Documentation
¶
Index ¶
Constants ¶
const ( // GROUP_URL_TEMPLATE is the URL to retrieve the group membership from Chrome Infra Auth server. GROUP_URL_TEMPLATE = "https://chrome-infra-auth.appspot.com/auth/api/v1/groups/%s" // REFRESH_PERIOD How often to refresh the group membership. REFRESH_PERIOD = 15 * time.Minute )
const AnyDomain = "*"
AnyDomain is the value to use if any domain is allowed.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Allow ¶
type Allow interface {
// Member returns true if the given email address has access.
Member(email string) bool
Emails() []string
}
Allow is used to enforce additional restrictions on who has access to a site, eg. members of a group.
type AllowedFromChromeInfraAuth ¶
type AllowedFromChromeInfraAuth struct {
// contains filtered or unexported fields
}
AllowedFromChromeInfraAuth implements Allow by reading the list of emails and domains from the Chrome Infra Auth API endpoint.
It implements Allow.
func NewAllowedFromChromeInfraAuth ¶
func NewAllowedFromChromeInfraAuth(client *http.Client, group string) (*AllowedFromChromeInfraAuth, error)
NewAllowedFromChromeInfraAuth creates an AllowedFromChromeInfraAuth.
client - Must be authenticated and allowed to access GROUP_URL_TEMPLATE. group - The name of the group we want to restrict access to.
The presumption is that an AllowedFromChromeInfraAuth will be created at startup and if creation fails then the application will not start.
func (*AllowedFromChromeInfraAuth) Emails ¶
func (a *AllowedFromChromeInfraAuth) Emails() []string
func (*AllowedFromChromeInfraAuth) Member ¶
func (a *AllowedFromChromeInfraAuth) Member(email string) bool
type AllowedFromList ¶
type AllowedFromList struct {
// contains filtered or unexported fields
}
AllowedFromList controls access by checking an email address against a list of approved domain names and email addresses.
It implements Allow.
func Googlers ¶
func Googlers() *AllowedFromList
Googlers creates a new AllowedFromList which restricts to only users logged in with an @google.com account.
func NewAllowedFromList ¶
func NewAllowedFromList(emailsAndDomains []string) *AllowedFromList
NewAllowedFromList creates a new *AllowedFromList from the list of domain names and email addresses.
Example:
a := NewAllowedFromList([]string{"google.com", "chromium.org", "someone@example.org"})
func (*AllowedFromList) Emails ¶
func (a *AllowedFromList) Emails() []string
func (*AllowedFromList) Member ¶
func (a *AllowedFromList) Member(email string) bool
Member returns true if the given email address is AllowedFromList.
type Group ¶
type Group struct {
Members []string `json:"members"`
Nested []string `json:"nested"`
Globs []string `json:"globs"`
}
Group is used in Response.
type Response ¶
type Response struct {
Group Group `json:"group"`
}
Response represents the format returned from GROUP_URL_TEMPLATE.
Source Files
Directories