Documentation ¶
Index ¶
- Constants
- Variables
- func DNToURL(src string, opposite bool) (dst string)
- func KVCipherKey(store, bucket string) []byte
- func KVDataKey(bucket, key string, version uint16) []byte
- func KVLoginCertificate() string
- func KVLoginCertificateKeyFromPath(path string) []byte
- func KVLoginCertificateKeyFromPathString(path string) string
- func KVLoginCertificateKeyFromSubject(subject string) []byte
- func KVLoginCertificateKeyFromSubjectString(subject string) string
- func KVLoginStrategyKey(strategy string) []byte
- func KVLoginStrategyKeyString(strategy string) string
- func KVMetadataKey(bucket, key string) []byte
- func KVMetadataKeyString(bucket, key string) string
- func KVPolicyKey(name string) []byte
- func KVPolicyKeyString(name string) string
- func KVSessionKey(name string) []byte
- func KVTemporal(bucket string) []byte
- func KVTemporalKey(bucket, key string) []byte
- func KVTemporalKeyString(bucket, key string) string
- func KVTemporalString(bucket string) string
- func KVTransit(bucket string) []byte
- func KVTransitString(bucket string) string
- func KVUserKey(strategy, username string) []byte
- func KVUserKeyString(strategy, username string) string
- func KVUsersKey(strategy string) []byte
- func KVUsersKeyString(strategy string) string
- type RaftJoin
- type RaftJoinResponse
- type RaftLeave
- type Session
- type User
Constants ¶
const ( DefaultPolicyAdminsName string = "admins" DefaultPolicyRaftName string = "raft" DefaultStrategyName string = "api" DefaultStrategySessionTTL int64 = 300 // seconds DefaultStrategyPolicyMinLength int = 8 DefaultStrategyPolicyMaxLength int = 32 DefaultStrategyPolicyMixedcase bool = true DefaultStrategyPolicyDigits bool = true DefaultStrategyPolicySymbols bool = true DefaultStrategyPolicyNoRepetition bool = false )
Hardcoded defaults for database
const ( KVPolicies string = "/policies" KVStrategies string = "/strategies" )
base paths
const (
DefaultTemporalTTL int64 = 3600 // seconds
)
Harcoded defaults for temporal store
Variables ¶
var ( ErrInternalError = errors.New("internal error") // when something goes wrong internally like a wrong stategy name, must not arise ErrIncorrectFormat = errors.New("incorrect format") // when something does not meet the requirements (regexp, etc) )
common errors
var (
)permission errors
var (
ErrUnknownLoginStrategy = errors.New("unknown login strategy")
)
login errors
Functions ¶
func DNToURL ¶
DNToURL converts from LDAP notation to URL tree (LDAP) CN=localhost,OU=servers,O=veil,L=Madrid,ST=Madrid,C=ES
(URL) /C=ES/ST=Madrid/L=Madrid/O=veil/OU=servers/CN=localhost
func KVCipherKey ¶
KVCipherKey returns the key for a cipher key on the database
func KVLoginCertificate ¶
func KVLoginCertificate() string
KVLoginCertificate returns the root path of the login certificates mappings
func KVLoginCertificateKeyFromPath ¶
KVLoginCertificateKeyFromPath returns the full key path on the database from the API path (as []byte)
func KVLoginCertificateKeyFromPathString ¶
KVLoginCertificateKeyFromPathString returns the full key path on the database from the API path
func KVLoginCertificateKeyFromSubject ¶
KVLoginCertificateKeyFromSubject returns the key on DB where a certificate reference is used for login (as []byte)
func KVLoginCertificateKeyFromSubjectString ¶
KVLoginCertificateKeyFromSubjectString returns the key on DB where a certificate reference is used for login (as string)
func KVLoginStrategyKey ¶
KVLoginStrategyKey returns users formatted key
func KVLoginStrategyKeyString ¶
KVLoginStrategyKeyString returns users formatted key as string
func KVMetadataKey ¶
KVMetadataKey returns metadata information key formatted
func KVMetadataKeyString ¶
KVMetadataKeyString returns metadata information key formatted
func KVPolicyKey ¶
KVPolicyKey returns policy formatted key for policies
func KVPolicyKeyString ¶
KVPolicyKeyString returns policy formatted key for policies as string
func KVSessionKey ¶
KVSessionKey returns session formatted key
func KVTemporal ¶
KVTemporal returns the bucket for temporal data as []byte
func KVTemporalKey ¶
KVTemporalKey returns the bucket for temporal data as []byte
func KVTemporalKeyString ¶
KVTemporalKeyString returns the bucket for temporal data as string
func KVTemporalString ¶
KVTemporalString returns the bucket for temporal data as string
func KVTransitString ¶
KVTransitString returns the bucket for temporal data as string
func KVUserKeyString ¶
KVUserKeyString returns one user formatted key as string
func KVUsersKeyString ¶
KVUsersKeyString returns users formatted key as string
Types ¶
type RaftJoin ¶
type RaftJoin struct { ID string `json:"id"` // Server ID used to identify the remote on the cluster RaftAddr string `json:"raft_addr"` // IP:Port where the RAFT services is listening on the remote machine APIAddr string `json:"api_addr"` // address where the server is servicing the API, needed for proxy requests to leader PrevIndex uint64 `json:"prev_index"` // index of configuration (see below) Timeout time.Duration `json:"timeout"` // If nonzero, timeout is how long this server should wait before the configuration change log entry is appended. Voter bool `json:"voter"` }
RaftJoin is the struct required to join as server on the cluster
type RaftJoinResponse ¶
type RaftJoinResponse struct {
Key []byte `json:"key"`
}
RaftJoinResponse is the struct that holds the information to unseal remote database
type RaftLeave ¶
type RaftLeave struct { ID string `json:"id"` // Server ID used to identify the remote on the cluster PrevIndex uint64 `json:"prev_index"` // index of configuration (see below) Timeout time.Duration `json:"timeout"` // If nonzero, timeout is how long this server should wait before the configuration change log entry is appended. }
RaftLeave is the struct used to request leaving the cluster
type Session ¶
type Session struct { Token string `json:"token"` Bucket string `json:"bucket"` // Authetication type Username string `json:"username"` // Username Name string `json:"name"` // Name ExpiresAt int64 `json:"expire"` // Expiration time epoch Policies []string `json:"policies"` // policies array hidden on API }
Session contains the information about the current session that is on the database a session contains basic information about the user and the policies granted on its logon
type User ¶
type User struct { Username string `json:"username"` // (required) Username Name string `json:"name"` // (required) Name of the user Description string `json:"desc,omitempty"` // (optional) Description Password string `json:"-"` // used for calculate password, but not stored or retriveable PasswordKey []byte `json:"key,omitempty"` // PasswordKey can not be retrieved by using an API PasswordSalt string `json:"salt,omitempty"` // PasswordSalt can not be retrieved by using an API Policies []string `json:"policies,omitempty"` // Policies for the user }
User is the representation of an API User on the database
func (*User) PasswordMatch ¶
PasswordMatch verifies if password match with the stored one
func (*User) SetPassword ¶
SetPassword sets the passwordy on the user struct
func (*User) SetRandomPassword ¶
SetRandomPassword creates a random password for the user
(16 alphanumeric characters)
func (*User) ValidUsername ¶
ValidUsername returns the username validation