types

package
v0.1.25 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package types contains domain types internal to identity-api.

Package types defines all non-http types used in the STS.

Index

Constants

View Source 
const (
	// IdentityService represents the service portion of the prefix.
	IdentityService = "idnt"

	// IdentityUserResource represents the resource portion of the prefix.
	IdentityUserResource = "usr"

	// IdentityUserIDPrefix represents the full identity id prefix for a user resource.
	IdentityUserIDPrefix = IdentityService + IdentityUserResource

	// IdentityClientResource represents the client resource type in a ID.
	IdentityClientResource = "cli"

	// IdentityClientIDPrefix represents the full identity id prefix for a client resource.
	IdentityClientIDPrefix = IdentityService + IdentityClientResource

	// IdentityIssuerResource represents the issuer resource type in an ID.
	IdentityIssuerResource = "iss"

	// IdentityIssuerIDPrefix represents the full identity id prefix for an issuer resource.
	IdentityIssuerIDPrefix = IdentityService + IdentityIssuerResource

	// IdentityGroupResource represents the group resource type in an ID.
	IdentityGroupResource = "grp"

	// IdentityGroupIDPrefix represents the full identity id prefix for a group resource.
	IdentityGroupIDPrefix = IdentityService + IdentityGroupResource
)

Variables

View Source 
var (
	// ErrNotFound represents an error condition where a resource was not found.
	ErrNotFound = errors.New("not found")
	// ErrInvalidArgument represents an error condition where an argument was invalid.
	ErrInvalidArgument = errors.New("invalid argument")

	// ErrorIssuerNotFound represents an error condition where an issuer was not found.
	ErrorIssuerNotFound = errors.New("issuer not found")

	// ErrUserInfoNotFound is returned if we attempt to fetch user info
	// from the storage backend and no info exists for that user.
	ErrUserInfoNotFound = errors.New("user info does not exist")

	// ErrFetchUserInfo represents a failure when making a /userinfo request.
	ErrFetchUserInfo = errors.New("could not fetch user info")

	// ErrInvalidUserInfo represents an error condition where the
	// UserInfo provided fails validation prior to storage.
	ErrInvalidUserInfo = errors.New("failed to store user info")

	// ErrOAuthClientNotFound is returned if the OAuthClient doesn't exist.
	ErrOAuthClientNotFound = errors.New("oauth client does not exist")

	// ErrGroupNotFound is returned if the group doesn't exist.
	ErrGroupNotFound = fmt.Errorf("%w: group not found", ErrNotFound)

	// ErrGroupExists is returned if the group already exists.
	ErrGroupExists = fmt.Errorf("%w: group already exists", ErrInvalidArgument)

	// ErrGroupNameEmpty is returned if the group name is empty.
	ErrGroupNameEmpty = fmt.Errorf("%w: group name is empty", ErrInvalidArgument)

	// ErrGroupMemberNotFound is returned if the group member doesn't exist.
	ErrGroupMemberNotFound = fmt.Errorf("%w: group member not found", ErrNotFound)
)

Functions

This section is empty.

Types

type ClaimsMapping 

type ClaimsMapping map[string]*cel.Ast

ClaimsMapping represents a map of claims to a CEL expression that will be evaluated

func BuildClaimsMappingFromMap 

func BuildClaimsMappingFromMap(in map[string]*exprpb.CheckedExpr) ClaimsMapping

BuildClaimsMappingFromMap builds a ClaimsMapping from a map of strings.

func NewClaimsMapping 

func NewClaimsMapping(exprs map[string]string) (ClaimsMapping, error)

NewClaimsMapping creates a ClaimsMapping from the given map of CEL expressions.

func (ClaimsMapping) MarshalJSON 

func (c ClaimsMapping) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (ClaimsMapping) Repr 

func (c ClaimsMapping) Repr() (map[string]string, error)

Repr produces a representation of the claim map using human-readable CEL expressions.

func (*ClaimsMapping) UnmarshalJSON 

func (c *ClaimsMapping) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

type ErrorInvalidTokenRequest added in v0.1.14 

type ErrorInvalidTokenRequest struct {
	Subject map[string]string
}

ErrorInvalidTokenRequest represents an error where an access token request failed.

func (ErrorInvalidTokenRequest) Error added in v0.1.14 

func (e ErrorInvalidTokenRequest) Error() string

type Group added in v0.1.21 

type Group struct {
	// ID is the group's ID
	ID gidx.PrefixedID
	// OwnerID is the ID of the OU that owns the group
	OwnerID gidx.PrefixedID
	// Name is the group's name
	Name string
	// Description is the group's description
	Description string
}

Group represents a set of subjects

func (*Group) ToV1Group added in v0.1.21 

func (g *Group) ToV1Group() (v1.Group, error)

ToV1Group converts a group to an API group.

type GroupService added in v0.1.21 

type GroupService interface {
	// CreateGroup creates a new group.
	CreateGroup(ctx context.Context, group Group) (*Group, error)
	// GetGroupByID retrieves a group by its ID.
	GetGroupByID(ctx context.Context, id gidx.PrefixedID) (*Group, error)
	// UpdateGroup updates a group.
	UpdateGroup(ctx context.Context, id gidx.PrefixedID, update GroupUpdate) (*Group, error)
	// DeleteGroup deletes a group.
	DeleteGroup(ctx context.Context, id gidx.PrefixedID) error

	// ListGroupsByOwner retrieves a list of groups owned by an OU.
	ListGroupsByOwner(ctx context.Context, ownerID gidx.PrefixedID, pagination crdbx.Paginator) (Groups, error)
	// ListGroupsBySubject retrieves a list of groups that a subject is a member of.
	ListGroupsBySubject(ctx context.Context, subject gidx.PrefixedID, pagination crdbx.Paginator) (Groups, error)

	// AddGroupMembers adds subjects to a group.
	AddGroupMembers(ctx context.Context, groupID gidx.PrefixedID, subjects ...gidx.PrefixedID) error
	// ListGroupMembers retrieves a list of subjects in a group.
	ListGroupMembers(ctx context.Context, groupID gidx.PrefixedID, pagination crdbx.Paginator) ([]gidx.PrefixedID, error)
	// RemoveGroupMember removes a subject from a group.
	RemoveGroupMember(ctx context.Context, groupID gidx.PrefixedID, subject gidx.PrefixedID) error
	// ReplaceGroupMembers replaces the members of a group with a new set of subjects.
	ReplaceGroupMembers(ctx context.Context, groupID gidx.PrefixedID, subjects ...gidx.PrefixedID) (add, rm []gidx.PrefixedID, err error)
	// GroupMembersCount retrieves the number of members in a group.
	GroupMembersCount(ctx context.Context, groupID gidx.PrefixedID) (int, error)
}

GroupService represents a service for managing groups.

type GroupUpdate added in v0.1.21 

type GroupUpdate struct {
	Name        *string
	Description *string
}

GroupUpdate represents an update operation on a group.

type Groups added in v0.1.21 

type Groups []*Group

Groups represents a list of groups

func (Groups) ToPrefixedIDs added in v0.1.21 

func (g Groups) ToPrefixedIDs() []gidx.PrefixedID

ToPrefixedIDs converts a list of groups to a list of group IDs.

func (Groups) ToV1Groups added in v0.1.21 

func (g Groups) ToV1Groups() ([]v1.Group, error)

ToV1Groups converts a list of groups to a list of API groups.

type Issuer 

type Issuer struct {
	// OwnerID represents the ID of the owner the issuer belongs to.
	OwnerID gidx.PrefixedID
	// ID represents the ID of the issuer in identity-api.
	ID gidx.PrefixedID
	// Name represents the human-readable name of the issuer.
	Name string
	// URI represents the issuer URI as found in the "iss" claim of a JWT.
	URI string
	// JWKSURI represents the URI where the issuer's JWKS lives. Must be accessible by identity-api.
	JWKSURI string
	// ClaimMappings represents a map of claims to a CEL expression that will be evaluated
	ClaimMappings ClaimsMapping
}

Issuer represents a token issuer.

func (Issuer) ToV1Issuer 

func (i Issuer) ToV1Issuer() (v1.Issuer, error)

ToV1Issuer converts an issuer to an API issuer.

type IssuerService 

type IssuerService interface {
	CreateIssuer(ctx context.Context, iss Issuer) (*Issuer, error)
	GetIssuerByID(ctx context.Context, id gidx.PrefixedID) (*Issuer, error)
	GetOwnerIssuers(ctx context.Context, id gidx.PrefixedID, pagination crdbx.Paginator) (Issuers, error)
	GetIssuerByURI(ctx context.Context, uri string) (*Issuer, error)
	UpdateIssuer(ctx context.Context, id gidx.PrefixedID, update IssuerUpdate) (*Issuer, error)
	DeleteIssuer(ctx context.Context, id gidx.PrefixedID) error
}

IssuerService represents a service for managing issuers.

type IssuerUpdate 

type IssuerUpdate struct {
	Name          *string
	URI           *string
	JWKSURI       *string
	ClaimMappings ClaimsMapping
}

IssuerUpdate represents an update operation on an issuer.

type Issuers added in v0.1.20 

type Issuers []*Issuer

Issuers represents a list of token issuers.

func (Issuers) ToV1Issuers added in v0.1.20 

func (i Issuers) ToV1Issuers() ([]v1.Issuer, error)

ToV1Issuers converts an slice of issuers to a slice of API issuers.

type OAuthClient added in v0.0.8 

type OAuthClient struct {
	ID       gidx.PrefixedID
	OwnerID  gidx.PrefixedID
	Name     string
	Secret   string
	Audience []string
}

OAuthClient is an OAuth 2.0 Client

func (OAuthClient) GetAudience added in v0.0.8 

func (c OAuthClient) GetAudience() fosite.Arguments

GetAudience implements fosite.Client

func (OAuthClient) GetGrantTypes added in v0.0.8 

func (OAuthClient) GetGrantTypes() fosite.Arguments

GetGrantTypes implements fosite.Client

func (OAuthClient) GetHashedSecret added in v0.0.8 

func (c OAuthClient) GetHashedSecret() []byte

GetHashedSecret implements fosite.Client

func (OAuthClient) GetID added in v0.0.8 

func (c OAuthClient) GetID() string

GetID implements fosite.Client

func (OAuthClient) GetRedirectURIs added in v0.0.8 

func (OAuthClient) GetRedirectURIs() []string

GetRedirectURIs implements fosite.Client

func (OAuthClient) GetResponseTypes added in v0.0.8 

func (OAuthClient) GetResponseTypes() fosite.Arguments

GetResponseTypes implements fosite.Client

func (OAuthClient) GetScopes added in v0.0.8 

func (c OAuthClient) GetScopes() fosite.Arguments

GetScopes implements fosite.Client

func (OAuthClient) IsPublic added in v0.0.8 

func (OAuthClient) IsPublic() bool

IsPublic implements fosite.Client

func (OAuthClient) ToV1OAuthClient added in v0.0.8 

func (c OAuthClient) ToV1OAuthClient() v1.OAuthClient

ToV1OAuthClient converts to the OAS OAuth Client type.

type OAuthClientManager added in v0.0.8 

type OAuthClientManager interface {
	CreateOAuthClient(ctx context.Context, client OAuthClient) (OAuthClient, error)
	LookupOAuthClientByID(ctx context.Context, clientID gidx.PrefixedID) (OAuthClient, error)
	DeleteOAuthClient(ctx context.Context, clientID gidx.PrefixedID) error
	GetOwnerOAuthClients(ctx context.Context, ownerID gidx.PrefixedID, pagination crdbx.Paginator) (OAuthClients, error)
}

OAuthClientManager defines the storage interface for OAuth clients.

type OAuthClients added in v0.1.20 

type OAuthClients []OAuthClient

OAuthClients represents a list of token issuers.

func (OAuthClients) ToV1OAuthClients added in v0.1.20 

func (i OAuthClients) ToV1OAuthClients() ([]v1.OAuthClient, error)

ToV1OAuthClients converts an slice of issuers to a slice of API issuers.

type UserInfo 

type UserInfo struct {
	ID      gidx.PrefixedID `json:"-"`
	Name    string          `json:"name,omitempty"`
	Email   string          `json:"email,omitempty"`
	Issuer  string          `json:"iss"`
	Subject string          `json:"sub"`
}

UserInfo contains information about the user from the source OIDC provider. As defined in https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

func (UserInfo) ToV1User added in v0.1.17 

func (u UserInfo) ToV1User() (v1.User, error)

ToV1User converts an user info to an API user info.

type UserInfoService 

type UserInfoService interface {
	// LookupUserInfoByClaims returns the User information object for a issuer, subject pair.
	LookupUserInfoByClaims(ctx context.Context, iss, sub string) (UserInfo, error)

	// LookupUserInfoByID returns the user info for a STS user ID
	LookupUserInfoByID(ctx context.Context, id gidx.PrefixedID) (UserInfo, error)

	// LookupUserOwnerID finds the Owner ID of the Issuer for the given User ID.
	LookupUserOwnerID(ctx context.Context, id gidx.PrefixedID) (gidx.PrefixedID, error)

	// LookupUserInfosByIssuerID returns the user infos for an STS issuer ID
	LookupUserInfosByIssuerID(ctx context.Context, id gidx.PrefixedID, paginator crdbx.Paginator) (UserInfos, error)

	// StoreUserInfo stores the userInfo into the storage backend.
	StoreUserInfo(ctx context.Context, userInfo UserInfo) (UserInfo, error)

	// ParseUserInfoFromClaims parses OIDC ID token claims from the given claim map.
	ParseUserInfoFromClaims(claims map[string]any) (UserInfo, error)
}

UserInfoService defines the storage class for storing User information related to the subject tokens.

type UserInfos added in v0.1.20 

type UserInfos []UserInfo

UserInfos represents a list of token issuers.

func (UserInfos) ToV1Users added in v0.1.20 

func (i UserInfos) ToV1Users() ([]v1.User, error)

ToV1Users converts an slice of issuers to a slice of API issuers.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.