Documentation ¶
Overview ¶
Package auth collects structures and functions around the generation and processing of credentials.
Package auth collects structures and functions around the generation and processing of credentials.
Index ¶
- Constants
- Variables
- func ExtendLocalTrust(certs string)
- func ExtendLocalTrustFromFile(path string) error
- func FilterGitconfigResources[T GitconfigResource](user User, resources []T) []T
- func FilterResources[T NamespacedResource](user User, resources []T) []T
- func InitRoles(rolesGetter RolesGetter) error
- func ParseRoleID(roleID string) (string, string)
- type Action
- type Actions
- type AuthService
- func (s *AuthService) GetRoles(ctx context.Context) (Roles, error)
- func (s *AuthService) GetUserByUsername(ctx context.Context, username string) (User, error)
- func (s *AuthService) GetUsers(ctx context.Context) ([]User, DefinitionCount, error)
- func (s *AuthService) RemoveGitconfigFromUsers(ctx context.Context, gitconfig string) error
- func (s *AuthService) RemoveNamespaceFromUsers(ctx context.Context, namespace string) error
- func (s *AuthService) SaveUser(ctx context.Context, user User) (User, error)
- func (s *AuthService) UpdateUser(ctx context.Context, user User) (User, error)
- type DefinitionCount
- type Endpoint
- type GitconfigResource
- type NamespacedResource
- type Role
- type Roles
- type RolesGetter
- type User
- func (u *User) AddGitconfig(gitconfig string)
- func (u *User) AddNamespace(namespace string)
- func (u *User) IsAdmin() bool
- func (u *User) IsAllowed(method, fullPath string, params map[string]string) bool
- func (u *User) RemoveGitconfig(gitconfig string) bool
- func (u *User) RemoveNamespace(namespaceToRemove string) bool
Constants ¶
const ( RolesDelimiter = "," RoleNamespaceDelimiter = ":" )
Variables ¶
var ( ErrUserNotFound = errors.New("user not found") ErrUsernameConflict = errors.New("user is defined multiple times") )
var ActionsMap = make(Actions)
ActionsMap holds the available actions that can be assigned to a Role Call LoadActions to load the actions from the actions.yaml file.
Functions ¶
func ExtendLocalTrust ¶ added in v0.0.16
func ExtendLocalTrust(certs string)
ExtendLocalTrust makes the certs found in specified PEM string available as root CA certs, beyond the standard certs. It does this by creating an in-memory pool of certs filled from both the system pool and the argument, and setting this as the cert origin for net/http's default transport. Ditto for the websocket's default dialer.
func ExtendLocalTrustFromFile ¶ added in v1.3.0
ExtendLocalTrustFromFile will load a cert from the specified file and will extend the local trust
func FilterGitconfigResources ¶ added in v1.10.0
func FilterGitconfigResources[T GitconfigResource](user User, resources []T) []T
FilterResources returns only the GitconfigResources where the user has permissions
func FilterResources ¶ added in v0.9.0
func FilterResources[T NamespacedResource](user User, resources []T) []T
FilterResources returns only the NamespacedResources where the user has permissions
func InitRoles ¶ added in v1.11.0
func InitRoles(rolesGetter RolesGetter) error
func ParseRoleID ¶ added in v1.11.0
ParseRoleID parses the "full" roleID, returning the roleID without the namespace, and the namespace
i.e.:
"admin" will return "admin" and "" "admin:workspace" will return "admin" and "workspace"
Types ¶
type Action ¶ added in v1.11.0
type Action struct { ID string `yaml:"id"` Name string `yaml:"name"` DependsOn []string `yaml:"dependsOn"` Endpoints []Endpoint `yaml:"-"` Routes []string `yaml:"routes"` WsRoutes []string `yaml:"wsRoutes"` }
Action defines a possible action that can be performed and the allowed Endpoints.
func InitActions ¶ added in v1.11.0
InitActions will load the yaml containing the Actions/Routes mapping, and their dependencies
type AuthService ¶ added in v0.8.0
type AuthService struct { Logger logr.Logger typedcorev1.SecretInterface typedcorev1.ConfigMapInterface }
func NewAuthService ¶ added in v1.11.0
func NewAuthService(logger logr.Logger, cluster *kubernetes.Cluster) *AuthService
func NewAuthServiceFromContext ¶ added in v0.8.0
func (*AuthService) GetRoles ¶ added in v1.11.0
func (s *AuthService) GetRoles(ctx context.Context) (Roles, error)
func (*AuthService) GetUserByUsername ¶ added in v0.8.0
GetUserByUsername returns the user with the provided username It will return a UserNotFound error if the user is not found
func (*AuthService) GetUsers ¶ added in v0.8.0
func (s *AuthService) GetUsers(ctx context.Context) ([]User, DefinitionCount, error)
GetUsers returns all the Epinio users with no conflicting definitions. it further returns a map of definition counts enabling the caller to distinguish between `truly does not exist` versus `has conflicting definitions`.
func (*AuthService) RemoveGitconfigFromUsers ¶ added in v1.10.0
func (s *AuthService) RemoveGitconfigFromUsers(ctx context.Context, gitconfig string) error
RemoveGitconfigFromUsers will remove the specified gitconfig from all users
func (*AuthService) RemoveNamespaceFromUsers ¶ added in v0.8.0
func (s *AuthService) RemoveNamespaceFromUsers(ctx context.Context, namespace string) error
RemoveNamespaceFromUsers will remove the specified namespace from all users
func (*AuthService) UpdateUser ¶ added in v1.11.0
UpdateUser will update an existing user
type DefinitionCount ¶ added in v1.11.0
type Endpoint ¶ added in v1.11.0
Endpoint is an API endpoint with verb, base path (i.e.: /api/v1 ) and path (i.e.: /apps)
func NewEndpoint ¶ added in v1.11.0
func NewWsEndpoint ¶ added in v1.11.0
type GitconfigResource ¶ added in v1.10.0
type GitconfigResource interface {
Gitconfig() string
}
type NamespacedResource ¶ added in v0.9.0
type NamespacedResource interface {
Namespace() string
}
type Role ¶ added in v1.11.0
type Role struct { ID string // Name is a friendly name for the Role Name string // Namespace is the namespace where this role is applied to Namespace string Actions []Action // Default is set to true if the Role id the default one Default bool }
Role define an Epinio role, loaded from ConfigMaps
type Roles ¶ added in v1.11.0
type Roles []Role
var ( // AdminRole is a special role. It permits all actions. AdminRole = Role{ ID: "admin", Name: "Admin Role", } // EpinioRoles are all the available Epinio roles. // It is initialized with the AdminRole, and then it will load the other available Roles // with the auth.InitRoles function. EpinioRoles Roles = Roles{AdminRole} )
func (Roles) FindByIDAndNamespace ¶ added in v1.11.0
FindByIDAndNamespace return the role matching the id and namescoped
type RolesGetter ¶ added in v1.11.0
type User ¶ added in v0.8.0
type User struct { Username string Password string CreatedAt time.Time Roles Roles Namespaces []string // list of namespaces this user has created (and thus access to) Gitconfigs []string // list of gitconfigs this user has created (and thus access to) // contains filtered or unexported fields }
User is a struct containing all the information of an Epinio User
func IsUpdateUserNeeded ¶ added in v1.11.0
IsUpdateUserNeeded returns whenever a user needs to be updated, and the user with the updated information
func (*User) AddGitconfig ¶ added in v1.10.0
AddGitconfig adds the gitconfig to the User's gitconfigs, if it not already exists
func (*User) AddNamespace ¶ added in v0.8.0
AddNamespace adds the namespace to the User's namespaces, if it not already exists
func (*User) RemoveGitconfig ¶ added in v1.10.0
RemoveGitconfig removes a gitconfig from the User's gitconfigs. It returns false if the gitconfig was not there
func (*User) RemoveNamespace ¶ added in v0.8.0
RemoveNamespace removes a namespace from the User's namespaces and any namescoped roles. It returns false if the namespace was not there