Documentation

Overview

    Package auth implements etcd authentication.

    Index

    Constants

    View Source
    const (
    	// StorePermsPrefix is the internal prefix of the storage layer dedicated to storing user data.
    	StorePermsPrefix = "/2"
    
    	// RootRoleName is the name of the ROOT role, with privileges to manage the cluster.
    	RootRoleName = "root"
    
    	// GuestRoleName is the name of the role that defines the privileges of an unauthenticated user.
    	GuestRoleName = "guest"
    )

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Error

    type Error struct {
    	Status int
    	Errmsg string
    }

    func (Error) Error

    func (ae Error) Error() string

    func (Error) HTTPStatus

    func (ae Error) HTTPStatus() int

    type PasswordStore

    type PasswordStore interface {
    	CheckPassword(user User, password string) bool
    	HashPassword(password string) (string, error)
    }

    type Permissions

    type Permissions struct {
    	KV RWPermission `json:"kv"`
    }

    func (Permissions) Grant

    func (p Permissions) Grant(n *Permissions) (Permissions, error)

      Grant adds a set of permissions to the permission object on which it is called, returning a new permission object.

      func (*Permissions) IsEmpty

      func (p *Permissions) IsEmpty() bool

      func (Permissions) Revoke

      func (p Permissions) Revoke(n *Permissions) (Permissions, error)

        Revoke removes a set of permissions to the permission object on which it is called, returning a new permission object.

        type RWPermission

        type RWPermission struct {
        	Read  []string `json:"read"`
        	Write []string `json:"write"`
        }

        func (RWPermission) Grant

          Grant adds a set of permissions to the permission object on which it is called, returning a new permission object.

          func (RWPermission) HasAccess

          func (rw RWPermission) HasAccess(key string, write bool) bool

          func (RWPermission) HasRecursiveAccess

          func (rw RWPermission) HasRecursiveAccess(key string, write bool) bool

          func (RWPermission) Revoke

          func (rw RWPermission) Revoke(n RWPermission) (RWPermission, error)

            Revoke removes a set of permissions to the permission object on which it is called, returning a new permission object.

            type Role

            type Role struct {
            	Role        string       `json:"role"`
            	Permissions Permissions  `json:"permissions"`
            	Grant       *Permissions `json:"grant,omitempty"`
            	Revoke      *Permissions `json:"revoke,omitempty"`
            }

            func (Role) HasKeyAccess

            func (r Role) HasKeyAccess(key string, write bool) bool

            func (Role) HasRecursiveAccess

            func (r Role) HasRecursiveAccess(key string, write bool) bool

            type Store

            type Store interface {
            	AllUsers() ([]string, error)
            	GetUser(name string) (User, error)
            	CreateOrUpdateUser(user User) (out User, created bool, err error)
            	CreateUser(user User) (User, error)
            	DeleteUser(name string) error
            	UpdateUser(user User) (User, error)
            	AllRoles() ([]string, error)
            	GetRole(name string) (Role, error)
            	CreateRole(role Role) error
            	DeleteRole(name string) error
            	UpdateRole(role Role) (Role, error)
            	AuthEnabled() bool
            	EnableAuth() error
            	DisableAuth() error
            	PasswordStore
            }

            func NewStore

            func NewStore(server doer, timeout time.Duration) Store

            type User

            type User struct {
            	User     string   `json:"user"`
            	Password string   `json:"password,omitempty"`
            	Roles    []string `json:"roles"`
            	Grant    []string `json:"grant,omitempty"`
            	Revoke   []string `json:"revoke,omitempty"`
            }