Documentation
¶
Overview ¶
Package ssoauthacl provides mechanisms to match accounts to identity lists.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultLaunchpadOpenID ¶
DefaultLaunchpadOpenID is the default mapping from an ssoauth.Account to a launchpad OpenID.
Types ¶
type ACLMatchError ¶
An ACLMatchError is the error returned from an ACLMatcher if any of the IdentityMatchers returns an error.
func (*ACLMatchError) Error ¶
func (e *ACLMatchError) Error() string
Error implements the error interface.
type ACLMatcher ¶
type ACLMatcher map[string]IdentityMatcher
An ACLMatcher is an IdentityMatcher that matches against a list of identities by delegating to particular matchers for each identity.
func (ACLMatcher) MatchIdentity ¶
func (m ACLMatcher) MatchIdentity(ctx context.Context, acc *ssoauth.Account, ids []string) ([]string, error)
MatchIdentity implements IdentityMatcher.
Every identity is parsed as a URL, the host is used as the key in the ACLMatcher to find the particular IdentityMatcher to use for that identity. If the identity is not a valid URL, or there is no IdentityMatcher for the host then the account does not match that identity. If an IdentityMatcher returns an error it will be bundled with any errors from other identity matchers into an ACLMatchError structure, this is the only error type returned by this IdentityMatcher.
type AccountMatcher ¶
type AccountMatcher struct{}
An account matcher is an IdentityMatcher that only matches the identity identified in the account. The identity must be specified as a url of the form "https://{Provider}/+id/{OpenID}".
func (AccountMatcher) MatchIdentity ¶
func (AccountMatcher) MatchIdentity(_ context.Context, acc *ssoauth.Account, ids []string) ([]string, error)
MatchIdentity implements IdentityMatcher.
type Cache ¶
type Cache interface {
// Add stores the given value in the cache with the given key.
Add(key string, value []string)
// Get retrieves the item with the given key from the cache, if
// available.
Get(key string) ([]string, bool)
}
A Cache implementation can be used by a LaunchpadTeamMatcher to store launchpad team lists, rather then using the API every time.
type IdentityMatcher ¶
type IdentityMatcher interface {
// MatchIdentity checks each of the given identities agains the
// given account. All requested identities that are satisfied by
// the account are returned, if no identites match then the
// returned list will be zero-length. The list of matched
// identities may have the identities in a different order than
// the list provided. An error is only returned when the Identity
// matcher cannot determine if the account matches an identity.
MatchIdentity(ctx context.Context, acc *ssoauth.Account, ids []string) ([]string, error)
}
An IdentityMatcher matches an account to a list of identities.
type LaunchpadTeamMatcher ¶
type LaunchpadTeamMatcher struct {
// APIBase holds the base address of the launchpad API.
// If this is not set then lpad.Production will be used.
APIBase lpad.APIBase
// Auth holds an authentication to use when querying the
// launchpad API. If Auth is nil an anonymous authentication will
// be used.
Auth lpad.Auth
// LaunchpadOpenID holds the function used to determine the
// launchpad openid string from an account. If this is nil then
// DefaultLaunchpadOpenID is used.
LaunchpadOpenID func(*ssoauth.Account) string
// Cache is used to store lists of launchpad teams indexed by
// launchpad open ID. If Cache is nil then all requests will go
// directly to the launchpad API.
Cache Cache
// SingleflightGroup is used to prevent multiple concurrent
// requests being made for the same account. If this is nil then
// no such protection will be used.
SingleflightGroup *singleflight.Group
}
A LaunchpadTeamMatcher is an IdentityMatcher that matches against an account's launchpad teams.
func (LaunchpadTeamMatcher) MatchIdentity ¶
func (m LaunchpadTeamMatcher) MatchIdentity(ctx context.Context, acc *ssoauth.Account, ids []string) ([]string, error)
MatchIdentity implements IdentityMatcher.
Source Files