grp

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2020 License: MIT Imports: 4 Imported by: 1

Documentation

Overview 

	grp contains methods to parse the various group-formats for
	ActiveDirectory and UNIX LDAP.

	ActiveDirectory: 	TnPg_Srv_Appkaas-clustername-namespace-role_full
	UNIX-LDAP:			tnnt_kaas-clustername-namespace-role

	Tn, tnnt are the tenant-prefixes

	For group policies all that matters are the elements of the stripped
    "inner" group-name, in this case "clustername", "namespace", "role"

Index

Constants

View Source 
const (

	// "wildcard" for allowing all variants
	All = "all"
)

Naming conventions for groups:

ActiveDirectory: TnPg_Srv_Appkaas-clustername-namespace-role_full

TenantPrefix: Tn = Tenant-Prefix GroupType: Pg = PermissionGroup SecondLevelOU: Srv Referenz: App (App-Permission) innerGroupName: kaas-clustername-namespace-role Permission: Full | Mod | Read

UNIX-LDAP: tnnt_kaas-clustername-namespace-role TenantPrefix: tnnt innerGroupName: kaas-clustername-namespace-role

Variables

This section is empty.

Functions

func ParseConnectorId 

func ParseConnectorId(connectorId string) (jwtTenant string, directory string, err error)

parses the connectorId, convention is "[tenant]_[directory]" optionally there can be arbitrary additional fields that are ignored

Types

type Config 

type Config struct {
	// tenant-prefixes are dependant on directory-environment
	ProviderTenant string
}

type Group 

type Group struct {
	// Application
	AppPrefix string
	// Tenant of the cluster, if is not the same as the tenant prefix (example: ddd of group tnnt_ddd#dev-all-admin)
	ClusterTenant string
	// name of the cluster
	ClusterName string
	// namespace in the cluster
	Namespace string
	// role in the given context
	Role string
}

Group information

func (*Group) ToCanonicalGroupString 

func (g *Group) ToCanonicalGroupString() string

ToCanonicalGroupString returns formatted group [app]-[clustername]-[namespace]-[role], the clusterTenant is left out!

func (*Group) ToFullGroupString 

func (g *Group) ToFullGroupString() string

ToFullGroupString returns formatted group [app]-[opt. clustertenant][clustername]-[namespace]-[role]

func (*Group) ToPrefixedGroupString 

func (g *Group) ToPrefixedGroupString(prefix string) string

returns formatted group [prefix][namespace]-[role]

type GroupContext 

type GroupContext struct {
	// tenant of the group (example: tnnt of group tnns_all_all_admin)
	TenantPrefix string

	// group
	Group
}

Group with Context (Tenant)

type GroupContextParseFunc 

type GroupContextParseFunc func(group string) (*GroupContext, error)

common signature for the GroupContext parsing funcs

type GroupExpression 

type GroupExpression struct {
	// Application
	AppPrefix string
	// name of the cluster
	ClusterName string
	// namespace in the cluster
	Namespace string
	// role in the given context
	Role string
}

GroupExpression can be used to find matching groups all fields support "*" as wildcard if they should match everything

func (*GroupExpression) Matches 

func (g *GroupExpression) Matches(group Group) bool

Matches returns if the given groupExpression matches this Group

type Grpr 

type Grpr struct {
	// contains filtered or unexported fields
}

Grpr encapsulates conversion from and to groups.

func MustNewGrpr 

func MustNewGrpr(cfg Config) *Grpr

Init configures the Grpr and panics if an error occurs.

func NewGrpr 

func NewGrpr(cfg Config) (*Grpr, error)

Init configures the Grpr

func (*Grpr) GroupEncodeName 

func (g *Grpr) GroupEncodeName(name string) string

encodes the name so that it can be used in groups, i.e. "-" are replaced by "$"

func (*Grpr) GroupEncodeNames 

func (g *Grpr) GroupEncodeNames(names []string) []string

encodes the names so that it can be used in groups, i.e. "-" are replaced by "$"

func (*Grpr) IsProviderTenant 

func (g *Grpr) IsProviderTenant(tenant string, directoryType string) (bool, error)

IsProviderTenant returns true, if the given tenant is the provider/operator of the service i.e. "tnnt" or "Tn" in our case

func (*Grpr) NewGroup 

func (g *Grpr) NewGroup(app, clusterTenant, cluster, namespace, role string) *Group

NewGroup creates the Group with the given content. Clustername and Namespace will be groupname-encoded.

func (*Grpr) ParseADGroup 

func (g *Grpr) ParseADGroup(groupname string) (*GroupContext, error)

Parse parses and structurally validates a group. The result contains normalized (toLower) results. TnPg_Srv_Appkaas-cluster-namespace-role_full

func (*Grpr) ParseGroupName 

func (g *Grpr) ParseGroupName(groupname string) (*Group, error)

parses the "inner" groupname with stripped tenant prefixes and idm-suffixes example kaas-clustername-namespace-role

func (*Grpr) ParseUnixLDAPGroup 

func (g *Grpr) ParseUnixLDAPGroup(groupname string) (*GroupContext, error)

Parse parses and structurally validates a group. The result contains normalized (toLower) results. tnnt_kaas-clustername-namespace-role

func (*Grpr) SelectGroupParseFunc 

func (g *Grpr) SelectGroupParseFunc(directoryType string) (GroupContextParseFunc, error)

SelectGroupParseFunc selects the parsing func according to the given directoryType, see constants

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.