auth

package

v0.11.2 Latest Latest Go to latest Published: Jun 22, 2020 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/square/etre

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides team-based authentication and authorization.

Index ¶

Constants
Variables
type ACL
type Action
type AllowAll
- func NewAllowAll() AllowAll
- func (a AllowAll) Authenticate(*http.Request) (Caller, error)
- func (a AllowAll) Authorize(Caller, Action) error
type Caller
type Error
- func (e Error) Error() string
type Manager
- func NewManager(acls []ACL, plugin Plugin) Manager
- func (m Manager) Authenticate(req *http.Request) (Caller, error)
- func (m Manager) Authorize(caller Caller, a Action) error
type Plugin

Constants ¶

View Source

const (
	OP_READ  = "r"
	OP_WRITE = "w"
)

Variables ¶

View Source

var (
	DefaultCallerName  = ""
	DefaultMetricGroup = "etre"
)

Functions ¶

This section is empty.

Types ¶

type ACL ¶

type ACL struct {
	// User-defined role. This must exactly match a Caller role for the ACL
	// to match.
	Role string

	// Role grants admin access to request. The Authorize plugin method is not
	// called. Authorization is always successful.
	Admin bool

	// Read entity types granted to the role. Does not apply to admin roles.
	Read []string

	// Write entity types granted to the role. Does not apply to admin roles.
	Write []string

	// Trace keys required to be set. Applies to admin roles.
	TraceKeysRequired []string
}

type Action ¶

type Action struct {
	EntityType string
	Op         string
}

Action is what a Caller is trying to do. The Authorize method of the auth plugin authorizes the action if, first, the caller has a role matching an ACL.

type AllowAll ¶

type AllowAll struct{}

AllowAll is the default Plugin which allows all callers and requests (no auth).

func NewAllowAll ¶

func NewAllowAll() AllowAll

func (AllowAll) Authenticate ¶

func (a AllowAll) Authenticate(*http.Request) (Caller, error)

func (AllowAll) Authorize ¶

func (a AllowAll) Authorize(Caller, Action) error

type Caller ¶

type Caller struct {
	Name         string            // name of the caller: username or app name
	Roles        []string          // caller roles to match against ACL roles
	MetricGroups []string          // metric groups to add metric values to
	Trace        map[string]string // key-value pairs to report in trace metrics
}

Caller represents a client making a request. The Authentication method of the auth plugin determines the caller.

type Error ¶ added in v0.9.2

type Error struct {
	Err        error
	Type       string
	HTTPStatus int // 401 (authenticate) or 403 (authorize)
}

func (Error) Error ¶ added in v0.9.2

func (e Error) Error() string

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager ¶

func NewManager(acls []ACL, plugin Plugin) Manager

func (Manager) Authenticate ¶

func (m Manager) Authenticate(req *http.Request) (Caller, error)

func (Manager) Authorize ¶

func (m Manager) Authorize(caller Caller, a Action) error

type Plugin ¶

type Plugin interface {
	// Authenticate determines the Caller from the HTTP request. To allow, return
	// a non-zero Caller and nil error. To deny, return an error and Etre will
	// return HTTP status 401 (Unauthorized).
	Authenticate(*http.Request) (Caller, error)

	// Authorize authorizes the caller to do the action. To allow, return nil.
	// To deny, return an error and Etre will return HTTP status 403 (Forbidden).
	Authorize(Caller, Action) error
}

Plugin is the auth plugin. Implement this interface to enable custom auth.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL