keycloakb

package
Version: v3.22.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 10, 2021 License: GPL-3.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// CredsIDNow identifies the condition for IDNow service
	CredsIDNow = configuration.CheckKeyIDNow
	// CredsPhysical identifies the condition for physical identification
	CredsPhysical = configuration.CheckKeyPhysical
)
View Source
const (
	// KeyCorrelationID is histogram field for correlation ID
	KeyCorrelationID = "correlation_id"
)

Variables

View Source
var (
	// ComponentName is the name of the component.
	ComponentName = "keycloak-bridge"
	// Version of the component.
	Version = "1.1"
)
View Source
var (
	ErrCantUnmarshalPendingCheck = errors.New("can't unmarshal pending check value")
)

Exportable values

Functions

func AddPendingCheck

func AddPendingCheck(value *string, nature string) (*string, error)

AddPendingCheck adds a pending check

func CheckRemovableMFA

func CheckRemovableMFA(ctx context.Context, credentialID string, lastMFARemovable bool, getCredentials func() ([]kc.CredentialRepresentation, error), logger Logger) error

CheckRemovableMFA checks if a given credential is removable (owned by user and not the password credential)

func ConvertLegacyAttribute

func ConvertLegacyAttribute(user *kc.UserRepresentation)

ConvertLegacyAttribute ensure that PII are located in the well named attributes

func ConvertMinutesShift

func ConvertMinutesShift(value string) (int, error)

ConvertMinutesShift converts a string describing a timezone shift to a numeric value

func GenerateInitialCode

func GenerateInitialCode(nbUpperCase int, nbDigits int, nbLowerCase int) string

GenerateInitialCode generates a code of the format UpperCase + digits + LowerCase

func GeneratePassword

func GeneratePassword(policy *string, minLength int, userID string) (string, error)

GeneratePassword generates a password accoring to the policy or minimum length imposed

func GeneratePasswordFromKeycloakPolicy

func GeneratePasswordFromKeycloakPolicy(policy string) (string, error)

GeneratePasswordFromKeycloakPolicy generates a random password respecting the keycloak password policy

func GeneratePasswordNoKeycloakPolicy

func GeneratePasswordNoKeycloakPolicy(minLength int) string

GeneratePasswordNoKeycloakPolicy generates a password of a given length

func GetPendingChecks

func GetPendingChecks(value *string) *[]string

GetPendingChecks get pending checks

func IsDateInThePast

func IsDateInThePast(value *string) *bool

IsDateInThePast tells if a date is in the past or not

func IsUpdated

func IsUpdated(values ...*string) bool

IsUpdated checks if there are changes in provided values. These values are provided by pair: first one is the new value (or nil if no update is expected) and the second one is the former value

func LimitRate

func LimitRate(e cs.Endpoint, limit int) endpoint.Endpoint

LimitRate adds a rate limit to an endpoint

func LogUnrecordedEvent

func LogUnrecordedEvent(ctx context.Context, logger Logger, eventName string, errorMessage string, values ...string)

LogUnrecordedEvent logs the events that could not be reported in the DB

func MakeConfigurationDBModuleInstrumentingMW

func MakeConfigurationDBModuleInstrumentingMW(h cm.Histogram) func(ConfigurationDBModule) ConfigurationDBModule

MakeConfigurationDBModuleInstrumentingMW makes an instrumenting middleware at module level.

func NewKeycloakAuthClient

func NewKeycloakAuthClient(client KeycloakClient, logger Logger) security.KeycloakClient

NewKeycloakAuthClient creates an adaptor for Authorization management to access Keycloak

func NewRealmIDRetriever

func NewRealmIDRetriever(kcClient KeycloakClient) middleware.IDRetriever

NewRealmIDRetriever is a tool use to convert a realm name in a realm ID

func NextDay

func NextDay(ref time.Time) time.Time

NextDay returns a time.Time value of the provided time rounded to the next month of the associated locale

func NextHour

func NextHour(ref time.Time) time.Time

NextHour returns a time.Time value of the provided time rounded to the next hour of the associated locale

func NextMonth

func NextMonth(ref time.Time) time.Time

NextMonth returns a time.Time value of the provided time rounded to the next month of the associated locale

func RemovePendingCheck

func RemovePendingCheck(value *string, nature string) (*string, error)

RemovePendingCheck removes a pending check

func RevokeAccreditations

func RevokeAccreditations(kcUser *kc.UserRepresentation)

RevokeAccreditations revokes active accreditations of the given user

func ThisMonth

func ThisMonth(ref time.Time) time.Time

ThisMonth returns a time.Time value of the provided time rounded to the beginning of the current month of the associated locale

func ToGoKitEndpoint

func ToGoKitEndpoint(e cs.Endpoint) endpoint.Endpoint

ToGoKitEndpoint converts endpoints

Types

type AccreditationRepresentation

type AccreditationRepresentation struct {
	Type       *string `json:"type,omitempty"`
	ExpiryDate *string `json:"expiryDate,omitempty"`
	Revoked    *bool   `json:"revoked,omitempty"`
}

AccreditationRepresentation is a representation of accreditations

type AccreditationsModule

type AccreditationsModule interface {
	GetUserAndPrepareAccreditations(ctx context.Context, accessToken, realmName, userID, condition string) (kc.UserRepresentation, int, error)
}

AccreditationsModule interface

func NewAccreditationsModule

func NewAccreditationsModule(keycloakClient AccredsKeycloakClient, confDBModule AdminConfigurationDBModule, logger Logger) AccreditationsModule

NewAccreditationsModule creates an accreditations module

type AccredsKeycloakClient

type AccredsKeycloakClient interface {
	UpdateUser(accessToken string, realmName, userID string, user kc.UserRepresentation) error
	GetUser(accessToken string, realmName, userID string) (kc.UserRepresentation, error)
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
}

AccredsKeycloakClient is the minimum Keycloak client interface for accreditations

type AdminConfigurationDBModule

type AdminConfigurationDBModule interface {
	GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error)
}

AdminConfigurationDBModule interface

type ArchiveDBModule

type ArchiveDBModule interface {
	StoreUserDetails(ctx context.Context, realm string, user dto.ArchiveUserRepresentation) error
}

ArchiveDBModule interface

func NewArchiveDBModule

func NewArchiveDBModule(db sqltypes.CloudtrustDB, cipher security.EncrypterDecrypter, logger log.Logger) ArchiveDBModule

NewArchiveDBModule returns an archive DB module.

type ConfigurationDBModule

type ConfigurationDBModule interface {
	NewTransaction(context context.Context) (sqltypes.Transaction, error)
	GetConfigurations(context.Context, string) (configuration.RealmConfiguration, configuration.RealmAdminConfiguration, error)
	StoreOrUpdateConfiguration(context.Context, string, configuration.RealmConfiguration) error
	GetConfiguration(context.Context, string) (configuration.RealmConfiguration, error)
	StoreOrUpdateAdminConfiguration(context.Context, string, configuration.RealmAdminConfiguration) error
	GetAdminConfiguration(context.Context, string) (configuration.RealmAdminConfiguration, error)
	GetBackOfficeConfiguration(context.Context, string, []string) (dto.BackOfficeConfiguration, error)
	DeleteBackOfficeConfiguration(context.Context, string, string, string, *string, *string) error
	InsertBackOfficeConfiguration(context.Context, string, string, string, string, []string) error
	GetAuthorizations(context context.Context, realmID string, groupName string) ([]configuration.Authorization, error)
	CreateAuthorization(context context.Context, authz configuration.Authorization) error
	DeleteAuthorizations(context context.Context, realmID string, groupName string) error
	DeleteAllAuthorizationsWithGroup(context context.Context, realmName, groupName string) error
}

ConfigurationDBModule is the interface of the configuration module.

func NewConfigurationDBModule

func NewConfigurationDBModule(db sqltypes.CloudtrustDB, logger log.Logger, actions ...[]string) ConfigurationDBModule

NewConfigurationDBModule returns a ConfigurationDB module.

type EventsDBModule

type EventsDBModule interface {
	GetEventsCount(context.Context, map[string]string) (int, error)
	GetEvents(context.Context, map[string]string) ([]api.AuditRepresentation, error)
	GetEventsSummary(context.Context) (api.EventSummaryRepresentation, error)
	GetLastConnection(context.Context, string) (int64, error)
	GetTotalConnectionsCount(context.Context, string, string) (int64, error)
	GetTotalConnectionsHoursCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetTotalConnectionsDaysCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetTotalConnectionsMonthsCount(context.Context, string, *time.Location, int) ([][]int64, error)
	GetLastConnections(context.Context, string, string) ([]api_stat.StatisticsConnectionRepresentation, error)
}

EventsDBModule is the interface of the audit events module.

func NewEventsDBModule

func NewEventsDBModule(db sqltypes.CloudtrustDB) EventsDBModule

NewEventsDBModule returns an events database module.

type KeycloakClient

type KeycloakClient interface {
	GetGroupsOfUser(accessToken string, realmName, userID string) ([]kc.GroupRepresentation, error)
	GetGroup(accessToken string, realmName, groupID string) (kc.GroupRepresentation, error)
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
}

KeycloakClient are methods from keycloak-client used by authorization manager

type KeycloakForTechnicalClient

type KeycloakForTechnicalClient interface {
	GetRealm(accessToken string, realmName string) (kc.RealmRepresentation, error)
	LogoutAllSessions(accessToken string, realmName, userID string) error
}

KeycloakForTechnicalClient interface

type KeycloakTechnicalClient

type KeycloakTechnicalClient interface {
	GetRealm(ctx context.Context, realmName string) (kc.RealmRepresentation, error)
	LogoutAllSessions(ctx context.Context, realmName, userID string) error
}

KeycloakTechnicalClient are methods from keycloak-client called by a technical account

func NewKeycloakTechnicalClient

func NewKeycloakTechnicalClient(tokenProvider toolbox.OidcTokenProvider, kcClient KeycloakForTechnicalClient, logger Logger) KeycloakTechnicalClient

NewKeycloakTechnicalClient creates a Keycloak client associated to a technical user

type KeycloakURIProvider

type KeycloakURIProvider interface {
	GetBaseURI(realm string) string
}

KeycloakURIProvider interface

type Logger

type Logger interface {
	Debug(ctx context.Context, keyvals ...interface{})
	Info(ctx context.Context, keyvals ...interface{})
	Warn(ctx context.Context, keyvals ...interface{})
	Error(ctx context.Context, keyvals ...interface{})
}

Logger interface for logging with level

type OnboardingKeycloakClient

type OnboardingKeycloakClient interface {
	CreateUser(accessToken string, realmName string, targetRealmName string, user kc.UserRepresentation) (string, error)
	ExecuteActionsEmail(accessToken string, reqRealmName string, targetRealmName string, userID string, actions []string, paramKV ...string) error
}

OnboardingKeycloakClient interface

type OnboardingModule

type OnboardingModule interface {
	OnboardingAlreadyCompleted(kc.UserRepresentation) (bool, error)
	SendOnboardingEmail(ctx context.Context, accessToken string, realmName string, userID string, username string,
		onboardingClientID string, onboardingRedirectURI string, themeRealmName string, reminder bool, lifespan *int) error
	CreateUser(ctx context.Context, accessToken, realmName, targetRealmName string, kcUser *kc.UserRepresentation) (string, error)
}

OnboardingModule interface

func NewOnboardingModule

func NewOnboardingModule(keycloakClient OnboardingKeycloakClient, keycloakURIProvider KeycloakURIProvider, logger log.Logger) OnboardingModule

NewOnboardingModule creates an onboarding module

type PendingChecks

type PendingChecks interface {
	AddPendingCheck(nature string)
	RemovePendingCheck(nature string)
	ToAttribute() *string
	ToCheckNames() *[]string
}

PendingChecks interface

func NewPendingChecks

func NewPendingChecks(value *string) (PendingChecks, error)

NewPendingChecks creates a PendingChecks value

type Scanner

type Scanner interface {
	Scan(...interface{}) error
}

Scanner used to get data from SQL cursors

type UsersDetailsDBModule

type UsersDetailsDBModule interface {
	StoreOrUpdateUserDetails(ctx context.Context, realm string, user dto.DBUser) error
	GetUserDetails(ctx context.Context, realm string, userID string) (dto.DBUser, error)
	DeleteUserDetails(ctx context.Context, realm string, userID string) error
	CreateCheck(ctx context.Context, realm string, userID string, check dto.DBCheck) error
	GetChecks(ctx context.Context, realm string, userID string) ([]dto.DBCheck, error)
}

UsersDetailsDBModule interface

func NewUsersDetailsDBModule

func NewUsersDetailsDBModule(db sqltypes.CloudtrustDB, cipher security.EncrypterDecrypter, logger log.Logger) UsersDetailsDBModule

NewUsersDetailsDBModule returns a UsersDB module.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL