authorization

package

v0.0.0-...-d4d4b81 Latest Latest Go to latest Published: Mar 7, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/litmuschaos/litmus

Documentation ¶

Index ¶

Constants
Variables
func GetUsername(token string) (string, error)
func IsRevokedToken(tokenString string, mongoClient *mongo.Client) bool
func Middleware(handler http.Handler, mongoClient *mongo.Client) gin.HandlerFunc
func RestMiddlewareWithRole(handler gin.HandlerFunc, mongoClient *mongo.Client, roles []string) gin.HandlerFunc
func UserValidateJWT(token string) (jwt.MapClaims, error)
func ValidateRole(ctx context.Context, projectID string, requiredRoles []string, ...) error
type RoleQuery

Constants ¶

View Source

const (
	AuthKey    = contextKey("authorization")
	UserClaim  = contextKey("user-claims")
	CookieName = "litmus-cc-token"
)

Variables ¶

View Source

var MutationRbacRules = map[RoleQuery][]string{
	UserClusterReg:         {MemberRoleOwnerString, MemberRoleEditorString},
	CreateChaosWorkFlow:    {MemberRoleOwnerString, MemberRoleEditorString},
	ReRunChaosWorkFlow:     {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteChaosWorkflow:    {MemberRoleOwnerString, MemberRoleEditorString},
	TerminateChaosWorkflow: {MemberRoleOwnerString, MemberRoleEditorString},
	SyncWorkflow:           {MemberRoleOwnerString, MemberRoleEditorString},
	SendInvitation:         {MemberRoleOwnerString},
	AcceptInvitation:       {MemberRoleViewerString, MemberRoleEditorString},
	DeclineInvitation:      {MemberRoleViewerString, MemberRoleEditorString},
	RemoveInvitation:       {MemberRoleOwnerString},
	LeaveProject:           {MemberRoleViewerString, MemberRoleEditorString},
	UpdateProjectName:      {MemberRoleOwnerString},
	AddChaosHub:            {MemberRoleOwnerString, MemberRoleEditorString},
	SyncHub:                {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateChaosWorkflow:    {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteClusters:         {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateChaosHub:         {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteChaosHub:         {MemberRoleOwnerString, MemberRoleEditorString},
	EnableGitOps:           {MemberRoleOwnerString},
	DisableGitOps:          {MemberRoleOwnerString},
	UpdateGitOps:           {MemberRoleOwnerString},
	CreateDataSource:       {MemberRoleOwnerString, MemberRoleEditorString},
	CreateDashBoard:        {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateDataSource:       {MemberRoleOwnerString, MemberRoleEditorString},
	UpdateDashboard:        {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteDashboard:        {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteDataSource:       {MemberRoleOwnerString, MemberRoleEditorString},
	ListWorkflowRuns:       {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListClusters: {MemberRoleOwnerString, MemberRoleEditorString,
		MemberRoleViewerString},
	GetManifest:     {MemberRoleOwnerString, MemberRoleEditorString},
	GetAgentDetails: {MemberRoleOwnerString, MemberRoleEditorString},
	GetProject: {MemberRoleOwnerString, MemberRoleEditorString,
		MemberRoleViewerString},
	ListHeatmapData:              {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListWorkflowStats:            {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListCharts:                   {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetHubExperiment:             {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetWorkflowRunStats:          {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListHubStatus:                {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListPortalDashboardData:      {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListWorkflow:                 {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	SaveChaosHub:                 {MemberRoleOwnerString, MemberRoleEditorString},
	CreateWorkflowTemplate:       {MemberRoleOwnerString, MemberRoleEditorString},
	DeleteWorkflowTemplate:       {MemberRoleOwnerString, MemberRoleEditorString},
	CreateImageRegistry:          {MemberRoleOwnerString},
	UpdateImageRegistry:          {MemberRoleOwnerString},
	DeleteImageRegistry:          {MemberRoleOwnerString},
	GetYAMLData:                  {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	PredefinedWorkflowOperations: {MemberRoleOwnerString, MemberRoleEditorString},
	ListPredefinedWorkflows:      {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetPredefinedExperimentYaml:  {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListDataSource:               {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListDashboard:                {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetGitOpsDetails:             {MemberRoleOwnerString},
	ListWorkflowManifests:        {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetExperimentDetails:         {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	GetWorkflowManifestByID:      {MemberRoleOwnerString, MemberRoleEditorString, MemberRoleViewerString},
	ListImageRegistry:            {MemberRoleOwnerString},
	GetImageRegistry:             {MemberRoleOwnerString},
}

Functions ¶

func GetUsername ¶

func GetUsername(token string) (string, error)

GetUsername returns the username from the jwt token

func IsRevokedToken ¶

func IsRevokedToken(tokenString string, mongoClient *mongo.Client) bool

IsRevokedToken checks if the given JWT Token is revoked

func Middleware ¶

func Middleware(handler http.Handler, mongoClient *mongo.Client) gin.HandlerFunc

Middleware verifies jwt and checks if user has enough privilege to access route (no roles' info needed)

func RestMiddlewareWithRole ¶

func RestMiddlewareWithRole(handler gin.HandlerFunc, mongoClient *mongo.Client, roles []string) gin.HandlerFunc

RestMiddlewareWithRole verifies jwt and checks if user has enough privilege to access route

func UserValidateJWT ¶

func UserValidateJWT(token string) (jwt.MapClaims, error)

UserValidateJWT validates the cluster jwt

func ValidateRole ¶

func ValidateRole(ctx context.Context, projectID string,
	requiredRoles []string, invitation string) error

ValidateRole Validates the role of a user in a given project

Types ¶

type RoleQuery ¶

type RoleQuery string

RoleQuery states the query for the roles

const (
	UserClusterReg               RoleQuery = "userClusterReg"
	CreateChaosWorkFlow          RoleQuery = "CreateChaosWorkFlow"
	ReRunChaosWorkFlow           RoleQuery = "ReRunChaosWorkFlow"
	DeleteChaosWorkflow          RoleQuery = "DeleteChaosWorkflow"
	TerminateChaosWorkflow       RoleQuery = "TerminateChaosWorkflow"
	SyncWorkflow                 RoleQuery = "SyncWorkflow"
	SendInvitation               RoleQuery = "SendInvitation"
	AcceptInvitation             RoleQuery = "AcceptInvitation"
	DeclineInvitation            RoleQuery = "DeclineInvitation"
	RemoveInvitation             RoleQuery = "RemoveInvitation"
	LeaveProject                 RoleQuery = "LeaveProject"
	UpdateProjectName            RoleQuery = "UpdateProjectName"
	AddChaosHub                  RoleQuery = "AddChaosHub"
	SyncHub                      RoleQuery = "SyncHub"
	UpdateChaosWorkflow          RoleQuery = "UpdateChaosWorkflow"
	DeleteClusters               RoleQuery = "DeleteClusters"
	UpdateChaosHub               RoleQuery = "UpdateChaosHub"
	DeleteChaosHub               RoleQuery = "DeleteChaosHub"
	EnableGitOps                 RoleQuery = "EnableGitOps"
	DisableGitOps                RoleQuery = "DisableGitOps"
	UpdateGitOps                 RoleQuery = "UpdateGitOps"
	CreateDataSource             RoleQuery = "CreateDataSource"
	CreateDashBoard              RoleQuery = "CreateDashBoard"
	UpdateDataSource             RoleQuery = "UpdateDataSource"
	UpdateDashboard              RoleQuery = "UpdateDashboard"
	DeleteDashboard              RoleQuery = "DeleteDashboard"
	DeleteDataSource             RoleQuery = "DeleteDataSource"
	ListWorkflowRuns             RoleQuery = "ListWorkflowRuns"
	ListClusters                 RoleQuery = "ListClusters"
	GetManifest                  RoleQuery = "GetManifest"
	GetAgentDetails              RoleQuery = "GetAgentDetails"
	GetProject                   RoleQuery = "GetProject"
	ListHeatmapData              RoleQuery = "ListHeatmapData"
	ListWorkflowStats            RoleQuery = "ListWorkflowStats"
	ListCharts                   RoleQuery = "ListCharts"
	GetHubExperiment             RoleQuery = "GetHubExperiment"
	GetWorkflowRunStats          RoleQuery = "GetWorkflowRunStats"
	ListHubStatus                RoleQuery = "ListHubStatus"
	ListPortalDashboardData      RoleQuery = "ListPortalDashboardData"
	ListWorkflow                 RoleQuery = "ListWorkflow"
	SaveChaosHub                 RoleQuery = "SaveChaosHub"
	CreateWorkflowTemplate       RoleQuery = "CreateWorkflowTemplate"
	DeleteWorkflowTemplate       RoleQuery = "DeleteWorkflowTemplate"
	CreateImageRegistry          RoleQuery = "CreateImageRegistry"
	UpdateImageRegistry          RoleQuery = "UpdateImageRegistry"
	DeleteImageRegistry          RoleQuery = "DeleteImageRegistry"
	GetYAMLData                  RoleQuery = "GetYAMLData"
	PredefinedWorkflowOperations RoleQuery = "PredefinedWorkflowOperations"
	ListPredefinedWorkflows      RoleQuery = "ListPredefinedWorkflows"
	GetPredefinedExperimentYaml  RoleQuery = "GetPredefinedExperimentYaml"
	GetExperimentDetails         RoleQuery = "GetExperimentDetails"
	ListDataSource               RoleQuery = "ListDataSource"
	ListDashboard                RoleQuery = "ListDashboard"
	GetGitOpsDetails             RoleQuery = "GetGitOpsDetails"
	ListWorkflowManifests        RoleQuery = "ListWorkflowManifests"
	GetWorkflowManifestByID      RoleQuery = "GetWorkflowManifestByID"
	ListImageRegistry            RoleQuery = "ListImageRegistry"
	GetImageRegistry             RoleQuery = "GetImageRegistry"

	MemberRoleOwnerString  = string(model.MemberRoleOwner)
	MemberRoleEditorString = string(model.MemberRoleEditor)
	MemberRoleViewerString = string(model.MemberRoleViewer)
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL