accessor

package
v6.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 17, 2020 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MemberRole   = "member"
	OwnerRole    = "owner"
	OperatorRole = "pipeline-operator"
	ViewerRole   = "viewer"
)

Variables

View Source 
var (
	ErrVerificationNoToken         = errors.New("token not provided")
	ErrVerificationInvalidToken    = errors.New("token provided is invalid")
	ErrVerificationTokenExpired    = errors.New("token is expired")
	ErrVerificationInvalidAudience = errors.New("token has invalid audience")
)
View Source 
var DefaultRoles = map[string]string{
	atc.SaveConfig:                    MemberRole,
	atc.GetConfig:                     ViewerRole,
	atc.GetCC:                         ViewerRole,
	atc.GetBuild:                      ViewerRole,
	atc.GetCheck:                      ViewerRole,
	atc.GetBuildPlan:                  ViewerRole,
	atc.CreateBuild:                   MemberRole,
	atc.ListBuilds:                    ViewerRole,
	atc.BuildEvents:                   ViewerRole,
	atc.BuildResources:                ViewerRole,
	atc.AbortBuild:                    OperatorRole,
	atc.GetBuildPreparation:           ViewerRole,
	atc.GetJob:                        ViewerRole,
	atc.CreateJobBuild:                OperatorRole,
	atc.RerunJobBuild:                 OperatorRole,
	atc.ListAllJobs:                   ViewerRole,
	atc.ListJobs:                      ViewerRole,
	atc.ListJobBuilds:                 ViewerRole,
	atc.ListJobInputs:                 ViewerRole,
	atc.GetJobBuild:                   ViewerRole,
	atc.PauseJob:                      OperatorRole,
	atc.UnpauseJob:                    OperatorRole,
	atc.ScheduleJob:                   OperatorRole,
	atc.GetVersionsDB:                 ViewerRole,
	atc.JobBadge:                      ViewerRole,
	atc.MainJobBadge:                  ViewerRole,
	atc.ClearTaskCache:                OperatorRole,
	atc.ListAllResources:              ViewerRole,
	atc.ListResources:                 ViewerRole,
	atc.ListResourceTypes:             ViewerRole,
	atc.GetResource:                   ViewerRole,
	atc.UnpinResource:                 OperatorRole,
	atc.SetPinCommentOnResource:       OperatorRole,
	atc.CheckResource:                 OperatorRole,
	atc.CheckResourceWebHook:          OperatorRole,
	atc.CheckResourceType:             OperatorRole,
	atc.ListResourceVersions:          ViewerRole,
	atc.GetResourceVersion:            ViewerRole,
	atc.EnableResourceVersion:         OperatorRole,
	atc.DisableResourceVersion:        OperatorRole,
	atc.PinResourceVersion:            OperatorRole,
	atc.ListBuildsWithVersionAsInput:  ViewerRole,
	atc.ListBuildsWithVersionAsOutput: ViewerRole,
	atc.GetResourceCausality:          ViewerRole,
	atc.ListAllPipelines:              ViewerRole,
	atc.ListPipelines:                 ViewerRole,
	atc.GetPipeline:                   ViewerRole,
	atc.DeletePipeline:                MemberRole,
	atc.OrderPipelines:                MemberRole,
	atc.PausePipeline:                 OperatorRole,
	atc.ArchivePipeline:               OwnerRole,
	atc.UnpausePipeline:               OperatorRole,
	atc.ExposePipeline:                MemberRole,
	atc.HidePipeline:                  MemberRole,
	atc.RenamePipeline:                MemberRole,
	atc.ListPipelineBuilds:            ViewerRole,
	atc.CreatePipelineBuild:           MemberRole,
	atc.PipelineBadge:                 ViewerRole,
	atc.RegisterWorker:                MemberRole,
	atc.LandWorker:                    MemberRole,
	atc.RetireWorker:                  MemberRole,
	atc.PruneWorker:                   MemberRole,
	atc.HeartbeatWorker:               MemberRole,
	atc.ListWorkers:                   ViewerRole,
	atc.DeleteWorker:                  MemberRole,
	atc.SetLogLevel:                   MemberRole,
	atc.GetLogLevel:                   ViewerRole,
	atc.DownloadCLI:                   ViewerRole,
	atc.GetInfo:                       ViewerRole,
	atc.GetInfoCreds:                  ViewerRole,
	atc.ListContainers:                ViewerRole,
	atc.GetContainer:                  ViewerRole,
	atc.HijackContainer:               MemberRole,
	atc.ListDestroyingContainers:      ViewerRole,
	atc.ReportWorkerContainers:        MemberRole,
	atc.ListVolumes:                   ViewerRole,
	atc.ListDestroyingVolumes:         ViewerRole,
	atc.ReportWorkerVolumes:           MemberRole,
	atc.ListTeams:                     ViewerRole,
	atc.GetTeam:                       ViewerRole,
	atc.SetTeam:                       OwnerRole,
	atc.RenameTeam:                    OwnerRole,
	atc.DestroyTeam:                   OwnerRole,
	atc.ListTeamBuilds:                ViewerRole,
	atc.CreateArtifact:                MemberRole,
	atc.GetArtifact:                   MemberRole,
	atc.ListBuildArtifacts:            ViewerRole,
	atc.GetWall:                       ViewerRole,
}

Functions

func NewAccessor 

func NewAccessor(
	verification Verification,
	requiredRole string,
	systemClaimKey string,
	systemClaimValues []string,
	teams []db.Team,
) *access

func NewClaimsCacher 

func NewClaimsCacher(
	accessTokenFetcher AccessTokenFetcher,
	maxCacheSizeBytes int,
) *claimsCacher

func NewHandler 

func NewHandler(
	logger lager.Logger,
	action string,
	handler http.Handler,
	accessFactory AccessFactory,
	auditor auditor.Auditor,
	customRoles map[string]string,
) http.Handler

func NewTeamsCacher 

func NewTeamsCacher(
	logger lager.Logger,
	notifications Notifications,
	teamFactory db.TeamFactory,
	expiration time.Duration,
	cleanupInterval time.Duration,
) *teamsCacher

func NewVerifier 

func NewVerifier(accessTokenFetcher AccessTokenFetcher, audience []string) *verifier

Types

type Access 

type Access interface {
	HasToken() bool
	IsAuthenticated() bool
	IsAuthorized(string) bool
	IsAdmin() bool
	IsSystem() bool
	TeamNames() []string
	TeamRoles() map[string][]string
	Claims() Claims
}

func GetAccessor 

func GetAccessor(r *http.Request) Access

type AccessFactory 

type AccessFactory interface {
	Create(req *http.Request, role string) (Access, error)
}

func NewAccessFactory 

func NewAccessFactory(
	tokenVerifier TokenVerifier,
	teamFetcher TeamFetcher,
	systemClaimKey string,
	systemClaimValues []string,
) AccessFactory

type AccessTokenFetcher 

type AccessTokenFetcher interface {
	GetAccessToken(rawToken string) (db.AccessToken, bool, error)
}

type Claims 

type Claims struct {
	Sub       string
	Name      string
	UserID    string
	UserName  string
	Email     string
	Connector string
}

type Notifications 

type Notifications interface {
	Listen(string) (chan bool, error)
	Unlisten(string, chan bool) error
}

type TeamFetcher 

type TeamFetcher interface {
	GetTeams() ([]db.Team, error)
}

type TokenVerifier 

type TokenVerifier interface {
	Verify(req *http.Request) (map[string]interface{}, error)
}

type Verification 

type Verification struct {
	HasToken     bool
	IsTokenValid bool
	RawClaims    map[string]interface{}
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.