Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // AllPermissions hold all defined permissions. AllPermissions = ReadPerm | WritePerm // DefaultPermissions are the permissions granted to a user if not defined. DefaultPermissions = ReadPerm // PermissionNames is used to translate from human to machine // representations. PermissionNames = map[string]Permission{ "read": ReadPerm, "write": WritePerm, } // ErrNotAuthorized is returned when the user is not allowed to use a // permission. ErrNotAuthorized = errors.NewKind("not authorized") // ErrNoPermission is returned when the user lacks needed permissions. ErrNoPermission = errors.NewKind("user does not have permission: %s") )
var ( // ErrParseUserFile is given when user file is malformed. ErrParseUserFile = errors.NewKind("error parsing user file") // ErrUnknownPermission happens when a user permission is not defined. ErrUnknownPermission = errors.NewKind("unknown permission, %s") // ErrDuplicateUser happens when a user appears more than once. ErrDuplicateUser = errors.NewKind("duplicate user, %s") )
Functions ¶
func NativePassword ¶
NativePassword generates a mysql_native_password string.
Types ¶
type Audit ¶
type Audit struct {
// contains filtered or unexported fields
}
Audit is an Auth method proxy that sends audit trails to the specified AuditMethod.
type AuditLog ¶
type AuditLog struct {
// contains filtered or unexported fields
}
AuditLog logs audit trails to a logrus.Logger.
func (*AuditLog) Authentication ¶
Authentication implements AuditMethod interface.
func (*AuditLog) Authorization ¶
func (a *AuditLog) Authorization(ctx *sql.Context, p Permission, err error)
Authorization implements AuditMethod interface.
type AuditMethod ¶
type AuditMethod interface {
// Authentication logs an authentication event.
Authentication(user, address string, err error)
// Authorization logs an authorization event.
Authorization(ctx *sql.Context, p Permission, err error)
// Query logs a query execution.
Query(ctx *sql.Context, d time.Duration, err error)
}
AuditMethod is called to log the audit trail of actions.
func NewAuditLog ¶
func NewAuditLog(l *logrus.Logger) AuditMethod
NewAuditLog creates a new AuditMethod that logs to a logrus.Logger.
type Auth ¶
type Auth interface {
// Mysql returns a configured authentication method used by server.Server.
Mysql() mysql.AuthServer
// Allowed checks user's permissions with needed permission. If the user
// does not have enough permissions it returns ErrNotAuthorized.
// Otherwise is an error using the authentication method.
Allowed(ctx *sql.Context, permission Permission) error
}
Auth interface provides mysql authentication methods and permission checking for users.
func NewAudit ¶
func NewAudit(auth Auth, method AuditMethod) Auth
NewAudit creates a wrapped Auth that sends audit trails to the specified method.
type MysqlAudit ¶
type MysqlAudit struct {
mysql.AuthServer
// contains filtered or unexported fields
}
MysqlAudit wraps mysql.AuthServer to emit audit trails.
type Native ¶
type Native struct {
// contains filtered or unexported fields
}
Native holds mysql_native_password users.
func NewNativeFile ¶
NewNativeFile creates a NativeAuth and loads users from a JSON file.
func NewNativeSingle ¶
func NewNativeSingle(name, password string, perm Permission) *Native
NewNativeSingle creates a NativeAuth with a single user with given permissions.
type None ¶
type None struct{}
None is an Auth method that always succeeds.
type Permission ¶
type Permission int
Permission holds permissions required by a query or grated to a user.
const ( // ReadPerm means that it reads. ReadPerm Permission = 1 << iota // WritePerm means that it writes. WritePerm )
func (Permission) String ¶
func (p Permission) String() string
String returns all the permissions set to on.
Source Files