Documentation ¶
Index ¶
- Constants
- Variables
- func ConvertLegacyAttribute(user *keycloak.UserRepresentation)
- func ConvertMinutesShift(value string) (int, error)
- func GenerateInitialCode(nbUpperCase int, nbDigits int, nbLowerCase int) string
- func GeneratePassword(policy *string, minLength int, userID string) (string, error)
- func GeneratePasswordFromKeycloakPolicy(policy string) (string, error)
- func GeneratePasswordNoKeycloakPolicy(minLength int) string
- func IsDateInThePast(value *string) *bool
- func IsUpdated(values ...*string) bool
- func LimitRate(e cs.Endpoint, limit int) endpoint.Endpoint
- func LogUnrecordedEvent(ctx context.Context, logger Logger, eventName string, errorMessage string, ...)
- func MakeConfigurationDBModuleInstrumentingMW(h cm.Histogram) func(ConfigurationDBModule) ConfigurationDBModule
- func NewKeycloakAuthClient(client KeycloakClient, logger Logger) security.KeycloakClient
- func NewRealmIDRetriever(kcClient KeycloakClient) middleware.IDRetriever
- func NextDay(ref time.Time) time.Time
- func NextHour(ref time.Time) time.Time
- func NextMonth(ref time.Time) time.Time
- func RevokeAccreditations(kcUser *kc.UserRepresentation)
- func ThisMonth(ref time.Time) time.Time
- func ToGoKitEndpoint(e cs.Endpoint) endpoint.Endpoint
- type AccreditationRepresentation
- type AccreditationsModule
- type AccredsKeycloakClient
- type AdminConfigurationDBModule
- type ConfigurationDBModule
- type EventsDBModule
- type KeycloakClient
- type Logger
- type Scanner
- type UsersDetailsDBModule
Constants ¶
const ( // CredsIDNow identifies the condition for IDNow service CredsIDNow = configuration.CheckKeyIDNow // CredsPhysical identifies the condition for physical identification CredsPhysical = configuration.CheckKeyPhysical )
const (
// KeyCorrelationID is histogram field for correlation ID
KeyCorrelationID = "correlation_id"
)
Variables ¶
var ( // ComponentName is the name of the component. ComponentName = "keycloak-bridge" // Version of the component. Version = "1.1" )
Functions ¶
func ConvertLegacyAttribute ¶
func ConvertLegacyAttribute(user *keycloak.UserRepresentation)
ConvertLegacyAttribute ensure that PII are located in the well named attributes
func ConvertMinutesShift ¶
ConvertMinutesShift converts a string describing a timezone shift to a numeric value
func GenerateInitialCode ¶
GenerateInitialCode generates a code of the format UpperCase + digits + LowerCase
func GeneratePassword ¶
GeneratePassword generates a password accoring to the policy or minimum length imposed
func GeneratePasswordFromKeycloakPolicy ¶
GeneratePasswordFromKeycloakPolicy generates a random password respecting the keycloak password policy
func GeneratePasswordNoKeycloakPolicy ¶
GeneratePasswordNoKeycloakPolicy generates a password of a given length
func IsDateInThePast ¶
IsDateInThePast tells if a date is in the past or not
func IsUpdated ¶
IsUpdated checks if there are changes in provided values. These values are provided by pair: first one is the new value (or nil if no update is expected) and the second one is the former value
func LogUnrecordedEvent ¶
func LogUnrecordedEvent(ctx context.Context, logger Logger, eventName string, errorMessage string, values ...string)
LogUnrecordedEvent logs the events that could not be reported in the DB
func MakeConfigurationDBModuleInstrumentingMW ¶
func MakeConfigurationDBModuleInstrumentingMW(h cm.Histogram) func(ConfigurationDBModule) ConfigurationDBModule
MakeConfigurationDBModuleInstrumentingMW makes an instrumenting middleware at module level.
func NewKeycloakAuthClient ¶
func NewKeycloakAuthClient(client KeycloakClient, logger Logger) security.KeycloakClient
NewKeycloakAuthClient creates an adaptor for Authorization management to access Keycloak
func NewRealmIDRetriever ¶
func NewRealmIDRetriever(kcClient KeycloakClient) middleware.IDRetriever
NewRealmIDRetriever is a tool use to convert a realm name in a realm ID
func NextDay ¶
NextDay returns a time.Time value of the provided time rounded to the next month of the associated locale
func NextHour ¶
NextHour returns a time.Time value of the provided time rounded to the next hour of the associated locale
func NextMonth ¶
NextMonth returns a time.Time value of the provided time rounded to the next month of the associated locale
func RevokeAccreditations ¶
func RevokeAccreditations(kcUser *kc.UserRepresentation)
RevokeAccreditations revokes active accreditations of the given user
Types ¶
type AccreditationRepresentation ¶
type AccreditationRepresentation struct { Type *string `json:"type,omitempty"` ExpiryDate *string `json:"expiryDate,omitempty"` Revoked *bool `json:"revoked,omitempty"` }
AccreditationRepresentation is a representation of accreditations
type AccreditationsModule ¶
type AccreditationsModule interface {
GetUserAndPrepareAccreditations(ctx context.Context, accessToken, realmName, userID, condition string) (kc.UserRepresentation, int, error)
}
AccreditationsModule interface
func NewAccreditationsModule ¶
func NewAccreditationsModule(keycloakClient AccredsKeycloakClient, confDBModule AdminConfigurationDBModule, logger Logger) AccreditationsModule
NewAccreditationsModule creates an accreditations module
type AccredsKeycloakClient ¶
type AccredsKeycloakClient interface { UpdateUser(accessToken string, realmName, userID string, user kc.UserRepresentation) error GetUser(accessToken string, realmName, userID string) (kc.UserRepresentation, error) GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error) }
AccredsKeycloakClient is the minimum Keycloak client interface for accreditations
type AdminConfigurationDBModule ¶
type AdminConfigurationDBModule interface {
GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error)
}
AdminConfigurationDBModule interface
type ConfigurationDBModule ¶
type ConfigurationDBModule interface { NewTransaction(context context.Context) (sqltypes.Transaction, error) StoreOrUpdateConfiguration(context.Context, string, configuration.RealmConfiguration) error GetConfiguration(context.Context, string) (configuration.RealmConfiguration, error) StoreOrUpdateAdminConfiguration(context.Context, string, configuration.RealmAdminConfiguration) error GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error) GetBackOfficeConfiguration(context.Context, string, []string) (dto.BackOfficeConfiguration, error) DeleteBackOfficeConfiguration(context.Context, string, string, string, *string, *string) error InsertBackOfficeConfiguration(context.Context, string, string, string, string, []string) error GetAuthorizations(context context.Context, realmID string, groupName string) ([]configuration.Authorization, error) CreateAuthorization(context context.Context, authz configuration.Authorization) error DeleteAuthorizations(context context.Context, realmID string, groupName string) error DeleteAllAuthorizationsWithGroup(context context.Context, realmName, groupName string) error }
ConfigurationDBModule is the interface of the configuration module.
func NewConfigurationDBModule ¶
func NewConfigurationDBModule(db sqltypes.CloudtrustDB, logger log.Logger, actions ...[]string) ConfigurationDBModule
NewConfigurationDBModule returns a ConfigurationDB module.
type EventsDBModule ¶
type EventsDBModule interface { GetEventsCount(context.Context, map[string]string) (int, error) GetEvents(context.Context, map[string]string) ([]api.AuditRepresentation, error) GetEventsSummary(context.Context) (api.EventSummaryRepresentation, error) GetLastConnection(context.Context, string) (int64, error) GetTotalConnectionsCount(context.Context, string, string) (int64, error) GetTotalConnectionsHoursCount(context.Context, string, *time.Location, int) ([][]int64, error) GetTotalConnectionsDaysCount(context.Context, string, *time.Location, int) ([][]int64, error) GetTotalConnectionsMonthsCount(context.Context, string, *time.Location, int) ([][]int64, error) GetLastConnections(context.Context, string, string) ([]api_stat.StatisticsConnectionRepresentation, error) }
EventsDBModule is the interface of the audit events module.
func NewEventsDBModule ¶
func NewEventsDBModule(db sqltypes.CloudtrustDB) EventsDBModule
NewEventsDBModule returns an events database module.
type KeycloakClient ¶
type KeycloakClient interface { GetGroupsOfUser(accessToken string, realmName, userID string) ([]kc.GroupRepresentation, error) GetGroup(accessToken string, realmName, groupID string) (kc.GroupRepresentation, error) GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error) }
KeycloakClient are methods from keycloak-client used by authorization manager
type Logger ¶
type Logger interface { Debug(ctx context.Context, keyvals ...interface{}) Info(ctx context.Context, keyvals ...interface{}) Warn(ctx context.Context, keyvals ...interface{}) Error(ctx context.Context, keyvals ...interface{}) }
Logger interface for logging with level
type Scanner ¶
type Scanner interface {
Scan(...interface{}) error
}
Scanner used to get data from SQL cursors
type UsersDetailsDBModule ¶
type UsersDetailsDBModule interface { StoreOrUpdateUserDetails(ctx context.Context, realm string, user dto.DBUser) error GetUserDetails(ctx context.Context, realm string, userID string) (dto.DBUser, error) DeleteUserDetails(ctx context.Context, realm string, userID string) error CreateCheck(ctx context.Context, realm string, userID string, check dto.DBCheck) error GetChecks(ctx context.Context, realm string, userID string) ([]dto.DBCheck, error) }
UsersDetailsDBModule interface
func NewUsersDetailsDBModule ¶
func NewUsersDetailsDBModule(db sqltypes.CloudtrustDB, cipher security.EncrypterDecrypter, logger log.Logger) UsersDetailsDBModule
NewUsersDetailsDBModule returns a UsersDB module.