Documentation ¶
Overview ¶
See LICENSE for copying information. performing satellite administration tasks.
NOTE this is work in progress and will eventually replace the current satellite administration server implemented in the parent package, hence this package name is the same than its parent because it will simplify the replace once it's ready.
Index ¶
Constants ¶
const ( RoleAdmin = Authorization( PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits | PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountSuspendPermanently | PermAccountReActivatePermanently | PermAccountDeleteNoData | PermAccountDeleteWithData | PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement | PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation | PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement | PermBucketSetUserAgent, ) RoleViewer = Authorization(PermAccountView | PermProjectView | PermBucketView) RoleCustomerSupport = Authorization( PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits | PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountDeleteNoData | PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement | PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation | PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement | PermBucketSetUserAgent, ) RoleFinanceManager = Authorization( PermAccountView | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountSuspendPermanently | PermAccountReActivatePermanently | PermAccountDeleteNoData | PermAccountDeleteWithData | PermProjectView | PermBucketView, ) )
These constants are the list of roles that users can have and the service uses to match permissions to perform operations.
const PathPrefix = "/back-office/"
PathPrefix is the path that will be prefixed to the router passed to the NewServer constructor. This is temporary until this server will replace the storj.io/storj/satellite/admin/server.go.
Variables ¶
var ErrAuthorizer = errs.Class("authorizer")
ErrAuthorizer is the error class that wraps all the errors returned by the authorization.
var ErrPlacementsAPI = errs.Class("admin placements api")
var ( // Error is the error class that wraps all the errors returned by this package. Error = errs.Class("satellite-admin") )
Functions ¶
This section is empty.
Types ¶
type Authorization ¶ added in v1.93.1
type Authorization uint64
Authorization specifies the permissions that user role has and validates if it has certain permissions.
func (Authorization) Has ¶ added in v1.93.1
func (auth Authorization) Has(perms ...Permission) bool
Has returns true if auth has all the passed permissions.
type Authorizer ¶ added in v1.93.1
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer checks if a group has certain permissions.
func NewAuthorizer ¶ added in v1.93.1
func NewAuthorizer( log *zap.Logger, adminGroups, viewerGroups, customerSupportGroups, financeManagerGroups []string, ) *Authorizer
NewAuthorizer creates an Authorizer with the list of groups that are assigned to each different role. log is the parent logger where it will attach a prefix to identify messages coming from it.
In the case that a group is assigned to more than one role, it will get the less permissive role.
func (*Authorizer) HasPermissions ¶ added in v1.93.1
func (auth *Authorizer) HasPermissions(group string, perms ...Permission) bool
HasPermissions check if group has all perms.
func (*Authorizer) Middleware ¶ added in v1.93.1
func (auth *Authorizer) Middleware(next http.Handler, perms ...Permission) http.Handler
Middleware returns an HTTP handler which verifies if the request is performed by a user with a role that allows all the passed permissions.
type Config ¶
type Config struct { StaticDir string `` /* 181-byte string literal not displayed */ UserGroupsRoleAdmin []string `help:"the list of groups whose users has the administration role" releaseDefault:"" devDefault:""` UserGroupsRoleViewer []string `help:"the list of groups whose users has the viewer role" releaseDefault:"" devDefault:""` UserGroupsRoleCustomerSupport []string `help:"the list of groups whose users has the customer support role" releaseDefault:"" devDefault:""` UserGroupsRoleFinanceManager []string `help:"the list of groups whose users has the finance manager role" releaseDefault:"" devDefault:""` }
Config defines configuration for the satellite administration server.
type Permission ¶ added in v1.93.1
type Permission uint64
Permission represents a permissions to perform an operation.
const ( PermAccountView Permission = 1 << iota PermAccountChangeEmail PermAccountDisableMFA PermAccountChangeLimits PermAccountSetDataPlacement PermAccountRemoveDataPlacement PermAccountSetUserAgent PermAccountSuspendTemporary PermAccountReActivateTemporary PermAccountSuspendPermanently PermAccountReActivatePermanently PermAccountDeleteNoData PermAccountDeleteWithData PermProjectView PermProjectSetLimits PermProjectSetDataPlacement PermProjectRemoveDataPlacement PermProjectSetUserAgent PermProjectSendInvitation PermBucketView PermBucketSetDataPlacement PermBucketRemoveDataPlacement PermBucketSetUserAgent )
These constants are the list of permissions that the service uses for authorizing users to perform operations.
type PlacementInfo ¶ added in v1.93.1
type PlacementInfo struct { ID storj.PlacementConstraint `json:"id"` Location string `json:"location"` }
PlacementInfo contains the ID and location of a placement rule.
type PlacementManagementHandler ¶ added in v1.93.1
type PlacementManagementHandler struct {
// contains filtered or unexported fields
}
PlacementManagementHandler is an api handler that implements all PlacementManagement API endpoints functionality.
func NewPlacementManagement ¶ added in v1.93.1
func NewPlacementManagement(log *zap.Logger, mon *monkit.Scope, service PlacementManagementService, router *mux.Router, auth api.Auth) *PlacementManagementHandler
type PlacementManagementService ¶ added in v1.93.1
type PlacementManagementService interface {
GetPlacements(ctx context.Context) ([]PlacementInfo, api.HTTPError)
}
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server serves the API endpoints and the web application to allow preforming satellite administration tasks.
func NewServer ¶
func NewServer(log *zap.Logger, listener net.Listener, placement *overlay.PlacementDefinitions, root *mux.Router, config Config) *Server
NewServer creates a satellite administration server instance with the provided dependencies and configurations.
When listener is nil, Server.Run is a noop.
func (*Server) GetPlacements ¶ added in v1.93.1
GetPlacements returns IDs and locations of placement rules.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document.
|
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document. |