auth

package

v0.0.0-...-f0e7813 Latest Latest Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/verifa/horizon

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Auth
- func Start(ctx context.Context, conn *nats.Conn, opts ...Option) (*Auth, error)
- func (a *Auth) Check(ctx context.Context, req CheckRequest) (bool, error)
- func (a *Auth) Close() error
- func (a *Auth) List(ctx context.Context, req ListRequest) error
- func (a *Auth) Start(ctx context.Context, opts ...Option) error
type CheckRequest
type Group
type ListRequest
type Option
- func WithAdminGroups(groups ...string) Option
type Permissions
type RBAC
- func (r *RBAC) Check(ctx context.Context, req RBACRequest) bool
- func (r *RBAC) Close() error
- func (r *RBAC) HandleRoleBindingEvent(event hz.Event) (hz.Result, error)
- func (r *RBAC) HandleRoleEvent(event hz.Event) (hz.Result, error)
- func (r *RBAC) Start(ctx context.Context) error
type RBACRequest
type Role
- func (Role) ObjectGroup() string
- func (Role) ObjectKind() string
- func (Role) ObjectVersion() string
type RoleBinding
- func (RoleBinding) ObjectGroup() string
- func (RoleBinding) ObjectKind() string
- func (RoleBinding) ObjectVersion() string
type RoleBindingSpec
type RoleRef
type RoleSpec
type Sessions
- func (s *Sessions) Delete(ctx context.Context, session string) error
- func (s *Sessions) Get(ctx context.Context, session string) (UserInfo, error)
- func (s *Sessions) New(ctx context.Context, user UserInfo) (string, error)
- func (s *Sessions) Start(ctx context.Context) error
type Subject
type UserInfo
type Verb
type VerbFilter
type Verbs

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAuthenticationMissing = &hz.Error{
		Status:  http.StatusBadRequest,
		Message: "missing authentication header",
	}
	ErrInvalidCredentials = &hz.Error{
		Status:  http.StatusUnauthorized,
		Message: "invalid credentials",
	}
	ErrForbidden = &hz.Error{
		Status:  http.StatusForbidden,
		Message: "forbidden",
	}
)

Functions ¶

This section is empty.

Types ¶

type Auth ¶

type Auth struct {
	Conn *nats.Conn

	Sessions *Sessions
	RBAC     *RBAC
	// contains filtered or unexported fields
}

func Start ¶

func Start(
	ctx context.Context,
	conn *nats.Conn,
	opts ...Option,
) (*Auth, error)

func (*Auth) Check ¶

func (a *Auth) Check(
	ctx context.Context,
	req CheckRequest,
) (bool, error)

func (*Auth) Close ¶

func (a *Auth) Close() error

func (*Auth) List ¶

func (a *Auth) List(
	ctx context.Context,
	req ListRequest,
) error

func (*Auth) Start ¶

func (a *Auth) Start(
	ctx context.Context,
	opts ...Option,
) error

type CheckRequest ¶

type CheckRequest struct {
	Session string
	Verb    Verb
	Object  hz.ObjectKeyer
}

type Group ¶

type Group struct {
	Name       string
	Namespaces map[string]*Permissions
}

type ListRequest ¶

type ListRequest struct {
	Session    string
	ObjectList *hz.ObjectList
}

Verb is implied (read).

type Option ¶

type Option func(*authorizerOptions)

func WithAdminGroups ¶

func WithAdminGroups(groups ...string) Option

type Permissions ¶

type Permissions struct {
	Allow []Verbs `json:"allow"`
	Deny  []Verbs `json:"deny"`
}

type RBAC ¶

type RBAC struct {
	Conn *nats.Conn
	// TODO: RoleBindings and Roles maps are not thread safe.
	// E.g. HandleRoleEvent and refresh both write and read from Roles.
	RoleBindings map[string]RoleBinding `json:"roleBindings,omitempty"`
	Roles        map[string]Role        `json:"roles,omitempty"`

	Permissions map[string]*Group `json:"permissions,omitempty"`

	AdminGroups []string `json:"adminGroups,omitempty"`
	// contains filtered or unexported fields
}

func (*RBAC) Check ¶

func (r *RBAC) Check(ctx context.Context, req RBACRequest) bool

func (*RBAC) Close ¶

func (r *RBAC) Close() error

func (*RBAC) HandleRoleBindingEvent ¶

func (r *RBAC) HandleRoleBindingEvent(event hz.Event) (hz.Result, error)

func (*RBAC) HandleRoleEvent ¶

func (r *RBAC) HandleRoleEvent(event hz.Event) (hz.Result, error)

func (*RBAC) Start ¶

func (r *RBAC) Start(ctx context.Context) error

type RBACRequest ¶

type RBACRequest struct {
	Groups []string
	Verb   Verb
	Object hz.ObjectKeyer
}

type Role ¶

type Role struct {
	hz.ObjectMeta `json:"metadata,omitempty"`

	Spec RoleSpec `json:"spec,omitempty" cue:""`
}

func (Role) ObjectGroup ¶

func (Role) ObjectGroup() string

func (Role) ObjectKind ¶

func (Role) ObjectKind() string

func (Role) ObjectVersion ¶

func (Role) ObjectVersion() string

type RoleBinding ¶

type RoleBinding struct {
	hz.ObjectMeta `json:"metadata,omitempty"`

	Spec RoleBindingSpec `json:"spec,omitempty" cue:""`
}

func (RoleBinding) ObjectGroup ¶

func (RoleBinding) ObjectGroup() string

func (RoleBinding) ObjectKind ¶

func (RoleBinding) ObjectKind() string

func (RoleBinding) ObjectVersion ¶

func (RoleBinding) ObjectVersion() string

type RoleBindingSpec ¶

type RoleBindingSpec struct {
	// RoleRef is the reference to the Role which the RoleBinding will bind.
	RoleRef RoleRef `json:"roleRef" cue:""`
	// Subjects is the list of subjects that should have this Role.
	Subjects []Subject `json:"subjects" cue:""`
}

type RoleRef ¶

type RoleRef struct {
	// Group is the api group of the Role being referenced.
	Group string `json:"group" cue:""`
	// Kind is the type of the Role being referenced.
	Kind string `json:"kind" cue:""`
	// Name is the name of the Role to which this RoleBinding refers.
	Name string `json:"name" cue:""`
}

type RoleSpec ¶

type RoleSpec struct {
	Allow []Verbs `json:"allow,omitempty"`
	Deny  []Verbs `json:"deny,omitempty"`
}

type Sessions ¶

type Sessions struct {
	Conn *nats.Conn
	// contains filtered or unexported fields
}

func (*Sessions) Delete ¶

func (s *Sessions) Delete(ctx context.Context, session string) error

func (*Sessions) Get ¶

func (s *Sessions) Get(ctx context.Context, session string) (UserInfo, error)

func (*Sessions) New ¶

func (s *Sessions) New(ctx context.Context, user UserInfo) (string, error)

func (*Sessions) Start ¶

func (s *Sessions) Start(ctx context.Context) error

type Subject ¶

type Subject struct {
	// Kind is the type of the subject.
	Kind string `json:"kind" cue:""`
	// Name is the name of the subject.
	Name string `json:"name" cue:""`
}

type UserInfo ¶

type UserInfo struct {
	Sub     string   `json:"sub"`
	Iss     string   `json:"iss"`
	Name    string   `json:"name"`
	Email   string   `json:"email"`
	Groups  []string `json:"groups"`
	Picture string   `json:"picture"`
}

type Verb ¶

type Verb string

const (
	// VerbRead is the lowest level of allow access.
	// VerbRead is the highest level of deny access.
	// If you are denied read access, you are denied all levels of access.
	VerbRead Verb = "read"
	// VerbUpdate allows a user to update objects.
	// It implies VerbRead.
	VerbUpdate Verb = "update"
	// VerbCreate allows a user to create objects.
	// It implies VerbRead.
	VerbCreate Verb = "create"
	// VerbDelete allows a user to delete objects.
	// It implies VerbRead.
	VerbDelete Verb = "delete"
	// VerbRun allows a user to run actions for an actor.
	VerbRun Verb = "run"
)

type VerbFilter ¶

type VerbFilter struct {
	Name  *string `json:"name,omitempty" cue:""`
	Kind  *string `json:"kind,omitempty" cue:""`
	Group *string `json:"group,omitempty" cue:""`
}

type Verbs ¶

type Verbs struct {
	Read   *VerbFilter `json:"read,omitempty"`
	Update *VerbFilter `json:"update,omitempty"`
	Create *VerbFilter `json:"create,omitempty"`
	Delete *VerbFilter `json:"delete,omitempty"`
	Run    *VerbFilter `json:"run,omitempty"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL