auth

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package auth collects structures and functions around the generation and processing of credentials.

Package auth collects structures and functions around the generation and processing of credentials.

Index

Constants

View Source 
const (
	RolesDelimiter         = ","
	RoleNamespaceDelimiter = ":"
)

Variables

View Source 
var (
	ErrUserNotFound     = errors.New("user not found")
	ErrUsernameConflict = errors.New("user is defined multiple times")
)
View Source 
var ActionsMap = make(Actions)

ActionsMap holds the available actions that can be assigned to a Role Call LoadActions to load the actions from the actions.yaml file.

Functions

func ExtendLocalTrust added in v0.0.16 

func ExtendLocalTrust(certs string)

ExtendLocalTrust makes the certs found in specified PEM string available as root CA certs, beyond the standard certs. It does this by creating an in-memory pool of certs filled from both the system pool and the argument, and setting this as the cert origin for net/http's default transport. Ditto for the websocket's default dialer.

func ExtendLocalTrustFromFile added in v1.3.0 

func ExtendLocalTrustFromFile(path string) error

ExtendLocalTrustFromFile will load a cert from the specified file and will extend the local trust

func FilterGitconfigResources added in v1.10.0 

func FilterGitconfigResources[T GitconfigResource](user User, resources []T) []T

FilterResources returns only the GitconfigResources where the user has permissions

func FilterResources added in v0.9.0 

func FilterResources[T NamespacedResource](user User, resources []T) []T

FilterResources returns only the NamespacedResources where the user has permissions

func InitRoles added in v1.11.0 

func InitRoles(rolesGetter RolesGetter) error

func ParseRoleID added in v1.11.0 

func ParseRoleID(roleID string) (string, string)

ParseRoleID parses the "full" roleID, returning the roleID without the namespace, and the namespace

i.e.: 

"admin" will return "admin" and ""
"admin:workspace" will return "admin" and "workspace"

Types

type Action added in v1.11.0 

type Action struct {
	ID        string     `yaml:"id"`
	Name      string     `yaml:"name"`
	DependsOn []string   `yaml:"dependsOn"`
	Endpoints []Endpoint `yaml:"-"`

	Routes   []string `yaml:"routes"`
	WsRoutes []string `yaml:"wsRoutes"`
}

Action defines a possible action that can be performed and the allowed Endpoints.

func InitActions added in v1.11.0 

func InitActions() ([]Action, error)

InitActions will load the yaml containing the Actions/Routes mapping, and their dependencies

func (*Action) IsAllowed added in v1.11.0 

func (a *Action) IsAllowed(method, fullpath string) bool

IsAllowed check if the action allows the called APIs checking the available endpoints

func (*Action) Merge added in v1.11.0 

func (a *Action) Merge(dependency Action) Action

Merge will add the routes and wsRoutes from the dependency into the action

type Actions added in v1.11.0 

type Actions map[string]Action

type AuthService added in v0.8.0 

type AuthService struct {
	Logger logr.Logger
	typedcorev1.SecretInterface
	typedcorev1.ConfigMapInterface
}

func NewAuthService added in v1.11.0 

func NewAuthService(logger logr.Logger, cluster *kubernetes.Cluster) *AuthService

func NewAuthServiceFromContext added in v0.8.0 

func NewAuthServiceFromContext(ctx context.Context, logger logr.Logger) (*AuthService, error)

func (*AuthService) GetRoles added in v1.11.0 

func (s *AuthService) GetRoles(ctx context.Context) (Roles, error)

func (*AuthService) GetUserByUsername added in v0.8.0 

func (s *AuthService) GetUserByUsername(ctx context.Context, username string) (User, error)

GetUserByUsername returns the user with the provided username It will return a UserNotFound error if the user is not found

func (*AuthService) GetUsers added in v0.8.0 

func (s *AuthService) GetUsers(ctx context.Context) ([]User, DefinitionCount, error)

GetUsers returns all the Epinio users with no conflicting definitions. it further returns a map of definition counts enabling the caller to distinguish between `truly does not exist` versus `has conflicting definitions`.

func (*AuthService) RemoveGitconfigFromUsers added in v1.10.0 

func (s *AuthService) RemoveGitconfigFromUsers(ctx context.Context, gitconfig string) error

RemoveGitconfigFromUsers will remove the specified gitconfig from all users

func (*AuthService) RemoveNamespaceFromUsers added in v0.8.0 

func (s *AuthService) RemoveNamespaceFromUsers(ctx context.Context, namespace string) error

RemoveNamespaceFromUsers will remove the specified namespace from all users

func (*AuthService) SaveUser added in v1.3.0 

func (s *AuthService) SaveUser(ctx context.Context, user User) (User, error)

SaveUser will save the user

func (*AuthService) UpdateUser added in v1.11.0 

func (s *AuthService) UpdateUser(ctx context.Context, user User) (User, error)

UpdateUser will update an existing user

type DefinitionCount added in v1.11.0 

type DefinitionCount map[string]int

type Endpoint added in v1.11.0 

type Endpoint struct {
	Method   string
	BasePath string
	Path     string
}

Endpoint is an API endpoint with verb, base path (i.e.: /api/v1 ) and path (i.e.: /apps)

func NewEndpoint added in v1.11.0 

func NewEndpoint(route routes.Route) Endpoint

func NewWsEndpoint added in v1.11.0 

func NewWsEndpoint(route routes.Route) Endpoint

func (*Endpoint) FullPath added in v1.11.0 

func (e *Endpoint) FullPath() string

type GitconfigResource added in v1.10.0 

type GitconfigResource interface {
	Gitconfig() string
}

type NamespacedResource added in v0.9.0 

type NamespacedResource interface {
	Namespace() string
}

type Role added in v1.11.0 

type Role struct {
	ID string
	// Name is a friendly name for the Role
	Name string
	// Namespace is the namespace where this role is applied to
	Namespace string
	Actions   []Action
	// Default is set to true if the Role id the default one
	Default bool
}

Role define an Epinio role, loaded from ConfigMaps

func NewRole added in v1.11.0 

func NewRole(id, name, defaultVal string, actionIDs []string) (Role, error)

func (*Role) IsAllowed added in v1.11.0 

func (r *Role) IsAllowed(method, fullpath string) bool

type Roles added in v1.11.0 

type Roles []Role
var (
	// AdminRole is a special role. It permits all actions.
	AdminRole = Role{
		ID:   "admin",
		Name: "Admin Role",
	}

	// EpinioRoles are all the available Epinio roles.
	// It is initialized with the AdminRole, and then it will load the other available Roles
	// with the auth.InitRoles function.
	EpinioRoles Roles = Roles{AdminRole}
)

func (Roles) Default added in v1.11.0 

func (roles Roles) Default() (Role, bool)

Default return the default role, if found

func (Roles) FindByID added in v1.11.0 

func (roles Roles) FindByID(id string) (Role, bool)

FindByID return the role matching the id (not namescoped)

func (Roles) FindByIDAndNamespace added in v1.11.0 

func (roles Roles) FindByIDAndNamespace(id, namespace string) (Role, bool)

FindByIDAndNamespace return the role matching the id and namescoped

func (Roles) IDs added in v1.11.0 

func (roles Roles) IDs() []string

IDs return the IDs of the roles (namescoped)

func (Roles) IsAllowed added in v1.11.0 

func (roles Roles) IsAllowed(method, fullpath string) bool

type RolesGetter added in v1.11.0 

type RolesGetter interface {
	GetRoles(context.Context) (Roles, error)
}

type User added in v0.8.0 

type User struct {
	Username   string
	Password   string
	CreatedAt  time.Time
	Roles      Roles
	Namespaces []string // list of namespaces this user has created (and thus access to)
	Gitconfigs []string // list of gitconfigs this user has created (and thus access to)
	// contains filtered or unexported fields
}

User is a struct containing all the information of an Epinio User

func IsUpdateUserNeeded added in v1.11.0 

func IsUpdateUserNeeded(logger logr.Logger, user User) (User, bool)

IsUpdateUserNeeded returns whenever a user needs to be updated, and the user with the updated information

func (*User) AddGitconfig added in v1.10.0 

func (u *User) AddGitconfig(gitconfig string)

AddGitconfig adds the gitconfig to the User's gitconfigs, if it not already exists

func (*User) AddNamespace added in v0.8.0 

func (u *User) AddNamespace(namespace string)

AddNamespace adds the namespace to the User's namespaces, if it not already exists

func (*User) IsAdmin added in v1.11.0 

func (u *User) IsAdmin() bool

IsAdmin returns true if a user has a global admin role

func (*User) IsAllowed added in v1.11.0 

func (u *User) IsAllowed(method, fullPath string, params map[string]string) bool

func (*User) RemoveGitconfig added in v1.10.0 

func (u *User) RemoveGitconfig(gitconfig string) bool

RemoveGitconfig removes a gitconfig from the User's gitconfigs. It returns false if the gitconfig was not there

func (*User) RemoveNamespace added in v0.8.0 

func (u *User) RemoveNamespace(namespaceToRemove string) bool

RemoveNamespace removes a namespace from the User's namespaces and any namescoped roles. It returns false if the namespace was not there

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.