database

Documentation

Index

• Constants
• Variables
• func MarshalUser(user *User) ([]byte, error)
• type AccessToken
• type CertificateAuthority
• type ClusterDatabase
• type Code
  • func (c *Code) Verify(verifier string) bool
• type Member
• type Relay
• type RelayLocator
• type RevokedCertificate
• type SSHKeys
• type SignedCertificate
• type Token
• type TokenDatabase
• type User
  • func UnmarshalUser(kv *mvccpb.KeyValue) (*User, error)
  • func (u *User) ServiceAccount() bool
  • func (u *User) Setup()
• type UserDatabase

Constants

const (
	DefaultPrivateKeyType = "ecdsa"
	DefaultPrivateKeyBits = 256
)

const (
	UserTypeServiceAccount = "service_account"
	UserTypeNormal         = "user"
)

Variables

var (
	CodeExpiration  = 1 * time.Minute
	TokenExpiration = 24 * time.Hour
)

var (
	ErrUserNotFound        = xerrors.New("database: user not found")
	ErrClosed              = xerrors.New("database: closed")
	ErrAccessTokenNotFound = xerrors.New("database: access token not found")
)

var (
	ErrRelayNotFound = xerrors.New("database: relay not found")
)

var (
	ErrTokenNotFound = xerrors.New("database: token not found")
)

var SystemUser = &User{
	Id:    "system@f110.dev",
	Roles: []string{"system:proxy"},
	Type:  UserTypeServiceAccount,
}

Functions

func MarshalUser

func MarshalUser(user *User) ([]byte, error)

Types

type AccessToken

type AccessToken struct {
	Name      string    `json:"name"`
	Value     string    `json:"value"`
	UserId    string    `json:"user_id"`
	Issuer    string    `json:"issuer"`
	CreatedAt time.Time `json:"created_at"`
}

type CertificateAuthority

type CertificateAuthority interface {
	// GetSignedCertificates returns a list of SignedCertificate.
	// You want to get a specify SignedCertificate then also passed the serial number.
	// You want to get all SignedCertificate then passed the nil to serialNumber.
	GetSignedCertificate(ctx context.Context, serialNumber *big.Int) ([]*SignedCertificate, error)
	// GetRevokedCertificate returns a list of RevokedCertificate.
	// An interface of this method is the same as GetSignedCertificate.
	GetRevokedCertificate(ctx context.Context, serialNumber *big.Int) ([]*RevokedCertificate, error)
	SetSignedCertificate(ctx context.Context, certificate *SignedCertificate) error
	SetRevokedCertificate(ctx context.Context, certificate *RevokedCertificate) error
	WatchRevokeCertificate() chan *RevokedCertificate
	NewSerialNumber(ctx context.Context) (*big.Int, error)
}

type ClusterDatabase

type ClusterDatabase interface {
	Id() string
	Join(ctx context.Context) error
	Leave(ctx context.Context) error
	MemberList(ctx context.Context) ([]*Member, error)
	Alive() bool
}

type Code

type Code struct {
	Code            string    `json:"code"`
	Challenge       string    `json:"challenge"`
	ChallengeMethod string    `json:"challenge_method"`
	UserId          string    `json:"user_id"`
	IssuedAt        time.Time `json:"issued_at"`
}

func (*Code) Verify

func (c *Code) Verify(verifier string) bool

type Member

type Member struct {
	Id string `json:"id"`
}

type Relay

type Relay struct {
	Name        string    `json:"name"`
	Addr        string    `json:"addr"`
	FromAddr    string    `json:"from_addr"`
	ConnectedAt time.Time `json:"connected_at"`
	UpdatedAt   time.Time `json:"updated_at"`
	Version     int64     `json:"-"`
}

type RelayLocator

type RelayLocator interface {
	Get(name string) (*Relay, bool)
	Set(ctx context.Context, relay *Relay) error
	// TODO: Is this method used?
	Update(ctx context.Context, relay *Relay) error
	Delete(ctx context.Context, name, addr string) error
	Gone() chan *Relay
	GetListenedAddrs() []string
	ListAllConnectedAgents() []*Relay
}

type RevokedCertificate

type RevokedCertificate struct {
	CommonName   string
	SerialNumber *big.Int
	IssuedAt     time.Time
	RevokedAt    time.Time
	Agent        bool
	Comment      string
}

type SSHKeys

type SSHKeys struct {
	UserId string `json:"user_id"`
	Keys   string `json:"keys"`
}

type SignedCertificate

type SignedCertificate struct {
	Certificate *x509.Certificate
	P12         []byte
	IssuedAt    time.Time
	Agent       bool
	Comment     string
}

type Token

type Token struct {
	Token    string    `json:"token"`
	UserId   string    `json:"user_id"`
	IssuedAt time.Time `json:"issued_at"`
}

type TokenDatabase

type TokenDatabase interface {
	FindToken(ctx context.Context, token string) (*Token, error)
	NewCode(ctx context.Context, userId, challenge, challengeMethod string) (*Code, error)
	IssueToken(ctx context.Context, code, codeVerifier string) (*Token, error)
	AllCodes(ctx context.Context) ([]*Code, error)
	DeleteCode(ctx context.Context, code string) error
	AllTokens(ctx context.Context) ([]*Token, error)
	DeleteToken(ctx context.Context, token string) error
}

type User

type User struct {
	Id            string          `json:"id"`
	Roles         []string        `json:"roles"`
	MaintainRoles map[string]bool `json:"maintain_roles,omitempty"`
	Admin         bool            `json:"admin"`
	Type          string          `json:"type"`
	Comment       string          `json:"comment"`

	Version  int64 `json:"-"`
	RootUser bool  `json:"-"`
}

func UnmarshalUser

func UnmarshalUser(kv *mvccpb.KeyValue) (*User, error)

func (*User) ServiceAccount

func (u *User) ServiceAccount() bool

func (*User) Setup

func (u *User) Setup()

type UserDatabase

type UserDatabase interface {
	Get(id string) (*User, error)
	GetAll() ([]*User, error)
	GetAllServiceAccount() ([]*User, error)
	GetAccessToken(value string) (*AccessToken, error)
	GetAccessTokens(id string) ([]*AccessToken, error)
	Set(ctx context.Context, user *User) error
	SetAccessToken(ctx context.Context, token *AccessToken) error
	Delete(ctx context.Context, id string) error
	SetState(ctx context.Context, unique string) (string, error)
	GetState(ctx context.Context, state string) (string, error)
	DeleteState(ctx context.Context, state string) error
	SetSSHKeys(ctx context.Context, keys *SSHKeys) error
	GetSSHKeys(ctx context.Context, id string) (*SSHKeys, error)
}