engine

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2022 License: AGPL-3.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Model defines the policy model definition used by the engine.
	//go:embed casbin_model.conf
	Model string

	// DefaultPolicy defines the default policy used by the system.
	//go:embed casbin_default_policy.csv
	DefaultPolicy string
)
View Source 
var PermissionValues = []Permission{
	ReadPermission, WritePermission, UpdatePermission, DeletePermission,
	AdminPermission, SystemPermission,
}

PermissionValues defines an array of permissions within the system.

Functions

func Derive 

func Derive(root string, service Service, user *User) (username, password []byte, err error)

Derive provides a convenience function for producing a username and password for a site given the site config.

func EnsurePolicy 

func EnsurePolicy(enforcer *casbin.Enforcer, policy string) error

EnsurePolicy parses the provided policy (in csv format) and adds the named line to the enforcer. This is useful for using a non-file-adapter backends and loading them with a default policy.

func Middleware 

func Middleware(handler http.Handler, api *API, authKind string) http.Handler

Middleware returns an HTTP middleware that manages authenticated users.

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

API encapsulates the requirements of operating the API.

func NewAPI 

func NewAPI(db *badger.DB, enforcer *casbin.Enforcer, root string) *API

NewAPI constructs a new API definition used to mount the various endpoints for the engine.

func (*API) CreateService 

func (api *API) CreateService(w http.ResponseWriter, r *http.Request)

func (*API) DeleteGrant 

func (api *API) DeleteGrant(w http.ResponseWriter, r *http.Request)

func (*API) DeleteService 

func (api *API) DeleteService(w http.ResponseWriter, r *http.Request)

func (*API) GetCurrentUser 

func (api *API) GetCurrentUser(w http.ResponseWriter, r *http.Request)

func (*API) GetService 

func (api *API) GetService(w http.ResponseWriter, r *http.Request)

func (*API) GetServiceCredentials 

func (api *API) GetServiceCredentials(w http.ResponseWriter, r *http.Request)

func (*API) ListCredentials 

func (api *API) ListCredentials(w http.ResponseWriter, r *http.Request)

func (*API) ListGrants 

func (api *API) ListGrants(w http.ResponseWriter, r *http.Request)

func (*API) ListServices 

func (api *API) ListServices(w http.ResponseWriter, r *http.Request)

func (*API) ListUsers 

func (api *API) ListUsers(w http.ResponseWriter, r *http.Request)

func (*API) PutGrant 

func (api *API) PutGrant(w http.ResponseWriter, r *http.Request)

func (*API) UpdateCurrentUser 

func (api *API) UpdateCurrentUser(w http.ResponseWriter, r *http.Request)

func (*API) UpdateService 

func (api *API) UpdateService(w http.ResponseWriter, r *http.Request)

type Adapter 

type Adapter struct {
	// contains filtered or unexported fields
}

Adapter provides an implementation of a persist.Adapter that's backed by a badger's v3 implementation.

func NewCasbinAdapter 

func NewCasbinAdapter(db *badger.DB) *Adapter

NewCasbinAdapter returns an Adapter that can be used by the casbin system to assess policy.

func (*Adapter) AddPolicies 

func (a *Adapter) AddPolicies(sec string, ptype string, rules [][]string) error

func (*Adapter) AddPolicy 

func (a *Adapter) AddPolicy(sec string, ptype string, rule []string) error

func (*Adapter) LoadPolicy 

func (a *Adapter) LoadPolicy(m model.Model) error

func (*Adapter) RemoveFilteredPolicy 

func (a *Adapter) RemoveFilteredPolicy(sec string, ptype string, fieldOffset int, fieldValues ...string) error

func (*Adapter) RemovePolicies 

func (a *Adapter) RemovePolicies(sec string, ptype string, rules [][]string) error

func (*Adapter) RemovePolicy 

func (a *Adapter) RemovePolicy(sec string, ptype string, rule []string) error

func (*Adapter) SavePolicy 

func (a *Adapter) SavePolicy(model model.Model) error

type CreateServiceRequest 

type CreateServiceRequest struct {
	Kind    string `json:"kind" hidden:"true"`
	Name    string `json:"name" hidden:"true"`
	Address string `json:"address" usage:"the address clients should connect to" required:"true"`
	Templates
}

type Credentials 

type Credentials struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

Credentials defines derived credentials.

type ListGrantsResponse 

type ListGrantsResponse struct {
	Roles  []string    `json:"assignable_roles"`
	Grants []UserGrant `json:"grants"`
}

type Permission 

type Permission string

Permission defines a base permission applied to the system. 

const (
	// ReadPermission grants a user read access to the system. For example, this allows SELECT statements to be issued
	// against SQL systems.
	ReadPermission Permission = "read"
	// WritePermission grants the user write access to a system. For example this allows INSERT statements to be issued
	// against SQL systems.
	WritePermission Permission = "write"
	// UpdatePermission grants the user permission to update the system. For example, this allows UPDATE statements to
	// be issued against the database.
	UpdatePermission Permission = "update"
	// DeletePermission grants the user delete access to the system. For example, this allows DELETE statements to be
	// issued against SQL systems.
	DeletePermission Permission = "delete"
	// AdminPermission grants the user admin access to the system. For example, this allows CREATE TABLE, ALTER TABLE,
	// and DROP TABLE statements to be issued against SQL systems.
	AdminPermission Permission = "admin"
	// SystemPermission is used to grant the user access to the GET /api/v1/credentials/{kind}/{name} endpoints, thus
	// allowing them to administer user accounts within the system. Granting this permission should only be used to
	// provide the connector with access to all the credentials that need to be added to the system.
	SystemPermission Permission = "system"
)

func (Permission) String 

func (p Permission) String() string

type Service 

type Service struct {
	Kind      string           `json:"kind"`
	Name      string           `json:"name"`
	Address   string           `json:"address"`
	Key       []byte           `json:"-"`
	Templates ServiceTemplates `json:"templates"`
}

Service defines the various metadata of a service that is managed within varys.

func (Service) K 

func (s Service) K() string

K returns a unique key for the service. Useful for caching in maps.

type ServiceCredentials 

type ServiceCredentials struct {
	Address     string      `json:"address"`
	Credentials Credentials `json:"credentials"`
}

type ServiceTemplates 

type ServiceTemplates struct {
	UserTemplate     pass.TemplateClass `json:"user_template"`
	PasswordTemplate pass.TemplateClass `json:"password_template"`
}

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides common CRUD operations on top of badgerdb. Operations are scoped to a prefix, allowing multiple resources to be managed by the same database.

func (*Store) Delete 

func (store *Store) Delete(ctx context.Context, kind, name string) (err error)

Delete an object from the store.

func (*Store) Get 

func (store *Store) Get(ctx context.Context, kind, name string, v interface{}) (err error)

Get an object from the store.

func (*Store) List 

func (store *Store) List(ctx context.Context, base interface{}) (results []interface{}, err error)

List objects within the store.

func (*Store) Put 

func (store *Store) Put(ctx context.Context, kind, name string, v interface{}) (err error)

Put an object in the store.

type Templates 

type Templates struct {
	UserTemplate     string `` /* 141-byte string literal not displayed */
	PasswordTemplate string `` /* 145-byte string literal not displayed */
}

Templates define a set of templates used for generating usernames and passwords.

type Txn 

type Txn struct {
	// contains filtered or unexported fields
}

func (*Txn) CommitOrDiscard 

func (txn *Txn) CommitOrDiscard(err *error)

type UpdateServiceRequest 

type UpdateServiceRequest struct {
	RotateKey bool   `json:"rotate_key" usage:"set to rotate the key used to derive passwords for this service"`
	Address   string `json:"address" usage:"the new address clients should connect to"`
	Templates
}

type UpdateUserRequest 

type UpdateUserRequest struct {
	RotateService Service `json:"rotate_service"`
}

type User 

type User struct {
	Kind         string            `json:"kind"`
	ID           string            `json:"id"`
	Name         string            `json:"name"`
	SiteCounters map[string]uint32 `json:"-"`
}

User represents a user within varys.

func (User) K 

func (u User) K() string

K returns a unique key for the user. Useful for caching or referencing in maps.

type UserCredential 

type UserCredential struct {
	Permission  []Permission `json:"permissions"`
	Credentials Credentials  `json:"credentials"`
}

type UserGrant 

type UserGrant struct {
	User  User     `json:"user"`
	Roles []string `json:"roles"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.