admin

package
v1.93.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 29, 2023 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

See LICENSE for copying information. performing satellite administration tasks.

NOTE this is work in progress and will eventually replace the current satellite administration server implemented in the parent package, hence this package name is the same than its parent because it will simplify the replace once it's ready.

Index

Constants

View Source
const (
	RoleAdmin = Authorization(
		PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits |
			PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent |
			PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountSuspendPermanently |
			PermAccountReActivatePermanently | PermAccountDeleteNoData | PermAccountDeleteWithData |
			PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement |
			PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation |
			PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement |
			PermBucketSetUserAgent,
	)
	RoleViewer          = Authorization(PermAccountView | PermProjectView | PermBucketView)
	RoleCustomerSupport = Authorization(
		PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits |
			PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent |
			PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountDeleteNoData |
			PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement |
			PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation |
			PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement |
			PermBucketSetUserAgent,
	)
	RoleFinanceManager = Authorization(
		PermAccountView | PermAccountSuspendTemporary | PermAccountReActivateTemporary |
			PermAccountSuspendPermanently | PermAccountReActivatePermanently | PermAccountDeleteNoData |
			PermAccountDeleteWithData | PermProjectView | PermBucketView,
	)
)

These constants are the list of roles that users can have and the service uses to match permissions to perform operations.

View Source
const PathPrefix = "/back-office/"

PathPrefix is the path that will be prefixed to the router passed to the NewServer constructor. This is temporary until this server will replace the storj.io/storj/satellite/admin/server.go.

Variables

View Source
var ErrAuthorizer = errs.Class("authorizer")

ErrAuthorizer is the error class that wraps all the errors returned by the authorization.

View Source
var ErrPlacementsAPI = errs.Class("admin placements api")
View Source
var (
	// Error is the error class that wraps all the errors returned by this package.
	Error = errs.Class("satellite-admin")
)

Functions

This section is empty.

Types

type Authorization added in v1.93.1

type Authorization uint64

Authorization specifies the permissions that user role has and validates if it has certain permissions.

func (Authorization) Has added in v1.93.1

func (auth Authorization) Has(perms ...Permission) bool

Has returns true if auth has all the passed permissions.

type Authorizer added in v1.93.1

type Authorizer struct {
	// contains filtered or unexported fields
}

Authorizer checks if a group has certain permissions.

func NewAuthorizer added in v1.93.1

func NewAuthorizer(
	log *zap.Logger,
	adminGroups, viewerGroups, customerSupportGroups, financeManagerGroups []string,
) *Authorizer

NewAuthorizer creates an Authorizer with the list of groups that are assigned to each different role. log is the parent logger where it will attach a prefix to identify messages coming from it.

In the case that a group is assigned to more than one role, it will get the less permissive role.

func (*Authorizer) HasPermissions added in v1.93.1

func (auth *Authorizer) HasPermissions(group string, perms ...Permission) bool

HasPermissions check if group has all perms.

func (*Authorizer) Middleware added in v1.93.1

func (auth *Authorizer) Middleware(next http.Handler, perms ...Permission) http.Handler

Middleware returns an HTTP handler which verifies if the request is performed by a user with a role that allows all the passed permissions.

type Config

type Config struct {
	StaticDir string `` /* 181-byte string literal not displayed */

	UserGroupsRoleAdmin           []string `help:"the list of groups whose users has the administration role"   releaseDefault:"" devDefault:""`
	UserGroupsRoleViewer          []string `help:"the list of groups whose users has the viewer role"           releaseDefault:"" devDefault:""`
	UserGroupsRoleCustomerSupport []string `help:"the list of groups whose users has the customer support role" releaseDefault:"" devDefault:""`
	UserGroupsRoleFinanceManager  []string `help:"the list of groups whose users has the finance manager role"  releaseDefault:"" devDefault:""`
}

Config defines configuration for the satellite administration server.

type Permission added in v1.93.1

type Permission uint64

Permission represents a permissions to perform an operation.

const (
	PermAccountView Permission = 1 << iota
	PermAccountChangeEmail
	PermAccountDisableMFA
	PermAccountChangeLimits
	PermAccountSetDataPlacement
	PermAccountRemoveDataPlacement
	PermAccountSetUserAgent
	PermAccountSuspendTemporary
	PermAccountReActivateTemporary
	PermAccountSuspendPermanently
	PermAccountReActivatePermanently
	PermAccountDeleteNoData
	PermAccountDeleteWithData
	PermProjectView
	PermProjectSetLimits
	PermProjectSetDataPlacement
	PermProjectRemoveDataPlacement
	PermProjectSetUserAgent
	PermProjectSendInvitation
	PermBucketView
	PermBucketSetDataPlacement
	PermBucketRemoveDataPlacement
	PermBucketSetUserAgent
)

These constants are the list of permissions that the service uses for authorizing users to perform operations.

type PlacementInfo added in v1.93.1

type PlacementInfo struct {
	ID       storj.PlacementConstraint `json:"id"`
	Location string                    `json:"location"`
}

PlacementInfo contains the ID and location of a placement rule.

type PlacementManagementHandler added in v1.93.1

type PlacementManagementHandler struct {
	// contains filtered or unexported fields
}

PlacementManagementHandler is an api handler that implements all PlacementManagement API endpoints functionality.

func NewPlacementManagement added in v1.93.1

func NewPlacementManagement(log *zap.Logger, mon *monkit.Scope, service PlacementManagementService, router *mux.Router, auth api.Auth) *PlacementManagementHandler

type PlacementManagementService added in v1.93.1

type PlacementManagementService interface {
	GetPlacements(ctx context.Context) ([]PlacementInfo, api.HTTPError)
}

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server serves the API endpoints and the web application to allow preforming satellite administration tasks.

func NewServer

func NewServer(log *zap.Logger, listener net.Listener, placement *overlay.PlacementDefinitions, root *mux.Router, config Config) *Server

NewServer creates a satellite administration server instance with the provided dependencies and configurations.

When listener is nil, Server.Run is a noop.

func (*Server) Close

func (server *Server) Close() error

Close closes server and underlying listener.

func (*Server) GetPlacements added in v1.93.1

func (s *Server) GetPlacements(ctx context.Context) ([]PlacementInfo, api.HTTPError)

GetPlacements returns IDs and locations of placement rules.

func (*Server) Run

func (server *Server) Run(ctx context.Context) error

Run starts the administration HTTP server using the provided listener. If listener is nil, it does nothing and return nil.

Directories

Path Synopsis
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document.
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL