Affected by GO-2024-2582 and 3 other vulnerabilities

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

authz

package

v0.0.49 Latest Latest Go to latest Published: May 16, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/stacklok/minder

Links

Open Source Insights

Documentation ¶

Overview ¶

Package authz provides the authorization utilities for minder

Index ¶

Variables
type Client
- func NewAuthzClient(cfg *srvconfig.AuthzConfig, l *zerolog.Logger) (Client, error)
type ClientWrapper
type Role
- func ParseRole(r string) (Role, error)
- func (r Role) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// AllRoles is a list of all roles
	AllRoles = map[Role]string{
		AuthzRoleAdmin: "The admin role allows the user to perform all actions on the project and " +
			"sub-projects.",
		AuthzRoleEditor: "The editor role allows for more write and read actions on the project and " +
			"sub-projects except for project administration.",
		AuthzRoleViewer: "The viewer role allows for read actions on the project and sub-projects.",
		AuthzRolePolicyWriter: "The policy_writer role allows for writing policies (rule types and " +
			"profiles) on the project and sub-projects. This is handy for CI jobs.",
		AuthzRolePermissionsManager: "The permissions_manager role allows for managing permissions " +
			"on the project and sub-projects.",
	}
)

View Source

var ErrNotAuthorized = fmt.Errorf("not authorized")

ErrNotAuthorized is the error returned when a user is not authorized to perform an action

View Source

var (
	// ErrStoreNotFound denotes the error where the store wasn't found via the
	// given configuration.
	ErrStoreNotFound = errors.New("Store not found")
)

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client interface {
	// Check returns a NotAuthorized if the action is not allowed on the resource, or nil if it is allowed
	Check(ctx context.Context, action string, project uuid.UUID) error

	// Write stores an authorization tuple allowing user (an OAuth2 subject) to
	// act in the specified role on the project.
	//
	// NOTE: this method _DOES NOT CHECK_ that the current user in the context
	// has permissions to update the project.
	Write(ctx context.Context, user string, role Role, project uuid.UUID) error
	// Delete removes an authorization from user (an OAuth2 subject) to act in
	// the specified role on the project.
	//
	// NOTE: this method _DOES NOT CHECK_ that the current user in the context
	// has permissions to update the project.
	Delete(ctx context.Context, user string, role Role, project uuid.UUID) error

	// DeleteUser removes all authorizations for the given user.
	DeleteUser(ctx context.Context, user string) error

	// AssignmentsToProject outputs the existing role assignments for a given project.
	AssignmentsToProject(ctx context.Context, project uuid.UUID) ([]*minderv1.RoleAssignment, error)

	// ProjectsForUser outputs the projects a user has access to.
	ProjectsForUser(ctx context.Context, sub string) ([]uuid.UUID, error)

	// PrepareForRun allows for any preflight configurations to be done before
	// the server is started.
	PrepareForRun(ctx context.Context) error

	// MigrateUp runs the authz migrations
	MigrateUp(ctx context.Context) error

	// Adopt stores an authorization relationship from one project to another
	Adopt(ctx context.Context, parent, child uuid.UUID) error

	// Orphan removes an authorization relationship from one project to another
	Orphan(ctx context.Context, parent, child uuid.UUID) error
}

Client provides an abstract interface which simplifies interacting with OpenFGA and supports no-op and fake implementations.

func NewAuthzClient ¶

func NewAuthzClient(cfg *srvconfig.AuthzConfig, l *zerolog.Logger) (Client, error)

NewAuthzClient returns a new AuthzClientWrapper

type ClientWrapper ¶

type ClientWrapper struct {
	// contains filtered or unexported fields
}

ClientWrapper is a wrapper for the OpenFgaClient. It is used to provide a common interface for the client and a way to refresh authentication to the authz provider when needed.

func (*ClientWrapper) Adopt ¶ added in v0.0.35

func (a *ClientWrapper) Adopt(ctx context.Context, parent, child uuid.UUID) error

Adopt writes a relationship between the parent and child projects

func (*ClientWrapper) AssignmentsToProject ¶ added in v0.0.28

func (a *ClientWrapper) AssignmentsToProject(ctx context.Context, project uuid.UUID) ([]*minderv1.RoleAssignment, error)

AssignmentsToProject lists the current role assignments that are scoped to a project

func (*ClientWrapper) Check ¶

func (a *ClientWrapper) Check(ctx context.Context, action string, project uuid.UUID) error

Check checks if the user is authorized to perform the given action on the given project.

func (*ClientWrapper) Delete ¶

func (a *ClientWrapper) Delete(ctx context.Context, user string, role Role, project uuid.UUID) error

Delete removes the given role for the given user and project

func (*ClientWrapper) DeleteUser ¶ added in v0.0.28

func (a *ClientWrapper) DeleteUser(ctx context.Context, user string) error

DeleteUser removes all tuples for the given user

func (*ClientWrapper) MigrateUp ¶ added in v0.0.28

func (a *ClientWrapper) MigrateUp(ctx context.Context) error

MigrateUp runs the authz migrations. For OpenFGA this means creating the store and writing the authz model.

func (*ClientWrapper) Orphan ¶ added in v0.0.35

func (a *ClientWrapper) Orphan(ctx context.Context, parent, child uuid.UUID) error

Orphan removes the relationship between the parent and child projects

func (*ClientWrapper) PrepareForRun ¶

func (a *ClientWrapper) PrepareForRun(ctx context.Context) error

PrepareForRun initializes the authz client based on the configuration. This is handy when migrations have already been done and helps us auto-discover the store ID and model.

func (*ClientWrapper) ProjectsForUser ¶ added in v0.0.28

func (a *ClientWrapper) ProjectsForUser(ctx context.Context, sub string) ([]uuid.UUID, error)

ProjectsForUser lists the projects that the given user has access to

func (*ClientWrapper) StoreIDProvided ¶

func (a *ClientWrapper) StoreIDProvided() bool

StoreIDProvided returns true if the store ID was provided in the configuration

func (*ClientWrapper) Write ¶

func (a *ClientWrapper) Write(ctx context.Context, user string, role Role, project uuid.UUID) error

Write persists the given role for the given user and project

type Role ¶

type Role string

Role is the role a user can have on a project

const (
	// AuthzRoleAdmin is the admin role
	AuthzRoleAdmin Role = "admin"
	// AuthzRoleEditor is the editor role
	AuthzRoleEditor Role = "editor"
	// AuthzRoleViewer is the viewer role
	AuthzRoleViewer Role = "viewer"
	// AuthzRolePolicyWriter is the `policy_writer` role
	AuthzRolePolicyWriter Role = "policy_writer"
	// AuthzRolePermissionsManager is the `permissions_manager` role
	AuthzRolePermissionsManager Role = "permissions_manager"
)

func ParseRole ¶ added in v0.0.28

func ParseRole(r string) (Role, error)

ParseRole parses a string into a Role

func (Role) String ¶

func (r Role) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock Package mock provides a no-op implementation of the minder the authorization client	Package mock provides a no-op implementation of the minder the authorization client

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL