Documentation ¶
Index ¶
- Constants
- Variables
- func NewRoleUser(name string, role protobase.ACLPermInterface) protobase.ACLPermInterface
- type ACL
- type ACLNodeBase
- func (anb *ACLNodeBase) Add(args ...string) error
- func (anb *ACLNodeBase) CanDo(wildmatch bool, args ...string) bool
- func (anb *ACLNodeBase) GetIdentifier(ident string) protobase.ACLNodeInterface
- func (anb *ACLNodeBase) HasIdentifier(ident string) bool
- func (anb *ACLNodeBase) HasWildIdentifier(item string) (ok bool)
- func (anb *ACLNodeBase) IsResource(ident string) bool
- func (anb *ACLNodeBase) Len() int
- func (anb *ACLNodeBase) MakeChild(level int, ident string) protobase.ACLNodeInterface
- func (anb *ACLNodeBase) RemoveValue(key string) bool
- func (anb *ACLNodeBase) SetValue(key string, value protobase.ACLNodeInterface) bool
- func (anb *ACLNodeBase) Unset(args ...string) (bool, error)
- type Ability
- type Action
- type AuthConfig
- type AuthEntity
- type AuthGroups
- type AuthInfo
- type Authentication
- func (a *Authentication) Authenticate(creds protobase.CredentialsInterface) bool
- func (a *Authentication) CanAuthenticate(creds protobase.CredentialsInterface) (ok bool, err error)
- func (a *Authentication) CreateGroup(name string, permissions [][3]string) (err error)
- func (a *Authentication) GetACL() protobase.ACLInterface
- func (a *Authentication) GetMode() protobase.AuthMode
- func (a *Authentication) GetUserType(uid string) (utype protobase.AuthUserType, err error)
- func (a *Authentication) HasClient(uid string) (ok bool)
- func (a *Authentication) HasSession(clientId string) (result bool)
- func (a *Authentication) MakeCreds(uid string, pid string, cid string, args ...interface{}) (creds protobase.CredentialsInterface, err error)
- func (a *Authentication) Register(creds protobase.CredentialsInterface) (result bool)
- func (a *Authentication) RegisterToGroup(group string, creds protobase.CredentialsInterface) (ok bool, err error)
- func (a *Authentication) RemoveWithIdentifier(identifier *string) (result bool, err error)
- func (a *Authentication) SetMode(mode protobase.AuthMode)
- func (a *Authentication) TryAuthenticate(creds protobase.CredentialsInterface) bool
- func (a *Authentication) TryUnAuthenticate(uid string) bool
- type Creds
- type Entity
- type Perms
- type Resource
- type Role
- func (r *Role) HasExactPerm(ability string, action string, resource string) bool
- func (r *Role) HasPerm(ability string, action string, resource string) bool
- func (r *Role) SetMode(mode protobase.ACLMode) bool
- func (r *Role) SetPerm(ability string, action string, resource string) error
- func (r *Role) UnsetPerm(ability string, action string, resource string) error
- type RoleUser
Constants ¶
const ( // ModUSRPSWD is a flag to indicate the usage of username/password ModUSRPSWD = iota // ModSIG is a flag to indicate the usage of signature ModSIG )
Authenication modes
const ( UNotAuthorized = iota UAuthorized )
Authorization flags
const ( // Permission requires exact length of following // constant. AuthACLPermLength = 3 )
Permission constants
Variables ¶
var ( EACLInvalid error = errors.New("permissions: attempt to unset non existing node") EACLViolation error = errors.New("permissions: attempt to readd resource") EACInconsistentConfig error = errors.New("auth(config): invalid configuration for mode") EACINVAL error = errors.New("auth(config): invalid/unknown value/flag in configuration") )
ACL and Config error messages
var ( NonExistingUser error = errors.New("permissions: user does not exist") BadPassword error = errors.New("permissions: invalid password") EAUTHInvalidPerms error = errors.New("permissions: invalid or insufficent permission list") EAUTHGeneralFailure error = errors.New("permissions: general operation failure") EAUTHUserReadd error = errors.New("auth: attempt to re-registering existing user") ECREDINVAL error = errors.New("credentials: missing or invalid credentials") )
Error messages
var (
EAUTHNotImplemented error = errors.New("auth: not implemented")
)
Debug codes ( for development )
var (
EAUTHUnknownMode error = fmt.Errorf(eFMT, "auth", "unable to set mode")
)
Error messages
Functions ¶
func NewRoleUser ¶
func NewRoleUser(name string, role protobase.ACLPermInterface) protobase.ACLPermInterface
Types ¶
type ACL ¶
func (*ACL) GetOrCreate ¶
func (acl *ACL) GetOrCreate(name string) (role protobase.ACLPermInterface, isNew bool)
type ACLNodeBase ¶
type ACLNodeBase struct { Name string // contains filtered or unexported fields }
func NewACLNodeBase ¶
func NewACLNodeBase() *ACLNodeBase
func (*ACLNodeBase) Add ¶
func (anb *ACLNodeBase) Add(args ...string) error
func (*ACLNodeBase) GetIdentifier ¶
func (anb *ACLNodeBase) GetIdentifier(ident string) protobase.ACLNodeInterface
func (*ACLNodeBase) HasIdentifier ¶
func (anb *ACLNodeBase) HasIdentifier(ident string) bool
func (*ACLNodeBase) HasWildIdentifier ¶
func (anb *ACLNodeBase) HasWildIdentifier(item string) (ok bool)
func (*ACLNodeBase) IsResource ¶
func (anb *ACLNodeBase) IsResource(ident string) bool
func (*ACLNodeBase) Len ¶
func (anb *ACLNodeBase) Len() int
func (*ACLNodeBase) MakeChild ¶
func (anb *ACLNodeBase) MakeChild(level int, ident string) protobase.ACLNodeInterface
func (*ACLNodeBase) RemoveValue ¶
func (anb *ACLNodeBase) RemoveValue(key string) bool
func (*ACLNodeBase) SetValue ¶
func (anb *ACLNodeBase) SetValue(key string, value protobase.ACLNodeInterface) bool
type Ability ¶
type Ability struct {
*ACLNodeBase
}
type Action ¶
type Action struct {
*ACLNodeBase
}
type AuthConfig ¶
type AuthConfig struct { AccessGroups AuthGroups Credentials []AuthEntity Mode protobase.AuthMode }
AuthConfig is a struct used to config Auth subsystem during/ and after initialization. It defines global access rules such as Authenication mode.
func NewAuthConfig ¶
func NewAuthConfig() *AuthConfig
NewAuthConfig is a function that allocate and initializes `AuthConfig` and returns a pointer to it. The default authentication mode is `protobase.AUTHModeNone` which returns an error during validity checks intentionally to prevent complications during development & debugging.
func (*AuthConfig) AddCredential ¶
func (ac *AuthConfig) AddCredential(group string, cred protobase.CredentialsInterface) (err error)
AddCredentials is a receiver method which adds a new entry to its storage. The `group` argument is used to associate a given entry to the corresponding Auth Group in `AccessGroups`. It returns an error in case of unsucc- sessfull operation.
func (*AuthConfig) IsValid ¶
func (ac *AuthConfig) IsValid() (ok bool, err error)
IsValid is a receiver method that checks validity of underlaying data and returns an error in case of unsuccessfull operation. It can be used manually to ensure integrity, but it is mainly used by Auth subsystem.
type AuthEntity ¶
type AuthEntity struct { Credential protobase.CredentialsInterface // Credential contains entity cred. (e.g. id, passwd, .... ) Group string // Gruop specifies an association to certain Authorization group }
type AuthGroups ¶
type AuthGroups struct { Members map[string][][3]string // Groups contains default feasible permissions Type protobase.ACLMode // Type is default Access type ( i.e. Inclusive, Exclusive or Undefined ) }
AuthGroup is a struct used to define individual access setting. It is used for initial Auth subsystem configuration.
func (*AuthGroups) Add ¶
func (ag *AuthGroups) Add(name string, perm ...string) (err error)
Add is a receiver method that creates a new group when neccessary and adds the given permission line to it. It returns an error to indicate conformance violation.
func (*AuthGroups) HasGroup ¶
func (ag *AuthGroups) HasGroup(name string) (ok bool)
HasGroup returns whether a given Auth Group is registered.
func (*AuthGroups) IsValid ¶
func (ag *AuthGroups) IsValid() (ok bool, err error)
IsValid checks validity of underlaying data and returns an error in case of violation. It is used by `AuthConfig` and invoked prior to `AuthConfig`'s own validation procedure.
func (*AuthGroups) Len ¶
func (ag *AuthGroups) Len() int
Len returns number of total registered groups.
type AuthInfo ¶
AuthInfo is a struct that is associated to each registered identifier in `Authentication`. It contains informations such as access times, statistics, ip address, permissions and etc .... .
func NewAuthInfo ¶
func NewAuthInfo(creds protobase.CredentialsInterface) *AuthInfo
NewAuthInfo allocates and initializes a new `AuthInfo` with the given credentials and returns a pointer to it.
func (*AuthInfo) GetType ¶
func (ai *AuthInfo) GetType() protobase.AuthUserType
GetType returns associated `protobase.AuthUserType` of the given entry.
func (*AuthInfo) IsAuthorized ¶
IsAuthorized returns whether the current entry is authorized.
func (*AuthInfo) SetAuthorized ¶
func (ai *AuthInfo) SetAuthorized()
SetAuthorized sets the authorization status to true.
func (*AuthInfo) SetType ¶
func (ai *AuthInfo) SetType(t protobase.AuthUserType)
SetType sets user type flag.
func (*AuthInfo) UnsetAuthorized ¶
func (ai *AuthInfo) UnsetAuthorized()
UnsetAuthorized unauthorizes the current entry by setting authorization flag to false.
type Authentication ¶
Authentication is a `protobase.AuthInterface` compatible struct.
func NewAuthenticator ¶
func NewAuthenticator() *Authentication
NewAuthenticator allocates and initializes a new `Authentication` instance and returns a pointer to it.
func NewAuthenticatorFromConfig ¶
func NewAuthenticatorFromConfig(config *AuthConfig) (a *Authentication, err error)
NewAuthenticatorFromConfig allocate and initializes a new `Authentication` instance and config it according to `config` argument. It returns an error in case of unsuccessfull operation or invalid configuration.
func (*Authentication) Authenticate ¶
func (a *Authentication) Authenticate(creds protobase.CredentialsInterface) bool
TODO
func (*Authentication) CanAuthenticate ¶
func (a *Authentication) CanAuthenticate(creds protobase.CredentialsInterface) (ok bool, err error)
CanAuthenticate returns a boolean indicating validity of the given credentials. It returns an error propogated from lower levels.
func (*Authentication) CreateGroup ¶
func (a *Authentication) CreateGroup(name string, permissions [][3]string) (err error)
CreateGroup creates a new ACL group with the given permissions.
func (*Authentication) GetACL ¶
func (a *Authentication) GetACL() protobase.ACLInterface
GetACL returns internal ACL subsystem. It is important to ensure returned value is not null ( in absence of ACL ).
func (*Authentication) GetMode ¶
func (a *Authentication) GetMode() protobase.AuthMode
GetMode is a getter for authentication mode.
func (*Authentication) GetUserType ¶
func (a *Authentication) GetUserType(uid string) (utype protobase.AuthUserType, err error)
func (*Authentication) HasClient ¶
func (a *Authentication) HasClient(uid string) (ok bool)
HasClient returns a boolen to indicate whether a client with given identifier exists or not.
func (*Authentication) HasSession ¶
func (a *Authentication) HasSession(clientId string) (result bool)
func (*Authentication) MakeCreds ¶
func (a *Authentication) MakeCreds(uid string, pid string, cid string, args ...interface{}) (creds protobase.CredentialsInterface, err error)
MakeCreds takes standard `protobase.CredentialsInterface` arguments and creates a new `protobase.CredentialsInterface`.
func (*Authentication) Register ¶
func (a *Authentication) Register(creds protobase.CredentialsInterface) (result bool)
Register takes a `protobase.CredentialsInterface` struct and tries to register it. It returns true iff the given credential has not been registered prior to current attempt.
func (*Authentication) RegisterToGroup ¶
func (a *Authentication) RegisterToGroup(group string, creds protobase.CredentialsInterface) (ok bool, err error)
RegisterToGroup takes a `protobase.CredentialsInterface` struct and tries to register it. It returns true iff the given credential has not been registered prior to current attempt and iff given `group` exists.
func (*Authentication) RemoveWithIdentifier ¶
func (a *Authentication) RemoveWithIdentifier(identifier *string) (result bool, err error)
RemoveWithIdentifier takes a `string` pointer and tries to remove the entry associated with the given identifier when it exists and indicate its success with a boolean. It also returns an error when unsuccessfull.
func (*Authentication) SetMode ¶
func (a *Authentication) SetMode(mode protobase.AuthMode)
SetMode is a receiver method that sets the authorization mode.
func (*Authentication) TryAuthenticate ¶
func (a *Authentication) TryAuthenticate(creds protobase.CredentialsInterface) bool
TryAuthenticate evaluates the given credentials and tries to authenticate with it. It returns a boolean indicating its success status.
func (*Authentication) TryUnAuthenticate ¶
func (a *Authentication) TryUnAuthenticate(uid string) bool
TryUnAuthenticate takes an identifier and tries to unauthenticate the entry associated with it. It returns a boolean indicating its success status.
type Creds ¶
Creds is a basic credential container.
func (*Creds) Copy ¶
func (c *Creds) Copy() protobase.CredentialsInterface
Copy returns a new instance of a compatible `protobase.CredentialsInterface`.
func (*Creds) GetCredentials ¶
GetCredentials returns data associated with authenication method.
func (*Creds) IsValid ¶
IsValid returns a boolean indicating that whether the actual credentials are properly formatted and checks edge cases ( e.g. empty strings ).
func (*Creds) Match ¶
func (c *Creds) Match(cred protobase.CredentialsInterface) (ret bool)
Match is a receiver method that compares two
`protobase.CredentialsInterface` and returns a boolean to indicate whether both are identical or not. It is used to match stored credentials against user-given credentials usually during initial handshake and initialization stage.
type Resource ¶
type Resource struct { *ACLNodeBase Providers []string // contains filtered or unexported fields }
type Role ¶
type Role struct { *sync.RWMutex Name string Mode protobase.ACLMode // contains filtered or unexported fields }