api

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2017 License: Apache-2.0 Imports: 11 Imported by: 9

Documentation

Index

Constants

View Source 
const (
	// Generic API error codes
	UNKNOWN_API_ERROR            = "UnknownApiError"
	INVALID_PARAMETER_ERROR      = "InvalidParameterError"
	UNAUTHORIZED_RESOURCES_ERROR = "UnauthorizedResourcesError"

	// Authentication API error code
	AUTHENTICATION_API_ERROR = "AuthenticationApiError"

	// User API error codes
	USER_BY_EXTERNAL_ID_NOT_FOUND = "UserWithExternalIDNotFound"
	USER_ALREADY_EXIST            = "UserAlreadyExist"

	// Group API error codes
	GROUP_BY_ORG_AND_NAME_NOT_FOUND = "GroupWithOrgAndNameNotFound"
	GROUP_ALREADY_EXIST             = "GroupAlreadyExist"

	// GroupMembers error codes
	USER_IS_ALREADY_A_MEMBER_OF_GROUP = "UserIsAlreadyAMemberOfGroup"
	USER_IS_NOT_A_MEMBER_OF_GROUP     = "UserIsNotAMemberOfGroup"

	// GroupPolicies error codes
	POLICY_IS_ALREADY_ATTACHED_TO_GROUP = "PolicyIsAlreadyAttachedToGroup"
	POLICY_IS_NOT_ATTACHED_TO_GROUP     = "PolicyIsNotAttachedToGroup"

	// Policy API error codes
	POLICY_ALREADY_EXIST             = "PolicyAlreadyExist"
	POLICY_BY_ORG_AND_NAME_NOT_FOUND = "PolicyWithOrgAndNameNotFound"

	// Proxy resources API error codes
	PROXY_RESOURCE_ALREADY_EXIST             = "ProxyResourceAlreadyExist"
	PROXY_RESOURCE_BY_ORG_AND_NAME_NOT_FOUND = "ProxyResourceWithOrgAndNameNotFound"
	PROXY_RESOURCES_ROUTES_CONFLICT          = "ProxyResourcesRoutesConflict"

	// Auth OIDC Provider API error codes
	AUTH_OIDC_PROVIDER_ALREADY_EXIST     = "AuthOidcProviderAlreadyExist"
	AUTH_OIDC_PROVIDER_BY_NAME_NOT_FOUND = "AuthOidcProviderWithNameNotFound"

	// Regex error
	REGEX_NO_MATCH = "RegexNoMatch"
)
View Source 
const (
	// Resource types
	RESOURCE_GROUP              = "group"
	RESOURCE_USER               = "user"
	RESOURCE_POLICY             = "policy"
	RESOURCE_PROXY              = "proxy"
	RESOURCE_AUTH_OIDC_PROVIDER = "oidc"

	// Resource validation
	RESOURCE_EXTERNAL = "external"
	RESOURCE_IAM      = "iam"

	// Constraints
	MAX_EXTERNAL_ID_LENGTH = 128
	MAX_NAME_LENGTH        = 128
	MAX_ACTION_LENGTH      = 128
	MAX_PATH_LENGTH        = 512
	MAX_RESOURCE_NUMBER    = 50
	MAX_LIMIT_SIZE         = 1000
	DEFAULT_LIMIT_SIZE     = 20

	// User actions
	USER_ACTION_CREATE_USER          = "iam:CreateUser"
	USER_ACTION_DELETE_USER          = "iam:DeleteUser"
	USER_ACTION_GET_USER             = "iam:GetUser"
	USER_ACTION_LIST_USERS           = "iam:ListUsers"
	USER_ACTION_UPDATE_USER          = "iam:UpdateUser"
	USER_ACTION_LIST_GROUPS_FOR_USER = "iam:ListGroupsForUser"

	// Group actions
	GROUP_ACTION_CREATE_GROUP                 = "iam:CreateGroup"
	GROUP_ACTION_DELETE_GROUP                 = "iam:DeleteGroup"
	GROUP_ACTION_GET_GROUP                    = "iam:GetGroup"
	GROUP_ACTION_LIST_GROUPS                  = "iam:ListGroups"
	GROUP_ACTION_UPDATE_GROUP                 = "iam:UpdateGroup"
	GROUP_ACTION_LIST_MEMBERS                 = "iam:ListMembers"
	GROUP_ACTION_ADD_MEMBER                   = "iam:AddMember"
	GROUP_ACTION_REMOVE_MEMBER                = "iam:RemoveMember"
	GROUP_ACTION_ATTACH_GROUP_POLICY          = "iam:AttachGroupPolicy"
	GROUP_ACTION_DETACH_GROUP_POLICY          = "iam:DetachGroupPolicy"
	GROUP_ACTION_LIST_ATTACHED_GROUP_POLICIES = "iam:ListAttachedGroupPolicies"

	// Policy actions
	POLICY_ACTION_CREATE_POLICY        = "iam:CreatePolicy"
	POLICY_ACTION_DELETE_POLICY        = "iam:DeletePolicy"
	POLICY_ACTION_UPDATE_POLICY        = "iam:UpdatePolicy"
	POLICY_ACTION_GET_POLICY           = "iam:GetPolicy"
	POLICY_ACTION_LIST_ATTACHED_GROUPS = "iam:ListAttachedGroups"
	POLICY_ACTION_LIST_POLICIES        = "iam:ListPolicies"

	// Proxy resource actions
	PROXY_ACTION_CREATE_RESOURCE    = "iam:CreateProxyResource"
	PROXY_ACTION_DELETE_RESOURCE    = "iam:DeleteProxyResource"
	PROXY_ACTION_UPDATE_RESOURCE    = "iam:UpdateProxyResource"
	PROXY_ACTION_LIST_RESOURCES     = "iam:ListProxyResources"
	PROXY_ACTION_GET_PROXY_RESOURCE = "iam:GetProxyResource"

	// Auth OIDC provider actions
	AUTH_OIDC_ACTION_CREATE_PROVIDER = "auth:CreateOidcProvider"
	AUTH_OIDC_ACTION_DELETE_PROVIDER = "auth:DeleteOidcProvider"
	AUTH_OIDC_ACTION_UPDATE_PROVIDER = "auth:UpdateOidcProvider"
	AUTH_OIDC_ACTION_LIST_PROVIDERS  = "auth:ListOidcProviders"
	AUTH_OIDC_ACTION_GET_PROVIDER    = "auth:GetOidcProvider"
)

Variables

View Source 
var Log *logrus.Logger

Log is API global logger for all domains

Functions

func AreValidActions 

func AreValidActions(actions []string) error

func AreValidOidcClientNames added in v0.4.0 

func AreValidOidcClientNames(oidcClients []string) error

func AreValidResources 

func AreValidResources(resources []string, resourceType string) error

func AreValidStatements 

func AreValidStatements(statements *[]Statement) error

func CreateUrn 

func CreateUrn(org string, resource string, path string, name string) string

func GetUrnPrefix 

func GetUrnPrefix(org string, resource string, path string) string

func IsValidEffect 

func IsValidEffect(effect string) error

func IsValidName 

func IsValidName(name string) bool

IsValidName validates group and policy names

func IsValidOrder added in v0.3.0 

func IsValidOrder(order string) bool

IsValidOrder validates the OrderBy query param

func IsValidOrg 

func IsValidOrg(org string) bool

func IsValidPath 

func IsValidPath(path string) bool

func IsValidProxyResource added in v0.3.0 

func IsValidProxyResource(resource *ResourceEntity) error

func IsValidUserExternalID 

func IsValidUserExternalID(externalID string) bool

func LogOperation 

func LogOperation(requestID string, userID string, message string)

LogOperation logs an action with request identifier and user

func LogOperationError added in v0.3.0 

func LogOperationError(requestID string, userID string, err *Error)

LogErrorMessage logs an error action with request identifier and user

func LogOperationWarn added in v0.3.0 

func LogOperationWarn(requestID string, userID string, message string)

LogOperation logs a warning action with request identifier and user

func TransactionProxyErrorLogWithStatus added in v0.3.0 

func TransactionProxyErrorLogWithStatus(requestID string, workerRequestID string, r *http.Request, status int, err *Error)

TransactionProxyErrorLog logs an error received with user, worker request identifier, proxy request identifier and status code

func TransactionProxyLog added in v0.3.0 

func TransactionProxyLog(requestID string, workerRequestID string, r *http.Request, msg string)

TransactionProxyLog logs a request transaction received with user, worker request identifier and request identifier

func TransactionRequestLog added in v0.3.0 

func TransactionRequestLog(requestID string, userID string, r *http.Request)

TransactionRequestLog logs a request transaction received with http request, user and request identifier

func TransactionResponseErrorLog added in v0.3.0 

func TransactionResponseErrorLog(requestID string, userID string, r *http.Request, status int, err *Error)

TransactionResponseErrorLog logs a response error transaction with http request, user, request identifier and status code

Types

type AuthOidcAPI added in v0.4.0 

type AuthOidcAPI interface {
	// Store a new OIDC provider in database. Throw error when parameters are invalid,
	// the OIDC provider already exists or unexpected error happen.
	AddOidcProvider(requestInfo RequestInfo, name string, path string, issuerURL string, oidcClients []string) (*OidcProvider, error)

	// Retrieve OIDC provider from database. Throw error when parameter is invalid,
	// the OIDC provider doesn't exist or unexpected error happen.
	GetOidcProviderByName(requestInfo RequestInfo, name string) (*OidcProvider, error)

	// Retrieve OIDC provider names from database filtered by pathPrefix (optional parameter). Throw error
	// if pathPrefix is invalid or unexpected error happen.
	ListOidcProviders(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

	// Update OIDC provider stored in database with new parameters. Throw error if the input parameters
	// are invalid, the OIDC provider doesn't exist or unexpected error happen.
	UpdateOidcProvider(requestInfo RequestInfo, oidcProviderName string, newName string, newPath string, newIssuerUrl string,
		newClients []string) (*OidcProvider, error)

	// Remove OIDC provider stored in database with its client relationships.
	// Throw error if name parameter is invalid, OIDC provider doesn't exist or unexpected error happen.
	RemoveOidcProvider(requestInfo RequestInfo, name string) error
}

AuthOidcAPI interface

type AuthOidcRepo added in v0.4.0 

type AuthOidcRepo interface {
	// Store a OIDC provider in database if there aren't errors.
	AddOidcProvider(oidcProvider OidcProvider) (*OidcProvider, error)

	// Retrieve the OIDC provider from database if it exists. Otherwise it throws an error.
	GetOidcProviderByName(name string) (*OidcProvider, error)

	// Retrieve OIDC providers from database filtered by pathPrefix optional parameter. Throw error
	// if there are problems with database.
	GetOidcProvidersFiltered(filter *Filter) ([]OidcProvider, int, error)

	// Update the OIDC provider stored in database with new fields.
	// Throw error if there are problems with database.
	UpdateOidcProvider(oidcProvider OidcProvider) (*OidcProvider, error)

	// Remove the OIDC provider stored in database with its OIDC Clients.
	// Throw error if there are problems during transactions.
	RemoveOidcProvider(id string) error

	// OrderByValidColumns returns valid columns that you can use in OrderBy
	OrderByValidColumns(action string) []string
}

AuthOidcRepo contains all database operations

type AuthzAPI 

type AuthzAPI interface {
	// Retrieve list of authorized user resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)

	// Retrieve list of authorized group resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)

	// Retrieve list of authorized policies resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)

	// Retrieve list of authorized proxy resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedProxyResources(requestInfo RequestInfo, resourceUrn string, action string, proxyResources []ProxyResource) ([]ProxyResource, error)

	// Retrieve list of authorized external resources filtered according to the input parameters. Throw error
	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
	GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
}

AuthzAPI interface

type EffectRestriction 

type EffectRestriction struct {
	Effect       string        `json:"effect,omitempty"`
	Restrictions *Restrictions `json:"restrictions,omitempty"`
}

type Error 

type Error struct {
	Code    string `json:"code,omitempty"`
	Message string `json:"message,omitempty"`
}

func (Error) Error 

func (e Error) Error() string

type ExternalResource 

type ExternalResource struct {
	Urn string `json:"urn,omitempty"`
}

func (ExternalResource) GetUrn 

func (e ExternalResource) GetUrn() string

type Filter 

type Filter struct {
	PathPrefix        string
	Org               string
	ExternalID        string
	PolicyName        string
	GroupName         string
	ProxyResourceName string
	AuthProviderName  string
	// Pagination
	Offset int
	Limit  int
	// Sorting
	OrderBy string
}

Filter properties for database search

type Group 

type Group struct {
	ID       string    `json:"id,omitempty"`
	Name     string    `json:"name,omitempty"`
	Path     string    `json:"path,omitempty"`
	Org      string    `json:"org,omitempty"`
	Urn      string    `json:"urn,omitempty"`
	CreateAt time.Time `json:"createAt,omitempty"`
	UpdateAt time.Time `json:"updateAt,omitempty"`
}

Group domain

func (Group) GetUrn 

func (g Group) GetUrn() string

func (Group) String 

func (g Group) String() string

type GroupAPI 

type GroupAPI interface {
	// Store group in database. Throw error when the input parameters are invalid,
	// the group already exist or unexpected error happen.
	AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error)

	// Retrieve group from database. Throw error when the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error)

	// Retrieve group identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional.
	// Throw error if the input parameters are invalid or unexpected error happen.
	ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error)

	// Update group stored in database with new name and pathPrefix.
	// Throw error if the input parameters are invalid, group to update doesn't exist,
	// target group already exist or unexpected error happen.
	UpdateGroup(requestInfo RequestInfo, org string, groupName string, newName string, newPath string) (*Group, error)

	// Remove group stored in database with its user and policy relationships.
	// Throw error if the input parameters are invalid, the group doesn't exist or unexpected error happen.
	RemoveGroup(requestInfo RequestInfo, org string, name string) error

	// Add new member to group. Throw error if the input parameters are invalid, user doesn't exist,
	// group doesn't exist, user is already a member of the group or unexpected error happen.
	AddMember(requestInfo RequestInfo, externalId string, groupName string, org string) error

	// Remove member from group. Throw error if the input parameters are invalid, user doesn't exist,
	// group doesn't exist, user isn't a member of the group or unexpected error happen.
	RemoveMember(requestInfo RequestInfo, externalId string, groupName string, org string) error

	// List user identifiers that belong to the group. Throw error if the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error)

	// Attach policy to group. Throw error if the input parameters are invalid, policy doesn't exist,
	// group doesn't exist, policy is already attached to the group or unexpected error happen.
	AttachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error

	// Detach policy from group. Throw error if the input parameters are invalid, policy doesn't exist,
	// group doesn't exist, policy isn't attached to the group or unexpected error happen.
	DetachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error

	// Retrieve policies that are attached to the group. Throw error if the input parameters are invalid,
	// group doesn't exist or unexpected error happen.
	ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)
}

GroupAPI interface

type GroupIdentity 

type GroupIdentity struct {
	Org  string `json:"org,omitempty"`
	Name string `json:"name,omitempty"`
}

Group identifier to retrieve them from DB

type GroupMembers 

type GroupMembers struct {
	User     string    `json:"user,omitempty"`
	CreateAt time.Time `json:"joined,omitempty"`
}

type GroupPolicies added in v0.2.0 

type GroupPolicies struct {
	Policy   string    `json:"policy,omitempty"`
	CreateAt time.Time `json:"attached,omitempty"`
}

type GroupRepo 

type GroupRepo interface {
	// Store group in database if there aren't errors.
	AddGroup(group Group) (*Group, error)

	// Retrieve group from database if it exists. Otherwise it throws an error.
	GetGroupByName(org string, name string) (*Group, error)

	// Retrieve groups from database filtered by org and pathPrefix optional parameters. Throw error
	// if there are problems with database.
	GetGroupsFiltered(filter *Filter) ([]Group, int, error)

	// Update group stored in database with new fields.
	// Throw error if there are problems with database.
	UpdateGroup(group Group) (*Group, error)

	// Remove group stored in database with its user and policy relationships.
	// Throw error if there are problems during transactions.
	RemoveGroup(groupID string) error

	// Add new member to group. It doesn't check restrictions about existence of group or user. It throws
	// errors if there are problems with database.
	AddMember(userID string, groupID string) error

	// Remove member from group. It doesn't check restrictions about existence of group or user. It throws
	// errors if there are problems with database.
	RemoveMember(userID string, groupID string) error

	// Check if user is member of group. It returns true if at least one relation exists. It throws
	// errors if there are problems with database.
	IsMemberOfGroup(userID string, groupID string) (bool, error)

	// Retrieve users that belong to the group. Throw error if there are problems with database.
	GetGroupMembers(groupID string, filter *Filter) ([]UserGroupRelation, int, error)

	// Attach policy to group. It doesn't check restrictions about existence of group or policy. It throws
	// errors if there are problems with database.
	AttachPolicy(groupID string, policyID string) error

	// Detach policy from group. It doesn't check restrictions about existence of group or policy. It throws
	// errors if there are problems with database.
	DetachPolicy(groupID string, policyID string) error

	// Check if policy is attached to group. It returns true if at least one relation exists. It throws
	// errors if there are problems with database.
	IsAttachedToGroup(groupID string, policyID string) (bool, error)

	// Retrieve policies that are attached to the group. Throw error if there are problems with database.
	GetAttachedPolicies(groupID string, filter *Filter) ([]PolicyGroupRelation, int, error)

	// OrderByValidColumns returns valid columns that you can use in OrderBy
	OrderByValidColumns(action string) []string
}

GroupRepo contains all database operations

type InternalProxyAPI added in v0.3.0 

type InternalProxyAPI interface {
	// Retrieve list of proxy resources.
	GetProxyResources() ([]ProxyResource, error)
}

InternalProxyAPI interface to manage proxy resources

type OidcClient added in v0.4.0 

type OidcClient struct {
	Name string `json:"name,omitempty"`
}

func (OidcClient) String added in v0.4.0 

func (op OidcClient) String() string

type OidcProvider added in v0.4.0 

type OidcProvider struct {
	ID          string       `json:"id,omitempty"`
	Name        string       `json:"name,omitempty"`
	Path        string       `json:"path,omitempty"`
	Urn         string       `json:"urn,omitempty"`
	CreateAt    time.Time    `json:"createAt,omitempty"`
	UpdateAt    time.Time    `json:"updateAt,omitempty"`
	IssuerURL   string       `json:"issuerUrl,omitempty"`
	OidcClients []OidcClient `json:"clients,omitempty"`
}

Authenticator OIDC domain

func (OidcProvider) GetUrn added in v0.4.0 

func (op OidcProvider) GetUrn() string

func (OidcProvider) String added in v0.4.0 

func (op OidcProvider) String() string

type Policy 

type Policy struct {
	ID         string       `json:"id,omitempty"`
	Name       string       `json:"name,omitempty"`
	Path       string       `json:"path,omitempty"`
	Org        string       `json:"org,omitempty"`
	Urn        string       `json:"urn,omitempty"`
	CreateAt   time.Time    `json:"createAt,omitempty"`
	UpdateAt   time.Time    `json:"updateAt,omitempty"`
	Statements *[]Statement `json:"statements,omitempty"`
}

Policy domain

func (Policy) GetUrn 

func (p Policy) GetUrn() string

func (Policy) String 

func (p Policy) String() string

type PolicyAPI 

type PolicyAPI interface {
	// Store policy in database. Throw error when the input parameters are invalid,
	// the policy already exist or unexpected error happen.
	AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error)

	// Retrieve policy from database. Throw error when the input parameters are invalid,
	// policy doesn't exist or unexpected error happen.
	GetPolicyByName(requestInfo RequestInfo, org string, name string) (*Policy, error)

	// Retrieve policy identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional.
	// Throw error if the input parameters are invalid or unexpected error happen.
	ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error)

	// Update policy stored in database with new name, new pathPrefix and new statements.
	// It overrides older statements. Throw error if the input parameters are invalid,
	// policy to update doesn't exist, target policy already exist or unexpected error happen.
	UpdatePolicy(requestInfo RequestInfo, org string, name string, newName string, newPath string,
		newStatements []Statement) (*Policy, error)

	// Remove policy stored in database with its groups relationships.
	// Throw error if the input parameters are invalid, the policy doesn't exist or unexpected error happen.
	RemovePolicy(requestInfo RequestInfo, org string, name string) error

	// Retrieve groups that are attached to the policy. Throw error if the input parameters are invalid,
	// policy doesn't exist or unexpected error happen.
	ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)
}

PolicyAPI interface

type PolicyGroupRelation added in v0.2.0 

type PolicyGroupRelation interface {
	GetGroup() *Group
	GetPolicy() *Policy
	GetDate() time.Time
}

PolicyGroupRelation interface for Policy-Group relationships

type PolicyGroups added in v0.2.0 

type PolicyGroups struct {
	Group    string    `json:"group,omitempty"`
	CreateAt time.Time `json:"attached,omitempty"`
}

type PolicyIdentity 

type PolicyIdentity struct {
	Org  string `json:"org,omitempty"`
	Name string `json:"name,omitempty"`
}

Policy identifier to retrieve them from DB

type PolicyRepo 

type PolicyRepo interface {
	// Store policy in database if there aren't errors.
	AddPolicy(policy Policy) (*Policy, error)

	// Retrieve policy from database if it exists. Otherwise it throws an error.
	GetPolicyByName(org string, name string) (*Policy, error)

	// Retrieve policies from database filtered by org and pathPrefix optional parameters. Throw error
	// if there are problems with database.
	GetPoliciesFiltered(filter *Filter) ([]Policy, int, error)

	// Update policy stored in database with new fields. Also it overrides statements if it has.
	// Throw error if there are problems with database.
	UpdatePolicy(policy Policy) (*Policy, error)

	// Remove policy stored in database with its groups relationships.
	// Throw error if there are problems during transactions.
	RemovePolicy(id string) error

	// Retrieve groups that are attached to the policy. Throw error if there are problems with database.
	GetAttachedGroups(policyID string, filter *Filter) ([]PolicyGroupRelation, int, error)

	// OrderByValidColumns returns valid columns that you can use in OrderBy
	OrderByValidColumns(action string) []string
}

PolicyRepo contains all database operations

type ProxyAPI added in v0.3.0 

type ProxyAPI struct {
	ProxyRepo ProxyRepo
}

ProxyAPI that implements API interfaces using repositories

func (ProxyAPI) GetProxyResources added in v0.3.0 

func (api ProxyAPI) GetProxyResources() ([]ProxyResource, error)

GetProxyResources return proxy resources

type ProxyRepo added in v0.3.0 

type ProxyRepo interface {
	// Retrieve proxy resources from database. Otherwise it throws an error.
	GetProxyResources(filter *Filter) ([]ProxyResource, int, error)

	// Retrieve proxy resource from database if it exists. Otherwise it throws an error.
	GetProxyResourceByName(org string, name string) (*ProxyResource, error)

	// Store proxy resource in database if there aren't errors.
	AddProxyResource(proxyResource ProxyResource) (*ProxyResource, error)

	// Update proxy resource stored in database with new fields. Also it overrides statements if it has.
	// Throw error if there are problems with database.
	UpdateProxyResource(proxyResource ProxyResource) (*ProxyResource, error)

	// Remove proxy resource stored in database.
	// Throw error if there are problems during transaction.
	RemoveProxyResource(proxyResourceID string) error

	// OrderByValidColumns returns valid columns that you can use in OrderBy
	OrderByValidColumns(action string) []string
}

ProxyRepo contains all database operations

type ProxyResource added in v0.3.0 

type ProxyResource struct {
	ID       string         `json:"id,omitempty"`
	Name     string         `json:"name,omitempty"`
	Org      string         `json:"org,omitempty"`
	Path     string         `json:"path,omitempty"`
	Urn      string         `json:"urn,omitempty"`
	Resource ResourceEntity `json:"resource,omitempty"`
	CreateAt time.Time      `json:"createAt,omitempty"`
	UpdateAt time.Time      `json:"updateAt,omitempty"`
}

ProxyResource domain

func (ProxyResource) GetUrn added in v0.3.0 

func (p ProxyResource) GetUrn() string

type ProxyResourceIdentity added in v0.3.0 

type ProxyResourceIdentity struct {
	Org  string `json:"org,omitempty"`
	Name string `json:"name,omitempty"`
}

Proxy resource identifier to retrieve them from DB

type ProxyResourcesAPI added in v0.3.0 

type ProxyResourcesAPI interface {
	// Store proxy resource in database. Throw error when the input parameters are invalid,
	// the proxy resource already exist or unexpected error happen.
	AddProxyResource(requestInfo RequestInfo, name string, org string, path string, resource ResourceEntity) (*ProxyResource, error)

	// Retrieve proxy resource from database. Throw error when the input parameters are invalid,
	// Proxy resource doesn't exist or unexpected error happen.
	GetProxyResourceByName(requestInfo RequestInfo, org string, name string) (*ProxyResource, error)

	// Retrieve list of proxy resources.
	ListProxyResources(requestInfo RequestInfo, filter *Filter) ([]ProxyResourceIdentity, int, error)

	// Update proxy resource stored in database with new name, new path and new resource.
	// It overrides the older resource. Throw error if the input parameters are invalid,
	// proxy resource to update doesn't exist, target proxy resource already exist or unexpected error happen.
	UpdateProxyResource(requestInfo RequestInfo, org string, name string, newName string, newPath string,
		newResource ResourceEntity) (*ProxyResource, error)

	// Remove proxy resource stored in database.
	// Throw error if the input parameters are invalid, the proxy resource doesn't exist or unexpected error happen.
	RemoveProxyResource(requestInfo RequestInfo, org string, name string) error
}

WorkerProxyResourcesAPI interface to manage proxy resources

type RequestInfo 

type RequestInfo struct {
	Identifier string
	Admin      bool
	RequestID  string
}

type Resource 

type Resource interface {
	// This method must return resource URN
	GetUrn() string
}

Resource interface that all resource types have to implement

type ResourceEntity added in v0.3.0 

type ResourceEntity struct {
	Host   string `json:"host,omitempty"`
	Path   string `json:"path,omitempty"`
	Method string `json:"method,omitempty"`
	Urn    string `json:"urn,omitempty"`
	Action string `json:"action,omitempty"`
}

type Restrictions 

type Restrictions struct {
	AllowedUrnPrefixes []string `json:"allowedUrnPrefixes,omitempty"`
	AllowedFullUrns    []string `json:"allowedFullUrns,omitempty"`
	DeniedUrnPrefixes  []string `json:"deniedUrnPrefixes,omitempty"`
	DeniedFullUrns     []string `json:"deniedFullUrns,omitempty"`
}

type Statement 

type Statement struct {
	Effect    string   `json:"effect,omitempty"`
	Actions   []string `json:"actions,omitempty"`
	Resources []string `json:"resources,omitempty"`
}

func (Statement) String 

func (s Statement) String() string

type User 

type User struct {
	ID         string    `json:"id,omitempty"`
	ExternalID string    `json:"externalId,omitempty"`
	Path       string    `json:"path,omitempty"`
	Urn        string    `json:"urn,omitempty"`
	CreateAt   time.Time `json:"createAt,omitempty"`
	UpdateAt   time.Time `json:"updateAt,omitempty"`
}

User domain

func (User) GetUrn 

func (u User) GetUrn() string

func (User) String 

func (u User) String() string

type UserAPI 

type UserAPI interface {
	// Store user in database. Throw error when parameters are invalid,
	// user already exists or unexpected error happen.
	AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error)

	// Retrieve user from database. Throw error when parameter is invalid,
	// user doesn't exist or unexpected error happen.
	GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)

	// Retrieve user identifiers from database filtered by pathPrefix (optional parameter). Throw error
	// if pathPrefix is invalid or unexpected error happen.
	ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

	// Update user stored in database with new pathPrefix. Throw error if the input parameters
	// are invalid, user doesn't exist or unexpected error happen.
	UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error)

	// Remove user stored in database with its group relationships.
	// Throw error if externalId parameter is invalid, user doesn't exist or unexpected error happen.
	RemoveUser(requestInfo RequestInfo, externalId string) error

	// Retrieve groups that belongs to the user. Throw error if externalId parameter is invalid, user
	// doesn't exist or unexpected error happen.
	ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)
}

UserAPI interface

type UserGroupRelation added in v0.2.0 

type UserGroupRelation interface {
	GetUser() *User
	GetGroup() *Group
	GetDate() time.Time
}

UserGroupRelation interface for User-Group relationships

type UserGroups added in v0.2.0 

type UserGroups struct {
	Org      string    `json:"org,omitempty"`
	Name     string    `json:"name,omitempty"`
	CreateAt time.Time `json:"joined,omitempty"`
}

type UserRepo 

type UserRepo interface {
	// Store user in database if there aren't errors.
	AddUser(user User) (*User, error)

	// Retrieve user from database if it exists. Otherwise it throws an error.
	GetUserByExternalID(id string) (*User, error)

	// Retrieve user list from database filtered by pathPrefix optional parameter. Throw error
	// if there are problems with database.
	GetUsersFiltered(filter *Filter) ([]User, int, error)

	// Update user stored in database with new fields. Throw error if the database restrictions
	// are not satisfied or unexpected error happen.
	UpdateUser(user User) (*User, error)

	// Remove user stored in database with its group relationships.
	// Throw error if there are problems during transactions.
	RemoveUser(id string) error

	// Retrieve groups that belong to the user. Throw error
	// if there are problems with database.
	GetGroupsByUserID(id string, filter *Filter) ([]UserGroupRelation, int, error)

	// OrderByValidColumns returns valid columns that you can use in OrderBy
	OrderByValidColumns(action string) []string
}

UserRepo contains all database operations

type WorkerAPI added in v0.3.0 

type WorkerAPI struct {
	UserRepo     UserRepo
	GroupRepo    GroupRepo
	PolicyRepo   PolicyRepo
	ProxyRepo    ProxyRepo
	AuthOidcRepo AuthOidcRepo
}

WorkerAPI that implements API interfaces using repositories

func (WorkerAPI) AddGroup added in v0.3.0 

func (api WorkerAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error)

func (WorkerAPI) AddMember added in v0.3.0 

func (api WorkerAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error

func (WorkerAPI) AddOidcProvider added in v0.4.0 

func (api WorkerAPI) AddOidcProvider(requestInfo RequestInfo, name string, path string, issuerURL string, oidcClients []string) (*OidcProvider, error)

func (WorkerAPI) AddPolicy added in v0.3.0 

func (api WorkerAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error)

func (WorkerAPI) AddProxyResource added in v0.3.0 

func (api WorkerAPI) AddProxyResource(requestInfo RequestInfo, name string, org string, path string, resource ResourceEntity) (*ProxyResource, error)

func (WorkerAPI) AddUser added in v0.3.0 

func (api WorkerAPI) AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error)

func (WorkerAPI) AttachPolicyToGroup added in v0.3.0 

func (api WorkerAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error

func (WorkerAPI) DetachPolicyToGroup added in v0.3.0 

func (api WorkerAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error

func (WorkerAPI) GetAuthorizedExternalResources added in v0.3.0 

func (api WorkerAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)

GetAuthorizedExternalResources returns the resources where the specified user has the action granted

func (WorkerAPI) GetAuthorizedGroups added in v0.3.0 

func (api WorkerAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)

GetAuthorizedGroups returns authorized users for specified user combined with resource+action

func (WorkerAPI) GetAuthorizedOidcProviders added in v0.4.0 

func (api WorkerAPI) GetAuthorizedOidcProviders(requestInfo RequestInfo, resourceUrn string, action string, oidcProviders []OidcProvider) ([]OidcProvider, error)

GetAuthorizedOidcProviders returns authorized OIDC providers for specified user combined with resource+action

func (WorkerAPI) GetAuthorizedPolicies added in v0.3.0 

func (api WorkerAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)

GetAuthorizedPolicies returns authorized policies for specified user combined with resource+action

func (WorkerAPI) GetAuthorizedProxyResources added in v0.3.0 

func (api WorkerAPI) GetAuthorizedProxyResources(requestInfo RequestInfo, resourceUrn string, action string, proxyResources []ProxyResource) ([]ProxyResource, error)

GetAuthorizedProxyResources returns authorized proxy resources for specified user combined with resource+action

func (WorkerAPI) GetAuthorizedUsers added in v0.3.0 

func (api WorkerAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)

GetAuthorizedUsers returns authorized users for specified resource+action

func (WorkerAPI) GetGroupByName added in v0.3.0 

func (api WorkerAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error)

func (WorkerAPI) GetOidcProviderByName added in v0.4.0 

func (api WorkerAPI) GetOidcProviderByName(requestInfo RequestInfo, name string) (*OidcProvider, error)

func (WorkerAPI) GetPolicyByName added in v0.3.0 

func (api WorkerAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error)

func (WorkerAPI) GetProxyResourceByName added in v0.3.0 

func (api WorkerAPI) GetProxyResourceByName(requestInfo RequestInfo, org string, name string) (*ProxyResource, error)

func (WorkerAPI) GetUserByExternalID added in v0.3.0 

func (api WorkerAPI) GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)

func (WorkerAPI) ListAttachedGroupPolicies added in v0.3.0 

func (api WorkerAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)

func (WorkerAPI) ListAttachedGroups added in v0.3.0 

func (api WorkerAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)

func (WorkerAPI) ListGroups added in v0.3.0 

func (api WorkerAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error)

func (WorkerAPI) ListGroupsByUser added in v0.3.0 

func (api WorkerAPI) ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)

func (WorkerAPI) ListMembers added in v0.3.0 

func (api WorkerAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error)

func (WorkerAPI) ListOidcProviders added in v0.4.0 

func (api WorkerAPI) ListOidcProviders(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

func (WorkerAPI) ListPolicies added in v0.3.0 

func (api WorkerAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error)

func (WorkerAPI) ListProxyResources added in v0.3.0 

func (api WorkerAPI) ListProxyResources(requestInfo RequestInfo, filter *Filter) ([]ProxyResourceIdentity, int, error)

func (WorkerAPI) ListUsers added in v0.3.0 

func (api WorkerAPI) ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error)

func (WorkerAPI) RemoveGroup added in v0.3.0 

func (api WorkerAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error

func (WorkerAPI) RemoveMember added in v0.3.0 

func (api WorkerAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error

func (WorkerAPI) RemoveOidcProvider added in v0.4.0 

func (api WorkerAPI) RemoveOidcProvider(requestInfo RequestInfo, name string) error

func (WorkerAPI) RemovePolicy added in v0.3.0 

func (api WorkerAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error

func (WorkerAPI) RemoveProxyResource added in v0.3.0 

func (api WorkerAPI) RemoveProxyResource(requestInfo RequestInfo, org string, name string) error

func (WorkerAPI) RemoveUser added in v0.3.0 

func (api WorkerAPI) RemoveUser(requestInfo RequestInfo, externalId string) error

func (WorkerAPI) UpdateGroup added in v0.3.0 

func (api WorkerAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error)

func (WorkerAPI) UpdateOidcProvider added in v0.4.0 

func (api WorkerAPI) UpdateOidcProvider(requestInfo RequestInfo, oidcProviderName string, newName string, newPath string, newIssuerUrl string,
	newClients []string) (*OidcProvider, error)

func (WorkerAPI) UpdatePolicy added in v0.3.0 

func (api WorkerAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
	newStatements []Statement) (*Policy, error)

func (WorkerAPI) UpdateProxyResource added in v0.3.0 

func (api WorkerAPI) UpdateProxyResource(requestInfo RequestInfo, org string, name string, newName string, newPath string, newResource ResourceEntity) (*ProxyResource, error)

func (WorkerAPI) UpdateUser added in v0.3.0 

func (api WorkerAPI) UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.