import "github.com/digitalrebar/provision/backend"
backend contains the backend code for DigitalRebar Provision. It has the responsibility for saving and loading all the data we need to the backing store, making sure that said models are valid and remain consistent, making sure that all the links between objects remain consistent, and providing any optimizations needed to make things perform at scale.
bootenv.go conncache.go conncache_linux.go dataTracker.go dhcpUtils.go doc.go errors.go event.go fs.go interface_resolver.go interfaces.go jobs.go jwt-utils.go lease.go license.go machines.go param.go plugins.go preference.go profiles.go renderData.go requestTracker.go reservation.go roles.go stage.go subnet.go task.go template.go tenants.go user.go workflow.go
const (
ValidationError = "ValidationError"
TemplateRenderError = "TemplateRenderError"
StillInUseError = "StillInUseError"
)AddToCache adds a new remote -> local IP address mapping to the connection cache. If the remote address is already in the cache, its corresponding local address is updates and the timeout is bumped. Mappings that have not been accessed with LocalFor or updated with AddToCache will be evicted if not used for more than 10 minutes.
DefaultIP figures out the IP address of the interface that has the default route. It is used as a fallback IP address when we don't have --static-ip set and we cannot find a local -> remote mapping in the cache.
LocalFor returns the local IP address that has responded to TFTP or HTTP requests for the given remote IP. It also bumps the timeout.
func SetLogPublisher(l *logger.Buffer, pubs *Publishers)
func ValidateDataTrackerStore(fileRoot string, backend, secrets store.Store, logger logger.Logger) (hard, soft error)
This must be locked with ALL locks on the source datatracker from the caller.
func ValidateParams(rt *RequestTracker, e models.ErrorAdder, params map[string]interface{}, key []byte)
BootEnv encapsulates the machine-agnostic information needed by the provisioner to set up a boot environment.
type DataTracker struct {
logger.Logger
FileRoot string
LogRoot string
OurAddress string
ForceOurAddress bool
StaticPort, ApiPort int
FS *FileSystem
Backend, Secrets store.Store
GlobalProfileName string
// contains filtered or unexported fields
}DataTracker represents everything there is to know about acting as a dataTracker.
func NewDataTracker(backend, secrets store.Store, fileRoot, logRoot, addr string, forceAddr bool, staticPort, apiPort int, logger logger.Logger, defaultPrefs map[string]string, publishers *Publishers) *DataTracker
Create a new DataTracker that will use passed store to save all operational data
func (dt *DataTracker) AllLicenses() models.LicenseBundle
AllLicenses returns the current expiry state of the current licenses and caches that result.
func (p *DataTracker) Backup() ([]byte, error)
func (dt *DataTracker) GetInterfaces() ([]*models.Interface, error)
func (p *DataTracker) GetToken(tokenString string) (*DrpCustomClaims, error)
func (dt *DataTracker) LicenseFor(component string) *models.License
LicenseFor returns the expiry state of the specified component.
func (p *DataTracker) LocalIP(remote net.IP) string
func (p *DataTracker) LogFor(s string) logger.Logger
func (p *DataTracker) MacToMachineUUID(mac string) string
func (p *DataTracker) Pref(name string) (string, error)
func (p *DataTracker) Prefs() map[string]string
func (p *DataTracker) RenderUnknown(rt *RequestTracker) error
func (p *DataTracker) ReplaceBackend(rt *RequestTracker, st store.Store) (hard, soft error)
Assumes that all locks are held
func (p *DataTracker) Request(l logger.Logger, locks ...string) *RequestTracker
Request initializes a RequestTracker from the specified DataTracker.
func (p *DataTracker) SealClaims(claims *DrpCustomClaims) (string, error)
func (p *DataTracker) SetPrefs(rt *RequestTracker, prefs map[string]string) error
type DrpCustomClaims struct {
DrpClaims []*models.Claim `json:"drp_claims"`
DrpRoles []string
GrantorClaims GrantorClaims `json:"grantor_claims"`
jwt.StandardClaims
}DrpCustomClaims is a JWT token that contains a list of all the things this token allows access to.
func NewClaim(user, grantor string, ttl time.Duration) *DrpCustomClaims
NewClaim creates a new, unsigned Token that doesn't allow access to anything. You must call Seal() to turn this into a signed JWT token.
func (d *DrpCustomClaims) AddMachine(uuid string) *DrpCustomClaims
Set the specific secrets
func (d *DrpCustomClaims) AddRawClaim(scope, action, specific string) *DrpCustomClaims
AddRawClaim adds a discrete Claim to our custom Token class.
func (d *DrpCustomClaims) AddRoles(names ...string) *DrpCustomClaims
func (d *DrpCustomClaims) AddSecrets(user, grantor, machine string) *DrpCustomClaims
Set the specific secrets
func (d *DrpCustomClaims) ClaimsList(rt *RequestTracker) []models.Claims
func (d *DrpCustomClaims) GrantorId() string
func (d *DrpCustomClaims) HasGrantorId() bool
func (d *DrpCustomClaims) HasMachineUuid() bool
func (d *DrpCustomClaims) HasUserId() bool
func (d *DrpCustomClaims) MachineUuid() string
func (d *DrpCustomClaims) Seal(m *JwtManager) (string, error)
Seal turns our custom Token class into a signed JWT Token.
func (d *DrpCustomClaims) UserId() string
func (d *DrpCustomClaims) ValidateSecrets(grantor, user, machine string) bool
FileSystem provides the routines to allow the static HTTP and TFTP services to render templates on demand..
func NewFS(backingFSPath string, logger logger.Logger) *FileSystem
NewFS creates a new initialized filesystem that will fall back to serving files from backingFSPath if there is not a template to be rendered.
AddDynamicFile adds a lookaside that handles rendering a file that should be generated on the fly. fsPath is the path where the dynamic lookaside lives, and the passed-in function will be called with the IP address of the system making the request.
AddDynamicTree adds a lookaside responsible for wholesale impersonation of a directory tree. fsPath indicates where AddDynamicTree will start handling all read requests, and the passed-in function will be called with the full path to whatever was being requested.
func (fs *FileSystem) DelDynamicFile(fsPath string)
DelDynamicFile removes a lookaside registered for fsPath, if any.
func (fs *FileSystem) DelDynamicTree(fsPath string)
DelDynamicTree removes a lookaside responsible for wholesale impersonation of a directory tree.
Open tests for the existence of a lookaside for file read request. The returned Reader amd error contains the results of running the lookaside function if one is present. If both the reader and error are nil, FileSystem should fall back to serving a static file.
func (fs *FileSystem) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP implements http.Handler for the FileSystem.
TftpResponder returns a function that allows the TFTP midlayer to serve files from the FileSystem.
type GrantorClaims struct {
GrantorId string `json:"grantor_id"`
GrantorSecret string `json:"grantor_secret"`
UserId string `json:"user_id"`
UserSecret string `json:"user_secret"`
MachineUuid string `json:"machine_uuid"`
MachineSecret string `json:"machine_secret"`
}Grantor Claims allow for the token to be validated against the granting user, the current user, and the machine. Each of those object can have a secret that if changed on the user object will invalid the token.
This allows for mass revocation at a machine, grantor, or user level.
func (gc *GrantorClaims) Validate(grantor, user, machine string) bool
If present, we should validate them.
Job represents a task that is running (or has run) on a machine. The job create workflow I envision works like this:
* POST to api/v3/jobs with a body containing {"Machine":
"a-machine-uuid"} If there is no current job, or the current job is "failed", a new job is created for the Task indexed by CurrentTask. If the current job is "finished", the machine CurrentTask is incremented. If that causes CurrentTask to go past the end of the Tasks list for the machine, no job is created and the API returns a 204. If the current job is in the incomplete state, that job is returned with a 202. Otherwise a new job is created and is returned with a 201. If there is a current job that is neither "incomplete", "failed", nor "finished", the POST fails. The new job will be created with its Previous value set to the machine's CurrentJob, and the machine's CurrentJob is updated with the UUID of the new job.
* When a new Job is created, it makes a RenderData for the
templates contained in the Task the job was created against. The client will be able to retrieve the rendered templates via GET from api/v3/jobs/:job-id/templates.
* The client will place or execute the templates based on whether
there is a Path associated with the expanded Template in the order that the jobs/:id/templates API endpoint returns them in. As it does so, it will log its progress via POST to jobs/:id/log.
* If any job operation fails, the client will update the job status to "failed".
* If all job operations succeed, the client will update the job status to "finished"
* On provisioner startup, all machine CurrentJobs are set to "failed" if they are not "finished"
func (j *Job) LogPath(rt *RequestTracker) string
func (j *Job) RenderActions(rt *RequestTracker, targetOS string) (models.JobActions, error)
type JwtConfig struct {
// digital signing method, defaults to jwt.SigningMethodHS256 (SHA256)
Method jwt.SigningMethod
}Config configures a Manager.
type JwtManager struct {
// contains filtered or unexported fields
}Manager is a JSON Web Token (JWT) Provider which create or retrieves tokens with a particular signing key and options.
func NewJwtManager(key []byte, configs ...JwtConfig) *JwtManager
New creates a new Manager which provides JWTs using the given signing key. Defaults to signing with SHA256 HMAC (jwt.SigningMethodHS256)
Lease models a DHCP Lease
func FakeLeaseFor(rt *RequestTracker, strategy, token string, via []net.IP) (lease *Lease, subnet *Subnet, reservation *Reservation)
FakeLeaseFor returns a lease that has zero duration and that should not be saved. It is intended for use when we are acting as a proxy DHCP server or we are acting as a BINL server.
func FindLease(rt *RequestTracker, strategy, token string, req net.IP) (lease *Lease, subnet *Subnet, reservation *Reservation, err error)
FindLease finds an appropriate matching Lease. If a non-nil error is returned, the DHCP system must NAK the response. If lease and error are nil, the DHCP system must not respond to the request. Otherwise, the lease will be returned with its ExpireTime updated and the Lease saved.
This function should be called in response to a DHCPREQUEST.
func FindOrCreateLease(rt *RequestTracker, strategy, token string, req net.IP, via []net.IP) (lease *Lease, subnet *Subnet, reservation *Reservation, fresh bool)
FindOrCreateLease will return a lease for the passed information, creating it if it can. If a non-nil Lease is returned, it has been saved and the DHCP system can offer it. If the returned lease is nil, then the DHCP system should not respond.
This function should be called for DHCPDISCOVER.
func (l *Lease) Reservation(rt *RequestTracker) *Reservation
func (l *Lease) Subnet(rt *RequestTracker) *Subnet
LeaseNAK is the error that shall be returned when we cannot give a system the IP address it requested. If FindLease or FindOrCreateLease return this as their error, then the DHCP midlayer must NAK the request.
Machine represents a single bare-metal system that the provisioner should manage the boot environment for.
HexAddress returns Address in raw hexadecimal format, suitable for pxelinux and elilo usage.
Param represents metadata about a Parameter or a Preference. Specifically, it contains a description of what the information is for, detailed documentation about the param, and a JSON schema that the param must match to be considered valid.
type Paramer interface {
models.Model
GetParams(Stores, bool) map[string]interface{}
SetParams(Stores, map[string]interface{}) error
GetParam(Stores, string, bool) (interface{}, bool)
SetParam(Stores, string, interface{}) error
}Plugin represents a single instance of a running plugin. This contains the configuration need to start this plugin instance.
Pref tracks a global DigitalRebar Provision preference -- things like the bootenv to use for unknown systems trying to PXE boot to us, the default bootenv for known systems, etc.
Profile represents a set of key/values to use in template expansion.
There is one special profile named 'global' that acts as a global set of parameters for the system.
These can be assigned to a machine's profile list.
* NOTE: CRUCIAL: CRITICAL: This could be bad if not adhered. * The Publish, release, and reserve routines must not call loggers * that publish events!
type Publishers struct {
// contains filtered or unexported fields
}func NewPublishers(logger *log.Logger) *Publishers
func (p *Publishers) Add(pp Publisher)
func (p *Publishers) List() []Publisher
func (p *Publishers) Publish(t, a, k, pr string, o interface{}) error
func (p *Publishers) Remove(pp Publisher)
ReadSizer is an interface that has both a reader and can generate the size of that data.
type RenderData struct {
Machine *rMachine // The Machine that the template is being rendered for.
Env *rBootEnv // The boot environment that provided the template.
Task *rTask
Stage *rStage
// contains filtered or unexported fields
}RenderData is the struct that is passed to templates as a source of parameters and useful methods.
func (r *RenderData) ApiURL() string
ApiURL returns a URL to access the api server part of the server using the requesting IP address as a basis.
func (r *RenderData) BootParams() (string, error)
BootParams is a helper function that expands the BootParams template from the boot environment.
func (r *RenderData) CallTemplate(name string, data interface{}) (ret interface{}, err error)
CallTemplate allows for sub-templating like the template function, but allows for function expansion of the arguments unlike the built-in template function.
func (r *RenderData) GenerateInfiniteToken() string
GenerateInfiniteToken generates a token for a specific machine that has a three year timeout. It has the same permissions as the token generated by GenerateToken for a known machine.
func (r *RenderData) GenerateProfileToken(profile string, duration int) string
GenerateProfileToken will generate a token that has access to read and update the specified token for a set duration. If duration is 0, then duration is 2000000000 seconds. This is used for atomic profile operations for cluster management.
func (r *RenderData) GenerateToken() string
GenerateToken will generate a token for a machine within a template. If the machine is not known, a token will be generate with create machine access only with a time limited by the unknownTokenTimeout preference. If the machine is known, a token will be generated with machine update access for the specific machine with a time limited by the knownTokenTimeout preference. The token is granted by the system with and signed with the system grantor secret.
func (r *RenderData) InstallRepos() []*Repo
InstallRepos returns a list of repos for the base install of the current machine bootenv combo. The first repo is the install source. The second repo is the security update repo.
func (r *RenderData) MachineRepos() []*Repo
MachineRepos returns a list of the repos for the specific machine's current state.
func (r *RenderData) Param(key string) (interface{}, error)
Param is a helper function for extracting a parameter from Machine.Params
func (r *RenderData) ParamAsJSON(key string) (string, error)
ParamAsJSON will return the specified parameter as a JSON string or an error.
func (r *RenderData) ParamAsYAML(key string) (string, error)
ParamAsYAML will return the specified parameter as a YAML string or an error.
func (r *RenderData) ParamExists(key string) bool
ParamExists is a helper function for determining the existence of a machine parameter.
func (r *RenderData) ParseUrl(segment, rawUrl string) (string, error)
ParseUrl is a template function that return the section of the specified URL as a string.
func (r *RenderData) ProvisionerAddress() string
ProvisionerAddress returns the IP address to access the Provisioner based upon the requesting IP address.
func (r *RenderData) ProvisionerURL() string
ProvisionerURL returns a URL to access the file server part of the server using the requesting IP address as a basis.
func (r *RenderData) Repos(tags ...string) []*Repo
Repos is a template helper function that returns an array of all the appropriate repos based upon the tag list.
type Repo struct {
Tag string `json:"tag"`
OS []string `json:"os"`
URL string `json:"url"`
PackageType string `json:"packageType"`
RepoType string `json:"repoType"`
InstallSource bool `json:"installSource"`
SecuritySource bool `json:"securitySource"`
Distribution string `json:"distribution"`
BootLoc string `json:"bootloc"`
Components []string `json:"components"`
// contains filtered or unexported fields
}Repo defines the repository structure used for the package-repositories parameter with additional fields to help rendering.
Install returns a string or the encountered error that represents the package repo type specific file snippets for either preseed/kickstarts with parts for either the core install part or updates/additional repos.
JoinedComponents returns the Components array as a single string joined with spaces.
Lines returns an error or the string for inclusion in a configuration file in the package manager specific format based upon the repo definitions.
func (rd *Repo) R() *RenderData
R returns the RenderData for this repo.
Target returns the target os for this Repo.
UrlFor returns a Url for the requested component part of the repo.
RequestTracker tracks a single request to the DataTracker. It represents the closest thing to a transaction that we have.
func (rt *RequestTracker) AllLocked(thunk func(Stores))
AllLocked takes a function that takes the lock stores. In this case, all stores are locked and sent the function. Upon completion, the locks are released. It is assumed that is as lamdba function.
func (rt *RequestTracker) ApiURL(remoteIP net.IP) string
ApiURL is a helper function to return the appropriate URL to access the API based upon the remote IP.
Create takes an object and attempts to save it. saved is true if the object is actually saved. error indicates the actual error including validation errors. A "create" event is generated from this call.
Assumes locks are held if appropriate.
func (rt *RequestTracker) DeleteKeyFor(m models.Model) error
func (rt *RequestTracker) Do(thunk func(Stores))
Do takes a function that takes the lock stores specified when the RequestTracker was created and executes it with the locks taken and then unlocks the locks when complete. It is assumed that is as lamdba function.
func (rt *RequestTracker) FileURL(remoteIP net.IP) string
FileURL is a helper function to return the appropriate URL to access the FileServer based upon the remote IP.
func (rt *RequestTracker) Find(prefix, key string) models.Model
Find uses the find helper routine and returns a clone of the in-memory data store cached object.
FindByIndex uses the provided index and key (for that index) to return the object. The object returned is a clone.
func (rt *RequestTracker) GetParam(obj models.Paramer, key string, aggregate bool, decrypt bool) (interface{}, bool)
func (rt *RequestTracker) GetParams(obj models.Paramer, aggregate bool, decrypt bool) map[string]interface{}
func (rt *RequestTracker) Index(name string) *index.Index
Index returns the index specified by that name. No validation is done on the name.
func (rt *RequestTracker) MachineForMac(mac string) *Machine
MachineForMac looks up a Machine by the specified MAC address.
func (rt *RequestTracker) Patch(obj models.Model, key string, patch jsonpatch2.Patch) (models.Model, error)
Patch takes a partially specified object to define the key space, a key to find the object, and a JSON patch object to apply to the found object. Upon success, the new object is returned. Failure returned in the error field. This will generate an "update" event.
Assumes locks are held as appropriate.
func (rt *RequestTracker) Prefs() map[string]string
Prefs returns the current Prefs in the data tracker.
func (rt *RequestTracker) Publish(prefix, action, key string, ref interface{}) error
Publish takes the components of an Event and notifies the publishers immediately if not locks are in place. Otherwise, the action is delayed until the locks are released.
func (rt *RequestTracker) PublishEvent(e *models.Event) error
PublishEvent records the Event to publish to all publish listeners at after the RequestTracker locks have been released. This allows for Events to be published within a locked transaction without deadlocking the system. If the call is made without locks, the publishers are notified in this call path.
func (rt *RequestTracker) RawFind(prefix, key string) models.Model
RawFind uses the find helper routine and returns the in-memory data store cached object.
Remove takes a complete or partial object and removes the object from the system. removed is true if the object is removed. error indicates the error that caused the remove to fail. A "delete" event is generated from this routine.
Assumes locks are held if appropriate.
Save takes a fully specified object and saves it to the data store and backing index. This will generate a "save" event. The difference between Update and Save is that Update will go through the OnChange callback system. Save will NOT. Both calls will call BeforeSave and AfterSave.
Assumes that locks are held as appropriate.
func (rt *RequestTracker) SealClaims(claims *DrpCustomClaims) (string, error)
SealClaims takes a set of auth claims and signs them to make an Token for authentication purposes.
Update takes a fully specified object and replaces an existing object in the data store assuming the new object is valid. saved is true if the object is saved. error indicates failure. An "update" event is generated from this call.
Assumes locks are held as appropriate.
type Reservation struct {
*models.Reservation
// contains filtered or unexported fields
}Reservation tracks persistent DHCP IP address reservations.
func AsReservation(o models.Model) *Reservation
AsReservation converts a models.Model to a *Reservation.
func AsReservations(o []models.Model) []*Reservation
AsReservations converts a list of models.Model to a list of *Reservation.
func (r *Reservation) BeforeSave() error
BeforeSave validates the object and returns an error if the operation should be aborted.
func (r *Reservation) Indexes() map[string]index.Maker
Indexes returns a map of indexes for Reservation.
func (r *Reservation) Locks(action string) []string
Locks returns a list of prefixes to lock for a specific action.
func (r *Reservation) New() store.KeySaver
New returns an empty Reservation object with the forceChange and RT fields from the calling object as store.KeySaver for use by the data stores.
func (r *Reservation) OnChange(oldThing store.KeySaver) error
OnChange is called by the data stores when a value changes to ensure the change is valid. Errors abort the change.
func (r *Reservation) OnCreate() error
OnCreate is called by the data stores when creating a value. It validates the object relative to others and upon error aborts the create.
func (r *Reservation) OnLoad() error
OnLoad is call by the data store initialize and validate a loaded Reservation.
func (r *Reservation) SaveClean() store.KeySaver
SaveClean interface function to clear validation fields and return object as a store.KeySaver for the data stores.
func (r *Reservation) SetReadOnly(b bool)
SetReadOnly interface function to set the ReadOnly flag.
func (r *Reservation) Validate()
Validate ensures the object is valid. Setting the available and valid flags as appropriate.
Role wraps the Role model to provide backend specific fields for tracking claims and validation.
AsRole converts a models.Model to a *Role.
AsRoles converts a list of models.Model to a list of *Role.
AfterSave clears the cachedClaims after a save operation.
BeforeDelete will abort the Delete operation if the Role is in use by a User.
BeforeSave returns an error if the Role is not Valid. This aborts the save to a data store.
CompiledClaims compiles and caches the claims for this role to accelerate lookups in the future.
Indexes returns a map of valid indexes for Role.
Locks returns a list of prefixes needed to lock for the specific action.
New returns a new empty Role with the RT field from the calling function returned as a store.KeySaver for use by the data stores.
OnLoad initializes and validates the object as it is loaded from the data stores.
SaveClean interface function to clear Validation fields and return the object as a store.KeySaver for the data store.
SetReadOnly interface function to set the ReadOnly flag.
Validate ensures that the Role is valid and available. It sets those flags as appropriate.
Sizer is an interface for things that have Size.
Stage encapsulates tasks we want to run a machine
AsStage converts the models.Model into a *Stage.
AsStages converts the list of models.Model into a list of *Stage.
AfterSave registers new renderers after successful save.
BeforeDelete returns an error if the Stage is in use by a workflow or machine to abort the delete.
BeforeSave returns an error if the Stage is not valid to abort the Save.
HasProfile returns true if the profile name is in the Profiles list.
HasTask returns true if the task name is in the Tasks list.
Indexes returns a map of valid indexes for Stage.
Locks returns a list of prefixes that need to be locked for the specific action.
New returns a new empty Stage with the ForceChange and RT fields of the calling Stage as store.KeySaver for the data store.
OnLoad initializes the Stage when loaded by the data store.
SaveClean interface function to clear validation fields and return a store.KeySaver for use in data stores.
SetReadOnly interface function to set the ReadOnly flag.
Validate ensures that the Stage is valid and available. Setting those flags as appropriate. Profiles, Tasks, and BootEnv are validate for presence. Renderers are updated as appropriate.
dtobjs is an in-memory cache of all the objects we could reference. The implementation of this may need to change from storing a slice of things to a more elaborate datastructure at some point in time. Since that point in time is when the slices are forced out of CPU cache, I am not terribly concerned for now. Until that point is reached, sorting and searching slices is fantastically efficient.
Subnet represents a DHCP Subnet
AsSubnet converts a models.Model into a *Subnet.
AsSubnets converts a list of models.Model into a list of *Subnet.
BeforeSave returns an error if the subnet is not valid. This is used by the store system to avoid saving bad Subnets.
InActiveRange returns true if the IP is inside the subnet's active range, inclusively.
InSubnetRange returns true if the IP is inside the subnet CIDR.
Indexes returns a map of the valid indexes for Subnet.
LeaseTimeFor returns the lease time for the IP in question. The value reflects if the IP in the active range, inside the subnet, or if the subnet is in proxy mode.
Locks will return a list of prefixes needed to lock for a specific action.
New returns a new Subnet with the forceChange and RT fields copied from the calling Subnet.
OnLoad initializes and validates the Subnet when loading from a data store.
SaveClean clears the validation fields and returns the object as a store.KeySaver for use by the backing store.
SetReadOnly is an interface function to set the ReadOnly flag.
Validate ensures that the Subnet has valid values and do NOT overlap with out subnets. This sets the available and valid flags.
Task is a thing that can run on a Machine.
AsTask converts a models.Model to a *Task.
AsTasks converts a list of models.Model to a list of *Task.
BeforeDelete makes sure that the task is not referenced before deleteing.
BeforeSave makes sure the Task is valid and returns an error if not. This is used to abort saving invalid objects.
Indexes returns the valid indexes for a Task.
Locks returns a list of prefixes to lock for a specific action.
New returns an empty new Task with the forceChange and RT fields inherited from the caller.
OnLoad initializes the task when loaded from the backing store.
SaveClean clears validation and returns the object as a KeySaver.
SetReadOnly sets the ReadOnly flag.
Validate tests the validity of Task. Including revalidating referencing stages.
Template represents a template that will be associated with a boot environment.
AsTemplate converts a models.Model into a *Template
AsTemplates converts a list of models.Model into a list of *Template
AfterSave updates referencing objects after a save to the backing store.
BeforeDelete returns an error if this template is still referenced before a delete is done. No error implies can be deleted.
BeforeSave makes sure that the template is valid and returns an error otherwise.
Indexes returns a map of valid indexes for Template
Locks returns the list of objects that need to be locked for the specified action.
New returns a new empty Template with the ForceChange RT fields initialized from the calling object.
OnLoad initializes the Template when loading from backing store.
SaveClean clears the validation fields and returns the object as a KeySaver for use in the backing stores.
SetReadOnly helper function to set ReadOnly
Validate makes sure that the template is valid. It sets the valid and available fields.
Tenant contains the runtime parameters for user manipulation around the models.Tenant object.
AsTenant converts a models.Model into a *Tenant.
AsTenants converts a list of models.Model into a list of *Tenant.
AfterSave cleans up or sets the internal activeTenant fields on users.
BeforeDelete makes sure that the Tenant is empty of users before deleting the tenant.
BeforeSave returns an error if the tenant is not Valid. It is also responsible for validating User membership is valid. todo: Actually validate that all the items the Tenant references still exist.
ExpandedMembers builds a cached map of members of this tenant by prefix.
Indexes returns the valid Indexes on Tenant.
Locks returns a list of prefixes to lock for the specified action.
New returns a new empty Tenant with the RT field from the caller.
OnChange figures out which users need to be updates based upon being added or removed from this Tenant.
OnCreate sets the internal add fields when a new object is created by the user.
OnLoad initializes the Tenant when loaded from the backing store.
SaveClean clears validation fields and returns a KeySaver object for use by the backing store.
Validate makes sure the tenant is valid and available.
User is an API user of DigitalRebar Provision
AsUser converts a models.Model to a User.
AsUsers converts a list of models.Model to a list of *User
AfterDelete cleans up other objects after the data store has removed the User.
BeforeSave validates and sets required fields on the User object before savining.
func (u *User) ChangePassword(rt *RequestTracker, newPass string) error
ChangePassword takes a clear text password, generates a hash, clears the previous secret, and saves the object in the store.
GenClaim generates a *DrpCustomClaims structure from a grantor for a limited time with the desired roles.
Indexes returns a map of indexes for the User model
Locks returns the object lock list for a given action for the User object
New returns a new User object with the RT and forceChange flags from the calling object.
OnLoad initializes and validates the user when loaded from the data store.
The mustSave part was added to handle data migration from pre-Secret days to post-Secret days. This could be removed once we feel that all deploys are past 3.6.0.
SaveClean clears all validation information and returns the user as a KeySaver object
SetReadOnly sets the ReadOnly flag (helper functino)
Tenant returns the owning tenant for this user.
Validate makes sure that User is valid and available.
Workflow is a the backend model wrapper for Workflow. This struct also includes validation helpers.
AsWorkflow cast a models.Model interface to *Workflow (helper function)
AsWorkflows converts a list of models.Model to a list of *Worfklow (helper function)
BeforeSave validates the state of the Workflow. This is used generally before saving but also when an object needs to initialized and validated.
Indexes returns a map of the indexes allowed for Workflow objects.
Locks returns the object lock list for a given action for the Workflow object
New creates a new empty instance of Workflow. The ForceChanged and RT fields are propogated.
OnLoad initializes the Workflow when loaded from the data store.
SaveClean is a helper function to run the model version's ClearValidation function before converting back to an object that can be stored in the backend.
SetReadOnly is a helper function to set the ReadOnly flag.
Validate sets the valid and available flags for the Workflow. This assumes that locks are held as appropriate, if needed.
| Path | Synopsis |
|---|---|
| index |
Package backend imports 47 packages (graph) and is imported by 6 packages. Updated 2018-08-15. Refresh now. Tools for package owners.