v0.4.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 20, 2022 License: Apache-2.0 Imports: 12 Imported by: 6



A database for user and group information using Git as the back-end.

The gitdb package will periodically pull a specified remote Git repository to a local directory. Whenever there is a new commit the local copy is scanned for user and group information (i.e. group memberships). If the remote Git repository becomes unavailable the local copy is used.

The database is read from groups.json files in directories in the repository. All the groups files are merged together; the directory structure is not relevant to how the repository is processed. This allows for arbitrary directory structures to reflect the organisation. Each directory must have the following files:

  • groups.json: containing group definitions and their memberships
  • permitted-groups.json: containing a list of regular expressions for the permitted groups in the groups.json file

If a group is defined in the groups.json file but the group name does not match one of the regular expressions in the permitted-groups.json file in the same directory, that group definition is ignored. By using an access control mechanism like GitHub CODEOWNERS it becomes possible to delegate control over groups.json files (i.e. delegate control over team group memberships) while retaining central control over access group memberships and the permitted-groups.json files.

An example is shown in the example directory.

  • membership of Engineering groups has been delegated to alice and dave
  • membership Finance has been delegated to gwen
  • frank controls everything, including which groups are permitted to access AWS roles and the delegation rules.




This section is empty.


This section is empty.


This section is empty.


type Config

type Config struct {
	repowatch.Config `yaml:",inline"`

type Params added in v0.4.0

type Params struct {

type UserInfo

type UserInfo struct {
	// contains filtered or unexported fields

func New

func New(repositoryURL, branch, localRepositoryDir string,
	checkInterval time.Duration, logger log.DebugLogger) (
	*UserInfo, error)

New is a deprecated interface. Use New2 instead.

func New2 added in v0.4.0

func New2(config Config, params Params) (*UserInfo, error)

New opens a *UserInfo database using Git as the backing store. It will periodically pull from the remote repository specified by config.RepositoryURL and cache a local copy in the config.LocalRepositoryDirectory. If config.RepositoryURL is empty then only the local repository is used. The specified config.Branch is read to extract the database. The databse is checked every config.CheckInterval for updates. Any problems with fetching or updating the database are sent to the logger.

func NewWithConfig

func NewWithConfig(config Config, logger log.DebugLogger) (*UserInfo, error)

NewWithConfig is a deprecated interface. Use New2 instead.

func (*UserInfo) GetGroups added in v0.0.3

func (uinfo *UserInfo) GetGroups() ([]string, error)

func (*UserInfo) GetUserGroups

func (uinfo *UserInfo) GetUserGroups(username string) ([]string, error)

func (*UserInfo) GetUsersInGroup added in v0.0.3

func (uinfo *UserInfo) GetUsersInGroup(groupname string) ([]string, error)

func (*UserInfo) GetUsersInGroups

func (uinfo *UserInfo) GetUsersInGroups() ([]string, error)

func (*UserInfo) TestUserInGroup

func (uinfo *UserInfo) TestUserInGroup(username, groupname string) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL