rpc2

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrRequestorUnqualified is returned if the requesting
	// entity does not possess the correct permissions needed to
	// carry out the requested actions.
	ErrRequestorUnqualified = status.Errorf(codes.PermissionDenied, "You do not have permission to carry out that action")

	// ErrMalformedRequest is sent back during some modal requests
	// where the requests has been improperly assembled and cannot
	// be handled at all.
	ErrMalformedRequest = status.Errorf(codes.InvalidArgument, "The request is malformed, consult the protocol documentation and try again")

	// ErrInternal is returned when some backing API has failed to
	// perform as expected.  This is generally for tasks that
	// *should* succeed, but don't for some not automatically
	// detectable error.
	ErrInternal = status.Errorf(codes.Internal, "An internal error has occurred and the request could not be processed")

	// ErrUnauthenticated is returned if authentication
	// information cannot be derived, loaded, or validated for a
	// given request.  This is distinct from when authentication
	// information can be derived, but it is insufficient to
	// perform the requested action.
	ErrUnauthenticated = status.Errorf(codes.Unauthenticated, "Authentication failed")

	// ErrReadOnly is returned if the server is in read-only mode
	// and a mutating request is received.  In this case the
	// server cannot comply, and the behavior cannot be retried,
	// so we return that the feature is unimplemented as in this
	// node it might as well be.
	ErrReadOnly = status.Errorf(codes.Unimplemented, "Server is in read-only mode")

	// ErrExists iis returned when creation would create a
	// duplicate resource and this is not handled internally via
	// automatic deduplication.  Examples include trying to create
	// an entity with an existing ID, or a group with an already
	// used number.
	ErrExists = status.Errorf(codes.AlreadyExists, "One or more parameters collides with an existing item")

	// ErrDoesNotExist is, as the name would imply, returned if an
	// action calls for a resource that does not exist.  This can
	// be the case when an update or change is requested on an
	// entity or group that does not exist, or when an expansion
	// that doesn't exist is modified.
	ErrDoesNotExist = status.Errorf(codes.NotFound, "The requested resource does not exist")
)

Functions

This section is empty.

Types

type Manager 

type Manager interface {
	CreateEntity(context.Context, string, int32, string) error
	FetchEntity(context.Context, string) (*pb.Entity, error)
	SearchEntities(context.Context, db.SearchRequest) ([]*pb.Entity, error)
	ValidateSecret(context.Context, string, string) error
	SetSecret(context.Context, string, string) error
	LockEntity(context.Context, string) error
	UnlockEntity(context.Context, string) error
	UpdateEntityMeta(context.Context, string, *pb.EntityMeta) error
	EntityKVGet(context.Context, string, []*pb.KVData) ([]*pb.KVData, error)
	EntityKVAdd(context.Context, string, []*pb.KVData) error
	EntityKVDel(context.Context, string, []*pb.KVData) error
	EntityKVReplace(context.Context, string, []*pb.KVData) error
	UpdateEntityKeys(context.Context, string, string, string, string) ([]string, error)
	ManageUntypedEntityMeta(context.Context, string, string, string, string) ([]string, error)
	DestroyEntity(context.Context, string) error

	CreateGroup(context.Context, string, string, string, int32) error
	FetchGroup(context.Context, string) (*pb.Group, error)
	SearchGroups(context.Context, db.SearchRequest) ([]*pb.Group, error)
	UpdateGroupMeta(context.Context, string, *pb.Group) error
	ManageUntypedGroupMeta(context.Context, string, string, string, string) ([]string, error)
	GroupKVGet(context.Context, string, []*pb.KVData) ([]*pb.KVData, error)
	GroupKVAdd(context.Context, string, []*pb.KVData) error
	GroupKVDel(context.Context, string, []*pb.KVData) error
	GroupKVReplace(context.Context, string, []*pb.KVData) error
	DestroyGroup(context.Context, string) error

	AddEntityToGroup(context.Context, string, string) error
	RemoveEntityFromGroup(context.Context, string, string) error
	ListMembers(context.Context, string) ([]*pb.Entity, error)
	GetMemberships(context.Context, *pb.Entity) []string
	ModifyGroupRule(context.Context, string, string, rpc.RuleAction) error

	SetEntityCapability2(context.Context, string, *pb.Capability) error
	DropEntityCapability2(context.Context, string, *pb.Capability) error
	SetGroupCapability2(context.Context, string, *pb.Capability) error
	DropGroupCapability2(context.Context, string, *pb.Capability) error
}

The Manager handles backend data and is an equivalent interface to rpc.EntityTree

type Option added in v0.6.1 

type Option func(s *Server)

Options configure the server

func WithDisabledWrites added in v0.6.1 

func WithDisabledWrites(r bool) Option

func WithEntityTree added in v0.6.1 

func WithEntityTree(t Manager) Option

func WithLogger added in v0.6.1 

func WithLogger(l hclog.Logger) Option

func WithTokenService added in v0.6.1 

func WithTokenService(t token.Service) Option

type Refs 

type Refs struct {
	TokenService token.Service
	Tree         Manager
}

Refs is the container that is used to provide references to the RPC server.

type Server 

type Server struct {
	token.Service
	Manager
	// contains filtered or unexported fields
}

Server returns the interface which satisfies the gRPC type for the server.

func New 

func New(opts ...Option) *Server

New returns a ready to use server implementation.

func (*Server) AuthChangeSecret 

func (s *Server) AuthChangeSecret(ctx context.Context, r *pb.AuthRequest) (*pb.Empty, error)

AuthChangeSecret handles the process of rotating out a stored secret for an entity. This is only appropriate for use in the case where NetAuth is maintaining total knowledge of secrets, if this is not the case you may need to alter secrets in an external system. There are two possible flows depending on if the entity is trying to change its own secret or not. In the first case, the entity must be in possession of the original secret, not just a token. In the latter case, the token must have CHANGE_ENTITY_SECRET to succeed.

func (*Server) AuthEntity 

func (s *Server) AuthEntity(ctx context.Context, r *pb.AuthRequest) (*pb.Empty, error)

AuthEntity handles the process of actually authenticating an entity, but does not issue a token.

func (*Server) AuthGetToken 

func (s *Server) AuthGetToken(ctx context.Context, r *pb.AuthRequest) (*pb.AuthResult, error)

AuthGetToken performs entity authentication and issues a token if this authentication is successful.

func (*Server) AuthValidateToken 

func (s *Server) AuthValidateToken(ctx context.Context, r *pb.AuthRequest) (*pb.Empty, error)

AuthValidateToken performs server-side verification of a previously issued token. This allows symmetric token algorithms to be used.

func (*Server) EntityCreate 

func (s *Server) EntityCreate(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

EntityCreate creates entities. This call will validate that a correct token is held, which must contain either CREATE_ENTITY or GLOBAL_ROOT permissions.

func (*Server) EntityDestroy 

func (s *Server) EntityDestroy(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

EntityDestroy will remove an entity from the system. This is generally discouraged, but if you must then this function will do it.

func (*Server) EntityGroups 

func (s *Server) EntityGroups(ctx context.Context, r *pb.EntityRequest) (*pb.ListOfGroups, error)

EntityGroups returns the full membership for a given entity.

func (*Server) EntityInfo 

func (s *Server) EntityInfo(ctx context.Context, r *pb.EntityRequest) (*pb.ListOfEntities, error)

EntityInfo provides information on a single entity. The list returned is guaranteed to be of length 1.

func (*Server) EntityKVAdd added in v0.4.0 

func (s *Server) EntityKVAdd(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

EntityKVAdd takes the input KV2 data and adds it to an entity if an only if it does not conflict with an existing key.

func (*Server) EntityKVDel added in v0.4.0 

func (s *Server) EntityKVDel(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

EntityKVDel removes an existing key from an entity. If the key is not present an error will be returned.

func (*Server) EntityKVGet added in v0.4.0 

func (s *Server) EntityKVGet(ctx context.Context, r *pb.KV2Request) (*pb.ListOfKVData, error)

EntityKVGet returns key/value data from a single entity.

func (*Server) EntityKVReplace added in v0.4.0 

func (s *Server) EntityKVReplace(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

EntityKVReplace replaces an existing key with new values provided. The key must already exist on the entity or an error will be returned.

func (*Server) EntityKeys 

func (s *Server) EntityKeys(ctx context.Context, r *pb.KVRequest) (*pb.ListOfStrings, error)

EntityKeys handles updates and reads to keys for entities.

func (*Server) EntityLock 

func (s *Server) EntityLock(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

EntityLock sets the lock flag on an entity.

func (*Server) EntitySearch 

func (s *Server) EntitySearch(ctx context.Context, r *pb.SearchRequest) (*pb.ListOfEntities, error)

EntitySearch searches all entities and returns the entities that had been found.

func (*Server) EntityUM 

func (s *Server) EntityUM(ctx context.Context, r *pb.KVRequest) (*pb.ListOfStrings, error)

EntityUM handles both updates, and reads to the untyped metadata that's stored on Entities.

func (*Server) EntityUnlock 

func (s *Server) EntityUnlock(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

EntityUnlock clears the lock flag on an entity.

func (*Server) EntityUpdate 

func (s *Server) EntityUpdate(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

EntityUpdate provides a change to specific entity metadata that is in the typed data fields. This method does not update keys, groups, untyped metadata, or capabilities. To call this method you must be in possession of a token with MODIFY_ENTITY_META capabilities.

func (*Server) GroupAddMember 

func (s *Server) GroupAddMember(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

GroupAddMember adds an entity directly to a group.

func (*Server) GroupCreate 

func (s *Server) GroupCreate(ctx context.Context, r *pb.GroupRequest) (*pb.Empty, error)

GroupCreate provisions a new group on the system.

func (*Server) GroupDelMember 

func (s *Server) GroupDelMember(ctx context.Context, r *pb.EntityRequest) (*pb.Empty, error)

GroupDelMember dels an entity directly to a group.

func (*Server) GroupDestroy 

func (s *Server) GroupDestroy(ctx context.Context, r *pb.GroupRequest) (*pb.Empty, error)

GroupDestroy will remove a group from the server completely. This is not recommended and should not be done, but if you must here it is.

func (*Server) GroupInfo 

func (s *Server) GroupInfo(ctx context.Context, r *pb.GroupRequest) (*pb.ListOfGroups, error)

GroupInfo returns a group for inspection. It does not return key/value data.

func (*Server) GroupKVAdd added in v0.4.0 

func (s *Server) GroupKVAdd(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

GroupKVAdd takes the input KV2 data and adds it to an group if an only if it does not conflict with an existing key.

func (*Server) GroupKVDel added in v0.4.0 

func (s *Server) GroupKVDel(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

GroupKVDel removes an existing key from an group. If the key is not present an error will be returned.

func (*Server) GroupKVGet added in v0.4.0 

func (s *Server) GroupKVGet(ctx context.Context, r *pb.KV2Request) (*pb.ListOfKVData, error)

GroupKVGet returns key/value data from a single group.

func (*Server) GroupKVReplace added in v0.4.0 

func (s *Server) GroupKVReplace(ctx context.Context, r *pb.KV2Request) (*pb.Empty, error)

GroupKVReplace replaces an existing key with new values provided. The key must already exist on the group or an error will be returned.

func (*Server) GroupMembers 

func (s *Server) GroupMembers(ctx context.Context, r *pb.GroupRequest) (*pb.ListOfEntities, error)

GroupMembers returns the list of all entities that are members of the group.

func (*Server) GroupSearch 

func (s *Server) GroupSearch(ctx context.Context, r *pb.SearchRequest) (*pb.ListOfGroups, error)

GroupSearch searches for groups and returns a list of all groups matching the criteria specified.

func (*Server) GroupUM 

func (s *Server) GroupUM(ctx context.Context, r *pb.KVRequest) (*pb.ListOfStrings, error)

GroupUM handles updates to untyped metadata for groups.

func (*Server) GroupUpdate 

func (s *Server) GroupUpdate(ctx context.Context, r *pb.GroupRequest) (*pb.Empty, error)

GroupUpdate adjusts the metadata on a group with the exception of untyped metadata.

func (*Server) GroupUpdateRules 

func (s *Server) GroupUpdateRules(ctx context.Context, r *pb.GroupRulesRequest) (*pb.Empty, error)

GroupUpdateRules updates the expansion rules on a particular group.

func (*Server) SystemCapabilities 

func (s *Server) SystemCapabilities(ctx context.Context, r *pb.CapabilityRequest) (*pb.Empty, error)

SystemCapabilities adjusts the capabilities that are on groups by default, or if specified directly on an entity. These capabilities only have meaning within NetAuth.

func (*Server) SystemPing 

func (s *Server) SystemPing(ctx context.Context, r *pb.Empty) (*pb.Empty, error)

SystemPing provides the most simple "the server is alive" check. It does not provide any additional information, if you want that use SystemStatus.

func (*Server) SystemStatus 

func (s *Server) SystemStatus(ctx context.Context, r *pb.Empty) (*pb.ServerStatus, error)

SystemStatus returns detailed status information on the server.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.