Documentation ¶
Index ¶
Constants ¶
View Source
const ( DefaultConfigFieldAccessTokenMaxTTL = 7 * 24 * time.Hour DefaultConfigFieldAccessTokenRotate = DefaultAutoRotateBeforeMinTTL DefaultRoleFieldAccessTokenMaxTTL = 24 * time.Hour DefaultAccessTokenMinTTL = 24 * time.Hour DefaultAccessTokenMaxPossibleTTL = 365 * 24 * time.Hour DefaultAutoRotateBeforeMinTTL = 24 * time.Hour DefaultAutoRotateBeforeMaxTTL = 730 * time.Hour )
View Source
const ( AccessLevelNoPermissions = AccessLevel("no_permissions") AccessLevelMinimalAccessPermissions = AccessLevel("minimal_access") AccessLevelGuestPermissions = AccessLevel("guest") AccessLevelReporterPermissions = AccessLevel("reporter") AccessLevelDeveloperPermissions = AccessLevel("developer") AccessLevelMaintainerPermissions = AccessLevel("maintainer") AccessLevelOwnerPermissions = AccessLevel("owner") AccessLevelUnknown = AccessLevel("") )
View Source
const ( // TokenScopeApi grants complete read and write access to the scoped group and related project API, including the Package Registry TokenScopeApi = TokenScope("api") // TokenScopeReadApi grants read access to the scoped group and related project API, including the Package Registry TokenScopeReadApi = TokenScope("read_api") // TokenScopeReadRegistry grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required. TokenScopeReadRegistry = TokenScope("read_registry") // TokenScopeWriteRegistry grants write access (push) to the Container Registry. TokenScopeWriteRegistry = TokenScope("write_registry") // TokenScopeReadRepository grants read access (pull) to the Container Registry images if any project within expected group is private and authorization is required TokenScopeReadRepository = TokenScope("read_repository") // TokenScopeWriteRepository grants read and write access (pull and push) to all repositories within expected group TokenScopeWriteRepository = TokenScope("write_repository") // TokenScopeCreateRunner grants permission to create runners in expected group TokenScopeCreateRunner = TokenScope("create_runner") // TokenScopeReadUser grants read-only access to the authenticated user’s profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. TokenScopeReadUser = TokenScope("read_user") // TokenScopeSudo grants permission to perform API actions as any user in the system, when authenticated as an administrator. TokenScopeSudo = TokenScope("sudo") // TokenScopeAdminMode grants permission to perform API actions as an administrator, when Admin Mode is enabled. TokenScopeAdminMode = TokenScope("admin_mode") TokenScopeUnknown = TokenScope("") )
View Source
const ( TokenTypePersonal = TokenType("personal") TokenTypeProject = TokenType("project") TokenTypeGroup = TokenType("group") TokenTypeUnknown = TokenType("") )
View Source
const (
PathConfigStorage = "config"
)
View Source
const (
PathRoleStorage = "roles"
)
View Source
const (
PathTokenRoleStorage = "token"
)
Variables ¶
View Source
var ( ErrNilValue = errors.New("nil value") ErrInvalidValue = errors.New("invalid value") ErrFieldRequired = errors.New("required field") ErrFieldInvalidValue = errors.New("invalid value for field") ErrBackendNotConfigured = errors.New("backend not configured") )
View Source
var ( ErrAccessTokenNotFound = errors.New("access token not found") ErrRoleNotFound = errors.New("role not found") )
View Source
var ( ErrUnknownAccessLevel = errors.New("unknown access level") ValidAccessLevels = []string{ AccessLevelNoPermissions.String(), AccessLevelMinimalAccessPermissions.String(), AccessLevelGuestPermissions.String(), AccessLevelReporterPermissions.String(), AccessLevelDeveloperPermissions.String(), AccessLevelMaintainerPermissions.String(), AccessLevelOwnerPermissions.String(), } ValidPersonalAccessLevels = []string{ AccessLevelUnknown.String(), } ValidProjectAccessLevels = []string{ AccessLevelGuestPermissions.String(), AccessLevelReporterPermissions.String(), AccessLevelDeveloperPermissions.String(), AccessLevelMaintainerPermissions.String(), AccessLevelOwnerPermissions.String(), } ValidGroupAccessLevels = []string{ AccessLevelGuestPermissions.String(), AccessLevelReporterPermissions.String(), AccessLevelDeveloperPermissions.String(), AccessLevelMaintainerPermissions.String(), AccessLevelOwnerPermissions.String(), } )
View Source
var ( ErrUnknownTokenScope = errors.New("unknown token scope") ValidGroupTokenScopes = validTokenScopes ValidProjectTokenScopes = validTokenScopes ValidPersonalTokenScopes = []string{ TokenScopeReadUser.String(), TokenScopeSudo.String(), TokenScopeAdminMode.String(), } )
View Source
var BuildDate string
View Source
var (
ErrUnknownTokenType = errors.New("unknown token type")
)
View Source
var FullCommit string
View Source
var Version string = "v0.0.0-dev"
Functions ¶
Types ¶
type AccessLevel ¶
type AccessLevel string
func AccessLevelParse ¶
func AccessLevelParse(value string) (AccessLevel, error)
func (AccessLevel) String ¶
func (i AccessLevel) String() string
func (AccessLevel) Value ¶
func (i AccessLevel) Value() int
type Backend ¶
func (*Backend) Invalidate ¶
Invalidate invalidates the key if required
type Client ¶
type Client interface { Valid() bool CurrentTokenInfo() (*EntryToken, error) RotateCurrentToken(revokeOldToken bool) (newToken *EntryToken, oldToken *EntryToken, err error) CreatePersonalAccessToken(username string, userId int, name string, expiresAt time.Time, scopes []string) (*EntryToken, error) CreateGroupAccessToken(groupId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (*EntryToken, error) CreateProjectAccessToken(projectId string, name string, expiresAt time.Time, scopes []string, accessLevel AccessLevel) (*EntryToken, error) RevokePersonalAccessToken(tokenId int) error RevokeProjectAccessToken(tokenId int, projectId string) error RevokeGroupAccessToken(tokenId int, groupId string) error GetUserIdByUsername(username string) (int, error) }
func NewGitlabClient ¶
func NewGitlabClient(config *EntryConfig, httpClient *http.Client) (client Client, err error)
type EntryConfig ¶ added in v0.2.0
type EntryConfig struct { TokenId int `json:"token_id" yaml:"token_id" mapstructure:"token_id"` BaseURL string `json:"base_url" structs:"base_url" mapstructure:"base_url"` Token string `json:"token" structs:"token" mapstructure:"token"` AutoRotateToken bool `json:"auto_rotate_token" structs:"auto_rotate_token" mapstructure:"auto_rotate_token"` AutoRotateBefore time.Duration `json:"auto_rotate_before" structs:"auto_rotate_before" mapstructure:"auto_rotate_before"` TokenExpiresAt time.Time `json:"token_expires_at" structs:"token_expires_at" mapstructure:"token_expires_at"` RevokeAutoRotatedToken bool `json:"revoke_auto_rotated_token" structs:"revoke_auto_rotated_token" mapstructure:"revoke_auto_rotated_token"` }
func (EntryConfig) LogicalResponseData ¶ added in v0.2.0
func (e EntryConfig) LogicalResponseData() map[string]any
type EntryToken ¶
type EntryToken struct { TokenID int `json:"token_id"` UserID int `json:"user_id"` ParentID string `json:"parent_id"` Path string `json:"path"` Name string `json:"name"` Token string `json:"token"` TokenType TokenType `json:"token_type"` CreatedAt *time.Time `json:"created_at"` ExpiresAt *time.Time `json:"expires_at"` Scopes []string `json:"scopes"` AccessLevel AccessLevel `json:"access_level"` // not used for personal access tokens RoleName string `json:"role_name"` GitlabRevokesToken bool `json:"gitlab_revokes_token"` }
func (EntryToken) SecretResponse ¶
func (e EntryToken) SecretResponse() (map[string]any, map[string]any)
type TokenScope ¶
type TokenScope string
func TokenScopeParse ¶
func TokenScopeParse(value string) (TokenScope, error)
func (TokenScope) String ¶
func (i TokenScope) String() string
func (TokenScope) Value ¶
func (i TokenScope) Value() string
Source Files ¶
Click to show internal directories.
Click to hide internal directories.