idp

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2023 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const MutatorColumnCurrentValue = "UCCUR-7f55f479-3822-4976-a8a9-b789d5c6f152"

MutatorColumnCurrentValue is a special value that can be used to set a column to its current value

View Source
const MutatorColumnDefaultValue = "UCDEF-7f55f479-3822-4976-a8a9-b789d5c6f152"

MutatorColumnDefaultValue is a special value that can be used to set a column to its default value

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthnType

type AuthnType string

AuthnType defines the kinds of authentication factors

const (
	AuthnTypePassword AuthnType = "password"
	AuthnTypeOIDC     AuthnType = "social"

	// Used for filter queries; not a valid type
	AuthnTypeAll AuthnType = "all"
)

AuthnType constants

func (AuthnType) Validate

func (a AuthnType) Validate() error

Validate implements Validateable

type Client

type Client struct {
	*TokenizerClient
	// contains filtered or unexported fields
}

Client represents a client to talk to the Userclouds IDP

func NewClient

func NewClient(url string, opts ...Option) (*Client, error)

NewClient constructs a new IDP client

func (*Client) CreateAccessor added in v0.3.0

func (c *Client) CreateAccessor(ctx context.Context, fa userstore.Accessor, opts ...Option) (*userstore.Accessor, error)

CreateAccessor creates a new accessor for the associated tenant

func (*Client) CreateColumn added in v0.3.0

func (c *Client) CreateColumn(ctx context.Context, column userstore.Column, opts ...Option) (*userstore.Column, error)

CreateColumn creates a new column for the associated tenant

func (*Client) CreateColumnRetentionDurationForPurpose added in v0.7.2

func (c *Client) CreateColumnRetentionDurationForPurpose(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	purposeID uuid.UUID,
	crd ColumnRetentionDuration,
) (*ColumnRetentionDurationResponse, error)

CreateColumnRetentionDurationForPurpose creates a column retention duration for the specified duration type and purpose, failing if a retention duration already exists and returning the derived retention duration upon success.

func (*Client) CreateColumnRetentionDurationForTenant added in v0.7.2

func (c *Client) CreateColumnRetentionDurationForTenant(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	crd ColumnRetentionDuration,
) (*ColumnRetentionDurationResponse, error)

CreateColumnRetentionDurationForTenant creates a column retention duration for the specified duration type and tenant, failing if a retention duration already exists and returning the derived retention duration upon success.

func (*Client) CreateMutator added in v0.4.0

func (c *Client) CreateMutator(ctx context.Context, fa userstore.Mutator, opts ...Option) (*userstore.Mutator, error)

CreateMutator creates a new mutator for the associated tenant

func (*Client) CreatePurpose added in v0.6.4

func (c *Client) CreatePurpose(ctx context.Context, purpose userstore.Purpose, opts ...Option) (*userstore.Purpose, error)

CreatePurpose creates a new purpose for the associated tenant

func (*Client) CreateUser added in v0.3.0

func (c *Client) CreateUser(ctx context.Context, profile userstore.Record, opts ...Option) (uuid.UUID, error)

CreateUser creates a user without authn. Profile is optional (okay to pass nil)

func (*Client) DeleteAccessor added in v0.3.0

func (c *Client) DeleteAccessor(ctx context.Context, accessorID uuid.UUID) error

DeleteAccessor deletes the accessor specified by the accessor ID for the associated tenant

func (*Client) DeleteColumn added in v0.3.0

func (c *Client) DeleteColumn(ctx context.Context, columnID uuid.UUID) error

DeleteColumn deletes the column specified by the column ID for the associated tenant

func (*Client) DeleteColumnRetentionDurationForColumn added in v0.7.2

func (c *Client) DeleteColumnRetentionDurationForColumn(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	columnID uuid.UUID,
	durationID uuid.UUID,
) error

DeleteColumnRetentionDurationForColumn deletes the specified column retention duration

func (*Client) DeleteColumnRetentionDurationForPurpose added in v0.7.2

func (c *Client) DeleteColumnRetentionDurationForPurpose(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	purposeID uuid.UUID,
	durationID uuid.UUID,
) error

DeleteColumnRetentionDurationForPurpose deletes the specified purpose retention duration

func (*Client) DeleteColumnRetentionDurationForTenant added in v0.7.2

func (c *Client) DeleteColumnRetentionDurationForTenant(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	durationID uuid.UUID,
) error

DeleteColumnRetentionDurationForTenant deletes the specified tenant retention duration

func (*Client) DeleteMutator added in v0.4.0

func (c *Client) DeleteMutator(ctx context.Context, mutatorID uuid.UUID) error

DeleteMutator deletes the mutator specified by the mutator ID for the associated tenant

func (*Client) DeletePurpose added in v0.6.4

func (c *Client) DeletePurpose(ctx context.Context, purposeID uuid.UUID) error

DeletePurpose deletes a purpose by ID

func (*Client) DeleteUser

func (c *Client) DeleteUser(ctx context.Context, id uuid.UUID) error

DeleteUser deletes a user by ID

func (*Client) ExecuteAccessor added in v0.3.0

func (c *Client) ExecuteAccessor(ctx context.Context, accessorID uuid.UUID, clientContext policy.ClientContext, selectorValues userstore.UserSelectorValues) (*ExecuteAccessorResponse, error)

ExecuteAccessor accesses a column via an accessor for the associated tenant

func (*Client) ExecuteMutator added in v0.5.0

func (c *Client) ExecuteMutator(ctx context.Context, mutatorID uuid.UUID, clientContext policy.ClientContext, selectorValues userstore.UserSelectorValues, rowData map[string]ValueAndPurposes) (*ExecuteMutatorResponse, error)

ExecuteMutator modifies columns in userstore via a mutator for the associated tenant

func (*Client) GetAccessor added in v0.3.0

func (c *Client) GetAccessor(ctx context.Context, accessorID uuid.UUID) (*userstore.Accessor, error)

GetAccessor returns the accessor specified by the accessor ID for the associated tenant

func (*Client) GetAccessorByVersion added in v0.4.0

func (c *Client) GetAccessorByVersion(ctx context.Context, accessorID uuid.UUID, version int) (*userstore.Accessor, error)

GetAccessorByVersion returns the version of an accessor specified by the accessor ID and version for the associated tenant

func (*Client) GetColumn added in v0.3.0

func (c *Client) GetColumn(ctx context.Context, columnID uuid.UUID) (*userstore.Column, error)

GetColumn returns the column specified by the column ID for the associated tenant

func (*Client) GetColumnRetentionDurationForPurpose added in v0.7.2

func (c *Client) GetColumnRetentionDurationForPurpose(
	ctx context.Context,
	purposeID uuid.UUID,
	dlcs userstore.DataLifeCycleState,
) (*ColumnRetentionDurationResponse, error)

GetColumnRetentionDurationForPurpose returns the derived purpose retention duration for the specified purpose and duration type

func (*Client) GetColumnRetentionDurationForTenant added in v0.7.2

func (c *Client) GetColumnRetentionDurationForTenant(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
) (*ColumnRetentionDurationResponse, error)

GetColumnRetentionDurationForTenant returns the derived tenant retention duration for the specified duration type

func (*Client) GetColumnRetentionDurationsForColumn added in v0.7.2

func (c *Client) GetColumnRetentionDurationsForColumn(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	columnID uuid.UUID,
) (*ColumnRetentionDurationsResponse, error)

GetColumnRetentionDurationsForColumn returns the derived column and purpose retention durations for the specified column and duration type

func (*Client) GetConsentedPurposesForUser added in v0.6.4

func (c *Client) GetConsentedPurposesForUser(ctx context.Context, userID uuid.UUID, columns []userstore.ResourceID) (GetConsentedPurposesForUserResponse, error)

GetConsentedPurposesForUser gets the purposes that are consented for a user

func (*Client) GetMutator added in v0.4.0

func (c *Client) GetMutator(ctx context.Context, mutatorID uuid.UUID) (*userstore.Mutator, error)

GetMutator returns the mutator specified by the mutator ID for the associated tenant

func (*Client) GetMutatorByVersion added in v0.5.0

func (c *Client) GetMutatorByVersion(ctx context.Context, mutatorID uuid.UUID, version int) (*userstore.Mutator, error)

GetMutatorByVersion returns the version of an mutator specified by the mutator ID and version for the associated tenant

func (*Client) GetPurpose added in v0.6.4

func (c *Client) GetPurpose(ctx context.Context, purposeID uuid.UUID) (*userstore.Purpose, error)

GetPurpose gets a purpose by ID

func (*Client) GetSpecificColumnRetentionDurationForColumn added in v0.7.2

func (c *Client) GetSpecificColumnRetentionDurationForColumn(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	columnID uuid.UUID,
	durationID uuid.UUID,
) (*ColumnRetentionDurationResponse, error)

GetSpecificColumnRetentionDurationForColumn gets the specified column retention duration

func (*Client) GetSpecificColumnRetentionDurationForPurpose added in v0.7.2

func (c *Client) GetSpecificColumnRetentionDurationForPurpose(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	purposeID uuid.UUID,
	durationID uuid.UUID,
) (*ColumnRetentionDurationResponse, error)

GetSpecificColumnRetentionDurationForPurpose gets the specified purpose retention duration

func (*Client) GetSpecificColumnRetentionDurationForTenant added in v0.7.2

func (c *Client) GetSpecificColumnRetentionDurationForTenant(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	durationID uuid.UUID,
) (*ColumnRetentionDurationResponse, error)

GetSpecificColumnRetentionDurationForTenant gets the specified tenant retention duration

func (*Client) GetUser

func (c *Client) GetUser(ctx context.Context, id uuid.UUID, opts ...Option) (*UserAndAuthnResponse, error)

GetUser gets a user by ID

func (*Client) ListAccessors added in v0.3.0

func (c *Client) ListAccessors(ctx context.Context, opts ...Option) (*ListAccessorsResponse, error)

ListAccessors lists all the available accessors for the associated tenant

func (*Client) ListColumns added in v0.3.0

func (c *Client) ListColumns(ctx context.Context, opts ...Option) (*ListColumnsResponse, error)

ListColumns lists all columns for the associated tenant

func (*Client) ListMutators added in v0.4.0

func (c *Client) ListMutators(ctx context.Context, opts ...Option) (*ListMutatorsResponse, error)

ListMutators lists all the available mutators for the associated tenant

func (*Client) ListPurposes added in v0.6.4

func (c *Client) ListPurposes(ctx context.Context, opts ...Option) (*ListPurposesResponse, error)

ListPurposes lists all purposes for the associated tenant

func (*Client) UpdateAccessor added in v0.3.0

func (c *Client) UpdateAccessor(ctx context.Context, accessorID uuid.UUID, updatedAccessor userstore.Accessor) (*userstore.Accessor, error)

UpdateAccessor updates the accessor specified by the accessor ID with the specified data for the associated tenant

func (*Client) UpdateColumn added in v0.3.0

func (c *Client) UpdateColumn(ctx context.Context, columnID uuid.UUID, updatedColumn userstore.Column) (*userstore.Column, error)

UpdateColumn updates the column specified by the column ID with the specified data for the associated tenant

func (*Client) UpdateColumnRetentionDurationsForColumn added in v0.7.2

func (c *Client) UpdateColumnRetentionDurationsForColumn(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	columnID uuid.UUID,
	req UpdateColumnRetentionDurationsRequest,
) (*ColumnRetentionDurationsResponse, error)

UpdateColumnRetentionDurationsForColumn updates the column retention durations for the specified column and duration type, returning the updated set of retention durations for the column and duration type.

func (*Client) UpdateMutator added in v0.4.0

func (c *Client) UpdateMutator(ctx context.Context, mutatorID uuid.UUID, updatedMutator userstore.Mutator) (*userstore.Mutator, error)

UpdateMutator updates the mutator specified by the mutator ID with the specified data for the associated tenant

func (*Client) UpdatePurpose added in v0.6.4

func (c *Client) UpdatePurpose(ctx context.Context, purpose userstore.Purpose) (*userstore.Purpose, error)

UpdatePurpose updates a purpose for the associated tenant

func (*Client) UpdateSpecificColumnRetentionDurationForColumn added in v0.7.2

func (c *Client) UpdateSpecificColumnRetentionDurationForColumn(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	columnID uuid.UUID,
	durationID uuid.UUID,
	crd ColumnRetentionDuration,
) (*ColumnRetentionDurationResponse, error)

UpdateSpecificColumnRetentionDurationForColumn updates the specific column retention duration for the specified column and duration type, returning the updated retention duration upon success.

func (*Client) UpdateSpecificColumnRetentionDurationForPurpose added in v0.7.2

func (c *Client) UpdateSpecificColumnRetentionDurationForPurpose(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	purposeID uuid.UUID,
	durationID uuid.UUID,
	crd ColumnRetentionDuration,
) (*ColumnRetentionDurationResponse, error)

UpdateSpecificColumnRetentionDurationForPurpose updates the specific column retention duration for the specified purpose and duration type, returning the updated retention duration upon success.

func (*Client) UpdateSpecificColumnRetentionDurationForTenant added in v0.7.2

func (c *Client) UpdateSpecificColumnRetentionDurationForTenant(
	ctx context.Context,
	dlcs userstore.DataLifeCycleState,
	durationID uuid.UUID,
	crd ColumnRetentionDuration,
) (*ColumnRetentionDurationResponse, error)

UpdateSpecificColumnRetentionDurationForTenant updates the specific column retention duration for the tenant and specified duration type, returning the updated retention duration upon success.

func (*Client) UpdateUser

func (c *Client) UpdateUser(ctx context.Context, id uuid.UUID, req UpdateUserRequest) (*UserAndAuthnResponse, error)

UpdateUser updates user profile data for a given user ID

type ColumnConsentedPurposes added in v0.6.4

type ColumnConsentedPurposes struct {
	Column            userstore.ResourceID   `json:"column"`
	ConsentedPurposes []userstore.ResourceID `json:"consented_purposes"`
}

ColumnConsentedPurposes is a tuple for specifying the column and the purposes that are consented for that column

type ColumnRetentionDuration added in v0.6.6

type ColumnRetentionDuration struct {
	DurationType    userstore.DataLifeCycleState `json:"duration_type"`
	ID              uuid.UUID                    `json:"id"`
	ColumnID        uuid.UUID                    `json:"column_id"`
	PurposeID       uuid.UUID                    `json:"purpose_id"`
	Duration        RetentionDuration            `json:"duration"`
	UseDefault      bool                         `json:"use_default"`
	Version         int                          `json:"version"`
	DefaultDuration *RetentionDuration           `json:"default_duration"`
	PurposeName     *string                      `json:"purpose_name"`
}

ColumnRetentionDuration represents an identified retention duration. If ID is nil, it represents an inherited or new value. UseDefault set to true means that the duration is inherited from a less specific default value. DefaultDuration represents the duration that would be inherited if a specific value is not set for the retention duration identifier.

type ColumnRetentionDurationResponse added in v0.7.2

type ColumnRetentionDurationResponse struct {
	MaxDuration       RetentionDuration       `json:"max_duration"`
	RetentionDuration ColumnRetentionDuration `json:"retention_duration"`
}

ColumnRetentionDurationResponse is the response to a get or update request for a single retention duration. The retention duration that applies for the request will be returned, and will include both the specified and inherited default duration. In addition, a max allowed retention duration appropriate for the request parameters will be included. The retention duration will have a non-nil ID and have UseDefault set to false if it represents a saved value, or a nil ID and UseDefault set to true if it represents an inherited value.

type ColumnRetentionDurationsResponse added in v0.6.6

type ColumnRetentionDurationsResponse struct {
	MaxDuration        RetentionDuration         `json:"max_duration"`
	RetentionDurations []ColumnRetentionDuration `json:"retention_durations"`
}

ColumnRetentionDurationsResponse is the response to a get or update request for a set of retention durations. The set of retention durations that apply for the request will be returned, each of which will include a specified and inherited default duration. In addition, a max allowed retention duration appropriate for the request parameters will be included. Each of the retention durations will have a non-nil ID and have UseDefault set to false if they are saved values, or a nil ID and UseDefault set to true if they represent an inherited value.

type CreateAccessorRequest added in v0.3.0

type CreateAccessorRequest struct {
	Accessor userstore.Accessor `json:"accessor"`
}

CreateAccessorRequest is the request body for creating a new accessor

type CreateColumnRequest added in v0.3.0

type CreateColumnRequest struct {
	Column userstore.Column `json:"column"`
}

CreateColumnRequest is the request body for creating a new column TODO: should this support multiple at once before we ship this API?

type CreateMutatorRequest added in v0.4.0

type CreateMutatorRequest struct {
	Mutator userstore.Mutator `json:"mutator"`
}

CreateMutatorRequest is the request body for creating a new mutator

type CreatePurposeRequest added in v0.6.4

type CreatePurposeRequest struct {
	Purpose userstore.Purpose `json:"purpose"`
}

CreatePurposeRequest is the request body for creating a new purpose

type CreateUserAndAuthnRequest added in v0.3.0

type CreateUserAndAuthnRequest struct {
	Profile userstore.Record `json:"profile"`

	OrganizationID uuid.UUID `json:"organization_id"`

	UserAuthn
}

CreateUserAndAuthnRequest creates a user on the IDP

type DurationUnit added in v0.6.6

type DurationUnit string

DurationUnit identifies the unit of measurement for a duration

const (
	DurationUnitIndefinite DurationUnit = "indefinite"
	DurationUnitYear       DurationUnit = "year"
	DurationUnitMonth      DurationUnit = "month"
	DurationUnitWeek       DurationUnit = "week"
	DurationUnitDay        DurationUnit = "day"
	DurationUnitHour       DurationUnit = "hour"
)

Supported duration units

type ExecuteAccessorRequest added in v0.3.0

type ExecuteAccessorRequest struct {
	AccessorID     uuid.UUID                    `json:"accessor_id"`     // the accessor that specifies what data to access
	Context        policy.ClientContext         `json:"context"`         // context that is provided to the accessor Access Policy
	SelectorValues userstore.UserSelectorValues `json:"selector_values"` // the values to use for the selector
}

ExecuteAccessorRequest is the request body for accessing user data

type ExecuteAccessorResponse added in v0.3.0

type ExecuteAccessorResponse struct {
	Data []string `json:"data"`
}

ExecuteAccessorResponse is the response body for accessing user data

type ExecuteMutatorRequest added in v0.5.0

type ExecuteMutatorRequest struct {
	MutatorID      uuid.UUID                    `json:"mutator_id"`      // the mutator that specifies what columns to edit
	Context        policy.ClientContext         `json:"context"`         // context that is provided to the mutator's Access Policy
	SelectorValues userstore.UserSelectorValues `json:"selector_values"` // the values to use for the selector
	RowData        map[string]ValueAndPurposes  `json:"row_data"`        // the values to use for the users table row
}

ExecuteMutatorRequest is the request body for modifying data in the userstore

type ExecuteMutatorResponse added in v0.5.0

type ExecuteMutatorResponse struct {
	UserIDs []uuid.UUID `json:"user_ids"`
}

ExecuteMutatorResponse is the response body for modifying data in the userstore

type GetConsentedPurposesForUserRequest added in v0.6.4

type GetConsentedPurposesForUserRequest struct {
	UserID  uuid.UUID              `json:"user_id"`
	Columns []userstore.ResourceID `json:"columns"`
}

GetConsentedPurposesForUserRequest is the request body for getting the purposes that are consented for a user

type GetConsentedPurposesForUserResponse added in v0.6.4

type GetConsentedPurposesForUserResponse struct {
	Data []ColumnConsentedPurposes `json:"data"`
}

GetConsentedPurposesForUserResponse is the response body for getting the purposes that are consented for a user

type ListAccessPoliciesResponse added in v0.6.4

type ListAccessPoliciesResponse struct {
	Data []policy.AccessPolicy `json:"data"`
	pagination.ResponseFields
}

ListAccessPoliciesResponse is the paginated response from listing object types.

type ListAccessPolicyTemplatesResponse added in v0.6.4

type ListAccessPolicyTemplatesResponse struct {
	Data []policy.AccessPolicyTemplate `json:"data"`
	pagination.ResponseFields
}

ListAccessPolicyTemplatesResponse is the paginated response from listing object types.

type ListAccessorsResponse added in v0.3.0

type ListAccessorsResponse struct {
	Data []userstore.Accessor `json:"data"`
	pagination.ResponseFields
}

ListAccessorsResponse is the paginated response from listing accessors.

type ListColumnsResponse added in v0.3.0

type ListColumnsResponse struct {
	Data []userstore.Column `json:"data"`
	pagination.ResponseFields
}

ListColumnsResponse is the paginated response struct for listing columns

type ListMutatorsResponse added in v0.4.0

type ListMutatorsResponse struct {
	Data []userstore.Mutator `json:"data"`
	pagination.ResponseFields
}

ListMutatorsResponse is the paginated response from listing mutators.

type ListPurposesResponse added in v0.6.4

type ListPurposesResponse struct {
	Data []userstore.Purpose `json:"data"`
	pagination.ResponseFields
}

ListPurposesResponse is the paginated response struct for listing purposes

type ListTransformersResponse added in v0.6.4

type ListTransformersResponse struct {
	Data []policy.Transformer `json:"data"`
	pagination.ResponseFields
}

ListTransformersResponse is the paginated response from listing transformers

type Option added in v0.6.0

type Option interface {
	// contains filtered or unexported methods
}

Option makes idp.Client extensible

func IfNotExists added in v0.6.0

func IfNotExists() Option

IfNotExists returns an Option that will cause the client not to return an error if an identical object to the one being created already exists

func IncludeAuthN added in v0.6.0

func IncludeAuthN() Option

IncludeAuthN returns a ManagementOption that will have the called method include AuthN fields

func JSONClient added in v0.6.0

func JSONClient(opt ...jsonclient.Option) Option

JSONClient is a wrapper around jsonclient.Option

func OrganizationID added in v0.6.0

func OrganizationID(organizationID uuid.UUID) Option

OrganizationID returns an Option that will cause the client to use the specified organization ID for the request

func Pagination added in v0.6.0

func Pagination(opt ...pagination.Option) Option

Pagination is a wrapper around pagination.Option

type RetentionDuration added in v0.6.6

type RetentionDuration struct {
	Unit     DurationUnit `json:"unit"`
	Duration int          `json:"duration"`
}

RetentionDuration represents a duration with a specific duration unit

func (RetentionDuration) AddToTime added in v0.6.6

func (d RetentionDuration) AddToTime(t time.Time) time.Time

AddToTime will add the retention duration to a passed in time

func (RetentionDuration) LessThan added in v0.6.6

func (d RetentionDuration) LessThan(other RetentionDuration) bool

LessThan returns true if the duration is strictly smaller than other

type TokenizerClient added in v0.6.4

type TokenizerClient struct {
	// contains filtered or unexported fields
}

TokenizerClient defines a tokenizer client

func NewTokenizerClient added in v0.6.4

func NewTokenizerClient(url string, opts ...Option) *TokenizerClient

NewTokenizerClient creates a new tokenizer client

func (*TokenizerClient) CreateAccessPolicy added in v0.6.4

func (c *TokenizerClient) CreateAccessPolicy(ctx context.Context, ap policy.AccessPolicy, opts ...Option) (*policy.AccessPolicy, error)

CreateAccessPolicy creates an access policy

func (*TokenizerClient) CreateAccessPolicyTemplate added in v0.6.4

func (c *TokenizerClient) CreateAccessPolicyTemplate(ctx context.Context, apt policy.AccessPolicyTemplate, opts ...Option) (*policy.AccessPolicyTemplate, error)

CreateAccessPolicyTemplate creates an access policy

func (*TokenizerClient) CreateToken added in v0.6.4

func (c *TokenizerClient) CreateToken(ctx context.Context, data string, transformerRID, accessPolicyRID userstore.ResourceID) (string, error)

CreateToken creates a token

func (*TokenizerClient) CreateTransformer added in v0.6.4

func (c *TokenizerClient) CreateTransformer(ctx context.Context, tp policy.Transformer, opts ...Option) (*policy.Transformer, error)

CreateTransformer creates a transformer

func (*TokenizerClient) DeleteAccessPolicy added in v0.6.4

func (c *TokenizerClient) DeleteAccessPolicy(ctx context.Context, id uuid.UUID, version int) error

DeleteAccessPolicy deletes an access policy

func (*TokenizerClient) DeleteAccessPolicyTemplate added in v0.6.4

func (c *TokenizerClient) DeleteAccessPolicyTemplate(ctx context.Context, id uuid.UUID, version int) error

DeleteAccessPolicyTemplate deletes an access policy

func (*TokenizerClient) DeleteToken added in v0.6.4

func (c *TokenizerClient) DeleteToken(ctx context.Context, token string) error

DeleteToken deletes a token

func (*TokenizerClient) DeleteTransformer added in v0.6.4

func (c *TokenizerClient) DeleteTransformer(ctx context.Context, id uuid.UUID) error

DeleteTransformer deletes a transformer

func (*TokenizerClient) GetAccessPolicy added in v0.6.4

func (c *TokenizerClient) GetAccessPolicy(ctx context.Context, accessPolicyRID userstore.ResourceID) (*policy.AccessPolicy, error)

GetAccessPolicy gets a single access policy by ID

func (*TokenizerClient) GetAccessPolicyByVersion added in v0.6.4

func (c *TokenizerClient) GetAccessPolicyByVersion(ctx context.Context, accessPolicyRID userstore.ResourceID, version int) (*policy.AccessPolicy, error)

GetAccessPolicyByVersion gets a single access policy by ID and version

func (*TokenizerClient) GetAccessPolicyTemplate added in v0.6.4

func (c *TokenizerClient) GetAccessPolicyTemplate(ctx context.Context, accessPolicyTemplateRID userstore.ResourceID) (*policy.AccessPolicyTemplate, error)

GetAccessPolicyTemplate gets a single access policy by ID

func (*TokenizerClient) GetAccessPolicyTemplateByVersion added in v0.6.4

func (c *TokenizerClient) GetAccessPolicyTemplateByVersion(ctx context.Context, accessPolicyTemplateRID userstore.ResourceID, version int) (*policy.AccessPolicyTemplate, error)

GetAccessPolicyTemplateByVersion gets a single access policy by ID and version

func (*TokenizerClient) GetTransformer added in v0.6.4

func (c *TokenizerClient) GetTransformer(ctx context.Context, transformerRID userstore.ResourceID) (*policy.Transformer, error)

GetTransformer gets a single transformer by ID

func (*TokenizerClient) InspectToken added in v0.6.4

func (c *TokenizerClient) InspectToken(ctx context.Context, token string) (*tokenizer.InspectTokenResponse, error)

InspectToken helps with debugging

func (*TokenizerClient) ListAccessPolicies added in v0.6.4

func (c *TokenizerClient) ListAccessPolicies(ctx context.Context, versioned bool, opts ...Option) (*ListAccessPoliciesResponse, error)

ListAccessPolicies lists access policies

func (*TokenizerClient) ListAccessPolicyTemplates added in v0.6.4

func (c *TokenizerClient) ListAccessPolicyTemplates(ctx context.Context, versioned bool, opts ...Option) (*ListAccessPolicyTemplatesResponse, error)

ListAccessPolicyTemplates lists access policies

func (*TokenizerClient) ListTransformers added in v0.6.4

func (c *TokenizerClient) ListTransformers(ctx context.Context, opts ...Option) (*ListTransformersResponse, error)

ListTransformers lists transformers

func (*TokenizerClient) LookupOrCreateTokens added in v0.7.1

func (c *TokenizerClient) LookupOrCreateTokens(ctx context.Context, data []string, transformerRIDs, accessPolicyRIDs []userstore.ResourceID) ([]string, error)

LookupOrCreateTokens checks to see if a token exists already for given data, and if not, creates them, returning one token for each input tuple (data, transformer, access policy)

func (*TokenizerClient) LookupTokens added in v0.6.4

func (c *TokenizerClient) LookupTokens(ctx context.Context, data string, transformerRID, accessPolicyRID userstore.ResourceID) ([]string, error)

LookupTokens checks to see if one or more tokens exists already for given data

func (*TokenizerClient) ResolveToken added in v0.6.4

func (c *TokenizerClient) ResolveToken(ctx context.Context, token string, resolutionContext policy.ClientContext, purposes []userstore.ResourceID) (string, error)

ResolveToken resolves a token

func (*TokenizerClient) ResolveTokens added in v0.6.4

func (c *TokenizerClient) ResolveTokens(ctx context.Context, tokens []string, resolutionContext policy.ClientContext, purposes []userstore.ResourceID) ([]string, error)

ResolveTokens resolves tokens

func (*TokenizerClient) TestAccessPolicy added in v0.6.4

func (c *TokenizerClient) TestAccessPolicy(ctx context.Context, accessPolicy policy.AccessPolicy, context policy.AccessPolicyContext) (bool, error)

TestAccessPolicy tests an access policy without saving it

func (*TokenizerClient) TestTransformer added in v0.6.4

func (c *TokenizerClient) TestTransformer(ctx context.Context, data string, transformer policy.Transformer) (string, error)

TestTransformer tests an access policy without saving it

func (*TokenizerClient) UpdateAccessPolicy added in v0.6.4

func (c *TokenizerClient) UpdateAccessPolicy(ctx context.Context, ap policy.AccessPolicy) (*policy.AccessPolicy, error)

UpdateAccessPolicy updates an access policy

func (*TokenizerClient) UpdateAccessPolicyTemplate added in v0.6.4

func (c *TokenizerClient) UpdateAccessPolicyTemplate(ctx context.Context, apt policy.AccessPolicyTemplate) (*policy.AccessPolicyTemplate, error)

UpdateAccessPolicyTemplate updates an access policy

type UpdateAccessorRequest added in v0.3.0

type UpdateAccessorRequest struct {
	Accessor userstore.Accessor `json:"accessor"`
}

UpdateAccessorRequest is the request body for updating an accessor

type UpdateColumnRequest added in v0.3.0

type UpdateColumnRequest struct {
	Column userstore.Column `json:"column"`
}

UpdateColumnRequest is the request body for updating a column

type UpdateColumnRetentionDurationRequest added in v0.7.2

type UpdateColumnRetentionDurationRequest struct {
	RetentionDuration ColumnRetentionDuration `json:"retention_duration"`
}

UpdateColumnRetentionDurationRequest is is used to update a single retention duration for a column. The retention duration must have UseDefault set to false. ID must be nil for a creation request, and non-nil for an update request.

type UpdateColumnRetentionDurationsRequest added in v0.6.6

type UpdateColumnRetentionDurationsRequest struct {
	RetentionDurations []ColumnRetentionDuration `json:"retention_durations"`
}

UpdateColumnRetentionDurationsRequest is used to update a collection of retention durations for a column. If ID for a retention duration is non-nil, that retention duration will be updated if UseDefault is set to false, or deleted if UseDefault is set to true. If ID is nil, the associated retention duration will be inserted.

type UpdateMutatorRequest added in v0.4.0

type UpdateMutatorRequest struct {
	Mutator userstore.Mutator `json:"mutator"`
}

UpdateMutatorRequest is the request body for updating a mutator

type UpdatePurposeRequest added in v0.6.4

type UpdatePurposeRequest struct {
	Purpose userstore.Purpose `json:"purpose"`
}

UpdatePurposeRequest is the request body for updating a purpose

type UpdateUserRequest

type UpdateUserRequest struct {
	// Only fields set in the underlying map will be updated
	Profile userstore.Record `json:"profile"`
}

UpdateUserRequest optionally updates some or all mutable fields of a user struct. Pointers are used to distinguish between unset vs. set to default value (false, "", etc). TODO: should we allow changing Email? That's a more complex one as there are more implications to changing email that may affect AuthNs and security (e.g. account hijacking, unverified emails, etc).

type UserAndAuthnResponse added in v0.3.0

type UserAndAuthnResponse struct {
	ID        uuid.UUID `json:"id"`
	UpdatedAt int64     `json:"updated_at"` // seconds since the Unix Epoch (UTC)

	Profile userstore.Record `json:"profile"`

	OrganizationID uuid.UUID `json:"organization_id"`

	Authns []UserAuthn `json:"authns"`

	MFAChannels []UserMFAChannel `json:"mfa_channels"`
}

UserAndAuthnResponse is the response body for methods which return user data.

type UserAuthn

type UserAuthn struct {
	AuthnType AuthnType `json:"authn_type"`

	// Fields specified if AuthnType == 'password'
	Username string `json:"username,omitempty"`
	Password string `json:"password,omitempty"`

	// Fields specified if AuthnType == 'social'
	OIDCProvider  oidc.ProviderType `json:"oidc_provider,omitempty"`
	OIDCIssuerURL string            `json:"oidc_issuer_url,omitempty"`
	OIDCSubject   string            `json:"oidc_subject,omitempty"`
}

UserAuthn represents an authentication factor for a user. NOTE: some fields are not used in some circumstances, e.g. Password is only used when creating an account but never used when getting an account. TODO: use this for UpdateUser too.

type UserMFAChannel added in v0.6.4

type UserMFAChannel struct {
	ChannelType        oidc.MFAChannelType `json:"mfa_channel_type"`
	ChannelDescription string              `json:"mfa_channel_description"`
	Primary            bool                `json:"primary"`
	Verified           bool                `json:"verified"`
	LastVerified       time.Time           `json:"last_verified"`
}

UserMFAChannel represents a configured MFA channel for a user. A verified channel may be used for an MFA challenge, and the primary channel, which must be verified, is used by default for an MFA challenge.

type UserProfile

type UserProfile struct {
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name,omitempty"`     // Full name in displayable form (incl titles, suffixes, etc) localized to end-user.
	Nickname      string `json:"nickname,omitempty"` // Casual name of the user, may or may not be same as Given Name.
	Picture       string `json:"picture,omitempty"`  // URL of the user's profile picture.

}

UserProfile is a collection of per-user properties stored in the DB as JSON since they are likely to be sparse and change more frequently. Follow conventions of https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for all standard fields.

func (*UserProfile) Validate

func (o *UserProfile) Validate() error

Validate implements Validateable

type ValueAndPurposes added in v0.6.4

type ValueAndPurposes struct {
	Value            any                    `json:"value"`
	PurposeAdditions []userstore.ResourceID `json:"purpose_additions"`
	PurposeDeletions []userstore.ResourceID `json:"purpose_deletions"`
}

ValueAndPurposes is a tuple for specifying the value and the purpose to store for a user column

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL