Documentation ¶
Index ¶
- Constants
- func IsRoleGreaterEqual(role string, minRole string) bool
- func WriteAclsToTempFile(folder string, acls map[string]AclGroup) (tempFileName string, err error)
- type AclFileStore
- func (aclStore *AclFileStore) Close()
- func (aclStore *AclFileStore) GetGroups(clientID string) []string
- func (aclStore *AclFileStore) GetRole(clientID string, groupIDs []string) string
- func (aclStore *AclFileStore) Open() error
- func (aclStore *AclFileStore) Reload() error
- func (aclStore *AclFileStore) SetRole(clientID string, groupID string, role string) error
- type AclGroup
Constants ¶
const DefaultAclFile = "hub.acl"
DefaultAclFile recommended ACL filename for Hub authentication
Variables ¶
This section is empty.
Functions ¶
func IsRoleGreaterEqual ¶
IsRoleGreaterEqual returns true if a user role has same or greater permissions than the minimum role.
Types ¶
type AclFileStore ¶
type AclFileStore struct { Groups map[string]AclGroup `yaml:"groups"` // store by group ID // contains filtered or unexported fields }
AclFileStore stores ACL list in file. It includes a file watcher to automatically reload on update.
func NewAclFileStore ¶
func NewAclFileStore(filepath string, clientID string) *AclFileStore
NewAclFileStore creates an instance of a file based ACL store
filepath is the location of the store. See also DefaultAclFilename for the recommended name. clientID is for logging which authservice is accessing it
func (*AclFileStore) GetGroups ¶
func (aclStore *AclFileStore) GetGroups(clientID string) []string
GetGroups returns a list of groups a thing or user is a member of
func (*AclFileStore) GetRole ¶
func (aclStore *AclFileStore) GetRole(clientID string, groupIDs []string) string
Get highest role of a user has in a list of group Intended to get client permissions in case of overlapping groups
func (*AclFileStore) Open ¶
func (aclStore *AclFileStore) Open() error
Open the store This reads the acl file and subscribes to file changes. The ACL file MUST exist, even if it is empty.
func (*AclFileStore) Reload ¶
func (aclStore *AclFileStore) Reload() error
Reload the ACL store from file
func (*AclFileStore) SetRole ¶
func (aclStore *AclFileStore) SetRole(clientID string, groupID string, role string) error
Set a user ACL and update the store. This updates the user's role, saves it to a temp file and move the result to the store file. Interruptions will not lead to data corruption as the resulting acl file is only moved after successful write. Note that concurrent writes by different processes is not supported and can lead to one of the writes being ignored.
clientID login name to assign the role groupID group where the role applies role one of GroupRoleViewer, GroupRoleEditor, GroupRoleManager, GroupRoleThing or GroupRoleNone to remove the role