Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UserHandler ¶
func UserHandler(w http.ResponseWriter, r *http.Request)
UserHandler returns the information of the authenticated user.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Auth is the struct for handling authorization for resources.
func New ¶
func New(enabled bool, userHeader, defaultTeam string, interval time.Duration, clusters *clusters.Clusters) *Auth
New returns a new authentication and authorization object.
func (*Auth) GetPermissions ¶
func (a *Auth) GetPermissions()
GetPermissions should be called in a new goroutine to get a list of users and there permissions. This list is refreshed by the refresh interval parameter. When authentication and authorization isn't enabled this function directly returns. If the auth module is enabled it runs the internal getPermissions function on the specified interval.
func (*Auth) Handler ¶
Handler apply the authorization policy for a request and adds the user information to the request.
We are always trying to get the user id from the specified authentication header, so that we can log the users which runs the request also when authentication is disabled. That way we can have a basic audit log when authentication is disabled. When authentication is enabled we are checking if the user exists in the users map, if this isn't the case we we applie the default permissions for the user. When the user exists we are checking if the user has access to the plugin. The API routes which are outside of the plugins router are always accessible (e.g. getting all configured plugins and clusters).