Documentation ¶
Index ¶
- Variables
- type AccessLevel
- type Action
- type AuthConfig
- type AuthenticationClient
- type Authorization
- type AuthorizationClient
- type AzureConfig
- type AzureKeyFunc
- type AzureTokenAuthenticator
- type AzureTokenAuthenticatorOptions
- type AzureTokenUser
- func (t AzureTokenUser) GetEmail() string
- func (t AzureTokenUser) GetName() string
- func (t AzureTokenUser) GetRoles() []user.Role
- func (t AzureTokenUser) GetUid() string
- func (t *AzureTokenUser) Parse(tokenString string, keyFunc AzureKeyFunc, disableVerification bool) error
- func (t AzureTokenUser) Valid() error
- type ContextKey
- type MockAuthenticator
- type RoleAuthorizer
- func (ra RoleAuthorizer) Authorize(subject Subject, action Action, user user.User, object any) (bool, error)
- func (ra RoleAuthorizer) GetPermissions(subject Subject, action Action, usr user.User, data any) (bool, error)
- func (ra RoleAuthorizer) GetSecretPermissions(usr user.User, data any) (map[Action]bool, error)
- func (ra RoleAuthorizer) GetVolumePermissions(usr user.User, data any) (map[Action]bool, error)
- func (ra RoleAuthorizer) GetWorkspacePermissions(wsp string, usr user.User) (AccessLevel, error)
- type Subject
Constants ¶
This section is empty.
Variables ¶
View Source
var TimeFunc = time.Now
The time to use when validating token life-time, defaults to time.Now which is UTC, https://tools.ietf.org/html/rfc7519#section-4.1.4 can be temporarily overridden when testing
Functions ¶
This section is empty.
Types ¶
type AccessLevel ¶
type AuthConfig ¶
type AuthenticationClient ¶
an authclient either gives an error or an authenticated user
func NewAuthClientFromConfig ¶
func NewAuthClientFromConfig(config AuthConfig) (AuthenticationClient, error)
func NewAzureTokenAuthenticator ¶
func NewAzureTokenAuthenticator(KeyFunc AzureKeyFunc, Audience string, Issuer string, Options AzureTokenAuthenticatorOptions) AuthenticationClient
type Authorization ¶
func GetAuthorization ¶
func GetAuthorization(ctx context.Context) *Authorization
type AuthorizationClient ¶
type AzureConfig ¶
type AzureKeyFunc ¶
type AzureKeyFunc = func(claim *jwt.Token) (interface{}, error)
the same as the jwt KeyFunc
type AzureTokenAuthenticator ¶
type AzureTokenAuthenticator struct { KeyFunc AzureKeyFunc // the intended audience to be verified with the token `aud` claim Audience string // the issuer id to be verified with the token `iss` claim Issuer string // Use only in safe environments Options AzureTokenAuthenticatorOptions }
func (AzureTokenAuthenticator) Authenticate ¶
type AzureTokenAuthenticatorOptions ¶
type AzureTokenAuthenticatorOptions struct { // Disable verification of the signature of the tokens, (claims are still validated) DisableVerification bool }
type AzureTokenUser ¶
type AzureTokenUser struct { Name string `json:"name"` Email string `json:"email"` Oid string `json:"oid"` Roles []user.Role `json:"roles"` jwt.RegisteredClaims // contains filtered or unexported fields }
implements user.User
func NewAzureTokenUser ¶
func NewAzureTokenUser(audience string, issuer string) AzureTokenUser
func (AzureTokenUser) GetEmail ¶
func (t AzureTokenUser) GetEmail() string
func (AzureTokenUser) GetName ¶
func (t AzureTokenUser) GetName() string
func (AzureTokenUser) GetRoles ¶
func (t AzureTokenUser) GetRoles() []user.Role
func (AzureTokenUser) GetUid ¶
func (t AzureTokenUser) GetUid() string
func (*AzureTokenUser) Parse ¶
func (t *AzureTokenUser) Parse(tokenString string, keyFunc AzureKeyFunc, disableVerification bool) error
func (AzureTokenUser) Valid ¶
func (t AzureTokenUser) Valid() error
called from the jwt-parser code to ensure the token is valid wrt also called explicitly from the no-verification path of Parse
type MockAuthenticator ¶
the mock authenticator can be used for testing
func (MockAuthenticator) Authenticate ¶
type RoleAuthorizer ¶
type RoleAuthorizer struct { // map subject -> action -> required permssion Workspaces workspace.WorkspaceClient }
func (RoleAuthorizer) GetPermissions ¶
func (RoleAuthorizer) GetSecretPermissions ¶
func (RoleAuthorizer) GetVolumePermissions ¶
func (RoleAuthorizer) GetWorkspacePermissions ¶
func (ra RoleAuthorizer) GetWorkspacePermissions(wsp string, usr user.User) (AccessLevel, error)
Click to show internal directories.
Click to hide internal directories.