auth

package
v0.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	InstallationIDKeyName = "installation_id"
	SetupTimestampKeyName = "setup_timestamp"
)
View Source 
const AkiaAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" // Amazon AKIA alphabet is weird.

Variables

View Source 
var (
	ErrNotFound                = db.ErrNotFound
	ErrAlreadyExists           = db.ErrAlreadyExists
	ErrInvalidArn              = errors.New("invalid ARN")
	ErrInsufficientPermissions = errors.New("insufficient permissions")
)

Functions

func AddAdminUser 

func AddAdminUser(ctx context.Context, authService Service, user *model.SuperuserConfiguration) (*model.Credential, error)

func ArnMatch 

func ArnMatch(src, dst string) bool

func Base64StringGenerator 

func Base64StringGenerator(bytes int) string

func CreateInitialAdminUser 

func CreateInitialAdminUser(ctx context.Context, authService Service, metadataManger MetadataManager, username string) (*model.Credential, error)

func CreateInitialAdminUserWithKeys 

func CreateInitialAdminUserWithKeys(ctx context.Context, authService Service, metadataManger MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error)

func HexStringGenerator 

func HexStringGenerator(bytes int) string

func KeyGenerator 

func KeyGenerator(length int) string

func ListPaged 

func ListPaged(ctx context.Context, db db.Querier, retType reflect.Type, params *model.PaginationParams, tokenColumnName string, queryBuilder sq.SelectBuilder) (*reflect.Value, *model.Paginator, error)

func SetupAdminUser 

func SetupAdminUser(ctx context.Context, authService Service, superuser *model.SuperuserConfiguration) (*model.Credential, error)

func SetupBaseGroups 

func SetupBaseGroups(ctx context.Context, authService Service, ts time.Time) error

Types

type Arn 

type Arn struct {
	Partition  string
	Service    string
	Region     string
	AccountID  string
	ResourceID string
}

func ParseARN 

func ParseARN(arnString string) (*Arn, error)

type AuthorizationRequest 

type AuthorizationRequest struct {
	Username            string
	RequiredPermissions []permissions.Permission
}

type AuthorizationResponse 

type AuthorizationResponse struct {
	Allowed bool
	Error   error
}

type Cache 

type Cache interface {
	GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
	GetUser(username string, setFn UserSetFn) (*model.User, error)
	GetUserByID(userID int, setFn UserSetFn) (*model.User, error)
	GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
}

type CredentialSetFn 

type CredentialSetFn func() (*model.Credential, error)

type DBAuthService 

type DBAuthService struct {
	// contains filtered or unexported fields
}

func NewDBAuthService 

func NewDBAuthService(db db.Database, secretStore crypt.SecretStore, cacheConf params.ServiceCache) *DBAuthService

func (*DBAuthService) AddCredentials 

func (s *DBAuthService) AddCredentials(ctx context.Context, username, accessKeyID, secretAccessKey string) (*model.Credential, error)

func (*DBAuthService) AddUserToGroup 

func (s *DBAuthService) AddUserToGroup(ctx context.Context, username, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToGroup 

func (s *DBAuthService) AttachPolicyToGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToUser 

func (s *DBAuthService) AttachPolicyToUser(ctx context.Context, policyDisplayName, username string) error

func (*DBAuthService) Authorize 

func (s *DBAuthService) Authorize(ctx context.Context, req *AuthorizationRequest) (*AuthorizationResponse, error)

func (*DBAuthService) CreateCredentials 

func (s *DBAuthService) CreateCredentials(ctx context.Context, username string) (*model.Credential, error)

func (*DBAuthService) CreateGroup 

func (s *DBAuthService) CreateGroup(ctx context.Context, group *model.Group) error

func (*DBAuthService) CreateUser 

func (s *DBAuthService) CreateUser(ctx context.Context, user *model.User) error

func (*DBAuthService) DB 

func (s *DBAuthService) DB() db.Database

func (*DBAuthService) DeleteCredentials 

func (s *DBAuthService) DeleteCredentials(ctx context.Context, username, accessKeyID string) error

func (*DBAuthService) DeleteGroup 

func (s *DBAuthService) DeleteGroup(ctx context.Context, groupDisplayName string) error

func (*DBAuthService) DeletePolicy 

func (s *DBAuthService) DeletePolicy(ctx context.Context, policyDisplayName string) error

func (*DBAuthService) DeleteUser 

func (s *DBAuthService) DeleteUser(ctx context.Context, username string) error

func (*DBAuthService) DetachPolicyFromGroup 

func (s *DBAuthService) DetachPolicyFromGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error

func (*DBAuthService) DetachPolicyFromUser 

func (s *DBAuthService) DetachPolicyFromUser(ctx context.Context, policyDisplayName, username string) error

func (*DBAuthService) GetCredentials 

func (s *DBAuthService) GetCredentials(ctx context.Context, accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetCredentialsForUser 

func (s *DBAuthService) GetCredentialsForUser(ctx context.Context, username, accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetGroup 

func (s *DBAuthService) GetGroup(ctx context.Context, groupDisplayName string) (*model.Group, error)

func (*DBAuthService) GetPolicy 

func (s *DBAuthService) GetPolicy(ctx context.Context, policyDisplayName string) (*model.Policy, error)

func (*DBAuthService) GetUser 

func (s *DBAuthService) GetUser(ctx context.Context, username string) (*model.User, error)

func (*DBAuthService) GetUserByID 

func (s *DBAuthService) GetUserByID(ctx context.Context, userID int) (*model.User, error)

func (*DBAuthService) ListEffectivePolicies 

func (s *DBAuthService) ListEffectivePolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupPolicies 

func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupUsers 

func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) ListGroups 

func (s *DBAuthService) ListGroups(ctx context.Context, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListPolicies 

func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUserCredentials 

func (s *DBAuthService) ListUserCredentials(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

func (*DBAuthService) ListUserGroups 

func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListUserPolicies 

func (s *DBAuthService) ListUserPolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUsers 

func (s *DBAuthService) ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) RemoveUserFromGroup 

func (s *DBAuthService) RemoveUserFromGroup(ctx context.Context, username, groupDisplayName string) error

func (*DBAuthService) SecretStore 

func (s *DBAuthService) SecretStore() crypt.SecretStore

func (*DBAuthService) WritePolicy 

func (s *DBAuthService) WritePolicy(ctx context.Context, policy *model.Policy) error

type DBMetadataManager 

type DBMetadataManager struct {
	// contains filtered or unexported fields
}

func NewDBMetadataManager 

func NewDBMetadataManager(version string, database db.Database) *DBMetadataManager

func (*DBMetadataManager) SetupTimestamp 

func (d *DBMetadataManager) SetupTimestamp(ctx context.Context) (time.Time, error)

func (*DBMetadataManager) UpdateSetupTimestamp 

func (d *DBMetadataManager) UpdateSetupTimestamp(ctx context.Context, ts time.Time) error

func (*DBMetadataManager) Write 

func (d *DBMetadataManager) Write(ctx context.Context) (map[string]string, error)

type DummyCache 

type DummyCache struct {
}

func (*DummyCache) GetCredential 

func (d *DummyCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*DummyCache) GetUser 

func (d *DummyCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserByID 

func (d *DummyCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserPolicies 

func (d *DummyCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type LRUCache 

type LRUCache struct {
	// contains filtered or unexported fields
}

func NewLRUCache 

func NewLRUCache(size int, expiry, jitter time.Duration) *LRUCache

func (*LRUCache) GetCredential 

func (c *LRUCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*LRUCache) GetUser 

func (c *LRUCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserByID 

func (c *LRUCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserPolicies 

func (c *LRUCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type MetadataManager 

type MetadataManager interface {
	SetupTimestamp(context.Context) (time.Time, error)
	UpdateSetupTimestamp(context.Context, time.Time) error
	Write(context.Context) (map[string]string, error)
}

type Service 

type Service interface {
	SecretStore() crypt.SecretStore

	// users
	CreateUser(ctx context.Context, user *model.User) error
	DeleteUser(ctx context.Context, username string) error
	GetUserByID(ctx context.Context, userID int) (*model.User, error)
	GetUser(ctx context.Context, username string) (*model.User, error)
	ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// groups
	CreateGroup(ctx context.Context, group *model.Group) error
	DeleteGroup(ctx context.Context, groupDisplayName string) error
	GetGroup(ctx context.Context, groupDisplayName string) (*model.Group, error)
	ListGroups(ctx context.Context, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

	// group<->user memberships
	AddUserToGroup(ctx context.Context, username, groupDisplayName string) error
	RemoveUserFromGroup(ctx context.Context, username, groupDisplayName string) error
	ListUserGroups(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
	ListGroupUsers(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// policies
	WritePolicy(ctx context.Context, policy *model.Policy) error
	GetPolicy(ctx context.Context, policyDisplayName string) (*model.Policy, error)
	DeletePolicy(ctx context.Context, policyDisplayName string) error
	ListPolicies(ctx context.Context, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// credentials
	CreateCredentials(ctx context.Context, username string) (*model.Credential, error)
	AddCredentials(ctx context.Context, username, accessKeyID, secretAccessKey string) (*model.Credential, error)
	DeleteCredentials(ctx context.Context, username, accessKeyID string) error
	GetCredentialsForUser(ctx context.Context, username, accessKeyID string) (*model.Credential, error)
	GetCredentials(ctx context.Context, accessKeyID string) (*model.Credential, error)
	ListUserCredentials(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

	// policy<->user attachments
	AttachPolicyToUser(ctx context.Context, policyDisplayName, username string) error
	DetachPolicyFromUser(ctx context.Context, policyDisplayName, username string) error
	ListUserPolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
	ListEffectivePolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// policy<->group attachments
	AttachPolicyToGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error
	DetachPolicyFromGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error
	ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// authorize user for an action
	Authorize(ctx context.Context, req *AuthorizationRequest) (*AuthorizationResponse, error)
}

type UserPoliciesSetFn 

type UserPoliciesSetFn func() ([]*model.Policy, error)

type UserSetFn 

type UserSetFn func() (*model.User, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.