Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultReceiveSettings = pubsub.DefaultReceiveSettings
Functions ¶
func NewSubscriber ¶
func NewSubscriber(logger log.Logger, opts SubscriberOptions) (background.Routine, error)
NewSubscriber creates a new background routine for receiving SAMS notifications from given GCP project ID and Pub/Sub subscription ID.
Users should prefer to use the top-level 'sams.NewNotificationsV1Subscriber' constructor instead.
Types ¶
type ReceiveSettings ¶
type ReceiveSettings = pubsub.ReceiveSettings
type SessionInvalidatedData ¶
type SessionInvalidatedData struct {
// AccountID is the SAMS external ID of the user whose session has been
// invalidated.
AccountID string `json:"account_id"`
// SessionID is the ID of the invalidated session.
SessionID string `json:"session_id"`
}
SessionInvalidatedData contains information of a "SessionInvalidated" notification.
type SubscriberHandlers ¶
type SubscriberHandlers struct {
// OnUserDeleted is called when a "UserDeleted" notification is received.
//
// It indicates that a user has been permanently deleted from SAMS and the
// handler MUST delete any user-related PII from the system and/or integrated
// vendor systems to stay in compliance. In the event of an error, the handler
// MUST make sure the error is surfaced (by either returning or logging the
// error) to be retried or to a human operator.
OnUserDeleted func(ctx context.Context, data *UserDeletedData) error
// OnUserRolesUpdated is called when a "UserRolesUpdated" notification is
// received.
//
// It indicates that a user's roles have been updated for a particular service.
// The notification data does not specify whether roles have been granted or
// revoked. If the service's roles are relevant to the subscriber the user's
// current roles can be retrieved from the SAMS API.
OnUserRolesUpdated func(ctx context.Context, data *UserRolesUpdatedData) error
// OnUserMetadataUpdated is called when a "UserMetadataUpdated" notification
// is received.
//
// It indicates that a user's metadata has been updated for a particular namespace.
// The notification data does not specify the updated metadata - the current
// metadata must be retrieved from the SAMS API.
OnUserMetadataUpdated func(ctx context.Context, data *UserMetadataUpdatedData) error
// OnSessionInvalidated is called when a "SessionInvalidated" notification is
// received.
//
// It indicates that a user's session has been invalidated and the handler
// SHOULD take appropriate action to log the user out of the system.
OnSessionInvalidated func(ctx context.Context, data *SessionInvalidatedData) error
}
SubscriberHandlers is a collection of subscription handlers for each type of SAMS notifications. If the handler of a notification is nil, the notification will be acknowledged automatically without any processing.
If a handler returns an error, the notification will be unacknowledged and retried later.
type SubscriberOptions ¶
type SubscriberOptions struct {
// ProjectID is the GCP project ID that the Pub/Sub subscription belongs to. It
// is almost always the same GCP project that the Cloud Run service is deployed
// to.
ProjectID string
// SubscriptionID is the GCP Pub/Sub subscription ID to receive SAMS
// notifications from.
SubscriptionID string
// ReceiveSettings is the settings for receiving messages of the subscription. A
// zero value means to use the default settings.
ReceiveSettings ReceiveSettings
// Handlers is the collection of subscription handlers for each type of SAMS
// notifications.
Handlers SubscriberHandlers
// Credentials is the account credentials to be used for the GCP Pub/Sub client.
// Default credentials will be used when not set.
Credentials *google.Credentials
}
func (SubscriberOptions) Validate ¶
func (opts SubscriberOptions) Validate() error
type UserDeletedData ¶
type UserDeletedData struct {
// AccountID is the SAMS external ID of the deleted user.
AccountID string `json:"account_id"`
// Email is the email address of the deleted user.
Email string `json:"email"`
}
UserDeletedData contains information of a "UserDeleted" notification.
type UserMetadataUpdatedData ¶
type UserRolesUpdatedData ¶
type UserRolesUpdatedData struct {
// AccountID is the SAMS external ID of the user whose roles have been updated.
AccountID string `json:"account_id"`
// Service is the service that the user's roles have been updated in.
Service services.Service `json:"service"`
// RoleID is the role that has been updated.
RoleID roles.Role `json:"role"`
// ResourceID is the ID of the resource the role has been updated on,
// if applicable. When ResourceID is empty, the role is a service-level
// role that does not apply to a specific resource.
ResourceID string `json:"resource_id,omitempty"`
// ResourceType is the type of the resource the role has been updated on,
// if applicable. When ResourceType is empty, the role is a service-level
// role that does not apply to a specific resource.
ResourceType roles.ResourceType `json:"resource_type,omitempty"`
}
UserRolesUpdatedData contains information of a "UserRolesUpdated" notification. When a user's roles have been updated it is neccessary to query SAMS to get the updated roles to determine if it was granted/revoked.
For more details see: https://sourcegraph.notion.site/SAMS-Roles-Resources-13ca8e11265880f9a573cac77070ca0c
Source Files
Click to show internal directories.
Click to hide internal directories.