keycloakb

package
v3.22.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2021 License: GPL-3.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// CredsIDNow identifies the condition for IDNow service
	CredsIDNow = configuration.CheckKeyIDNow
	// CredsPhysical identifies the condition for physical identification
	CredsPhysical = configuration.CheckKeyPhysical
)
View Source 
const (
	// KeyCorrelationID is histogram field for correlation ID
	KeyCorrelationID = "correlation_id"
)

Variables

View Source 
var (
	// ComponentName is the name of the component.
	ComponentName = "keycloak-bridge"
	// Version of the component.
	Version = "1.1"
)
View Source 
var (
	ErrCantUnmarshalPendingCheck = errors.New("can't unmarshal pending check value")
)

Exportable values

Functions

func AddPendingCheck 

func AddPendingCheck(value *string, nature string) (*string, error)

AddPendingCheck adds a pending check

func CheckRemovableMFA 

func CheckRemovableMFA(ctx context.Context, credentialID string, lastMFARemovable bool, getCredentials func() ([]kc.CredentialRepresentation, error), logger Logger) error

CheckRemovableMFA checks if a given credential is removable (owned by user and not the password credential)

func ConvertLegacyAttribute 

func ConvertLegacyAttribute(user *kc.UserRepresentation)

ConvertLegacyAttribute ensure that PII are located in the well named attributes

func ConvertMinutesShift 

func ConvertMinutesShift(value string) (int, error)

ConvertMinutesShift converts a string describing a timezone shift to a numeric value

func GenerateInitialCode 

func GenerateInitialCode(nbUpperCase int, nbDigits int, nbLowerCase int) string

GenerateInitialCode generates a code of the format UpperCase + digits + LowerCase

func GeneratePassword 

func GeneratePassword(policy *string, minLength int, userID string) (string, error)

GeneratePassword generates a password accoring to the policy or minimum length imposed

func GeneratePasswordFromKeycloakPolicy 

func GeneratePasswordFromKeycloakPolicy(policy string) (string, error)

GeneratePasswordFromKeycloakPolicy generates a random password respecting the keycloak password policy

func GeneratePasswordNoKeycloakPolicy 

func GeneratePasswordNoKeycloakPolicy(minLength int) string

GeneratePasswordNoKeycloakPolicy generates a password of a given length

func GetPendingChecks 

func GetPendingChecks(value *string) *[]string

GetPendingChecks get pending checks

func IsDateInThePast 

func IsDateInThePast(value *string) *bool

IsDateInThePast tells if a date is in the past or not

func IsUpdated 

func IsUpdated(values ...*string) bool

IsUpdated checks if there are changes in provided values. These values are provided by pair: first one is the new value (or nil if no update is expected) and the second one is the former value

func LimitRate 

func LimitRate(e cs.Endpoint, limit int) endpoint.Endpoint

LimitRate adds a rate limit to an endpoint

func LogUnrecordedEvent 

func LogUnrecordedEvent(ctx context.Context, logger Logger, eventName string, errorMessage string, values ...string)

LogUnrecordedEvent logs the events that could not be reported in the DB

func MakeConfigurationDBModuleInstrumentingMW 

func MakeConfigurationDBModuleInstrumentingMW(h cm.Histogram) func(ConfigurationDBModule) ConfigurationDBModule

MakeConfigurationDBModuleInstrumentingMW makes an instrumenting middleware at module level.

func NewKeycloakAuthClient 

func NewKeycloakAuthClient(client KeycloakClient, logger Logger) security.KeycloakClient

NewKeycloakAuthClient creates an adaptor for Authorization management to access Keycloak

func NewRealmIDRetriever 

func NewRealmIDRetriever(kcClient KeycloakClient) middleware.IDRetriever

NewRealmIDRetriever is a tool use to convert a realm name in a realm ID

func NextDay 

func NextDay(ref time.Time) time.Time

NextDay returns a time.Time value of the provided time rounded to the next month of the associated locale

func NextHour 

func NextHour(ref time.Time) time.Time

NextHour returns a time.Time value of the provided time rounded to the next hour of the associated locale

func NextMonth 

func NextMonth(ref time.Time) time.Time

NextMonth returns a time.Time value of the provided time rounded to the next month of the associated locale

func RemovePendingCheck 

func RemovePendingCheck(value *string, nature string) (*string, error)

RemovePendingCheck removes a pending check

func RevokeAccreditations 

func RevokeAccreditations(kcUser *kc.UserRepresentation)

RevokeAccreditations revokes active accreditations of the given user

func ThisMonth 

func ThisMonth(ref time.Time) time.Time

ThisMonth returns a time.Time value of the provided time rounded to the beginning of the current month of the associated locale

func ToGoKitEndpoint 

func ToGoKitEndpoint(e cs.Endpoint) endpoint.Endpoint

ToGoKitEndpoint converts endpoints

Types

type AccreditationRepresentation 

type AccreditationRepresentation struct {
	Type       *string `json:"type,omitempty"`
	ExpiryDate *string `json:"expiryDate,omitempty"`
	Revoked    *bool   `json:"revoked,omitempty"`
}

AccreditationRepresentation is a representation of accreditations

type AccreditationsModule 

type AccreditationsModule interface {
	GetUserAndPrepareAccreditations(ctx context.Context, accessToken, realmName, userID, condition string) (kc.UserRepresentation, int, error)
}

AccreditationsModule interface

func NewAccreditationsModule 

func NewAccreditationsModule(keycloakClient AccredsKeycloakClient, confDBModule AdminConfigurationDBModule, logger Logger) AccreditationsModule

NewAccreditationsModule creates an accreditations module

type AccredsKeycloakClient 

type AccredsKeycloakClient interface {
	UpdateUser(accessToken string, realmName, userID string, user kc.UserRepresentation) error
	GetUser(accessToken string, realmName, userID string) (kc.UserRepresentation, error)
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
}

AccredsKeycloakClient is the minimum Keycloak client interface for accreditations

type AdminConfigurationDBModule 

type AdminConfigurationDBModule interface {
	GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error)
}

AdminConfigurationDBModule interface

type ArchiveDBModule 

type ArchiveDBModule interface {
	StoreUserDetails(ctx context.Context, realm string, user dto.ArchiveUserRepresentation) error
}

ArchiveDBModule interface

func NewArchiveDBModule 

func NewArchiveDBModule(db sqltypes.CloudtrustDB, cipher security.EncrypterDecrypter, logger log.Logger) ArchiveDBModule

NewArchiveDBModule returns an archive DB module.

type ConfigurationDBModule 

type ConfigurationDBModule interface {
	NewTransaction(context context.Context) (sqltypes.Transaction, error)
	GetConfigurations(context.Context, string) (configuration.RealmConfiguration, configuration.RealmAdminConfiguration, error)
	StoreOrUpdateConfiguration(context.Context, string, configuration.RealmConfiguration) error
	GetConfiguration(context.Context, string) (configuration.RealmConfiguration, error)
	StoreOrUpdateAdminConfiguration(context.Context, string, configuration.RealmAdminConfiguration) error
	GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error)
	GetBackOfficeConfiguration(context.Context, string, []string) (dto.BackOfficeConfiguration, error)
	DeleteBackOfficeConfiguration(context.Context, string, string, string, *string, *string) error
	InsertBackOfficeConfiguration(context.Context, string, string, string, string, []string) error
	GetAuthorizations(context context.Context, realmID string, groupName string) ([]configuration.Authorization, error)
	CreateAuthorization(context context.Context, authz configuration.Authorization) error
	DeleteAuthorizations(context context.Context, realmID string, groupName string) error
	DeleteAllAuthorizationsWithGroup(context context.Context, realmName, groupName string) error
}

ConfigurationDBModule is the interface of the configuration module.

func NewConfigurationDBModule 

func NewConfigurationDBModule(db sqltypes.CloudtrustDB, logger log.Logger, actions ...[]string) ConfigurationDBModule

NewConfigurationDBModule returns a ConfigurationDB module.

type EventsDBModule 

type EventsDBModule interface {
	GetEventsCount(context.Context, map[string]string) (int, error)
	GetEvents(context.Context, map[string]string) ([]api.AuditRepresentation, error)
	GetEventsSummary(context.Context) (api.EventSummaryRepresentation, error)
	GetLastConnection(context.Context, string) (int64, error)
	GetTotalConnectionsCount(context.Context, string, string) (int64, error)
	GetTotalConnectionsHoursCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetTotalConnectionsDaysCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetTotalConnectionsMonthsCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetLastConnections(context.Context, string, string) ([]api_stat.StatisticsConnectionRepresentation, error)
}

EventsDBModule is the interface of the audit events module.

func NewEventsDBModule 

func NewEventsDBModule(db sqltypes.CloudtrustDB) EventsDBModule

NewEventsDBModule returns an events database module.

type KeycloakClient 

type KeycloakClient interface {
	GetGroupsOfUser(accessToken string, realmName, userID string) ([]kc.GroupRepresentation, error)
	GetGroup(accessToken string, realmName, groupID string) (kc.GroupRepresentation, error)
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
}

KeycloakClient are methods from keycloak-client used by authorization manager

type KeycloakForTechnicalClient 

type KeycloakForTechnicalClient interface {
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
	LogoutAllSessions(accessToken string, realmName, userID string) error
}

KeycloakForTechnicalClient interface

type KeycloakTechnicalClient 

type KeycloakTechnicalClient interface {
	GetRealm(ctx context.Context, realmName string) (kc.RealmRepresentation, error)
	LogoutAllSessions(ctx context.Context, realmName, userID string) error
}

KeycloakTechnicalClient are methods from keycloak-client called by a technical account

func NewKeycloakTechnicalClient 

func NewKeycloakTechnicalClient(tokenProvider toolbox.OidcTokenProvider, kcClient KeycloakForTechnicalClient, logger Logger) KeycloakTechnicalClient

NewKeycloakTechnicalClient creates a Keycloak client associated to a technical user

type KeycloakURIProvider 

type KeycloakURIProvider interface {
	GetBaseURI(realm string) string
}

KeycloakURIProvider interface

type Logger 

type Logger interface {
	Debug(ctx context.Context, keyvals ...interface{})
	Info(ctx context.Context, keyvals ...interface{})
	Warn(ctx context.Context, keyvals ...interface{})
	Error(ctx context.Context, keyvals ...interface{})
}

Logger interface for logging with level

type OnboardingKeycloakClient 

type OnboardingKeycloakClient interface {
	CreateUser(accessToken string, realmName string, targetRealmName string, user kc.UserRepresentation) (string, error)
	ExecuteActionsEmail(accessToken string, reqRealmName string, targetRealmName string, userID string, actions []string, paramKV ...string) error
}

OnboardingKeycloakClient interface

type OnboardingModule 

type OnboardingModule interface {
	OnboardingAlreadyCompleted(kc.UserRepresentation) (bool, error)
	SendOnboardingEmail(ctx context.Context, accessToken string, realmName string, userID string, username string,
		onboardingClientID string, onboardingRedirectURI string, themeRealmName string, reminder bool, lifespan *int) error
	CreateUser(ctx context.Context, accessToken, realmName, targetRealmName string, kcUser *kc.UserRepresentation) (string, error)
}

OnboardingModule interface

func NewOnboardingModule 

func NewOnboardingModule(keycloakClient OnboardingKeycloakClient, keycloakURIProvider KeycloakURIProvider, logger log.Logger) OnboardingModule

NewOnboardingModule creates an onboarding module

type PendingChecks 

type PendingChecks interface {
	AddPendingCheck(nature string)
	RemovePendingCheck(nature string)
	ToAttribute() *string
	ToCheckNames() *[]string
}

PendingChecks interface

func NewPendingChecks 

func NewPendingChecks(value *string) (PendingChecks, error)

NewPendingChecks creates a PendingChecks value

type Scanner 

type Scanner interface {
	Scan(...interface{}) error
}

Scanner used to get data from SQL cursors

type UsersDetailsDBModule 

type UsersDetailsDBModule interface {
	StoreOrUpdateUserDetails(ctx context.Context, realm string, user dto.DBUser) error
	GetUserDetails(ctx context.Context, realm string, userID string) (dto.DBUser, error)
	DeleteUserDetails(ctx context.Context, realm string, userID string) error
	CreateCheck(ctx context.Context, realm string, userID string, check dto.DBCheck) error
	GetChecks(ctx context.Context, realm string, userID string) ([]dto.DBCheck, error)
}

UsersDetailsDBModule interface

func NewUsersDetailsDBModule 

func NewUsersDetailsDBModule(db sqltypes.CloudtrustDB, cipher security.EncrypterDecrypter, logger log.Logger) UsersDetailsDBModule

NewUsersDetailsDBModule returns a UsersDB module.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.