identity

package
v0.0.0-...-d3172bc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2025 License: Apache-2.0 Imports: 4 Imported by: 122

Documentation

Overview

Package identity defines Identity type and related types and constants. Identity represents a caller that makes requests.

Index

Constants

This section is empty.

Variables

View Source
var KnownKinds = map[Kind]*regexp.Regexp{
	Anonymous: regexp.MustCompile(`^anonymous$`),
	Bot:       regexp.MustCompile(`^[0-9a-zA-Z_\-\.@]+$`),
	Project:   regexp.MustCompile(`^[a-z0-9\-_]+$`),
	Service:   regexp.MustCompile(`^[0-9a-zA-Z_\-\:\.]+$`),
	User:      regexp.MustCompile(`^[0-9a-zA-Z_\-\.\+\%]+@[0-9a-zA-Z_\-\.]+$`),
}

KnownKinds is mapping between Kind and regexp for identity values.

See also appengine/components/components/auth/model.py in luci-py.

Functions

This section is empty.

Types

type Glob

type Glob string

Glob is glob like pattern that matches identity strings of some kind.

It is a string of the form "kind:<pattern>" where 'kind' is one of Kind constants and 'pattern' is a wildcard pattern to apply to identity name.

The only supported glob syntax is '*', which matches zero or more characters.

Case sensitive. Doesn't support multi-line strings or patterns. There's no way to match '*' itself.

func MakeGlob

func MakeGlob(glob string) (Glob, error)

MakeGlob ensures 'glob' string looks like a valid identity glob and returns it as Glob value.

func (Glob) Kind

func (g Glob) Kind() Kind

Kind returns identity glob kind. If identity glob string is invalid returns Anonymous.

func (Glob) Match

func (g Glob) Match(id Identity) bool

Match returns true if glob matches an identity. If identity string or identity glob string are invalid, returns false.

func (Glob) Pattern

func (g Glob) Pattern() string

Pattern returns a pattern part of the identity glob. If the identity glob string is invalid returns empty string.

func (Glob) Preprocess

func (g Glob) Preprocess() (kind Kind, regexp string, err error)

Preprocess splits the glob into its kind and a regexp against identity names.

For example "user:*@example.com" => ("user", "^.*@example\.com$"). Returns an error if the glob is malformed.

func (Glob) Validate

func (g Glob) Validate() error

Validate checks that the identity glob string is well-formed.

type Identity

type Identity string

Identity represents a caller that makes requests. A string of the form "kind:value" where 'kind' is one of Kind constant and meaning of 'value' depends on a kind (see comments for Kind values).

const AnonymousIdentity Identity = "anonymous:anonymous"

AnonymousIdentity represents anonymous user.

func MakeIdentity

func MakeIdentity(identity string) (Identity, error)

MakeIdentity ensures 'identity' string looks like a valid identity and returns it as Identity value.

func (Identity) AsNormalized

func (id Identity) AsNormalized() NormalizedIdentity

AsNormalized returns the Identity as a NormalizedIdentity.

func (Identity) Email

func (id Identity) Email() string

Email returns user's email for identity with kind User or empty string for all other identity kinds. If identity string is undefined returns "".

func (Identity) Kind

func (id Identity) Kind() Kind

Kind returns identity kind. If identity string is invalid returns Anonymous.

func (Identity) Validate

func (id Identity) Validate() error

Validate checks that the identity string is well-formed.

func (Identity) Value

func (id Identity) Value() string

Value returns a valued encoded in the identity, e.g. for User identity kind it is user's email address. If identity string is invalid returns "anonymous".

type Kind

type Kind string

Kind is enumeration of known identity kinds. See Identity.

const (
	// Anonymous kind means no identity information is provided. Identity value
	// is always 'anonymous'.
	Anonymous Kind = "anonymous"

	// Bot is used for bots authenticated via IP allowlist. Used primarily by
	// Swarming. Identity value encodes bot ID.
	Bot Kind = "bot"

	// Project is used to convey that the request from one LUCI project to another
	// is being made on behalf of some LUCI project. Identity value is project ID.
	Project Kind = "project"

	// Service is used for GAE apps using X-Appengine-Inbound-Appid header for
	// authentication. Identity value is GAE app id.
	Service Kind = "service"

	// User is used for regular users. Identity value is email address.
	User Kind = "user"
)

type NormalizedIdentity

type NormalizedIdentity string

NormalizedIdentity is similar to Identity, but for identities with 'kind' User, the 'value' component has been normalized. This is primarily to support case-insensitive checks.

func NewNormalizedIdentity

func NewNormalizedIdentity(identity string) NormalizedIdentity

NewNormalizedIdentity creates a NormalizedIdentity from the given 'identity' string. Note: the returned NormalizedIdentity may be an invalid identity, as no validation occurs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL