Documentation ¶
Index ¶
- Constants
- Variables
- func AreValidActions(actions []string) error
- func AreValidOidcClientNames(oidcClients []string) error
- func AreValidResources(resources []string, resourceType string) error
- func AreValidStatements(statements *[]Statement) error
- func CreateUrn(org string, resource string, path string, name string) string
- func GetUrnPrefix(org string, resource string, path string) string
- func IsValidEffect(effect string) error
- func IsValidName(name string) bool
- func IsValidOrder(order string) bool
- func IsValidOrg(org string) bool
- func IsValidPath(path string) bool
- func IsValidProxyResource(resource *ResourceEntity) error
- func IsValidUserExternalID(externalID string) bool
- func LogOperation(requestID string, userID string, message string)
- func LogOperationError(requestID string, userID string, err *Error)
- func LogOperationWarn(requestID string, userID string, message string)
- func TransactionProxyErrorLogWithStatus(requestID string, workerRequestID string, r *http.Request, status int, ...)
- func TransactionProxyLog(requestID string, workerRequestID string, r *http.Request, msg string)
- func TransactionRequestLog(requestID string, userID string, r *http.Request)
- func TransactionResponseErrorLog(requestID string, userID string, r *http.Request, status int, err *Error)
- type AuthOidcAPI
- type AuthOidcRepo
- type AuthzAPI
- type EffectRestriction
- type Error
- type ExternalResource
- type Filter
- type Group
- type GroupAPI
- type GroupIdentity
- type GroupMembers
- type GroupPolicies
- type GroupRepo
- type InternalProxyAPI
- type OidcClient
- type OidcProvider
- type Policy
- type PolicyAPI
- type PolicyGroupRelation
- type PolicyGroups
- type PolicyIdentity
- type PolicyRepo
- type ProxyAPI
- type ProxyRepo
- type ProxyResource
- type ProxyResourceIdentity
- type ProxyResourcesAPI
- type RequestInfo
- type Resource
- type ResourceEntity
- type Restrictions
- type Statement
- type User
- type UserAPI
- type UserGroupRelation
- type UserGroups
- type UserRepo
- type WorkerAPI
- func (api WorkerAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error)
- func (api WorkerAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error
- func (api WorkerAPI) AddOidcProvider(requestInfo RequestInfo, name string, path string, issuerURL string, ...) (*OidcProvider, error)
- func (api WorkerAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, ...) (*Policy, error)
- func (api WorkerAPI) AddProxyResource(requestInfo RequestInfo, name string, org string, path string, ...) (*ProxyResource, error)
- func (api WorkerAPI) AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error)
- func (api WorkerAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error
- func (api WorkerAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error
- func (api WorkerAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
- func (api WorkerAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)
- func (api WorkerAPI) GetAuthorizedOidcProviders(requestInfo RequestInfo, resourceUrn string, action string, ...) ([]OidcProvider, error)
- func (api WorkerAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)
- func (api WorkerAPI) GetAuthorizedProxyResources(requestInfo RequestInfo, resourceUrn string, action string, ...) ([]ProxyResource, error)
- func (api WorkerAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)
- func (api WorkerAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error)
- func (api WorkerAPI) GetOidcProviderByName(requestInfo RequestInfo, name string) (*OidcProvider, error)
- func (api WorkerAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error)
- func (api WorkerAPI) GetProxyResourceByName(requestInfo RequestInfo, org string, name string) (*ProxyResource, error)
- func (api WorkerAPI) GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)
- func (api WorkerAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)
- func (api WorkerAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)
- func (api WorkerAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error)
- func (api WorkerAPI) ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)
- func (api WorkerAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error)
- func (api WorkerAPI) ListOidcProviders(requestInfo RequestInfo, filter *Filter) ([]string, int, error)
- func (api WorkerAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error)
- func (api WorkerAPI) ListProxyResources(requestInfo RequestInfo, filter *Filter) ([]ProxyResourceIdentity, int, error)
- func (api WorkerAPI) ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error)
- func (api WorkerAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error
- func (api WorkerAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error
- func (api WorkerAPI) RemoveOidcProvider(requestInfo RequestInfo, name string) error
- func (api WorkerAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error
- func (api WorkerAPI) RemoveProxyResource(requestInfo RequestInfo, org string, name string) error
- func (api WorkerAPI) RemoveUser(requestInfo RequestInfo, externalId string) error
- func (api WorkerAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, ...) (*Group, error)
- func (api WorkerAPI) UpdateOidcProvider(requestInfo RequestInfo, oidcProviderName string, newName string, ...) (*OidcProvider, error)
- func (api WorkerAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, ...) (*Policy, error)
- func (api WorkerAPI) UpdateProxyResource(requestInfo RequestInfo, org string, name string, newName string, ...) (*ProxyResource, error)
- func (api WorkerAPI) UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error)
Constants ¶
const ( // Generic API error codes UNKNOWN_API_ERROR = "UnknownApiError" INVALID_PARAMETER_ERROR = "InvalidParameterError" UNAUTHORIZED_RESOURCES_ERROR = "UnauthorizedResourcesError" // Authentication API error code AUTHENTICATION_API_ERROR = "AuthenticationApiError" // User API error codes USER_BY_EXTERNAL_ID_NOT_FOUND = "UserWithExternalIDNotFound" USER_ALREADY_EXIST = "UserAlreadyExist" // Group API error codes GROUP_BY_ORG_AND_NAME_NOT_FOUND = "GroupWithOrgAndNameNotFound" GROUP_ALREADY_EXIST = "GroupAlreadyExist" // GroupMembers error codes USER_IS_ALREADY_A_MEMBER_OF_GROUP = "UserIsAlreadyAMemberOfGroup" USER_IS_NOT_A_MEMBER_OF_GROUP = "UserIsNotAMemberOfGroup" // GroupPolicies error codes POLICY_IS_ALREADY_ATTACHED_TO_GROUP = "PolicyIsAlreadyAttachedToGroup" POLICY_IS_NOT_ATTACHED_TO_GROUP = "PolicyIsNotAttachedToGroup" // Policy API error codes POLICY_ALREADY_EXIST = "PolicyAlreadyExist" POLICY_BY_ORG_AND_NAME_NOT_FOUND = "PolicyWithOrgAndNameNotFound" // Proxy resources API error codes PROXY_RESOURCE_ALREADY_EXIST = "ProxyResourceAlreadyExist" PROXY_RESOURCE_BY_ORG_AND_NAME_NOT_FOUND = "ProxyResourceWithOrgAndNameNotFound" PROXY_RESOURCES_ROUTES_CONFLICT = "ProxyResourcesRoutesConflict" // Auth OIDC Provider API error codes AUTH_OIDC_PROVIDER_ALREADY_EXIST = "AuthOidcProviderAlreadyExist" AUTH_OIDC_PROVIDER_BY_NAME_NOT_FOUND = "AuthOidcProviderWithNameNotFound" // Regex error REGEX_NO_MATCH = "RegexNoMatch" )
const ( // Resource types RESOURCE_GROUP = "group" RESOURCE_USER = "user" RESOURCE_POLICY = "policy" RESOURCE_PROXY = "proxy" RESOURCE_AUTH_OIDC_PROVIDER = "oidc" // Resource validation RESOURCE_EXTERNAL = "external" RESOURCE_IAM = "iam" // Constraints MAX_EXTERNAL_ID_LENGTH = 128 MAX_NAME_LENGTH = 128 MAX_ACTION_LENGTH = 128 MAX_PATH_LENGTH = 512 MAX_RESOURCE_NUMBER = 50 MAX_LIMIT_SIZE = 1000 DEFAULT_LIMIT_SIZE = 20 // User actions USER_ACTION_CREATE_USER = "iam:CreateUser" USER_ACTION_DELETE_USER = "iam:DeleteUser" USER_ACTION_GET_USER = "iam:GetUser" USER_ACTION_LIST_USERS = "iam:ListUsers" USER_ACTION_UPDATE_USER = "iam:UpdateUser" USER_ACTION_LIST_GROUPS_FOR_USER = "iam:ListGroupsForUser" // Group actions GROUP_ACTION_CREATE_GROUP = "iam:CreateGroup" GROUP_ACTION_DELETE_GROUP = "iam:DeleteGroup" GROUP_ACTION_GET_GROUP = "iam:GetGroup" GROUP_ACTION_LIST_GROUPS = "iam:ListGroups" GROUP_ACTION_UPDATE_GROUP = "iam:UpdateGroup" GROUP_ACTION_LIST_MEMBERS = "iam:ListMembers" GROUP_ACTION_ADD_MEMBER = "iam:AddMember" GROUP_ACTION_REMOVE_MEMBER = "iam:RemoveMember" GROUP_ACTION_ATTACH_GROUP_POLICY = "iam:AttachGroupPolicy" GROUP_ACTION_DETACH_GROUP_POLICY = "iam:DetachGroupPolicy" GROUP_ACTION_LIST_ATTACHED_GROUP_POLICIES = "iam:ListAttachedGroupPolicies" // Policy actions POLICY_ACTION_CREATE_POLICY = "iam:CreatePolicy" POLICY_ACTION_DELETE_POLICY = "iam:DeletePolicy" POLICY_ACTION_UPDATE_POLICY = "iam:UpdatePolicy" POLICY_ACTION_GET_POLICY = "iam:GetPolicy" POLICY_ACTION_LIST_ATTACHED_GROUPS = "iam:ListAttachedGroups" POLICY_ACTION_LIST_POLICIES = "iam:ListPolicies" // Proxy resource actions PROXY_ACTION_CREATE_RESOURCE = "iam:CreateProxyResource" PROXY_ACTION_DELETE_RESOURCE = "iam:DeleteProxyResource" PROXY_ACTION_UPDATE_RESOURCE = "iam:UpdateProxyResource" PROXY_ACTION_LIST_RESOURCES = "iam:ListProxyResources" PROXY_ACTION_GET_PROXY_RESOURCE = "iam:GetProxyResource" // Auth OIDC provider actions AUTH_OIDC_ACTION_CREATE_PROVIDER = "auth:CreateOidcProvider" AUTH_OIDC_ACTION_DELETE_PROVIDER = "auth:DeleteOidcProvider" AUTH_OIDC_ACTION_UPDATE_PROVIDER = "auth:UpdateOidcProvider" AUTH_OIDC_ACTION_LIST_PROVIDERS = "auth:ListOidcProviders" AUTH_OIDC_ACTION_GET_PROVIDER = "auth:GetOidcProvider" )
Variables ¶
var Log *logrus.Logger
Log is API global logger for all domains
Functions ¶
func AreValidActions ¶
func AreValidOidcClientNames ¶ added in v0.4.0
func AreValidResources ¶
func AreValidStatements ¶
func IsValidEffect ¶
func IsValidOrder ¶ added in v0.3.0
IsValidOrder validates the OrderBy query param
func IsValidOrg ¶
func IsValidPath ¶
func IsValidProxyResource ¶ added in v0.3.0
func IsValidProxyResource(resource *ResourceEntity) error
func IsValidUserExternalID ¶
func LogOperation ¶
LogOperation logs an action with request identifier and user
func LogOperationError ¶ added in v0.3.0
LogErrorMessage logs an error action with request identifier and user
func LogOperationWarn ¶ added in v0.3.0
LogOperation logs a warning action with request identifier and user
func TransactionProxyErrorLogWithStatus ¶ added in v0.3.0
func TransactionProxyErrorLogWithStatus(requestID string, workerRequestID string, r *http.Request, status int, err *Error)
TransactionProxyErrorLog logs an error received with user, worker request identifier, proxy request identifier and status code
func TransactionProxyLog ¶ added in v0.3.0
TransactionProxyLog logs a request transaction received with user, worker request identifier and request identifier
func TransactionRequestLog ¶ added in v0.3.0
TransactionRequestLog logs a request transaction received with http request, user and request identifier
Types ¶
type AuthOidcAPI ¶ added in v0.4.0
type AuthOidcAPI interface { // Store a new OIDC provider in database. Throw error when parameters are invalid, // the OIDC provider already exists or unexpected error happen. AddOidcProvider(requestInfo RequestInfo, name string, path string, issuerURL string, oidcClients []string) (*OidcProvider, error) // Retrieve OIDC provider from database. Throw error when parameter is invalid, // the OIDC provider doesn't exist or unexpected error happen. GetOidcProviderByName(requestInfo RequestInfo, name string) (*OidcProvider, error) // Retrieve OIDC provider names from database filtered by pathPrefix (optional parameter). Throw error // if pathPrefix is invalid or unexpected error happen. ListOidcProviders(requestInfo RequestInfo, filter *Filter) ([]string, int, error) // Update OIDC provider stored in database with new parameters. Throw error if the input parameters // are invalid, the OIDC provider doesn't exist or unexpected error happen. UpdateOidcProvider(requestInfo RequestInfo, oidcProviderName string, newName string, newPath string, newIssuerUrl string, newClients []string) (*OidcProvider, error) // Remove OIDC provider stored in database with its client relationships. // Throw error if name parameter is invalid, OIDC provider doesn't exist or unexpected error happen. RemoveOidcProvider(requestInfo RequestInfo, name string) error }
AuthOidcAPI interface
type AuthOidcRepo ¶ added in v0.4.0
type AuthOidcRepo interface { // Store a OIDC provider in database if there aren't errors. AddOidcProvider(oidcProvider OidcProvider) (*OidcProvider, error) // Retrieve the OIDC provider from database if it exists. Otherwise it throws an error. GetOidcProviderByName(name string) (*OidcProvider, error) // Retrieve OIDC providers from database filtered by pathPrefix optional parameter. Throw error // if there are problems with database. GetOidcProvidersFiltered(filter *Filter) ([]OidcProvider, int, error) // Update the OIDC provider stored in database with new fields. // Throw error if there are problems with database. UpdateOidcProvider(oidcProvider OidcProvider) (*OidcProvider, error) // Remove the OIDC provider stored in database with its OIDC Clients. // Throw error if there are problems during transactions. RemoveOidcProvider(id string) error // OrderByValidColumns returns valid columns that you can use in OrderBy OrderByValidColumns(action string) []string }
AuthOidcRepo contains all database operations
type AuthzAPI ¶
type AuthzAPI interface { // Retrieve list of authorized user resources filtered according to the input parameters. Throw error // if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen. GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error) // Retrieve list of authorized group resources filtered according to the input parameters. Throw error // if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen. GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error) // Retrieve list of authorized policies resources filtered according to the input parameters. Throw error // if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen. GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error) // Retrieve list of authorized proxy resources filtered according to the input parameters. Throw error // if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen. GetAuthorizedProxyResources(requestInfo RequestInfo, resourceUrn string, action string, proxyResources []ProxyResource) ([]ProxyResource, error) // Retrieve list of authorized external resources filtered according to the input parameters. Throw error // if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen. GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error) }
AuthzAPI interface
type EffectRestriction ¶
type EffectRestriction struct { Effect string `json:"effect,omitempty"` Restrictions *Restrictions `json:"restrictions,omitempty"` }
type ExternalResource ¶
type ExternalResource struct {
Urn string `json:"urn,omitempty"`
}
func (ExternalResource) GetUrn ¶
func (e ExternalResource) GetUrn() string
type Filter ¶
type Filter struct { PathPrefix string Org string ExternalID string PolicyName string GroupName string ProxyResourceName string AuthProviderName string // Pagination Offset int Limit int // Sorting OrderBy string }
Filter properties for database search
type Group ¶
type Group struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Path string `json:"path,omitempty"` Org string `json:"org,omitempty"` Urn string `json:"urn,omitempty"` CreateAt time.Time `json:"createAt,omitempty"` UpdateAt time.Time `json:"updateAt,omitempty"` }
Group domain
type GroupAPI ¶
type GroupAPI interface { // Store group in database. Throw error when the input parameters are invalid, // the group already exist or unexpected error happen. AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error) // Retrieve group from database. Throw error when the input parameters are invalid, // group doesn't exist or unexpected error happen. GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error) // Retrieve group identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional. // Throw error if the input parameters are invalid or unexpected error happen. ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error) // Update group stored in database with new name and pathPrefix. // Throw error if the input parameters are invalid, group to update doesn't exist, // target group already exist or unexpected error happen. UpdateGroup(requestInfo RequestInfo, org string, groupName string, newName string, newPath string) (*Group, error) // Remove group stored in database with its user and policy relationships. // Throw error if the input parameters are invalid, the group doesn't exist or unexpected error happen. RemoveGroup(requestInfo RequestInfo, org string, name string) error // Add new member to group. Throw error if the input parameters are invalid, user doesn't exist, // group doesn't exist, user is already a member of the group or unexpected error happen. AddMember(requestInfo RequestInfo, externalId string, groupName string, org string) error // Remove member from group. Throw error if the input parameters are invalid, user doesn't exist, // group doesn't exist, user isn't a member of the group or unexpected error happen. RemoveMember(requestInfo RequestInfo, externalId string, groupName string, org string) error // List user identifiers that belong to the group. Throw error if the input parameters are invalid, // group doesn't exist or unexpected error happen. ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error) // Attach policy to group. Throw error if the input parameters are invalid, policy doesn't exist, // group doesn't exist, policy is already attached to the group or unexpected error happen. AttachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error // Detach policy from group. Throw error if the input parameters are invalid, policy doesn't exist, // group doesn't exist, policy isn't attached to the group or unexpected error happen. DetachPolicyToGroup(requestInfo RequestInfo, org string, groupName string, policyName string) error // Retrieve policies that are attached to the group. Throw error if the input parameters are invalid, // group doesn't exist or unexpected error happen. ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error) }
GroupAPI interface
type GroupIdentity ¶
Group identifier to retrieve them from DB
type GroupMembers ¶
type GroupPolicies ¶ added in v0.2.0
type GroupRepo ¶
type GroupRepo interface { // Store group in database if there aren't errors. AddGroup(group Group) (*Group, error) // Retrieve group from database if it exists. Otherwise it throws an error. GetGroupByName(org string, name string) (*Group, error) // Retrieve groups from database filtered by org and pathPrefix optional parameters. Throw error // if there are problems with database. GetGroupsFiltered(filter *Filter) ([]Group, int, error) // Update group stored in database with new fields. // Throw error if there are problems with database. UpdateGroup(group Group) (*Group, error) // Remove group stored in database with its user and policy relationships. // Throw error if there are problems during transactions. RemoveGroup(groupID string) error // Add new member to group. It doesn't check restrictions about existence of group or user. It throws // errors if there are problems with database. AddMember(userID string, groupID string) error // Remove member from group. It doesn't check restrictions about existence of group or user. It throws // errors if there are problems with database. RemoveMember(userID string, groupID string) error // Check if user is member of group. It returns true if at least one relation exists. It throws // errors if there are problems with database. IsMemberOfGroup(userID string, groupID string) (bool, error) // Retrieve users that belong to the group. Throw error if there are problems with database. GetGroupMembers(groupID string, filter *Filter) ([]UserGroupRelation, int, error) // Attach policy to group. It doesn't check restrictions about existence of group or policy. It throws // errors if there are problems with database. AttachPolicy(groupID string, policyID string) error // Detach policy from group. It doesn't check restrictions about existence of group or policy. It throws // errors if there are problems with database. DetachPolicy(groupID string, policyID string) error // Check if policy is attached to group. It returns true if at least one relation exists. It throws // errors if there are problems with database. IsAttachedToGroup(groupID string, policyID string) (bool, error) // Retrieve policies that are attached to the group. Throw error if there are problems with database. GetAttachedPolicies(groupID string, filter *Filter) ([]PolicyGroupRelation, int, error) // OrderByValidColumns returns valid columns that you can use in OrderBy OrderByValidColumns(action string) []string }
GroupRepo contains all database operations
type InternalProxyAPI ¶ added in v0.3.0
type InternalProxyAPI interface { // Retrieve list of proxy resources. GetProxyResources() ([]ProxyResource, error) }
InternalProxyAPI interface to manage proxy resources
type OidcClient ¶ added in v0.4.0
type OidcClient struct {
Name string `json:"name,omitempty"`
}
func (OidcClient) String ¶ added in v0.4.0
func (op OidcClient) String() string
type OidcProvider ¶ added in v0.4.0
type OidcProvider struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Path string `json:"path,omitempty"` Urn string `json:"urn,omitempty"` CreateAt time.Time `json:"createAt,omitempty"` UpdateAt time.Time `json:"updateAt,omitempty"` IssuerURL string `json:"issuerUrl,omitempty"` OidcClients []OidcClient `json:"clients,omitempty"` }
Authenticator OIDC domain
func (OidcProvider) GetUrn ¶ added in v0.4.0
func (op OidcProvider) GetUrn() string
func (OidcProvider) String ¶ added in v0.4.0
func (op OidcProvider) String() string
type Policy ¶
type Policy struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Path string `json:"path,omitempty"` Org string `json:"org,omitempty"` Urn string `json:"urn,omitempty"` CreateAt time.Time `json:"createAt,omitempty"` UpdateAt time.Time `json:"updateAt,omitempty"` Statements *[]Statement `json:"statements,omitempty"` }
Policy domain
type PolicyAPI ¶
type PolicyAPI interface { // Store policy in database. Throw error when the input parameters are invalid, // the policy already exist or unexpected error happen. AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error) // Retrieve policy from database. Throw error when the input parameters are invalid, // policy doesn't exist or unexpected error happen. GetPolicyByName(requestInfo RequestInfo, org string, name string) (*Policy, error) // Retrieve policy identifiers from database filtered by org and pathPrefix parameters. These input parameters are optional. // Throw error if the input parameters are invalid or unexpected error happen. ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error) // Update policy stored in database with new name, new pathPrefix and new statements. // It overrides older statements. Throw error if the input parameters are invalid, // policy to update doesn't exist, target policy already exist or unexpected error happen. UpdatePolicy(requestInfo RequestInfo, org string, name string, newName string, newPath string, newStatements []Statement) (*Policy, error) // Remove policy stored in database with its groups relationships. // Throw error if the input parameters are invalid, the policy doesn't exist or unexpected error happen. RemovePolicy(requestInfo RequestInfo, org string, name string) error // Retrieve groups that are attached to the policy. Throw error if the input parameters are invalid, // policy doesn't exist or unexpected error happen. ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error) }
PolicyAPI interface
type PolicyGroupRelation ¶ added in v0.2.0
PolicyGroupRelation interface for Policy-Group relationships
type PolicyGroups ¶ added in v0.2.0
type PolicyIdentity ¶
type PolicyIdentity struct { Org string `json:"org,omitempty"` Name string `json:"name,omitempty"` }
Policy identifier to retrieve them from DB
type PolicyRepo ¶
type PolicyRepo interface { // Store policy in database if there aren't errors. AddPolicy(policy Policy) (*Policy, error) // Retrieve policy from database if it exists. Otherwise it throws an error. GetPolicyByName(org string, name string) (*Policy, error) // Retrieve policies from database filtered by org and pathPrefix optional parameters. Throw error // if there are problems with database. GetPoliciesFiltered(filter *Filter) ([]Policy, int, error) // Update policy stored in database with new fields. Also it overrides statements if it has. // Throw error if there are problems with database. UpdatePolicy(policy Policy) (*Policy, error) // Remove policy stored in database with its groups relationships. // Throw error if there are problems during transactions. RemovePolicy(id string) error // Retrieve groups that are attached to the policy. Throw error if there are problems with database. GetAttachedGroups(policyID string, filter *Filter) ([]PolicyGroupRelation, int, error) // OrderByValidColumns returns valid columns that you can use in OrderBy OrderByValidColumns(action string) []string }
PolicyRepo contains all database operations
type ProxyAPI ¶ added in v0.3.0
type ProxyAPI struct {
ProxyRepo ProxyRepo
}
ProxyAPI that implements API interfaces using repositories
func (ProxyAPI) GetProxyResources ¶ added in v0.3.0
func (api ProxyAPI) GetProxyResources() ([]ProxyResource, error)
GetProxyResources return proxy resources
type ProxyRepo ¶ added in v0.3.0
type ProxyRepo interface { // Retrieve proxy resources from database. Otherwise it throws an error. GetProxyResources(filter *Filter) ([]ProxyResource, int, error) // Retrieve proxy resource from database if it exists. Otherwise it throws an error. GetProxyResourceByName(org string, name string) (*ProxyResource, error) // Store proxy resource in database if there aren't errors. AddProxyResource(proxyResource ProxyResource) (*ProxyResource, error) // Update proxy resource stored in database with new fields. Also it overrides statements if it has. // Throw error if there are problems with database. UpdateProxyResource(proxyResource ProxyResource) (*ProxyResource, error) // Remove proxy resource stored in database. // Throw error if there are problems during transaction. RemoveProxyResource(proxyResourceID string) error // OrderByValidColumns returns valid columns that you can use in OrderBy OrderByValidColumns(action string) []string }
ProxyRepo contains all database operations
type ProxyResource ¶ added in v0.3.0
type ProxyResource struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` Org string `json:"org,omitempty"` Path string `json:"path,omitempty"` Urn string `json:"urn,omitempty"` Resource ResourceEntity `json:"resource,omitempty"` CreateAt time.Time `json:"createAt,omitempty"` UpdateAt time.Time `json:"updateAt,omitempty"` }
ProxyResource domain
func (ProxyResource) GetUrn ¶ added in v0.3.0
func (p ProxyResource) GetUrn() string
type ProxyResourceIdentity ¶ added in v0.3.0
type ProxyResourceIdentity struct { Org string `json:"org,omitempty"` Name string `json:"name,omitempty"` }
Proxy resource identifier to retrieve them from DB
type ProxyResourcesAPI ¶ added in v0.3.0
type ProxyResourcesAPI interface { // Store proxy resource in database. Throw error when the input parameters are invalid, // the proxy resource already exist or unexpected error happen. AddProxyResource(requestInfo RequestInfo, name string, org string, path string, resource ResourceEntity) (*ProxyResource, error) // Retrieve proxy resource from database. Throw error when the input parameters are invalid, // Proxy resource doesn't exist or unexpected error happen. GetProxyResourceByName(requestInfo RequestInfo, org string, name string) (*ProxyResource, error) // Retrieve list of proxy resources. ListProxyResources(requestInfo RequestInfo, filter *Filter) ([]ProxyResourceIdentity, int, error) // Update proxy resource stored in database with new name, new path and new resource. // It overrides the older resource. Throw error if the input parameters are invalid, // proxy resource to update doesn't exist, target proxy resource already exist or unexpected error happen. UpdateProxyResource(requestInfo RequestInfo, org string, name string, newName string, newPath string, newResource ResourceEntity) (*ProxyResource, error) // Remove proxy resource stored in database. // Throw error if the input parameters are invalid, the proxy resource doesn't exist or unexpected error happen. RemoveProxyResource(requestInfo RequestInfo, org string, name string) error }
WorkerProxyResourcesAPI interface to manage proxy resources
type RequestInfo ¶
type Resource ¶
type Resource interface { // This method must return resource URN GetUrn() string }
Resource interface that all resource types have to implement
type ResourceEntity ¶ added in v0.3.0
type Restrictions ¶
type Statement ¶
type User ¶
type User struct { ID string `json:"id,omitempty"` ExternalID string `json:"externalId,omitempty"` Path string `json:"path,omitempty"` Urn string `json:"urn,omitempty"` CreateAt time.Time `json:"createAt,omitempty"` UpdateAt time.Time `json:"updateAt,omitempty"` }
User domain
type UserAPI ¶
type UserAPI interface { // Store user in database. Throw error when parameters are invalid, // user already exists or unexpected error happen. AddUser(requestInfo RequestInfo, externalId string, path string) (*User, error) // Retrieve user from database. Throw error when parameter is invalid, // user doesn't exist or unexpected error happen. GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error) // Retrieve user identifiers from database filtered by pathPrefix (optional parameter). Throw error // if pathPrefix is invalid or unexpected error happen. ListUsers(requestInfo RequestInfo, filter *Filter) ([]string, int, error) // Update user stored in database with new pathPrefix. Throw error if the input parameters // are invalid, user doesn't exist or unexpected error happen. UpdateUser(requestInfo RequestInfo, externalId string, newPath string) (*User, error) // Remove user stored in database with its group relationships. // Throw error if externalId parameter is invalid, user doesn't exist or unexpected error happen. RemoveUser(requestInfo RequestInfo, externalId string) error // Retrieve groups that belongs to the user. Throw error if externalId parameter is invalid, user // doesn't exist or unexpected error happen. ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error) }
UserAPI interface
type UserGroupRelation ¶ added in v0.2.0
UserGroupRelation interface for User-Group relationships
type UserGroups ¶ added in v0.2.0
type UserRepo ¶
type UserRepo interface { // Store user in database if there aren't errors. AddUser(user User) (*User, error) // Retrieve user from database if it exists. Otherwise it throws an error. GetUserByExternalID(id string) (*User, error) // Retrieve user list from database filtered by pathPrefix optional parameter. Throw error // if there are problems with database. GetUsersFiltered(filter *Filter) ([]User, int, error) // Update user stored in database with new fields. Throw error if the database restrictions // are not satisfied or unexpected error happen. UpdateUser(user User) (*User, error) // Remove user stored in database with its group relationships. // Throw error if there are problems during transactions. RemoveUser(id string) error // Retrieve groups that belong to the user. Throw error // if there are problems with database. GetGroupsByUserID(id string, filter *Filter) ([]UserGroupRelation, int, error) // OrderByValidColumns returns valid columns that you can use in OrderBy OrderByValidColumns(action string) []string }
UserRepo contains all database operations
type WorkerAPI ¶ added in v0.3.0
type WorkerAPI struct { UserRepo UserRepo GroupRepo GroupRepo PolicyRepo PolicyRepo ProxyRepo ProxyRepo AuthOidcRepo AuthOidcRepo }
WorkerAPI that implements API interfaces using repositories
func (WorkerAPI) AddOidcProvider ¶ added in v0.4.0
func (api WorkerAPI) AddOidcProvider(requestInfo RequestInfo, name string, path string, issuerURL string, oidcClients []string) (*OidcProvider, error)
func (WorkerAPI) AddProxyResource ¶ added in v0.3.0
func (api WorkerAPI) AddProxyResource(requestInfo RequestInfo, name string, org string, path string, resource ResourceEntity) (*ProxyResource, error)
func (WorkerAPI) AttachPolicyToGroup ¶ added in v0.3.0
func (WorkerAPI) DetachPolicyToGroup ¶ added in v0.3.0
func (WorkerAPI) GetAuthorizedExternalResources ¶ added in v0.3.0
func (api WorkerAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
GetAuthorizedExternalResources returns the resources where the specified user has the action granted
func (WorkerAPI) GetAuthorizedGroups ¶ added in v0.3.0
func (api WorkerAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error)
GetAuthorizedGroups returns authorized users for specified user combined with resource+action
func (WorkerAPI) GetAuthorizedOidcProviders ¶ added in v0.4.0
func (api WorkerAPI) GetAuthorizedOidcProviders(requestInfo RequestInfo, resourceUrn string, action string, oidcProviders []OidcProvider) ([]OidcProvider, error)
GetAuthorizedOidcProviders returns authorized OIDC providers for specified user combined with resource+action
func (WorkerAPI) GetAuthorizedPolicies ¶ added in v0.3.0
func (api WorkerAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error)
GetAuthorizedPolicies returns authorized policies for specified user combined with resource+action
func (WorkerAPI) GetAuthorizedProxyResources ¶ added in v0.3.0
func (api WorkerAPI) GetAuthorizedProxyResources(requestInfo RequestInfo, resourceUrn string, action string, proxyResources []ProxyResource) ([]ProxyResource, error)
GetAuthorizedProxyResources returns authorized proxy resources for specified user combined with resource+action
func (WorkerAPI) GetAuthorizedUsers ¶ added in v0.3.0
func (api WorkerAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error)
GetAuthorizedUsers returns authorized users for specified resource+action
func (WorkerAPI) GetGroupByName ¶ added in v0.3.0
func (WorkerAPI) GetOidcProviderByName ¶ added in v0.4.0
func (api WorkerAPI) GetOidcProviderByName(requestInfo RequestInfo, name string) (*OidcProvider, error)
func (WorkerAPI) GetPolicyByName ¶ added in v0.3.0
func (WorkerAPI) GetProxyResourceByName ¶ added in v0.3.0
func (api WorkerAPI) GetProxyResourceByName(requestInfo RequestInfo, org string, name string) (*ProxyResource, error)
func (WorkerAPI) GetUserByExternalID ¶ added in v0.3.0
func (api WorkerAPI) GetUserByExternalID(requestInfo RequestInfo, externalId string) (*User, error)
func (WorkerAPI) ListAttachedGroupPolicies ¶ added in v0.3.0
func (api WorkerAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)
func (WorkerAPI) ListAttachedGroups ¶ added in v0.3.0
func (api WorkerAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)
func (WorkerAPI) ListGroups ¶ added in v0.3.0
func (api WorkerAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error)
func (WorkerAPI) ListGroupsByUser ¶ added in v0.3.0
func (api WorkerAPI) ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)
func (WorkerAPI) ListMembers ¶ added in v0.3.0
func (api WorkerAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error)
func (WorkerAPI) ListOidcProviders ¶ added in v0.4.0
func (WorkerAPI) ListPolicies ¶ added in v0.3.0
func (api WorkerAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error)
func (WorkerAPI) ListProxyResources ¶ added in v0.3.0
func (api WorkerAPI) ListProxyResources(requestInfo RequestInfo, filter *Filter) ([]ProxyResourceIdentity, int, error)
func (WorkerAPI) RemoveGroup ¶ added in v0.3.0
func (api WorkerAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error
func (WorkerAPI) RemoveMember ¶ added in v0.3.0
func (WorkerAPI) RemoveOidcProvider ¶ added in v0.4.0
func (api WorkerAPI) RemoveOidcProvider(requestInfo RequestInfo, name string) error
func (WorkerAPI) RemovePolicy ¶ added in v0.3.0
func (api WorkerAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error
func (WorkerAPI) RemoveProxyResource ¶ added in v0.3.0
func (api WorkerAPI) RemoveProxyResource(requestInfo RequestInfo, org string, name string) error
func (WorkerAPI) RemoveUser ¶ added in v0.3.0
func (api WorkerAPI) RemoveUser(requestInfo RequestInfo, externalId string) error
func (WorkerAPI) UpdateGroup ¶ added in v0.3.0
func (WorkerAPI) UpdateOidcProvider ¶ added in v0.4.0
func (api WorkerAPI) UpdateOidcProvider(requestInfo RequestInfo, oidcProviderName string, newName string, newPath string, newIssuerUrl string, newClients []string) (*OidcProvider, error)
func (WorkerAPI) UpdatePolicy ¶ added in v0.3.0
func (WorkerAPI) UpdateProxyResource ¶ added in v0.3.0
func (api WorkerAPI) UpdateProxyResource(requestInfo RequestInfo, org string, name string, newName string, newPath string, newResource ResourceEntity) (*ProxyResource, error)