base

package
v0.0.0-...-3e6933e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2020 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Copyright 2018 Keydap. All rights reserved. Licensed under the Apache License, Version 2.0, see LICENSE.

Index

Constants

View Source 
const (
	READ_ATTR_OR_NOT_NODE = iota
	READ_OP
	READ_VAL
)
View Source 
const ATTR_DELIM = "."
View Source 
const PERM_CHANGE_ATTRIBUTE string = "CHANGE_ATTRIBUTE"
View Source 
const PERM_CREATE string = "CREATE"
View Source 
const PERM_DELETE string = "DELETE"
View Source 
const PERM_READ string = "READ"
View Source 
const PERM_UPDATE string = "UPDATE"
View Source 
const URI_DELIM = ":"

Variables

View Source 
var (
	TempRedirect      = "307"
	PermRedirect      = "308"
	BadRequest        = "400"
	UnAuthorized      = "401"
	Forbidden         = "403"
	NotFound          = "404"
	Conflict          = "409"
	PreCondFailed     = "412"
	PayloadTooLarge   = "413"
	InternalServerErr = "500"
	NotImplemented    = "501"
)
View Source 
var (
	ST_INVALIDFILTER          = "invalidFilter"
	ST_TOOMANY                = "tooMany"
	ST_UNIQUENESS             = "uniqueness"
	ST_MUTABILITY             = "mutability"
	ST_INVALIDSYNTAX          = "invalidSyntax"
	ST_INVALIDPATH            = "invalidPath"
	ST_NOTARGET               = "noTarget"
	ST_INVALIDVALUE           = "invalidValue"
	ST_INVALIDVERS            = "invalidVers"
	ST_SENSITIVE              = "sensitive"
	ST_PEER_CONNECTION_FAILED = "failed to connect to peer"
)
View Source 
var DEFAULT_PUB_KEY_CRED_PARAMS = []PubKeyCredParam{
	PubKeyCredParam{Type: "public-key", Alg: -7},
	PubKeyCredParam{Type: "public-key", Alg: -35},
	PubKeyCredParam{Type: "public-key", Alg: -36},
	PubKeyCredParam{Type: "public-key", Alg: -37},
}
View Source 
var EMPTY_EV = &EmptyEvaluator{}

Functions

func CheckValueTypeAndConvert 

func CheckValueTypeAndConvert(v reflect.Value, attrType *schema.AttrType) interface{}

func CloneAtParamMap 

func CloneAtParamMap(m map[string]*AttributeParam) map[string]*AttributeParam

func Compare 

func Compare(atType *schema.AttrType, saVal interface{}, otherVal interface{}) bool

func ConvertToParamAttributes 

func ConvertToParamAttributes(attrMap map[string]int, subAtPresent bool) map[string]*AttributeParam

Converts the given list of attributes to AttributeParam and groups the sub-attributes under one parent if applicable. For example if "emails.type,emails.value" are requested then an AttributeParam with name "emails" will be created with two child attributes "type" and "value" This will make filtering the attributes easier

func FixSchemaUris 

func FixSchemaUris(node *FilterNode, rTypes []*schema.ResourceType) error

func GenKeyForSubAtMap 

func GenKeyForSubAtMap(subAtMap map[string]*SimpleAttribute) string

func LoadLdapTemplates 

func LoadLdapTemplates(ldapTmplPath string, rsTypes map[string]*schema.ResourceType) map[string]*schema.LdapEntryTemplate

func LoadResTypes 

func LoadResTypes(rtDirPath string, schemas map[string]*schema.Schema) (rsTypes map[string]*schema.ResourceType, rtPathMap map[string]*schema.ResourceType, err error)

func LoadSchemas 

func LoadSchemas(sDirPath string) (map[string]*schema.Schema, error)

func ParseResPerms 

func ParseResPerms(group *Resource, resTypes map[string]*schema.ResourceType) map[string]*ResourcePermission

func ParseSubAtList 

func ParseSubAtList(v interface{}, attrType *schema.AttrType) (subAtMap map[string]*SimpleAttribute, primary bool)

func RandStr 

func RandStr() string

func SplitAttrCsv 

func SplitAttrCsv(csv string, rTypes ...*schema.ResourceType) (attrMap map[string]int, subAtPresent bool)

func StripQuotes 

func StripQuotes(token string) string

func ToCsn 

func ToCsn(t time.Time, changeCount uint32, serverId uint16, modCount uint32) string

Types

type AndEvaluator 

type AndEvaluator struct {
	// contains filtered or unexported fields
}

func (*AndEvaluator) Evaluate 

func (and *AndEvaluator) Evaluate(rs *Resource) bool

type AndSelector 

type AndSelector struct {
	// contains filtered or unexported fields
}

func (*AndSelector) Find 

func (and *AndSelector) Find(ca *ComplexAttribute) []string

type ArithmeticEvaluator 

type ArithmeticEvaluator struct {
	// contains filtered or unexported fields
}

func (*ArithmeticEvaluator) Evaluate 

func (ar *ArithmeticEvaluator) Evaluate(rs *Resource) bool

type ArithmeticSelector 

type ArithmeticSelector struct {
	// contains filtered or unexported fields
}

func (*ArithmeticSelector) Find 

func (ar *ArithmeticSelector) Find(ca *ComplexAttribute) []string

type AtGroup 

type AtGroup struct {
	SimpleAts  map[string]*SimpleAttribute
	ComplexAts map[string]*ComplexAttribute
}

func NewAtGroup 

func NewAtGroup() *AtGroup

func (*AtGroup) ToMap 

func (atg *AtGroup) ToMap() map[string]interface{}

type Attribute 

type Attribute interface {
	IsSimple() bool
	GetSimpleAt() *SimpleAttribute
	GetComplexAt() *ComplexAttribute
	GetType() *schema.AttrType
}

type AttributeParam 

type AttributeParam struct {
	Name     string
	SchemaId string
	SubAts   map[string]string // simplifies searching and eliminates iteration while filtering denied attributes
}

type AuditEvent 

type AuditEvent struct {
	Id         string // CSN of the event
	Uri        string // URI of the endpoint
	ActorId    string // user's ID, can be null
	ActorName  string // user's name, can be null
	Operation  string // operation
	StatusCode int    // http status code
	Desc       string // description of the error
	IpAddress  string // ip address from where the related request was sent
	Payload    string // payload used for performing operation
}

type AuthData 

type AuthData struct {
	TotpSecret  string
	TotpCodes   map[string]bool
	LastSLogin  time.Time
	LastFLogin  time.Time
	FLoginCount int
	Skeys       map[string]*SecurityKey
	WebauthnId  string // a special unique identifier that links user on the authenticator
}

struct holding TFA credentials and details about last successful and failed login attempts

type AuthRequest 

type AuthRequest struct {
	Username string `json:"username"`
	Domain   string `json:"domain"`
	Password string `json:"password"`
	ClientIP string `json:"-"`
	FromLdap bool   `json:"-"`
}

type AuthenticatorData 

type AuthenticatorData struct {
	RpIdHash     []byte
	Flags        byte
	SignCount    uint32
	AAGUID       string
	CredentialId string
	PubKeyCOSE   map[int]interface{}
	Extensions   map[int]interface{}
	RawData      []byte
}

type ChangePasswordContext 

type ChangePasswordContext struct {
	Rid         string
	NewPassword string
	HashAlgo    string
	Res         *Resource
	*OpContext  // the operation context
}

type ChangePasswordRequest 

type ChangePasswordRequest struct {
	Rid      string
	Password string
	ClientIP string
	FromLdap bool
}

type CollectedClientData 

type CollectedClientData struct {
	Type             string                 `json:"type"`
	Challenge        string                 `json:"challenge"`
	Origin           string                 `json:"origin"`
	HashAlgorithm    string                 `json:"hashAlgorithm"`
	TokenBinding     TokenBinding           `json:"tokenBinding"`
	ClientExtensions map[string]interface{} `codec:"clientExtensions"`
	RawBytes         []byte
}

type ComplexAttribute 

type ComplexAttribute struct {
	Name string
	// The SubAts can grow to a large size especially in
	// the resources of type Group. For example "members" attribute
	// may hold references to millions of users.
	// A map is the ideal choice instead of a slice. Resizing the map
	// is cheaper than resizing a slice
	// The key is a random string generated using RandStr() method
	SubAts map[string]map[string]*SimpleAttribute // it can hold a list(but held in a map) of simple sub attributes
	// contains filtered or unexported fields
}

func NewComplexAt 

func NewComplexAt(atType *schema.AttrType) *ComplexAttribute

func ParseComplexAttr 

func ParseComplexAttr(attrType *schema.AttrType, iVal interface{}) *ComplexAttribute

func (*ComplexAttribute) AddSubAts 

func (ca *ComplexAttribute) AddSubAts(subAtMap map[string]interface{})

func (*ComplexAttribute) GetComplexAt 

func (ca *ComplexAttribute) GetComplexAt() *ComplexAttribute

func (*ComplexAttribute) GetFirstSubAt 

func (ca *ComplexAttribute) GetFirstSubAt() map[string]*SimpleAttribute

func (*ComplexAttribute) GetFirstSubAtAndKey 

func (ca *ComplexAttribute) GetFirstSubAtAndKey() (subAtMap map[string]*SimpleAttribute, key string)

func (*ComplexAttribute) GetSimpleAt 

func (ca *ComplexAttribute) GetSimpleAt() *SimpleAttribute

func (*ComplexAttribute) GetType 

func (ca *ComplexAttribute) GetType() *schema.AttrType

func (*ComplexAttribute) GetValue 

func (ca *ComplexAttribute) GetValue(subAtName string) interface{}

func (*ComplexAttribute) HasPrimarySet 

func (ca *ComplexAttribute) HasPrimarySet() bool

func (*ComplexAttribute) HasValue 

func (ca *ComplexAttribute) HasValue(val interface{}) bool

func (*ComplexAttribute) IsSimple 

func (ca *ComplexAttribute) IsSimple() bool

func (*ComplexAttribute) UnsetPrimaryFlag 

func (ca *ComplexAttribute) UnsetPrimaryFlag()

type CreateContext 

type CreateContext struct {
	Repl       bool // adding here instead of in OpContext so that creation of OpContext can be avoided
	InRes      *Resource
	*OpContext // the operation context
}

func (*CreateContext) AllowOp 

func (cc *CreateContext) AllowOp() bool

type Csn 

type Csn interface {
	TimeMillis() int64

	ChangeCount() uint32

	ReplicaId() uint16

	ModificationCount() uint32

	String() string

	// String value of date and time in RFC3339 format
	DateTime() string
}

Interface representing a CSN

type CsnGenerator 

type CsnGenerator struct {
	// contains filtered or unexported fields
}

func NewCsnGenerator 

func NewCsnGenerator(replicaId uint16) *CsnGenerator

func (*CsnGenerator) NewCsn 

func (cg *CsnGenerator) NewCsn() Csn

type DeleteContext 

type DeleteContext struct {
	Rid        string
	Repl       bool
	Rt         *schema.ResourceType
	DeleteCsn  string // a new CSN generated during delete operation, this helps in ordering replication event
	*OpContext        // the operation context
}

func (*DeleteContext) EvalDelete 

func (dc *DeleteContext) EvalDelete(res *Resource) bool

func (*DeleteContext) GetDecision 

func (dc *DeleteContext) GetDecision() OpDecision

type EmptyEvaluator 

type EmptyEvaluator struct {
}

func (*EmptyEvaluator) Evaluate 

func (empty *EmptyEvaluator) Evaluate(rs *Resource) bool

type Evaluator 

type Evaluator interface {
	Evaluate(rs *Resource) bool
}

func BuildEvaluator 

func BuildEvaluator(node *FilterNode) Evaluator

type FilterNode 

type FilterNode struct {
	Op   string
	Name string

	Value     string
	NormValue interface{}
	NvBytes   []byte // the norm value in bytes
	Children  []*FilterNode
	Count     int64 // the number of possible entries this node might evaluate
	// contains filtered or unexported fields
}

A structure representing a filter expression

func ParseFilter 

func ParseFilter(filter string) (expr *FilterNode, err error)

func (*FilterNode) Clone 

func (fn *FilterNode) Clone() *FilterNode

func (*FilterNode) GetAtType 

func (fn *FilterNode) GetAtType() *schema.AttrType

func (*FilterNode) SetAtType 

func (fn *FilterNode) SetAtType(atType *schema.AttrType)

func (*FilterNode) String 

func (fn *FilterNode) String() string

type GetContext 

type GetContext struct {
	Rid            string
	Username       string
	Rt             *schema.ResourceType
	ParamAttrs     string
	ParamExclAttrs string
	*OpContext     // the operation context
}

func (*GetContext) AllowRead 

func (gc *GetContext) AllowRead(res *Resource) bool

func (*GetContext) GetDecision 

func (gc *GetContext) GetDecision() OpDecision

type Interceptor 

type Interceptor interface {
	PreCreate(crCtx *CreateContext) error
	PostCreate(crCtx *CreateContext)

	PrePatch(patchCtx *PatchContext) error
	PostPatch(patchCtx *PatchContext)

	PreDelete(delCtx *DeleteContext) error
	PostDelete(delCtx *DeleteContext)

	PreReplace(replaceCtx *ReplaceContext) error
	PostReplace(replaceCtx *ReplaceContext)
}

type ListResponse 

type ListResponse struct {
	TotalResults int64
	Resources    []*Resource
	StartIndex   int64
	ItemsPerPage int
}

type LoginResult 

type LoginResult struct {
	User   *Resource // user is non-nil only if the authentication is successful
	Id     string    // user resource's ID will always be present unless the user is not found
	Status LoginStatus
}

type LoginStatus 

type LoginStatus int
const (
	LOGIN_BEGIN LoginStatus = iota // default is set to before login state
	LOGIN_USER_NOT_FOUND
	LOGIN_ACCOUNT_NOT_ACTIVE
	LOGIN_NO_PASSWORD
	LOGIN_FAILED
	LOGIN_TFA_REQUIRED
	LOGIN_TFA_REGISTER
	LOGIN_CHANGE_PASSWORD
	LOGIN_SUCCESS
)

type ModifyGroupsOfUserRequest 

type ModifyGroupsOfUserRequest struct {
	UserRid     string   `json:"userrid"`    // user resource's ID
	AddGids     []string `json:"addgids"`    // list of group resources' IDs
	RemoveGids  []string `json:"removegids"` // list of group resources' IDs
	UserVersion string
	*OpContext
}

func (ModifyGroupsOfUserRequest) AllowOp 

func (auth ModifyGroupsOfUserRequest) AllowOp(res *Resource) bool

only checks for permissions on User resourcetype even though the associated operation updates groups as well

type MultiSubAttribute 

type MultiSubAttribute struct {
	SimpleAts []*SimpleAttribute
}

type NotEvaluator 

type NotEvaluator struct {
	// contains filtered or unexported fields
}

func (*NotEvaluator) Evaluate 

func (not *NotEvaluator) Evaluate(rs *Resource) bool

type NotSelector 

type NotSelector struct {
	// contains filtered or unexported fields
}

func (*NotSelector) Find 

func (not *NotSelector) Find(ca *ComplexAttribute) []string

type OpContext 

type OpContext struct {
	Session        *RbacSession
	Sso            bool
	UpdatedSession bool
	ClientIP       string
	Endpoint       string
}

type OpDecision 

type OpDecision struct {
	Allow            bool
	Deny             bool
	EvalWithoutFetch bool
	EvalFilter       bool
}

type OrEvaluator 

type OrEvaluator struct {
	// contains filtered or unexported fields
}

func (*OrEvaluator) Evaluate 

func (or *OrEvaluator) Evaluate(rs *Resource) bool

type OrSelector 

type OrSelector struct {
	// contains filtered or unexported fields
}

func (*OrSelector) Find 

func (or *OrSelector) Find(ca *ComplexAttribute) []string

type ParsedPath 

type ParsedPath struct {
	ParentType     *schema.AttrType // name of the sub-attribute's parent
	AtType         *schema.AttrType // name of the (sub-)attribute
	Schema         string           // the schema of the attribute
	Slctr          Selector         // the selection filter present in the path
	Text           string
	IsExtContainer bool
}

func ParsePath 

func ParsePath(path string, rt *schema.ResourceType) (pp *ParsedPath, err error)

func (*ParsedPath) FQAName 

func (pp *ParsedPath) FQAName() string

type PatchContext 

type PatchContext struct {
	Repl        bool
	ReplVersion string // to be used only by a replication event
	Rid         string
	Pr          *PatchReq
	Rt          *schema.ResourceType
	Res         *Resource
	*OpContext  // the operation context
}

func (*PatchContext) EvalPatch 

func (pc *PatchContext) EvalPatch(res *Resource) bool

func (*PatchContext) GetDecision 

func (pc *PatchContext) GetDecision() OpDecision

type PatchOp 

type PatchOp struct {
	Index      int
	Op         string
	Path       string
	ParsedPath *ParsedPath
	Value      interface{}
}

type PatchReq 

type PatchReq struct {
	Schemas    []string
	IfMatch    string
	Operations []*PatchOp
	RawReq     []byte // the raw request that gets sent for replication
}

func NewPatchReq 

func NewPatchReq() *PatchReq

func ParsePatchReq 

func ParsePatchReq(body io.Reader, rt *schema.ResourceType) (*PatchReq, error)

type Permission 

type Permission struct {
	Name          string                     `json:"-"`
	Filter        *FilterNode                `json:"-"`
	OnAnyResource bool                       `json:"onAnyRes"`
	AllowAttrs    map[string]*AttributeParam `json:"-"`
	AllowAll      bool                       `json:"allowAll"`
	// contains filtered or unexported fields
}

func (*Permission) Clone 

func (p *Permission) Clone() *Permission

func (*Permission) EvalFilter 

func (p *Permission) EvalFilter(rs *Resource) bool

type PresenceEvaluator 

type PresenceEvaluator struct {
	// contains filtered or unexported fields
}

func (*PresenceEvaluator) Evaluate 

func (pr *PresenceEvaluator) Evaluate(rs *Resource) bool

type PresenceSelector 

type PresenceSelector struct {
	// contains filtered or unexported fields
}

func (*PresenceSelector) Find 

func (pr *PresenceSelector) Find(ca *ComplexAttribute) []string

type PubKeyCredParam 

type PubKeyCredParam struct {
	Type string `json:"type"`
	Alg  int    `json:"alg"`
}

type PublicKeyCredentialCreationOptions 

type PublicKeyCredentialCreationOptions struct {
	Attestation        string                          `json:"attestation"`
	Challenge          string                          `json:"challenge"`
	RpId               string                          `json:"rpId"`
	RpName             string                          `json:"rpName"`
	UserId             string                          `json:"userId"`
	UserName           string                          `json:"userName"`
	UserDisplayName    string                          `json:"userDisplayName"`
	Timeout            uint64                          `json:"timeout"`
	ExcludeCredentials []PublicKeyCredentialDescriptor `json:"excludeCredentials"`
	PubKeyCredParams   []PubKeyCredParam               `json:"pubKeyCredParams"`
}

type PublicKeyCredentialDescriptor 

type PublicKeyCredentialDescriptor struct {
	Type       string `json:"type,omitempty"`
	Id         string `json:"id,omitempty"`
	Transports string `json:"transports,omitempty"`
}

type PublicKeyCredentialRequestOptions 

type PublicKeyCredentialRequestOptions struct {
	Challenge        string   `json:"challenge"`
	RpId             string   `json:"rpId"`
	Timeout          uint64   `json:"timeout"`
	CredIds          []string `json:"credIds"`
	UserVerification string   `json:"userVerification"`
}

type RbacSession 

type RbacSession struct {
	Roles     map[string]string              `json:"roles"`
	EffPerms  map[string]*ResourcePermission `json:"-"`
	Domain    string                         `json:"iss"`
	Sub       string                         `json:"sub"`
	Exp       int64                          `json:"exp"`
	Iat       int64                          `json:"iat"`
	Jti       string                         `json:"jti"`
	Ito       string                         `json:"ito"` // The ID of the oAuth client to who this JWT was sent to
	Apps      map[string]SamlAppSession      `json:"-"`   // a map of application SAML issuer IDs and their SessionIndexes
	Username  string                         `json:"-"`
	LastAccAt int64                          `json:"-"` // time when this session was last accessed

}

func (*RbacSession) IsExpired 

func (session *RbacSession) IsExpired() bool

func (*RbacSession) ToJwt 

func (session *RbacSession) ToJwt(key crypto.PrivateKey) string

func (*RbacSession) Valid 

func (session *RbacSession) Valid() error

Implementing Valid() makes RbacSession a valid Claims instance

type RbacUser 

type RbacUser struct {
	Rid   string
	Roles map[string]string // <roleID, displayName> key-value pairs
}

type ReplaceContext 

type ReplaceContext struct {
	InRes       *Resource
	IfMatch     string
	Rt          *schema.ResourceType
	Res         *Resource // the resource after replacing
	Repl        bool
	Cloning     bool
	ReplVersion string
	*OpContext  // the operation context
}

func (*ReplaceContext) AllowOp 

func (rc *ReplaceContext) AllowOp() bool

type Resource 

type Resource struct {
	TypeName string // resourcetype's name
	Core     *AtGroup
	Ext      map[string]*AtGroup
	AuthData *AuthData // only non-nil for User resource rest of all resources contain nil values
	// contains filtered or unexported fields
}

func NewResource 

func NewResource(rt *schema.ResourceType) *Resource

func ParseResource 

func ParseResource(resTypes map[string]*schema.ResourceType, sm map[string]*schema.Schema, body io.Reader) (*Resource, error)

func ToResource 

func ToResource(rt *schema.ResourceType, sm map[string]*schema.Schema, obj map[string]interface{}) (rs *Resource, err error)

func (*Resource) AddCA 

func (rs *Resource) AddCA(name string, val ...map[string]interface{}) (err error)

func (*Resource) AddComplexAt 

func (rs *Resource) AddComplexAt(ca *ComplexAttribute)

func (*Resource) AddMeta 

func (rs *Resource) AddMeta(csn Csn) *ComplexAttribute

func (*Resource) AddSA 

func (rs *Resource) AddSA(name string, val ...interface{}) error

func (*Resource) AddSimpleAt 

func (rs *Resource) AddSimpleAt(sa *SimpleAttribute)

func (*Resource) CheckMissingRequiredAts 

func (rs *Resource) CheckMissingRequiredAts() error

func (*Resource) DeleteAttr 

func (rs *Resource) DeleteAttr(attrPath string) Attribute

func (*Resource) Equals 

func (res *Resource) Equals(other *Resource) bool

func (*Resource) FilterAndSerialize 

func (rs *Resource) FilterAndSerialize(attrs map[string]*AttributeParam, include bool) []byte

func (*Resource) GetAttr 

func (rs *Resource) GetAttr(attrPath string) Attribute

func (*Resource) GetExternalId 

func (rs *Resource) GetExternalId() *string

func (*Resource) GetId 

func (rs *Resource) GetId() string

func (*Resource) GetMeta 

func (rs *Resource) GetMeta() *ComplexAttribute

func (*Resource) GetType 

func (rs *Resource) GetType() *schema.ResourceType

func (*Resource) GetVersion 

func (rs *Resource) GetVersion() string

func (*Resource) HasMember 

func (rs *Resource) HasMember(userOrSubGid string) bool

func (*Resource) IsMemberOf 

func (rs *Resource) IsMemberOf(gid string) bool

func (*Resource) IsTfaEnabled 

func (res *Resource) IsTfaEnabled() bool

func (*Resource) IsTfaSetupComplete 

func (res *Resource) IsTfaSetupComplete() bool

func (*Resource) RemoveMember 

func (group *Resource) RemoveMember(uid string) bool

func (*Resource) RemoveMemberOf 

func (user *Resource) RemoveMemberOf(gid string) bool

func (*Resource) RemoveReadOnlyAt 

func (rs *Resource) RemoveReadOnlyAt()

func (*Resource) Serialize 

func (rs *Resource) Serialize() []byte

func (*Resource) SetId 

func (rs *Resource) SetId(id string)

func (*Resource) SetSchema 

func (rs *Resource) SetSchema(rt *schema.ResourceType)

func (*Resource) ToJSON 

func (rs *Resource) ToJSON() string

func (*Resource) ToJsonObject 

func (rs *Resource) ToJsonObject(attrs map[string]*AttributeParam) map[string]interface{}

func (*Resource) UpdateLastModTime 

func (rs *Resource) UpdateLastModTime(csn Csn)

func (*Resource) UpdateSchemas 

func (rs *Resource) UpdateSchemas()

type ResourcePermission 

type ResourcePermission struct {
	RType     *schema.ResourceType
	ReadPerm  *Permission
	WritePerm *Permission
}

func (*ResourcePermission) MarshalJSON 

func (rp *ResourcePermission) MarshalJSON() ([]byte, error)

type Role 

type Role struct {
	Id    string
	Name  string
	Perms map[string]*ResourcePermission
}

type SamlAppSession 

type SamlAppSession struct {
	SessionIndex string
	NameID       string
	NameIDFormat string
}

type ScimError 

type ScimError struct {
	Schemas  []string `json:"schemas"`
	ScimType string   `json:"scimType"`
	Detail   string   `json:"detail"`
	Status   string   `json:"status"`
	// contains filtered or unexported fields
}

func NewBadRequestError 

func NewBadRequestError(detail string) *ScimError

func NewConflictError 

func NewConflictError(detail string) *ScimError

func NewError 

func NewError() *ScimError

func NewForbiddenError 

func NewForbiddenError(detail string) *ScimError

func NewFromHttpResp 

func NewFromHttpResp(resp *http.Response) *ScimError

func NewInternalserverError 

func NewInternalserverError(detail string) *ScimError

func NewNotFoundError 

func NewNotFoundError(detail string) *ScimError

func NewPeerConnectionFailed 

func NewPeerConnectionFailed(detail string) *ScimError

func NewPreCondError 

func NewPreCondError(detail string) *ScimError

func NewToomanyResults 

func NewToomanyResults(detail string) *ScimError

func NewUnAuthorizedError 

func NewUnAuthorizedError(detail string) *ScimError

func (ScimError) Code 

func (se ScimError) Code() int

func (*ScimError) Error 

func (se *ScimError) Error() string

func (*ScimError) Serialize 

func (se *ScimError) Serialize() []byte

type SearchContext 

type SearchContext struct {
	MaxResults int                    // the maximum number of results returned for a search request
	Filter     *FilterNode            // the search filter
	ResTypes   []*schema.ResourceType // the resource types
	Attrs      []string               // attributes to sent
	RawReq     *SearchRequest
	*OpContext // the operation context
}

func (*SearchContext) CanDenyOp 

func (sc *SearchContext) CanDenyOp() (bool, *FilterNode)

type SearchRequest 

type SearchRequest struct {
	Schemas            []string `json:"schemas"`
	Attributes         string   `json:"attributes,omitempty"`
	ExcludedAttributes string   `json:"excludedAttributes,omitempty"`
	Filter             string   `json:"filter"`
	SortBy             string   `json:"sortBy,omitempty"`
	SortOrder          string   `json:"sortOrder,omitempty"`
	StartIndex         int      `json:"startIndex,omitempty"`
	Count              int      `json:"count,omitempty"`
}

https://tools.ietf.org/html/rfc7644#section-3.4.3

func NewSearchRequest 

func NewSearchRequest(filter string, attrs string, include bool) *SearchRequest

type SecurityKey 

type SecurityKey struct {
	DeviceId       string              `json:"deviceId"`     // AAGUID
	CredentialId   string              `json:"credentialId"` // the unique ID of this credential
	Fmt            string              `json:"fmt"`
	SignCount      uint32              `json:"-"`
	PubKeyCOSE     map[int]interface{} `json:"-"`
	RegisteredDate int64               `json:"registeredDate"`
	LastUsedDate   int64               `json:"lastUsedDate"`
}

type Selector 

type Selector interface {
	Find(ca *ComplexAttribute) []string
}

type SimpleAttribute 

type SimpleAttribute struct {
	Name   string
	Values []interface{}
	// contains filtered or unexported fields
}

Name will always be stored in lowercase in all Attributes, to get the original user provided name, refer to the Name field of AttrType

func NewSimpleAt 

func NewSimpleAt(atType *schema.AttrType, vals ...interface{}) *SimpleAttribute

func ParseSimpleAttr 

func ParseSimpleAttr(attrType *schema.AttrType, iVal interface{}) *SimpleAttribute

func (*SimpleAttribute) Equals 

func (sa *SimpleAttribute) Equals(other *SimpleAttribute) bool

func (*SimpleAttribute) GetComplexAt 

func (sa *SimpleAttribute) GetComplexAt() *ComplexAttribute

func (*SimpleAttribute) GetSimpleAt 

func (sa *SimpleAttribute) GetSimpleAt() *SimpleAttribute

func (*SimpleAttribute) GetStringVal 

func (sa *SimpleAttribute) GetStringVal() string

returns the first string value no type conversion is performed so this call will only work if the values are of type string

func (*SimpleAttribute) GetType 

func (sa *SimpleAttribute) GetType() *schema.AttrType

func (*SimpleAttribute) IsSimple 

func (sa *SimpleAttribute) IsSimple() bool

type SsoAttr 

type SsoAttr struct {
	Name     string
	NormName string
	Format   string // only applicable to SAML attributes
	ScimExpr string

	StaticVal           string
	StaticMultiValDelim string
	Value               interface{} // only used when executing SAML attribute's template
	// contains filtered or unexported fields
}

func (*SsoAttr) GetValueFrom 

func (ssoAt *SsoAttr) GetValueFrom(res *Resource) interface{}

func (*SsoAttr) GetValueInto 

func (ssoAt *SsoAttr) GetValueInto(res *Resource, container map[string]interface{})

type TokenBinding 

type TokenBinding struct {
	Status string `json:"status"`
	Id     string `json:"id"`
}

type VerifyOtpRequest 

type VerifyOtpRequest struct {
	Rid      string
	Otp      string
	ClientIP string
	FromLdap bool
}

type WebauthnResponse 

type WebauthnResponse struct {
	ClientData CollectedClientData
	AuthData   AuthenticatorData
	AttStmt    map[string]interface{}
	Fmt        string
	Signature  []byte
	UserHandle string // the handle that authenticator returns, can be null. This field is unused at the moment

	// sparrow specific internal fields
	ResId string // user resource's ID
	PrId  string // domaincode of provider
	CTime int64  // the time at which challenge was created
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.