to show internal directories.
Click to hide internal directories.