authorization

package

v0.0.0-...-bcdb799 Latest Latest Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/litmuschaos/litmus

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetUsername(token string) (string, error)
func IsRevokedToken(tokenString string, mongoClient *mongo.Client) bool
func Middleware(handler http.Handler, mongoClient *mongo.Client) gin.HandlerFunc
func UserValidateJWT(token string) (jwt.MapClaims, error)
func ValidateRole(ctx context.Context, projectID string, requiredRoles []string, ...) error
type RoleQuery

Constants ¶

View Source

const (
	AuthKey      = contextKey("authorization")
	UserClaim    = contextKey("user-claims")
	BearerSchema = "Bearer "
	CookieName   = "token"
)

Variables ¶

View Source

var MutationRbacRules = map[RoleQuery][]string{
	UserInfrastructureReg: {MemberRoleOwnerString, MemberRoleEditorString},
	CreateChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString},
	ReRunChaosExperiment:  {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString},
	StopChaosExperiment:   {MemberRoleOwnerString, MemberRoleEditorString},
	AddChaosHub:           {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateChaosExperiment: {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteInfrastructures: {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateChaosHub:        {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteChaosHub:        {MemberRoleOwnerString, MemberRoleEditorString},
	EnableGitOps:          {MemberRoleOwnerString},
	DisableGitOps:         {MemberRoleOwnerString},
	UpdateGitOps:          {MemberRoleOwnerString},
	ListWorkflowRuns:      {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetWorkflowRun:        {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListInfrastructures:   {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetInfrastructure:     {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetManifest:           {MemberRoleOwnerString, MemberRoleEditorString},
	GetInfraDetails:       {MemberRoleOwnerString, MemberRoleEditorString},
	ListCharts:            {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListExperiment:        {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	SaveChaosHub:          {MemberRoleOwnerString, MemberRoleEditorString},
	CreateImageRegistry:   {MemberRoleOwnerString},
	UpdateImageRegistry:   {MemberRoleOwnerString},
	DeleteImageRegistry:   {MemberRoleOwnerString},
	GetGitOpsDetails:      {MemberRoleOwnerString},
	ListImageRegistry:     {MemberRoleOwnerString},
	GetImageRegistry:      {MemberRoleOwnerString},
	CreateEnvironment:     {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateEnvironment:     {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteEnvironment:     {MemberRoleOwnerString, MemberRoleEditorString},
	GetEnvironment:        {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListEnvironments:      {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	AddProbe:              {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateProbe:           {MemberRoleOwnerString, MemberRoleEditorString},
	GetProbe:              {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListProbes:            {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	DeleteProbe:           {MemberRoleOwnerString, MemberRoleEditorString},
}

Functions ¶

func GetUsername ¶

func GetUsername(token string) (string, error)

GetUsername returns the username from the jwt token

func IsRevokedToken ¶

func IsRevokedToken(tokenString string, mongoClient *mongo.Client) bool

IsRevokedToken checks if the given JWT Token is revoked

func Middleware ¶

func Middleware(handler http.Handler, mongoClient *mongo.Client) gin.HandlerFunc

Middleware verifies jwt and checks if user has enough privilege to access route (no roles' info needed)

func UserValidateJWT ¶

func UserValidateJWT(token string) (jwt.MapClaims, error)

UserValidateJWT validates the cluster jwt

func ValidateRole ¶

func ValidateRole(ctx context.Context, projectID string,
	requiredRoles []string, invitation string) error

ValidateRole Validates the role of a user in a given project

Types ¶

type RoleQuery ¶

type RoleQuery string

RoleQuery states the query for the roles

const (
	// Chaos_Infrastructure
	UserInfrastructureReg RoleQuery = "userInfrastructureReg"
	ListInfrastructures   RoleQuery = "ListInfrastructures"
	GetInfrastructure     RoleQuery = "GetInfrastructure "
	DeleteInfrastructures RoleQuery = "DeleteInfrastructures"
	GetManifest           RoleQuery = "GetManifest"
	GetInfraDetails       RoleQuery = "GetInfraDetails"

	// Chaos_Experiment
	CreateChaosExperiment RoleQuery = "CreateChaosExperiment"
	ReRunChaosExperiment  RoleQuery = "ReRunChaosExperiment"
	DeleteChaosExperiment RoleQuery = "DeleteChaosEnvironment"
	UpdateChaosExperiment RoleQuery = "UpdateChaosExperiment"
	ListExperiment        RoleQuery = "ListExperiment"
	CreateEnvironment     RoleQuery = "CreateEnvironment"

	// Chaos_Experiment_run
	StopChaosExperiment RoleQuery = "StopChaosExperiment"
	ListWorkflowRuns    RoleQuery = "ListWorkflowRuns"
	GetWorkflowRun      RoleQuery = "GetWorkflowRun"

	// ChaosHub
	AddChaosHub    RoleQuery = "AddChaosHub"
	UpdateChaosHub RoleQuery = "UpdateChaosHub"
	DeleteChaosHub RoleQuery = "DeleteChaosHub"
	ListCharts     RoleQuery = "ListCharts"
	SaveChaosHub   RoleQuery = "SaveChaosHub"

	// GitOps
	EnableGitOps     RoleQuery = "EnableGitOps"
	DisableGitOps    RoleQuery = "DisableGitOps"
	UpdateGitOps     RoleQuery = "UpdateGitOps"
	GetGitOpsDetails RoleQuery = "GetGitOpsDetails"

	// Image_Registry
	CreateImageRegistry RoleQuery = "CreateImageRegistry"
	UpdateImageRegistry RoleQuery = "UpdateImageRegistry"
	DeleteImageRegistry RoleQuery = "DeleteImageRegistry"
	ListImageRegistry   RoleQuery = "ListImageRegistry"
	GetImageRegistry    RoleQuery = "GetImageRegistry"

	// Environment
	UpdateEnvironment RoleQuery = "UpdateEnvironment"
	DeleteEnvironment RoleQuery = "DeleteEnvironment"
	GetEnvironment    RoleQuery = "GetEnvironment"
	ListEnvironments  RoleQuery = "ListEnvironments"

	// Probe
	AddProbe               RoleQuery = "AddProbe"
	DeleteProbe            RoleQuery = "DeleteProbe"
	UpdateProbe            RoleQuery = "UpdateProbe"
	GetProbe               RoleQuery = "GetProbe"
	ListProbes             RoleQuery = "ListProbes"
	MemberRoleOwnerString            = string(model.MemberRoleOwner)
	MemberRoleEditorString           = string(model.MemberRoleEditor)
	MemberRoleViewerString           = string(model.MemberRoleViewer)
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL