auth

package
v0.0.0-...-42225ac Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 26, 2017 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Overview

Package auth provides functionality related to authentication and authorization

Index

Constants

View Source
const (
	// PermissionTypeResource is to used in a Keycloak Permission payload: {"type":"resource"}
	PermissionTypeResource = "resource"
	// PolicyTypeUser is to used in a Keycloak Policy payload: {"type":"user"}
	PolicyTypeUser = "user"
	// PolicyLogicPossitive is to used in a Keycloak Policy payload: {"logic":""POSITIVE"}
	PolicyLogicPossitive = "POSITIVE"
	// PolicyDecisionStrategyUnanimous is to used in a Keycloak Policy payload: {"decisionStrategy":""UNANIMOUS"}
	PolicyDecisionStrategyUnanimous = "UNANIMOUS"
)

Variables

This section is empty.

Functions

func CreatePermission

func CreatePermission(ctx context.Context, clientsEndpoint string, clientID string, permission KeycloakPermission, protectionAPIToken string) (string, error)

CreatePermission creates a Keycloak permission

func CreatePolicy

func CreatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) (string, error)

CreatePolicy creates a Keycloak policy

func CreateResource

func CreateResource(ctx context.Context, resource KeycloakResource, authzEndpoint string, protectionAPIToken string) (string, error)

CreateResource creates a Keycloak resource

func DeletePermission

func DeletePermission(ctx context.Context, clientsEndpoint string, clientID string, permissionID string, protectionAPIToken string) error

DeletePermission deletes the Keycloak permission

func DeletePolicy

func DeletePolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) error

DeletePolicy deletes the Keycloak policy

func DeleteResource

func DeleteResource(ctx context.Context, kcResourceID string, authzEndpoint string, protectionAPIToken string) error

DeleteResource deletes the Keycloak resource assosiated with the space

func GetClientID

func GetClientID(ctx context.Context, clientsEndpoint string, publicClientID string, protectionAPIToken string) (string, error)

GetClientID obtains the internal client ID associated with keycloak client

func GetEntitlement

func GetEntitlement(ctx context.Context, entitlementEndpoint string, entitlementResource *EntitlementResource, userAccesToken string) (*string, error)

GetEntitlement obtains Entitlement for specific resource. If entitlementResource == nil then Entitlement for all resources available to the user is returned. Returns (nil, nil) if response status == Forbiden which means the user doesn't have permissions to obtain Entitlement

func GetProtectedAPIToken

func GetProtectedAPIToken(ctx context.Context, openidConnectTokenURL string, clientID string, clientSecret string) (string, error)

GetProtectedAPIToken obtains a Protected API Token (PAT) from Keycloak

func UpdatePolicy

func UpdatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) error

UpdatePolicy updates the Keycloak policy

func ValidateKeycloakUser

func ValidateKeycloakUser(ctx context.Context, adminEndpoint string, userID, protectionAPIToken string) (bool, error)

ValidateKeycloakUser returns true if the user exists in Keycloak. Returns false if the user is not found

func VerifyResourceUser

func VerifyResourceUser(ctx context.Context, token string, resourceName string, entitlementEndpoint string) (bool, error)

VerifyResourceUser returns true if the user among the resource collaborators

Types

type AuthorizationPayload

type AuthorizationPayload struct {
	Permissions []Permissions `json:"permissions"`
}

AuthorizationPayload represents an authz payload in the rpt token

type AuthzPolicyManager

type AuthzPolicyManager interface {
	GetPolicy(ctx context.Context, request *goa.RequestData, policyID string) (*KeycloakPolicy, *string, error)
	UpdatePolicy(ctx context.Context, request *goa.RequestData, policy KeycloakPolicy, pat string) error
	AddUserToPolicy(p *KeycloakPolicy, userID string) bool
	RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool
}

AuthzPolicyManager represents a space collaborators policy manager

type AuthzResourceManager

type AuthzResourceManager interface {
	CreateResource(ctx context.Context, request *goa.RequestData, name string, rType string, uri *string, scopes *[]string, userID string) (*Resource, error)
	DeleteResource(ctx context.Context, request *goa.RequestData, resource Resource) error
}

AuthzResourceManager represents a space resource manager

type EntitlementResource

type EntitlementResource struct {
	Permissions []ResourceSet `json:"permissions"`
}

EntitlementResource represents a payload for obtaining entitlement for specific resource

type GormOauthStateReferenceRepository

type GormOauthStateReferenceRepository struct {
	// contains filtered or unexported fields
}

GormOauthStateReferenceRepository implements OauthStateReferenceRepository using gorm

func NewOauthStateReferenceRepository

func NewOauthStateReferenceRepository(db *gorm.DB) *GormOauthStateReferenceRepository

NewOauthStateReferenceRepository creates a new oauth state reference repo

func (*GormOauthStateReferenceRepository) Create

Create creates a new oauth state reference in the DB returns InternalError

func (*GormOauthStateReferenceRepository) Delete

Delete deletes the reference with the given id returns NotFoundError or InternalError

func (*GormOauthStateReferenceRepository) Load

Load loads state reference by ID

type KeycloakConfiguration

type KeycloakConfiguration interface {
	GetKeycloakEndpointAuthzResourceset(*goa.RequestData) (string, error)
	GetKeycloakEndpointToken(*goa.RequestData) (string, error)
	GetKeycloakEndpointClients(*goa.RequestData) (string, error)
	GetKeycloakEndpointAdmin(*goa.RequestData) (string, error)
	GetKeycloakEndpointEntitlement(*goa.RequestData) (string, error)
	GetKeycloakClientID() string
	GetKeycloakSecret() string
}

KeycloakConfiguration represents a keycloak configuration

type KeycloakPermission

type KeycloakPermission struct {
	ID               *string              `json:"id,omitempty"`
	Name             string               `json:"name"`
	Type             string               `json:"type"`
	Logic            string               `json:"logic"`
	DecisionStrategy string               `json:"decisionStrategy"`
	Config           PermissionConfigData `json:"config"`
}

KeycloakPermission represents a keycloak permission payload

type KeycloakPolicy

type KeycloakPolicy struct {
	ID               *string          `json:"id,omitempty"`
	Name             string           `json:"name"`
	Type             string           `json:"type"`
	Logic            string           `json:"logic"`
	DecisionStrategy string           `json:"decisionStrategy"`
	Config           PolicyConfigData `json:"config"`
}

KeycloakPolicy represents a keycloak policy payload

func GetPolicy

func GetPolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) (*KeycloakPolicy, error)

GetPolicy obtains a policy from Keycloak

func (*KeycloakPolicy) AddUserToPolicy

func (p *KeycloakPolicy) AddUserToPolicy(userID string) bool

AddUserToPolicy adds the user ID to the policy

func (*KeycloakPolicy) RemoveUserFromPolicy

func (p *KeycloakPolicy) RemoveUserFromPolicy(userID string) bool

RemoveUserFromPolicy removes the user ID from the policy

type KeycloakPolicyManager

type KeycloakPolicyManager struct {
	// contains filtered or unexported fields
}

KeycloakPolicyManager implements AuthzPolicyManager interface

func NewKeycloakPolicyManager

func NewKeycloakPolicyManager(config KeycloakConfiguration) *KeycloakPolicyManager

NewKeycloakPolicyManager constructs KeycloakPolicyManager

func (*KeycloakPolicyManager) AddUserToPolicy

func (m *KeycloakPolicyManager) AddUserToPolicy(p *KeycloakPolicy, userID string) bool

AddUserToPolicy adds the user ID to the policy

func (*KeycloakPolicyManager) GetPolicy

func (m *KeycloakPolicyManager) GetPolicy(ctx context.Context, request *goa.RequestData, policyID string) (*KeycloakPolicy, *string, error)

GetPolicy obtains the space collaborators policy

func (*KeycloakPolicyManager) RemoveUserFromPolicy

func (m *KeycloakPolicyManager) RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool

RemoveUserFromPolicy removes the user ID from the policy

func (*KeycloakPolicyManager) UpdatePolicy

func (m *KeycloakPolicyManager) UpdatePolicy(ctx context.Context, request *goa.RequestData, policy KeycloakPolicy, pat string) error

UpdatePolicy updates the space collaborators policy

type KeycloakResource

type KeycloakResource struct {
	Name   string    `json:"name"`
	Owner  *string   `json:"owner,omitempty"`
	Type   string    `json:"type"`
	Scopes *[]string `json:"scopes,omitempty"`
	URI    *string   `json:"uri,omitempty"`
}

KeycloakResource represents a keycloak resource payload

type KeycloakResourceManager

type KeycloakResourceManager struct {
	// contains filtered or unexported fields
}

KeycloakResourceManager implements AuthzResourceManager interface

func NewKeycloakResourceManager

func NewKeycloakResourceManager(config KeycloakConfiguration) *KeycloakResourceManager

NewKeycloakResourceManager constructs KeycloakResourceManager

func (*KeycloakResourceManager) CreateResource

func (m *KeycloakResourceManager) CreateResource(ctx context.Context, request *goa.RequestData, name string, rType string, uri *string, scopes *[]string, userID string) (*Resource, error)

CreateResource creates a keycloak resource and associated permission and policy

func (*KeycloakResourceManager) DeleteResource

func (m *KeycloakResourceManager) DeleteResource(ctx context.Context, request *goa.RequestData, resource Resource) error

DeleteResource deletes the keycloak resource and associated permission and policy

type OauthStateReference

type OauthStateReference struct {
	gormsupport.Lifecycle
	ID       uuid.UUID `sql:"type:uuid default uuid_generate_v4()" gorm:"primary_key"`
	Referrer string
}

OauthStateReference represents a oauth state reference

func (OauthStateReference) Equal

Equal returns true if two States objects are equal; otherwise false is returned.

func (OauthStateReference) TableName

func (r OauthStateReference) TableName() string

TableName implements gorm.tabler

type OauthStateReferenceRepository

type OauthStateReferenceRepository interface {
	Create(ctx context.Context, state *OauthStateReference) (*OauthStateReference, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	Load(ctx context.Context, ID uuid.UUID) (*OauthStateReference, error)
}

OauthStateReferenceRepository encapsulate storage & retrieval of state references

type PermissionConfigData

type PermissionConfigData struct {
	Resources     string `json:"resources"`
	ApplyPolicies string `json:"applyPolicies"`
}

PermissionConfigData represents a config in the keycloak permission payload

type Permissions

type Permissions struct {
	ResourceSetName *string `json:"resource_set_name"`
	ResourceSetID   *string `json:"resource_set_id"`
}

Permissions represents a "permissions" in the AuthorizationPayload

type PolicyConfigData

type PolicyConfigData struct {
	//"users":"[\"<ID>\",\"<ID>\"]"
	UserIDs string `json:"users"`
}

PolicyConfigData represents a config in the keycloak policy payload

type Resource

type Resource struct {
	ResourceID   string
	PolicyID     string
	PermissionID string
}

Resource represents a Keycloak resource and associated permission and policy

type ResourceSet

type ResourceSet struct {
	Name string  `json:"resource_set_name"`
	ID   *string `json:"resource_set_id,omitempty"`
}

ResourceSet represents a resource set for Entitlement payload

type Token

type Token struct {
	AccessToken      *string `json:"access_token,omitempty"`
	ExpiresIn        *int64  `json:"expires_in,omitempty"`
	NotBeforePolicy  *int64  `json:"not-before-policy,omitempty"`
	RefreshExpiresIn *int64  `json:"refresh_expires_in,omitempty"`
	RefreshToken     *string `json:"refresh_token,omitempty"`
	TokenType        *string `json:"token_type,omitempty"`
}

Token represents a Keycloak token response

func ReadToken

func ReadToken(ctx context.Context, res *http.Response) (*Token, error)

ReadToken extracts json with token data from the response

type TokenPayload

type TokenPayload struct {
	jwt.StandardClaims
	Authorization *AuthorizationPayload `json:"authorization"`
}

TokenPayload represents an rpt token

type UserInfo

type UserInfo struct {
	Sub               string `json:"sub"`
	Name              string `json:"name"`
	PreferredUsername string `json:"preferred_username"`
	GivenName         string `json:"given_name"`
	FamilyName        string `json:"family_name"`
	Email             string `json:"email"`
}

UserInfo represents a user info Keycloak payload

func GetUserInfo

func GetUserInfo(ctx context.Context, userInfoEndpoint string, userAccessToken string) (*UserInfo, error)

GetUserInfo gets user info from Keycloak

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL