Documentation ¶
Overview ¶
See LICENSE for copying information. performing satellite administration tasks.
NOTE this is work in progress and will eventually replace the current satellite administration server implemented in the parent package, hence this package name is the same than its parent because it will simplify the replace once it's ready.
Index ¶
- Constants
- Variables
- type AccountFlags
- type Authorization
- type Authorizer
- type BucketFlags
- type Config
- type Defaults
- type FeatureFlags
- type Permission
- type PlacementInfo
- type PlacementManagementHandler
- type PlacementManagementService
- type Project
- type ProjectFlags
- type ProjectLimitsUpdate
- type ProjectManagementHandler
- type ProjectManagementService
- type ProjectUsageLimits
- type Server
- type Service
- func (s *Service) GetPlacements(ctx context.Context) ([]PlacementInfo, api.HTTPError)
- func (s *Service) GetProject(ctx context.Context, id uuid.UUID) (*Project, api.HTTPError)
- func (s *Service) GetSettings(ctx context.Context) (*Settings, api.HTTPError)
- func (s *Service) GetUserByEmail(ctx context.Context, email string) (*UserAccount, api.HTTPError)
- func (s *Service) UpdateProjectLimits(ctx context.Context, id uuid.UUID, req ProjectLimitsUpdate) api.HTTPError
- type Settings
- type SettingsAdmin
- type SettingsHandler
- type SettingsService
- type User
- type UserAccount
- type UserManagementHandler
- type UserManagementService
- type UserProject
Constants ¶
const ( RoleAdmin = Authorization( PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits | PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountSuspendPermanently | PermAccountReActivatePermanently | PermAccountDeleteNoData | PermAccountDeleteWithData | PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement | PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation | PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement | PermBucketSetUserAgent, ) RoleViewer = Authorization(PermAccountView | PermProjectView | PermBucketView) RoleCustomerSupport = Authorization( PermAccountView | PermAccountChangeEmail | PermAccountDisableMFA | PermAccountChangeLimits | PermAccountSetDataPlacement | PermAccountRemoveDataPlacement | PermAccountSetUserAgent | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountDeleteNoData | PermProjectView | PermProjectSetLimits | PermProjectSetDataPlacement | PermProjectRemoveDataPlacement | PermProjectSetUserAgent | PermProjectSendInvitation | PermBucketView | PermBucketSetDataPlacement | PermBucketRemoveDataPlacement | PermBucketSetUserAgent, ) RoleFinanceManager = Authorization( PermAccountView | PermAccountSuspendTemporary | PermAccountReActivateTemporary | PermAccountSuspendPermanently | PermAccountReActivatePermanently | PermAccountDeleteNoData | PermAccountDeleteWithData | PermProjectView | PermBucketView, ) )
These constants are the list of roles that users can have and the service uses to match permissions to perform operations.
const PathPrefix = "/back-office/"
PathPrefix is the path that will be prefixed to the router passed to the NewServer constructor. This is temporary until this server will replace the storj.io/storj/satellite/admin/server.go.
Variables ¶
var ErrAuthorizer = errs.Class("authorizer")
ErrAuthorizer is the error class that wraps all the errors returned by the authorization.
var ErrPlacementsAPI = errs.Class("admin placements api")
var ErrProjectsAPI = errs.Class("admin projects api")
var ErrSettingsAPI = errs.Class("admin settings api")
var ErrUsersAPI = errs.Class("admin users api")
var ( // Error is the error class that wraps all the errors returned by this package. Error = errs.Class("satellite-admin") )
Functions ¶
This section is empty.
Types ¶
type AccountFlags ¶ added in v1.96.2
type AccountFlags struct { Create bool `json:"create"` Delete bool `json:"delete"` History bool `json:"history"` List bool `json:"list"` Projects bool `json:"projects"` Suspend bool `json:"suspend"` Unsuspend bool `json:"unsuspend"` ResetMFA bool `json:"resetMFA"` UpdateInfo bool `json:"updateInfo"` UpdateLimits bool `json:"updateLimits"` UpdatePlacement bool `json:"updatePlacement"` UpdateStatus bool `json:"updateStatus"` UpdateValueAttribution bool `json:"updateValueAttribution"` View bool `json:"view"` }
AccountFlags are the feature flags related to user's accounts.
type Authorization ¶ added in v1.93.1
type Authorization uint64
Authorization specifies the permissions that user role has and validates if it has certain permissions.
func (Authorization) Has ¶ added in v1.93.1
func (auth Authorization) Has(perms ...Permission) bool
Has returns true if auth has all the passed permissions.
type Authorizer ¶ added in v1.93.1
type Authorizer struct {
// contains filtered or unexported fields
}
Authorizer checks if a group has certain permissions.
func NewAuthorizer ¶ added in v1.93.1
func NewAuthorizer( log *zap.Logger, adminGroups, viewerGroups, customerSupportGroups, financeManagerGroups []string, ) *Authorizer
NewAuthorizer creates an Authorizer with the list of groups that are assigned to each different role. log is the parent logger where it will attach a prefix to identify messages coming from it.
In the case that a group is assigned to more than one role, it will get the less permissive role.
func (*Authorizer) HasPermissions ¶ added in v1.93.1
func (auth *Authorizer) HasPermissions(group string, perms ...Permission) bool
HasPermissions check if group has all perms.
func (*Authorizer) IsRejected ¶ added in v1.94.1
func (auth *Authorizer) IsRejected(w http.ResponseWriter, r *http.Request, perms ...Permission) bool
IsRejected verifies that r is from a user who belongs to a group that has all perms and returns false, otherwise responds with http.StatusUnauthorized using storj.io/storj/private.api.ServeError and returns true.
This method is convenient to inject it to the handlers generated by the API generator through a customized handler.
type BucketFlags ¶ added in v1.96.2
type BucketFlags struct { Create bool `json:"create"` Delete bool `json:"delete"` History bool `json:"history"` List bool `json:"list"` UpdateInfo bool `json:"updateInfo"` UpdatePlacement bool `json:"updatePlacement"` UpdateValueAttribution bool `json:"updateValueAttribution"` View bool `json:"view"` }
BucketFlags are the feature flags related to buckets.
type Config ¶
type Config struct { StaticDir string `` /* 181-byte string literal not displayed */ UserGroupsRoleAdmin []string `help:"the list of groups whose users has the administration role" releaseDefault:"" devDefault:""` UserGroupsRoleViewer []string `help:"the list of groups whose users has the viewer role" releaseDefault:"" devDefault:""` UserGroupsRoleCustomerSupport []string `help:"the list of groups whose users has the customer support role" releaseDefault:"" devDefault:""` UserGroupsRoleFinanceManager []string `help:"the list of groups whose users has the finance manager role" releaseDefault:"" devDefault:""` }
Config defines configuration for the satellite administration server.
type Defaults ¶ added in v1.96.2
Defaults contains default values for limits which are not stored in the DB.
type FeatureFlags ¶ added in v1.96.2
type FeatureFlags struct { Account AccountFlags `json:"account"` Project ProjectFlags `json:"project"` Bucket BucketFlags `json:"bucket"` Dashboard bool `json:"dashboard"` Operator bool `json:"operator"` // This is the information about the logged operator SignOut bool `json:"signOut"` SwitchSatellite bool `json:"switchSatellite"` }
FeatureFlags indicates what Admin service features are enabled or disabled. The features are usually disabled when they are not fully implemented.
type Permission ¶ added in v1.93.1
type Permission uint64
Permission represents a permissions to perform an operation.
const ( PermAccountView Permission = 1 << iota PermAccountChangeEmail PermAccountDisableMFA PermAccountChangeLimits PermAccountSetDataPlacement PermAccountRemoveDataPlacement PermAccountSetUserAgent PermAccountSuspendTemporary PermAccountReActivateTemporary PermAccountSuspendPermanently PermAccountReActivatePermanently PermAccountDeleteNoData PermAccountDeleteWithData PermProjectView PermProjectSetLimits PermProjectSetDataPlacement PermProjectRemoveDataPlacement PermProjectSetUserAgent PermProjectSendInvitation PermBucketView PermBucketSetDataPlacement PermBucketRemoveDataPlacement PermBucketSetUserAgent )
These constants are the list of permissions that the service uses for authorizing users to perform operations.
type PlacementInfo ¶ added in v1.93.1
type PlacementInfo struct { ID storj.PlacementConstraint `json:"id"` Location string `json:"location"` }
PlacementInfo contains the ID and location of a placement rule.
type PlacementManagementHandler ¶ added in v1.93.1
type PlacementManagementHandler struct {
// contains filtered or unexported fields
}
PlacementManagementHandler is an api handler that implements all PlacementManagement API endpoints functionality.
func NewPlacementManagement ¶ added in v1.93.1
func NewPlacementManagement(log *zap.Logger, mon *monkit.Scope, service PlacementManagementService, router *mux.Router) *PlacementManagementHandler
type PlacementManagementService ¶ added in v1.93.1
type PlacementManagementService interface {
GetPlacements(ctx context.Context) ([]PlacementInfo, api.HTTPError)
}
type Project ¶ added in v1.96.2
type Project struct { ID uuid.UUID `json:"id"` // This is the public ID Name string `json:"name"` Description string `json:"description"` UserAgent string `json:"userAgent"` Owner User `json:"owner"` CreatedAt time.Time `json:"createdAt"` DefaultPlacement storj.PlacementConstraint `json:"defaultPlacement"` // RateLimit is `nil` when satellite applies the configured default rate limit. RateLimit *int `json:"rateLimit"` // BurstLimit is `nil` when satellite applies the configured default burst limit. BurstLimit *int `json:"burstLimit"` // Maxbuckets is `nil` when satellite applies the configured default max buckets. MaxBuckets *int `json:"maxBuckets"` ProjectUsageLimits[*int64] }
Project contains the information and configurations of a project.
type ProjectFlags ¶ added in v1.96.2
type ProjectFlags struct { Create bool `json:"create"` Delete bool `json:"delete"` History bool `json:"history"` List bool `json:"list"` UpdateInfo bool `json:"updateInfo"` UpdateLimits bool `json:"updateLimits"` UpdatePlacement bool `json:"updatePlacement"` UpdateValueAttribution bool `json:"updateValueAttribution"` View bool `json:"view"` MemberList bool `json:"memberList"` MemberAdd bool `json:"memberAdd"` MemberRemove bool `json:"memberRemove"` }
ProjectFlags are the feature flags related to projects.
type ProjectLimitsUpdate ¶ added in v1.96.2
type ProjectLimitsUpdate struct { MaxBuckets int `json:"maxBuckets"` StorageLimit int64 `json:"storageLimit"` BandwidthLimit int64 `json:"bandwidthLimit"` SegmentLimit int64 `json:"segmentLimit"` RateLimit int `json:"rateLimit"` BurstLimit int `json:"burstLimit"` }
ProjectLimitsUpdate contains all limit values to be updated.
type ProjectManagementHandler ¶ added in v1.96.2
type ProjectManagementHandler struct {
// contains filtered or unexported fields
}
ProjectManagementHandler is an api handler that implements all ProjectManagement API endpoints functionality.
func NewProjectManagement ¶ added in v1.96.2
func NewProjectManagement(log *zap.Logger, mon *monkit.Scope, service ProjectManagementService, router *mux.Router, auth *Authorizer) *ProjectManagementHandler
type ProjectManagementService ¶ added in v1.96.2
type ProjectUsageLimits ¶ added in v1.94.1
type ProjectUsageLimits[T ~int64 | *int64] struct { BandwidthLimit T `json:"bandwidthLimit"` BandwidthUsed int64 `json:"bandwidthUsed"` StorageLimit T `json:"storageLimit"` StorageUsed *int64 `json:"storageUsed"` SegmentLimit T `json:"segmentLimit"` SegmentUsed *int64 `json:"segmentUsed"` }
ProjectUsageLimits holds project usage limits and current usage. It uses generics for allowing to report the limits fields with nil values when they are read from the DB projects table.
StorageUsed and SegmentUsed are nil if there was an error connecting to the Redis live accounting cache.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server serves the API endpoints and the web application to allow preforming satellite administration tasks.
func NewServer ¶
func NewServer( log *zap.Logger, listener net.Listener, service *Service, root *mux.Router, config Config, ) *Server
NewServer creates a satellite administration server instance with the provided dependencies and configurations.
When listener is nil, Server.Run is a noop.
type Service ¶ added in v1.94.1
type Service struct {
// contains filtered or unexported fields
}
Service provides functionality for administrating satellites.
func NewService ¶ added in v1.94.1
func NewService( log *zap.Logger, consoleDB console.DB, accountingDB accounting.ProjectAccounting, accounting *accounting.Service, placement nodeselection.PlacementDefinitions, defaultMaxBuckets int, defaultRateLimit float64, ) *Service
NewService creates a new satellite administration service.
func (*Service) GetPlacements ¶ added in v1.94.1
GetPlacements returns IDs and locations of placement rules.
func (*Service) GetProject ¶ added in v1.96.2
GetProject gets the project info.
func (*Service) GetSettings ¶ added in v1.96.2
GetSettings returns the service settings.
func (*Service) GetUserByEmail ¶ added in v1.94.1
GetUserByEmail returns a verified user by its email address.
func (*Service) UpdateProjectLimits ¶ added in v1.96.2
func (s *Service) UpdateProjectLimits(ctx context.Context, id uuid.UUID, req ProjectLimitsUpdate) api.HTTPError
UpdateProjectLimits updates the project's max buckets, storage, bandwidth, segment, rate, and burst limits.
type Settings ¶ added in v1.96.2
type Settings struct {
Admin SettingsAdmin `json:"admin"`
}
Settings contains relevant settings for the consumers of this service. It may contain settings of:
- this service.
- the server that exposes the service.
- related Storj services (e.g. Satellite).
type SettingsAdmin ¶ added in v1.96.2
type SettingsAdmin struct {
Features FeatureFlags `json:"features"`
}
SettingsAdmin are the settings of this service and the server that exposes it.
type SettingsHandler ¶ added in v1.96.2
type SettingsHandler struct {
// contains filtered or unexported fields
}
SettingsHandler is an api handler that implements all Settings API endpoints functionality.
func NewSettings ¶ added in v1.96.2
func NewSettings(log *zap.Logger, mon *monkit.Scope, service SettingsService, router *mux.Router) *SettingsHandler
type SettingsService ¶ added in v1.96.2
type User ¶ added in v1.94.1
type User struct { ID uuid.UUID `json:"id"` FullName string `json:"fullName"` Email string `json:"email"` }
User holds the user's information.
type UserAccount ¶ added in v1.96.2
type UserAccount struct { User PaidTier bool `json:"paidTier"` CreatedAt time.Time `json:"createdAt"` Status string `json:"status"` UserAgent string `json:"userAgent"` DefaultPlacement storj.PlacementConstraint `json:"defaultPlacement"` Projects []UserProject `json:"projects"` }
UserAccount holds information about a user's account.
type UserManagementHandler ¶ added in v1.94.1
type UserManagementHandler struct {
// contains filtered or unexported fields
}
UserManagementHandler is an api handler that implements all UserManagement API endpoints functionality.
func NewUserManagement ¶ added in v1.94.1
func NewUserManagement(log *zap.Logger, mon *monkit.Scope, service UserManagementService, router *mux.Router, auth *Authorizer) *UserManagementHandler
type UserManagementService ¶ added in v1.94.1
type UserProject ¶ added in v1.96.2
type UserProject struct { ID uuid.UUID `json:"id"` // This is the public ID Name string `json:"name"` ProjectUsageLimits[int64] }
UserProject is project owned by a user with basic information, usage, and limits.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document.
|
Package main defines the satellite administration API through the API generator and generates source code of the API server handlers and clients and the documentation markdown document. |