scim

package

v0.9.15 Latest Latest Go to latest Published: Mar 3, 2021 License: Apache-2.0 Imports: 27 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/healthcare-federated-access-services

Links

Open Source Insights

Documentation ¶

Overview ¶

Package scim implements a SCIM-like interface for group and user management.

Index ¶

func GroupFactory(store storage.Store, groupPath string) *handlerfactory.Options
func GroupsFactory(store storage.Store, path string) *handlerfactory.Options
func MeFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
func NewAccount(ctx context.Context, encryption kms.Encryption, id *ga4gh.Identity, ...) (*pb.Account, *pb.AccountLookup, error)
func UpdateIdentityInAccount(ctx context.Context, id *ga4gh.Identity, provider string, acct *pb.Account, ...) (*pb.Account, error)
func UserFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
func UsersFactory(store storage.Store, domainURL, path string) *handlerfactory.Options
type GroupHandler
- func NewGroupHandler(store storage.Store) *GroupHandler
type GroupsHandler
- func NewGroupsHandler(store storage.Store) *GroupsHandler
type Scim
- func New(store storage.Store) *Scim

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GroupFactory ¶

func GroupFactory(store storage.Store, groupPath string) *handlerfactory.Options

GroupFactory creates handlers for group requests.

func GroupsFactory ¶

func GroupsFactory(store storage.Store, path string) *handlerfactory.Options

GroupsFactory creates handlers for group requests.

func MeFactory ¶

func MeFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

MeFactory creates SCIM /Me request handlers.

func NewAccount ¶ added in v0.9.6

func NewAccount(ctx context.Context, encryption kms.Encryption, id *ga4gh.Identity, provider, accountNamePrefix string, genAccountNameLen int) (*pb.Account, *pb.AccountLookup, error)

NewAccount for given identity.

func UpdateIdentityInAccount ¶ added in v0.9.6

func UpdateIdentityInAccount(ctx context.Context, id *ga4gh.Identity, provider string, acct *pb.Account, encryption kms.Encryption) (*pb.Account, error)

UpdateIdentityInAccount updates the identity in a existing account.

func UserFactory ¶

func UserFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

UserFactory creates SCIM /Users/<id> request handlers

func UsersFactory ¶

func UsersFactory(store storage.Store, domainURL, path string) *handlerfactory.Options

UsersFactory creates SCIM Users request handlers.

Types ¶

type GroupHandler ¶

type GroupHandler struct {
	// contains filtered or unexported fields
}

GroupHandler handles SCIM group requests.

func NewGroupHandler ¶

func NewGroupHandler(store storage.Store) *GroupHandler

NewGroupHandler handles one SCIM group request.

func (*GroupHandler) CheckIntegrity ¶

func (h *GroupHandler) CheckIntegrity(*http.Request) *status.Status

CheckIntegrity checks that any modifications make sense before applying them.

func (*GroupHandler) Get ¶

func (h *GroupHandler) Get(r *http.Request, name string) (proto.Message, error)

Get is a GET request.

func (*GroupHandler) LookupItem ¶

func (h *GroupHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool

LookupItem looks up the item in the storage layer.

func (*GroupHandler) NormalizeInput ¶

func (h *GroupHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error

NormalizeInput sets up basic structure of request input objects if absent.

func (*GroupHandler) Patch ¶

func (h *GroupHandler) Patch(r *http.Request, name string) (proto.Message, error)

Patch is a PATCH request.

func (*GroupHandler) Post ¶

func (h *GroupHandler) Post(r *http.Request, name string) (proto.Message, error)

Post is a POST request.

func (*GroupHandler) Put ¶

func (h *GroupHandler) Put(r *http.Request, name string) (proto.Message, error)

Put is a PUT request.

func (*GroupHandler) Remove ¶

func (h *GroupHandler) Remove(r *http.Request, name string) (proto.Message, error)

Remove is a DELETE request.

func (*GroupHandler) Save ¶

func (h *GroupHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, desc, typeName string) error

Save will save any modifications done for the request.

func (*GroupHandler) Setup ¶

func (h *GroupHandler) Setup(r *http.Request, tx storage.Tx) (int, error)

Setup sets up the handler.

type GroupsHandler ¶

type GroupsHandler struct {
	// contains filtered or unexported fields
}

GroupsHandler handles SCIM group requests.

func NewGroupsHandler ¶

func NewGroupsHandler(store storage.Store) *GroupsHandler

NewGroupsHandler handles the SCIM groups request.

func (*GroupsHandler) CheckIntegrity ¶

func (h *GroupsHandler) CheckIntegrity(*http.Request) *status.Status

CheckIntegrity checks that any modifications make sense before applying them.

func (*GroupsHandler) Get ¶

func (h *GroupsHandler) Get(r *http.Request, name string) (proto.Message, error)

Get is a GET request.

func (*GroupsHandler) LookupItem ¶

func (h *GroupsHandler) LookupItem(r *http.Request, name string, vars map[string]string) bool

LookupItem returns true if the named object is found.

func (*GroupsHandler) NormalizeInput ¶

func (h *GroupsHandler) NormalizeInput(r *http.Request, name string, vars map[string]string) error

NormalizeInput sets up basic structure of request input objects if absent.

func (*GroupsHandler) Patch ¶

func (h *GroupsHandler) Patch(r *http.Request, name string) (proto.Message, error)

Patch is a PATCH request.

func (*GroupsHandler) Post ¶

func (h *GroupsHandler) Post(r *http.Request, name string) (proto.Message, error)

Post is a POST request.

func (*GroupsHandler) Put ¶

func (h *GroupsHandler) Put(r *http.Request, name string) (proto.Message, error)

Put is a PUT request.

func (*GroupsHandler) Remove ¶

func (h *GroupsHandler) Remove(r *http.Request, name string) (proto.Message, error)

Remove is a DELETE request.

func (*GroupsHandler) Save ¶

func (h *GroupsHandler) Save(r *http.Request, tx storage.Tx, name string, vars map[string]string, desc, typeName string) error

Save will save any modifications done for the request.

func (*GroupsHandler) Setup ¶

func (h *GroupsHandler) Setup(r *http.Request, tx storage.Tx) (int, error)

Setup sets up the handler.

type Scim ¶

type Scim struct {
	// contains filtered or unexported fields
}

Scim is a System for Cross-domain Identity Management. It bridges the internal account representation with an externally facing API based on the SCIM v2 standard.

func New ¶

func New(store storage.Store) *Scim

New creates a new SCIM.

func (*Scim) LoadAccount ¶

func (s *Scim) LoadAccount(name, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)

LoadAccount loads one internal account from storage. It will filter disabled or deleted accounts unless `anyState` is set to true.

func (*Scim) LoadAccountLookup ¶

func (s *Scim) LoadAccountLookup(realm, acct string, tx storage.Tx) (*cpb.AccountLookup, error)

LoadAccountLookup loads an account reference structure (AccountLookup) that points an federated account identifier such as an email address with where the account is stored internally. Note that multiple external identifiers or emails can map to one internal account (i.e. account linking).

func (*Scim) LoadGroup ¶

func (s *Scim) LoadGroup(name, realm string, tx storage.Tx) (*spb.Group, error)

LoadGroup loads a user group.

func (*Scim) LoadGroupMember ¶

func (s *Scim) LoadGroupMember(groupName, memberName, realm string, tx storage.Tx) (*spb.Member, error)

LoadGroupMember loads a user membership record as part of a group.

func (*Scim) LoadGroupMembershipForUser ¶ added in v0.9.9

func (s *Scim) LoadGroupMembershipForUser(user *spb.User, realm string, resolveDisplayName bool, tx storage.Tx) error

LoadGroupMembershipForUser populates the Groups field with a set of group metadata to which the user belongs based on email addresses. resolveDisplayName will fill in the group's UI label by doing extra storage lookups when this information is for use by an end user.

func (*Scim) LookupAccount ¶

func (s *Scim) LookupAccount(fedAcct, realm string, anyState bool, tx storage.Tx) (*cpb.Account, int, error)

LookupAccount loads one internal account based on supplying a federated account identitifer such as an email address. It will filter disabled or deleted accounts unless `anyState` is set to true.

func (*Scim) RemoveAccountLookup ¶

func (s *Scim) RemoveAccountLookup(rev int64, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, tx storage.Tx) error

RemoveAccountLookup removes an account lookup reference structure from storage by marking it as DELETED. Providence is maintained by not fully deleting the data.

func (*Scim) SaveAccount ¶

func (s *Scim) SaveAccount(oldAcct, newAcct *cpb.Account, desc, subject, realm string, r *http.Request, tx storage.Tx) error

SaveAccount puts an internal account structure in storage.

func (*Scim) SaveAccountLookup ¶

func (s *Scim) SaveAccountLookup(lookup *cpb.AccountLookup, realm, fedAcct string, r *http.Request, id *ga4gh.Identity, tx storage.Tx) error

SaveAccountLookup puts an account lookup reference structure in storage.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL