Documentation ¶
Index ¶
- Constants
- Variables
- func AddAdminUser(authService Service, user *model.SuperuserConfiguration) (*model.Credential, error)
- func ArnMatch(src, dst string) bool
- func Base64StringGenerator(bytes int) string
- func CreateInitialAdminUser(authService Service, metadataManger MetadataManager, username string) (*model.Credential, error)
- func CreateInitialAdminUserWithKeys(authService Service, metadataManger MetadataManager, username string, ...) (*model.Credential, error)
- func HexStringGenerator(bytes int) string
- func KeyGenerator(length int) string
- func ListPaged(db db.Database, retType reflect.Type, params *model.PaginationParams, ...) (*reflect.Value, *model.Paginator, error)
- func SetupAdminUser(authService Service, superuser *model.SuperuserConfiguration) (*model.Credential, error)
- func SetupBaseGroups(authService Service, ts time.Time) error
- type Arn
- type AuthorizationRequest
- type AuthorizationResponse
- type Cache
- type CredentialSetFn
- type DBAuthService
- func (s *DBAuthService) AddCredentials(username, accessKeyID, secretAccessKey string) (*model.Credential, error)
- func (s *DBAuthService) AddUserToGroup(username, groupDisplayName string) error
- func (s *DBAuthService) AttachPolicyToGroup(policyDisplayName, groupDisplayName string) error
- func (s *DBAuthService) AttachPolicyToUser(policyDisplayName, username string) error
- func (s *DBAuthService) Authorize(req *AuthorizationRequest) (*AuthorizationResponse, error)
- func (s *DBAuthService) CreateCredentials(username string) (*model.Credential, error)
- func (s *DBAuthService) CreateGroup(group *model.Group) error
- func (s *DBAuthService) CreateUser(user *model.User) error
- func (s *DBAuthService) DB() db.Database
- func (s *DBAuthService) DeleteCredentials(username, accessKeyID string) error
- func (s *DBAuthService) DeleteGroup(groupDisplayName string) error
- func (s *DBAuthService) DeletePolicy(policyDisplayName string) error
- func (s *DBAuthService) DeleteUser(username string) error
- func (s *DBAuthService) DetachPolicyFromGroup(policyDisplayName, groupDisplayName string) error
- func (s *DBAuthService) DetachPolicyFromUser(policyDisplayName, username string) error
- func (s *DBAuthService) GetCredentials(accessKeyID string) (*model.Credential, error)
- func (s *DBAuthService) GetCredentialsForUser(username, accessKeyID string) (*model.Credential, error)
- func (s *DBAuthService) GetGroup(groupDisplayName string) (*model.Group, error)
- func (s *DBAuthService) GetPolicy(policyDisplayName string) (*model.Policy, error)
- func (s *DBAuthService) GetUser(username string) (*model.User, error)
- func (s *DBAuthService) GetUserByID(userID int) (*model.User, error)
- func (s *DBAuthService) ListEffectivePolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
- func (s *DBAuthService) ListGroupPolicies(groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
- func (s *DBAuthService) ListGroupUsers(groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)
- func (s *DBAuthService) ListGroups(params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
- func (s *DBAuthService) ListPolicies(params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
- func (s *DBAuthService) ListUserCredentials(username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)
- func (s *DBAuthService) ListUserGroups(username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
- func (s *DBAuthService) ListUserPolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
- func (s *DBAuthService) ListUsers(params *model.PaginationParams) ([]*model.User, *model.Paginator, error)
- func (s *DBAuthService) RemoveUserFromGroup(username, groupDisplayName string) error
- func (s *DBAuthService) SecretStore() crypt.SecretStore
- func (s *DBAuthService) WritePolicy(policy *model.Policy) error
- type DBMetadataManager
- type DummyCache
- func (d *DummyCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
- func (d *DummyCache) GetUser(username string, setFn UserSetFn) (*model.User, error)
- func (d *DummyCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)
- func (d *DummyCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
- type LRUCache
- func (c *LRUCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
- func (c *LRUCache) GetUser(username string, setFn UserSetFn) (*model.User, error)
- func (c *LRUCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)
- func (c *LRUCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
- type MetadataManager
- type Service
- type UserPoliciesSetFn
- type UserSetFn
Constants ¶
View Source
const ( InstallationIDKeyName = "installation_id" SetupTimestampKeyName = "setup_timestamp" )
View Source
const AkiaAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" // Amazon AKIA alphabet is weird.
Variables ¶
View Source
var ( ErrInvalidArn = errors.New("invalid ARN") ErrInsufficientPermissions = errors.New("insufficient permissions") )
Functions ¶
func AddAdminUser ¶ added in v0.15.0
func AddAdminUser(authService Service, user *model.SuperuserConfiguration) (*model.Credential, error)
func Base64StringGenerator ¶
func CreateInitialAdminUser ¶ added in v0.16.1
func CreateInitialAdminUser(authService Service, metadataManger MetadataManager, username string) (*model.Credential, error)
func CreateInitialAdminUserWithKeys ¶ added in v0.17.0
func CreateInitialAdminUserWithKeys(authService Service, metadataManger MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error)
func HexStringGenerator ¶
func KeyGenerator ¶
func SetupAdminUser ¶
func SetupAdminUser(authService Service, superuser *model.SuperuserConfiguration) (*model.Credential, error)
Types ¶
type Arn ¶
type AuthorizationRequest ¶
type AuthorizationRequest struct { Username string RequiredPermissions []permissions.Permission }
type AuthorizationResponse ¶
type Cache ¶
type Cache interface { GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error) GetUser(username string, setFn UserSetFn) (*model.User, error) GetUserByID(userID int, setFn UserSetFn) (*model.User, error) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error) }
type CredentialSetFn ¶
type CredentialSetFn func() (*model.Credential, error)
type DBAuthService ¶
type DBAuthService struct {
// contains filtered or unexported fields
}
func NewDBAuthService ¶
func NewDBAuthService(db db.Database, secretStore crypt.SecretStore, cacheConf params.ServiceCache) *DBAuthService
func (*DBAuthService) AddCredentials ¶ added in v0.17.0
func (s *DBAuthService) AddCredentials(username, accessKeyID, secretAccessKey string) (*model.Credential, error)
func (*DBAuthService) AddUserToGroup ¶
func (s *DBAuthService) AddUserToGroup(username, groupDisplayName string) error
func (*DBAuthService) AttachPolicyToGroup ¶
func (s *DBAuthService) AttachPolicyToGroup(policyDisplayName, groupDisplayName string) error
func (*DBAuthService) AttachPolicyToUser ¶
func (s *DBAuthService) AttachPolicyToUser(policyDisplayName, username string) error
func (*DBAuthService) Authorize ¶
func (s *DBAuthService) Authorize(req *AuthorizationRequest) (*AuthorizationResponse, error)
func (*DBAuthService) CreateCredentials ¶
func (s *DBAuthService) CreateCredentials(username string) (*model.Credential, error)
func (*DBAuthService) CreateGroup ¶
func (s *DBAuthService) CreateGroup(group *model.Group) error
func (*DBAuthService) CreateUser ¶
func (s *DBAuthService) CreateUser(user *model.User) error
func (*DBAuthService) DB ¶
func (s *DBAuthService) DB() db.Database
func (*DBAuthService) DeleteCredentials ¶
func (s *DBAuthService) DeleteCredentials(username, accessKeyID string) error
func (*DBAuthService) DeleteGroup ¶
func (s *DBAuthService) DeleteGroup(groupDisplayName string) error
func (*DBAuthService) DeletePolicy ¶
func (s *DBAuthService) DeletePolicy(policyDisplayName string) error
func (*DBAuthService) DeleteUser ¶
func (s *DBAuthService) DeleteUser(username string) error
func (*DBAuthService) DetachPolicyFromGroup ¶
func (s *DBAuthService) DetachPolicyFromGroup(policyDisplayName, groupDisplayName string) error
func (*DBAuthService) DetachPolicyFromUser ¶
func (s *DBAuthService) DetachPolicyFromUser(policyDisplayName, username string) error
func (*DBAuthService) GetCredentials ¶
func (s *DBAuthService) GetCredentials(accessKeyID string) (*model.Credential, error)
func (*DBAuthService) GetCredentialsForUser ¶
func (s *DBAuthService) GetCredentialsForUser(username, accessKeyID string) (*model.Credential, error)
func (*DBAuthService) GetGroup ¶
func (s *DBAuthService) GetGroup(groupDisplayName string) (*model.Group, error)
func (*DBAuthService) GetPolicy ¶
func (s *DBAuthService) GetPolicy(policyDisplayName string) (*model.Policy, error)
func (*DBAuthService) GetUser ¶
func (s *DBAuthService) GetUser(username string) (*model.User, error)
func (*DBAuthService) GetUserByID ¶
func (s *DBAuthService) GetUserByID(userID int) (*model.User, error)
func (*DBAuthService) ListEffectivePolicies ¶
func (s *DBAuthService) ListEffectivePolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
func (*DBAuthService) ListGroupPolicies ¶
func (s *DBAuthService) ListGroupPolicies(groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
func (*DBAuthService) ListGroupUsers ¶
func (s *DBAuthService) ListGroupUsers(groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)
func (*DBAuthService) ListGroups ¶
func (s *DBAuthService) ListGroups(params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
func (*DBAuthService) ListPolicies ¶
func (s *DBAuthService) ListPolicies(params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
func (*DBAuthService) ListUserCredentials ¶
func (s *DBAuthService) ListUserCredentials(username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)
func (*DBAuthService) ListUserGroups ¶
func (s *DBAuthService) ListUserGroups(username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
func (*DBAuthService) ListUserPolicies ¶
func (s *DBAuthService) ListUserPolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
func (*DBAuthService) ListUsers ¶
func (s *DBAuthService) ListUsers(params *model.PaginationParams) ([]*model.User, *model.Paginator, error)
func (*DBAuthService) RemoveUserFromGroup ¶
func (s *DBAuthService) RemoveUserFromGroup(username, groupDisplayName string) error
func (*DBAuthService) SecretStore ¶
func (s *DBAuthService) SecretStore() crypt.SecretStore
func (*DBAuthService) WritePolicy ¶
func (s *DBAuthService) WritePolicy(policy *model.Policy) error
type DBMetadataManager ¶
type DBMetadataManager struct {
// contains filtered or unexported fields
}
func NewDBMetadataManager ¶
func NewDBMetadataManager(version string, database db.Database) *DBMetadataManager
func (*DBMetadataManager) SetupTimestamp ¶ added in v0.9.0
func (d *DBMetadataManager) SetupTimestamp() (time.Time, error)
func (*DBMetadataManager) UpdateSetupTimestamp ¶ added in v0.9.0
func (d *DBMetadataManager) UpdateSetupTimestamp(ts time.Time) error
type DummyCache ¶
type DummyCache struct { }
func (*DummyCache) GetCredential ¶
func (d *DummyCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
func (*DummyCache) GetUserByID ¶
func (*DummyCache) GetUserPolicies ¶
func (d *DummyCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
type LRUCache ¶
type LRUCache struct {
// contains filtered or unexported fields
}
func (*LRUCache) GetCredential ¶
func (c *LRUCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
func (*LRUCache) GetUserByID ¶
func (*LRUCache) GetUserPolicies ¶
type MetadataManager ¶
type Service ¶
type Service interface { SecretStore() crypt.SecretStore // users CreateUser(user *model.User) error DeleteUser(username string) error GetUserByID(userID int) (*model.User, error) GetUser(username string) (*model.User, error) ListUsers(params *model.PaginationParams) ([]*model.User, *model.Paginator, error) // groups CreateGroup(group *model.Group) error DeleteGroup(groupDisplayName string) error GetGroup(groupDisplayName string) (*model.Group, error) ListGroups(params *model.PaginationParams) ([]*model.Group, *model.Paginator, error) // group<->user memberships AddUserToGroup(username, groupDisplayName string) error RemoveUserFromGroup(username, groupDisplayName string) error ListUserGroups(username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error) ListGroupUsers(groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error) // policies WritePolicy(policy *model.Policy) error GetPolicy(policyDisplayName string) (*model.Policy, error) DeletePolicy(policyDisplayName string) error ListPolicies(params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error) // credentials CreateCredentials(username string) (*model.Credential, error) AddCredentials(username, accessKeyID, secretAccessKey string) (*model.Credential, error) DeleteCredentials(username, accessKeyID string) error GetCredentialsForUser(username, accessKeyID string) (*model.Credential, error) GetCredentials(accessKeyID string) (*model.Credential, error) ListUserCredentials(username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error) // policy<->user attachments AttachPolicyToUser(policyDisplayName, username string) error DetachPolicyFromUser(policyDisplayName, username string) error ListUserPolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error) ListEffectivePolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error) // policy<->group attachments AttachPolicyToGroup(policyDisplayName, groupDisplayName string) error DetachPolicyFromGroup(policyDisplayName, groupDisplayName string) error ListGroupPolicies(groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error) // authorize user for an action Authorize(req *AuthorizationRequest) (*AuthorizationResponse, error) }
type UserPoliciesSetFn ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.