auth

package
v0.47.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 28, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	InstallationIDKeyName = "installation_id"
	SetupTimestampKeyName = "setup_timestamp"
)
View Source
const AkiaAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567" // Amazon AKIA alphabet is weird.

Variables

View Source
var (
	ErrNotFound                = db.ErrNotFound
	ErrAlreadyExists           = db.ErrAlreadyExists
	ErrInvalidArn              = errors.New("invalid ARN")
	ErrInsufficientPermissions = errors.New("insufficient permissions")
	ErrNoField                 = errors.New("no field tagged in struct")
)

Functions

func AddAdminUser

func AddAdminUser(ctx context.Context, authService Service, user *model.SuperuserConfiguration) (*model.Credential, error)

func ArnMatch

func ArnMatch(src, dst string) bool

func Base64StringGenerator

func Base64StringGenerator(bytes int) string

func CreateInitialAdminUser

func CreateInitialAdminUser(ctx context.Context, authService Service, metadataManger MetadataManager, username string) (*model.Credential, error)

func CreateInitialAdminUserWithKeys

func CreateInitialAdminUserWithKeys(ctx context.Context, authService Service, metadataManger MetadataManager, username string, accessKeyID *string, secretAccessKey *string) (*model.Credential, error)

func HexStringGenerator

func HexStringGenerator(bytes int) string

func KeyGenerator

func KeyGenerator(length int) string

func ListPaged

func ListPaged(ctx context.Context, db db.Querier, retType reflect.Type, params *model.PaginationParams, tokenColumnName string, queryBuilder sq.SelectBuilder) (*reflect.Value, *model.Paginator, error)

func SetupAdminUser

func SetupAdminUser(ctx context.Context, authService Service, superuser *model.SuperuserConfiguration) (*model.Credential, error)

func SetupBaseGroups

func SetupBaseGroups(ctx context.Context, authService Service, ts time.Time) error

Types

type Arn

type Arn struct {
	Partition  string
	Service    string
	Region     string
	AccountID  string
	ResourceID string
}

func ParseARN

func ParseARN(arnString string) (*Arn, error)

type AuthorizationRequest

type AuthorizationRequest struct {
	Username            string
	RequiredPermissions []permissions.Permission
}

type AuthorizationResponse

type AuthorizationResponse struct {
	Allowed bool
	Error   error
}

type Cache

type Cache interface {
	GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)
	GetUser(username string, setFn UserSetFn) (*model.User, error)
	GetUserByID(userID int, setFn UserSetFn) (*model.User, error)
	GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)
}

type CredentialSetFn

type CredentialSetFn func() (*model.Credential, error)

type DBAuthService

type DBAuthService struct {
	// contains filtered or unexported fields
}

func NewDBAuthService

func NewDBAuthService(db db.Database, secretStore crypt.SecretStore, cacheConf params.ServiceCache) *DBAuthService

func (*DBAuthService) AddCredentials

func (s *DBAuthService) AddCredentials(ctx context.Context, username, accessKeyID, secretAccessKey string) (*model.Credential, error)

func (*DBAuthService) AddUserToGroup

func (s *DBAuthService) AddUserToGroup(ctx context.Context, username, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToGroup

func (s *DBAuthService) AttachPolicyToGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error

func (*DBAuthService) AttachPolicyToUser

func (s *DBAuthService) AttachPolicyToUser(ctx context.Context, policyDisplayName, username string) error

func (*DBAuthService) Authorize

func (*DBAuthService) CreateCredentials

func (s *DBAuthService) CreateCredentials(ctx context.Context, username string) (*model.Credential, error)

func (*DBAuthService) CreateGroup

func (s *DBAuthService) CreateGroup(ctx context.Context, group *model.Group) error

func (*DBAuthService) CreateUser

func (s *DBAuthService) CreateUser(ctx context.Context, user *model.User) error

func (*DBAuthService) DB

func (s *DBAuthService) DB() db.Database

func (*DBAuthService) DeleteCredentials

func (s *DBAuthService) DeleteCredentials(ctx context.Context, username, accessKeyID string) error

func (*DBAuthService) DeleteGroup

func (s *DBAuthService) DeleteGroup(ctx context.Context, groupDisplayName string) error

func (*DBAuthService) DeletePolicy

func (s *DBAuthService) DeletePolicy(ctx context.Context, policyDisplayName string) error

func (*DBAuthService) DeleteUser

func (s *DBAuthService) DeleteUser(ctx context.Context, username string) error

func (*DBAuthService) DetachPolicyFromGroup

func (s *DBAuthService) DetachPolicyFromGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error

func (*DBAuthService) DetachPolicyFromUser

func (s *DBAuthService) DetachPolicyFromUser(ctx context.Context, policyDisplayName, username string) error

func (*DBAuthService) GetCredentials

func (s *DBAuthService) GetCredentials(ctx context.Context, accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetCredentialsForUser

func (s *DBAuthService) GetCredentialsForUser(ctx context.Context, username, accessKeyID string) (*model.Credential, error)

func (*DBAuthService) GetGroup

func (s *DBAuthService) GetGroup(ctx context.Context, groupDisplayName string) (*model.Group, error)

func (*DBAuthService) GetPolicy

func (s *DBAuthService) GetPolicy(ctx context.Context, policyDisplayName string) (*model.Policy, error)

func (*DBAuthService) GetUser

func (s *DBAuthService) GetUser(ctx context.Context, username string) (*model.User, error)

func (*DBAuthService) GetUserByID

func (s *DBAuthService) GetUserByID(ctx context.Context, userID int) (*model.User, error)

func (*DBAuthService) ListEffectivePolicies

func (s *DBAuthService) ListEffectivePolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupPolicies

func (s *DBAuthService) ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListGroupUsers

func (s *DBAuthService) ListGroupUsers(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) ListGroups

func (s *DBAuthService) ListGroups(ctx context.Context, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListPolicies

func (s *DBAuthService) ListPolicies(ctx context.Context, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUserCredentials

func (s *DBAuthService) ListUserCredentials(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

func (*DBAuthService) ListUserGroups

func (s *DBAuthService) ListUserGroups(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

func (*DBAuthService) ListUserPolicies

func (s *DBAuthService) ListUserPolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

func (*DBAuthService) ListUsers

func (s *DBAuthService) ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

func (*DBAuthService) RemoveUserFromGroup

func (s *DBAuthService) RemoveUserFromGroup(ctx context.Context, username, groupDisplayName string) error

func (*DBAuthService) SecretStore

func (s *DBAuthService) SecretStore() crypt.SecretStore

func (*DBAuthService) WritePolicy

func (s *DBAuthService) WritePolicy(ctx context.Context, policy *model.Policy) error

type DBMetadataManager

type DBMetadataManager struct {
	// contains filtered or unexported fields
}

func NewDBMetadataManager

func NewDBMetadataManager(version string, fixedInstallationID string, database db.Database) *DBMetadataManager

func (*DBMetadataManager) IsInitialized added in v0.43.0

func (d *DBMetadataManager) IsInitialized(ctx context.Context) (bool, error)

func (*DBMetadataManager) UpdateSetupTimestamp

func (d *DBMetadataManager) UpdateSetupTimestamp(ctx context.Context, ts time.Time) error

func (*DBMetadataManager) Write

func (d *DBMetadataManager) Write(ctx context.Context) (map[string]string, error)

type DummyCache

type DummyCache struct {
}

func (*DummyCache) GetCredential

func (d *DummyCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*DummyCache) GetUser

func (d *DummyCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserByID

func (d *DummyCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*DummyCache) GetUserPolicies

func (d *DummyCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type LRUCache

type LRUCache struct {
	// contains filtered or unexported fields
}

func NewLRUCache

func NewLRUCache(size int, expiry, jitter time.Duration) *LRUCache

func (*LRUCache) GetCredential

func (c *LRUCache) GetCredential(accessKeyID string, setFn CredentialSetFn) (*model.Credential, error)

func (*LRUCache) GetUser

func (c *LRUCache) GetUser(username string, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserByID

func (c *LRUCache) GetUserByID(userID int, setFn UserSetFn) (*model.User, error)

func (*LRUCache) GetUserPolicies

func (c *LRUCache) GetUserPolicies(userID string, setFn UserPoliciesSetFn) ([]*model.Policy, error)

type MetadataManager

type MetadataManager interface {
	IsInitialized(ctx context.Context) (bool, error)
	UpdateSetupTimestamp(context.Context, time.Time) error
	Write(context.Context) (map[string]string, error)
}

type Service

type Service interface {
	SecretStore() crypt.SecretStore

	// users
	CreateUser(ctx context.Context, user *model.User) error
	DeleteUser(ctx context.Context, username string) error
	GetUserByID(ctx context.Context, userID int) (*model.User, error)
	GetUser(ctx context.Context, username string) (*model.User, error)
	ListUsers(ctx context.Context, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// groups
	CreateGroup(ctx context.Context, group *model.Group) error
	DeleteGroup(ctx context.Context, groupDisplayName string) error
	GetGroup(ctx context.Context, groupDisplayName string) (*model.Group, error)
	ListGroups(ctx context.Context, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)

	// group<->user memberships
	AddUserToGroup(ctx context.Context, username, groupDisplayName string) error
	RemoveUserFromGroup(ctx context.Context, username, groupDisplayName string) error
	ListUserGroups(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Group, *model.Paginator, error)
	ListGroupUsers(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.User, *model.Paginator, error)

	// policies
	WritePolicy(ctx context.Context, policy *model.Policy) error
	GetPolicy(ctx context.Context, policyDisplayName string) (*model.Policy, error)
	DeletePolicy(ctx context.Context, policyDisplayName string) error
	ListPolicies(ctx context.Context, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// credentials
	CreateCredentials(ctx context.Context, username string) (*model.Credential, error)
	AddCredentials(ctx context.Context, username, accessKeyID, secretAccessKey string) (*model.Credential, error)
	DeleteCredentials(ctx context.Context, username, accessKeyID string) error
	GetCredentialsForUser(ctx context.Context, username, accessKeyID string) (*model.Credential, error)
	GetCredentials(ctx context.Context, accessKeyID string) (*model.Credential, error)
	ListUserCredentials(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Credential, *model.Paginator, error)

	// policy<->user attachments
	AttachPolicyToUser(ctx context.Context, policyDisplayName, username string) error
	DetachPolicyFromUser(ctx context.Context, policyDisplayName, username string) error
	ListUserPolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)
	ListEffectivePolicies(ctx context.Context, username string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// policy<->group attachments
	AttachPolicyToGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error
	DetachPolicyFromGroup(ctx context.Context, policyDisplayName, groupDisplayName string) error
	ListGroupPolicies(ctx context.Context, groupDisplayName string, params *model.PaginationParams) ([]*model.Policy, *model.Paginator, error)

	// authorize user for an action
	Authorize(ctx context.Context, req *AuthorizationRequest) (*AuthorizationResponse, error)
}

type UserPoliciesSetFn

type UserPoliciesSetFn func() ([]*model.Policy, error)

type UserSetFn

type UserSetFn func() (*model.User, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL