auth

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 8, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	InstallationIDKeyName = "installation_id"
	SetupTimestampKeyName = "setup_timestamp"
)
View Source
const AkiaAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" // Amazon AKIA alphabet is weird.

Variables

View Source
var (
	ErrInvalidArn              = errors.New("invalid ARN")
	ErrInsufficientPermissions = errors.New("insufficient permissions")
)

Functions

func AddAdminUser added in v0.15.0

func AddAdminUser(authService Service, user *model.SuperuserConfiguration) (*model.Credential, error)

func ArnMatch

func ArnMatch(src, dst string) bool

func Base64StringGenerator

func Base64StringGenerator(bytes int) string

func CreateInitialAdminUser added in v0.16.1

func CreateInitialAdminUser(authService Service, metadataManger MetadataManager, username string) (*model.Credential, error)

func CreateInitialAdminUserWithKeys added in v0.17.0

func CreateInitialAdminUserWithKeys(authService Service, metadataManger MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error)

func HexStringGenerator

func HexStringGenerator(bytes int) string

func KeyGenerator

func KeyGenerator(length int) string

func ListPaged added in v0.9.0

func ListPaged(db db.Database, retType reflect.Type, params *model.PaginationParams, tokenColumnName string, queryBuilder sq.SelectBuilder) (*reflect.Value, *model.Paginator, error)

func SetupAdminUser

func SetupAdminUser(authService Service, superuser *model.SuperuserConfiguration) (*model.Credential, error)

func SetupBaseGroups

func SetupBaseGroups(authService Service, ts time.Time) error

Types

type Arn

type Arn struct {
	Partition  string
	Service    string
	Region     string
	AccountID  string
	ResourceID string
}

func ParseARN

func ParseARN(arnString string) (*Arn, error)

type AuthorizationRequest

type AuthorizationRequest struct {
	Username            string
	RequiredPermissions []permissions.Permission
}

type AuthorizationResponse

type AuthorizationResponse struct {
	Allowed bool
	Error   error
}

type Cache

type Cache interface {
	GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
	GetUser(username string, setFn UserSetFn) (*model.User, error)
	GetUserByID(userID int, setFn UserSetFn) (*model.User, error)
	GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
}

type CredentialSetFn

type CredentialSetFn func() (*model.Credential, error)

type DBAuthService

type DBAuthService struct {
	// contains filtered or unexported fields
}

func NewDBAuthService

func NewDBAuthService(db db.Database, secretStore crypt.SecretStore, cacheConf params.ServiceCache) *DBAuthService

func (*DBAuthService) AddCredentials added in v0.17.0

func (s *DBAuthService) AddCredentials(username, accessKeyID, secretAccessKey string) (*model.Credential, error)

func (*DBAuthService) AddUserToGroup

func (s *DBAuthService) AddUserToGroup(username, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToGroup

func (s *DBAuthService) AttachPolicyToGroup(policyDisplayName, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToUser

func (s *DBAuthService) AttachPolicyToUser(policyDisplayName, username string) error

func (*DBAuthService) Authorize

func (*DBAuthService) CreateCredentials

func (s *DBAuthService) CreateCredentials(username string) (*model.Credential, error)

func (*DBAuthService) CreateGroup

func (s *DBAuthService) CreateGroup(group *model.Group) error

func (*DBAuthService) CreateUser

func (s *DBAuthService) CreateUser(user *model.User) error

func (*DBAuthService) DB

func (s *DBAuthService) DB() db.Database

func (*DBAuthService) DeleteCredentials

func (s *DBAuthService) DeleteCredentials(username, accessKeyID string) error

func (*DBAuthService) DeleteGroup

func (s *DBAuthService) DeleteGroup(groupDisplayName string) error

func (*DBAuthService) DeletePolicy

func (s *DBAuthService) DeletePolicy(policyDisplayName string) error

func (*DBAuthService) DeleteUser

func (s *DBAuthService) DeleteUser(username string) error

func (*DBAuthService) DetachPolicyFromGroup

func (s *DBAuthService) DetachPolicyFromGroup(policyDisplayName, groupDisplayName string) error

func (*DBAuthService) DetachPolicyFromUser

func (s *DBAuthService) DetachPolicyFromUser(policyDisplayName, username string) error

func (*DBAuthService) GetCredentials

func (s *DBAuthService) GetCredentials(accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetCredentialsForUser

func (s *DBAuthService) GetCredentialsForUser(username, accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetGroup

func (s *DBAuthService) GetGroup(groupDisplayName string) (*model.Group, error)

func (*DBAuthService) GetPolicy

func (s *DBAuthService) GetPolicy(policyDisplayName string) (*model.Policy, error)

func (*DBAuthService) GetUser

func (s *DBAuthService) GetUser(username string) (*model.User, error)

func (*DBAuthService) GetUserByID

func (s *DBAuthService) GetUserByID(userID int) (*model.User, error)

func (*DBAuthService) ListEffectivePolicies

func (s *DBAuthService) ListEffectivePolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupPolicies

func (s *DBAuthService) ListGroupPolicies(groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupUsers

func (s *DBAuthService) ListGroupUsers(groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) ListGroups

func (s *DBAuthService) ListGroups(params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListPolicies

func (s *DBAuthService) ListPolicies(params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUserCredentials

func (s *DBAuthService) ListUserCredentials(username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

func (*DBAuthService) ListUserGroups

func (s *DBAuthService) ListUserGroups(username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListUserPolicies

func (s *DBAuthService) ListUserPolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUsers

func (s *DBAuthService) ListUsers(params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) RemoveUserFromGroup

func (s *DBAuthService) RemoveUserFromGroup(username, groupDisplayName string) error

func (*DBAuthService) SecretStore

func (s *DBAuthService) SecretStore() crypt.SecretStore

func (*DBAuthService) WritePolicy

func (s *DBAuthService) WritePolicy(policy *model.Policy) error

type DBMetadataManager

type DBMetadataManager struct {
	// contains filtered or unexported fields
}

func NewDBMetadataManager

func NewDBMetadataManager(version string, database db.Database) *DBMetadataManager

func (*DBMetadataManager) SetupTimestamp added in v0.9.0

func (d *DBMetadataManager) SetupTimestamp() (time.Time, error)

func (*DBMetadataManager) UpdateSetupTimestamp added in v0.9.0

func (d *DBMetadataManager) UpdateSetupTimestamp(ts time.Time) error

func (*DBMetadataManager) Write

func (d *DBMetadataManager) Write() (map[string]string, error)

type DummyCache

type DummyCache struct {
}

func (*DummyCache) GetCredential

func (d *DummyCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*DummyCache) GetUser

func (d *DummyCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserByID

func (d *DummyCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserPolicies

func (d *DummyCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type LRUCache

type LRUCache struct {
	// contains filtered or unexported fields
}

func NewLRUCache

func NewLRUCache(size int, expiry, jitter time.Duration) *LRUCache

func (*LRUCache) GetCredential

func (c *LRUCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*LRUCache) GetUser

func (c *LRUCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserByID

func (c *LRUCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserPolicies

func (c *LRUCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type MetadataManager

type MetadataManager interface {
	SetupTimestamp() (time.Time, error)
	UpdateSetupTimestamp(time.Time) error
	Write() (map[string]string, error)
}

type Service

type Service interface {
	SecretStore() crypt.SecretStore

	// users
	CreateUser(user *model.User) error
	DeleteUser(username string) error
	GetUserByID(userID int) (*model.User, error)
	GetUser(username string) (*model.User, error)
	ListUsers(params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// groups
	CreateGroup(group *model.Group) error
	DeleteGroup(groupDisplayName string) error
	GetGroup(groupDisplayName string) (*model.Group, error)
	ListGroups(params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

	// group<->user memberships
	AddUserToGroup(username, groupDisplayName string) error
	RemoveUserFromGroup(username, groupDisplayName string) error
	ListUserGroups(username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
	ListGroupUsers(groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// policies
	WritePolicy(policy *model.Policy) error
	GetPolicy(policyDisplayName string) (*model.Policy, error)
	DeletePolicy(policyDisplayName string) error
	ListPolicies(params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// credentials
	CreateCredentials(username string) (*model.Credential, error)
	AddCredentials(username, accessKeyID, secretAccessKey string) (*model.Credential, error)
	DeleteCredentials(username, accessKeyID string) error
	GetCredentialsForUser(username, accessKeyID string) (*model.Credential, error)
	GetCredentials(accessKeyID string) (*model.Credential, error)
	ListUserCredentials(username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

	// policy<->user attachments
	AttachPolicyToUser(policyDisplayName, username string) error
	DetachPolicyFromUser(policyDisplayName, username string) error
	ListUserPolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
	ListEffectivePolicies(username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// policy<->group attachments
	AttachPolicyToGroup(policyDisplayName, groupDisplayName string) error
	DetachPolicyFromGroup(policyDisplayName, groupDisplayName string) error
	ListGroupPolicies(groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// authorize user for an action
	Authorize(req *AuthorizationRequest) (*AuthorizationResponse, error)
}

type UserPoliciesSetFn

type UserPoliciesSetFn func() ([]*model.Policy, error)

type UserSetFn

type UserSetFn func() (*model.User, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL