tree

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrDuplicateEntityID is returned when the entity ID
	// requested is already in use.
	ErrDuplicateEntityID = errors.New("this ID is already allocated")

	// ErrDuplicateGroupName is returned when the group name
	// requested is already in use.
	ErrDuplicateGroupName = errors.New("this name is already allocated")

	// ErrDuplicateNumber is returned if the number requested is
	// already in use.
	ErrDuplicateNumber = errors.New("this number is already allocated")

	// ErrUnknownCapability is returned when an action is
	// requested that involves a capability not known to the
	// system.
	ErrUnknownCapability = errors.New("the capability specified is unknown")

	// ErrExistingExpansion is returned when an action would
	// create an expansion that already exists.
	ErrExistingExpansion = errors.New("this expansion already exists")

	// ErrEntityLocked is returned when certain actions are
	// attempted on a locked entity.  Locked entities cannot
	// authenticate or change secrets.  They are effectively dead
	// to the system.
	ErrEntityLocked = errors.New("this entity is locked")

	// ErrHookExists is returned when a hook attempts to register
	// for a name that is already registered in the system.
	ErrHookExists = errors.New("a hook with this name already exists")

	// ErrUnknownHook is returned when a loader tries to add a
	// hook that is unknown to the chain.
	ErrUnknownHook = errors.New("no hook with this name exists")

	// ErrUnknownHookChain is returned when a processor attempts
	// to grab hooks from an unknown chain.
	ErrUnknownHookChain = errors.New("no chain with that ID exists")

	// ErrEmptyHookChain is returned when a chain was successfully
	// acquired, but it was empty.  In theory this shouldn't ever
	// happen, but its possible.
	ErrEmptyHookChain = errors.New("the specified chain is empty")

	// ErrKeyExists is returned when an operation would conflict
	// with an already existing key.
	ErrKeyExists = errors.New("the specified key already exists")

	// ErrNoSuchKey is returned if an operation expected a key to
	// exist but found that it did not.
	ErrNoSuchKey = errors.New("no key exists by that name")

	// ErrFailedPrecondition is returned when a request must meet
	// certain criteria to be successfully procesed, and these
	// criteria are not met.
	ErrFailedPrecondition = errors.New("precondition failed")
)

Functions

func RegisterEntityHookConstructor added in v0.0.12 

func RegisterEntityHookConstructor(name string, c EntityHookConstructor)

RegisterEntityHookConstructor registers the entity hook constructors to be called during the initialization of the main tree manager.

func RegisterGroupHookConstructor added in v0.0.12 

func RegisterGroupHookConstructor(name string, c GroupHookConstructor)

RegisterGroupHookConstructor registers the group hook constructors to be called during the initialization of the main tree manager.

func SetParentLogger added in v0.3.4 

func SetParentLogger(l hclog.Logger)

SetParentLogger sets the parent logger for this instance.

Types

type BaseHook added in v0.0.12 

type BaseHook struct {
	// contains filtered or unexported fields
}

The BaseHook contains the critical fields needed to register and run hook pipelines.

func NewBaseHook added in v0.0.12 

func NewBaseHook(opts ...HookOption) BaseHook

NewBaseHook returns a BaseHook struct for compact initialization during callback constructors.

func (*BaseHook) Crypto added in v0.6.1 

func (h *BaseHook) Crypto() crypto.EMCrypto

func (*BaseHook) Log added in v0.6.1 

func (h *BaseHook) Log() hclog.Logger

func (*BaseHook) Name added in v0.0.12 

func (h *BaseHook) Name() string

Name returns the name of a hook. Names should be kabob case.

func (*BaseHook) Priority added in v0.0.12 

func (h *BaseHook) Priority() int

Priority returns the priority of a hook. Priorities are banded as follows: 0-10: 

Loaders

11-19: 

Load time integrity checks

20-29: 

User defined pre processing

30-49: 

Checks and data validation

50-89: 

User defined post processing

90-99: 

Serialization and storage

func (*BaseHook) Storage added in v0.6.1 

func (h *BaseHook) Storage() DB

type ChainConfig added in v0.0.12 

type ChainConfig map[string][]string

The ChainConfig type maps from chain name to a list of hooks that should be in this chain. The same type is used for entities and groups, but as these each have separate chains, different configs must be created and loaded for each.

type DB added in v0.4.0 

type DB interface {
	// Entity handling
	DiscoverEntityIDs(context.Context) ([]string, error)
	LoadEntity(context.Context, string) (*types.Entity, error)
	SaveEntity(context.Context, *types.Entity) error
	DeleteEntity(context.Context, string) error
	NextEntityNumber(context.Context) (int32, error)
	SearchEntities(context.Context, db.SearchRequest) ([]*types.Entity, error)

	// Group handling
	DiscoverGroupNames(context.Context) ([]string, error)
	LoadGroup(context.Context, string) (*types.Group, error)
	SaveGroup(context.Context, *types.Group) error
	DeleteGroup(context.Context, string) error
	NextGroupNumber(context.Context) (int32, error)
	SearchGroups(context.Context, db.SearchRequest) ([]*types.Group, error)

	// Callbacks
	RegisterCallback(string, db.Callback)
}

DB specifies the methods that a DB engine must provide.

type EntityHook added in v0.0.12 

type EntityHook interface {
	Priority() int
	Name() string
	Run(context.Context, *pb.Entity, *pb.Entity) error
}

An EntityHook is a function that transforms an entity as part of an EntityProcessor pipeline.

type EntityHookConstructor added in v0.0.12 

type EntityHookConstructor func(opts ...HookOption) (EntityHook, error)

EntityHookConstructor functions construct EntityHook instances and return the hooks for registration into the map of hooks. This allows the hooks to notify the module of their presence and defer construction until a RefContext can be prepared.

type GroupHook added in v0.0.12 

type GroupHook interface {
	Priority() int
	Name() string
	Run(context.Context, *pb.Group, *pb.Group) error
}

An GroupHook is a function that transforms an group as part of an GroupProcessor pipeline.

type GroupHookConstructor added in v0.0.12 

type GroupHookConstructor func(opts ...HookOption) (GroupHook, error)

GroupHookConstructor functions construct GroupHook instances and return the hooks for registration into the map of hooks. This allows the hooks to notify the module of their presence and defer construction until a RefContext can be prepared.

type HookOption added in v0.6.1 

type HookOption func(b *BaseHook)

A HookOption is exactly like a manager option, but instead of acting on a manager it acts on the base hook implementation.

func WithHookCrypto added in v0.6.1 

func WithHookCrypto(c crypto.EMCrypto) HookOption

func WithHookLogger added in v0.6.1 

func WithHookLogger(l hclog.Logger) HookOption

func WithHookName added in v0.6.1 

func WithHookName(n string) HookOption

func WithHookPriority added in v0.6.1 

func WithHookPriority(p int) HookOption

func WithHookStorage added in v0.6.1 

func WithHookStorage(d DB) HookOption

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

The Manager binds all methods for managing a tree of entities with the associated groups, capabilities, and other assorted functions. This is the type that is served up by the RPC layer.

func New 

func New(opts ...Option) (*Manager, error)

New returns an initialized tree.Manager on to which all other functions are bound.

func (*Manager) AddEntityToGroup 

func (m *Manager) AddEntityToGroup(ctx context.Context, entityID, groupName string) error

AddEntityToGroup is the same as the internal function, but takes an entity ID rather than a pointer

func (*Manager) CheckRequiredEntityChains added in v0.0.12 

func (m *Manager) CheckRequiredEntityChains() error

CheckRequiredEntityChains searches for all chains in the default chains list and logs a fatal error if one isn't found in the configured list. This allows the system to later assert the presence of chains without checking, since they cannot be modified after loading.

func (*Manager) CheckRequiredGroupChains added in v0.0.12 

func (m *Manager) CheckRequiredGroupChains() error

CheckRequiredGroupChains searches for all chains in the default chains list and logs a fatal error if one isn't found in the configured list. This allows the system to later assert the presence of chains without checking, since they cannot be modified after loading.

func (*Manager) CreateEntity added in v0.0.12 

func (m *Manager) CreateEntity(ctx context.Context, ID string, number int32, secret string) error

CreateEntity creates a new entity given an ID, number, and secret. Its not necessary to set the secret upon creation and it can be set later. If not set on creation then the entity will not be usable. number must be a unique positive integer. Because these are generally allocated in sequence the special value '-1' may be specified which will select the next available number.

func (*Manager) CreateGroup added in v0.0.12 

func (m *Manager) CreateGroup(ctx context.Context, name, displayName, managedBy string, number int32) error

CreateGroup adds a group to the datastore if it does not currently exist. If the group exists then it cannot be added and an error is returned.

func (*Manager) DestroyEntity added in v0.0.12 

func (m *Manager) DestroyEntity(ctx context.Context, ID string) error

DestroyEntity deletes the named entity. This function will delete the entity in a non-atomic way, but will ensure that the entity cannot be authenticated with before returning. If the named ID does not exist the function will return tree.E_NO_ENTITY, in all other cases nil is returned.

func (*Manager) DestroyGroup added in v0.0.12 

func (m *Manager) DestroyGroup(ctx context.Context, name string) error

DestroyGroup unsurprisingly deletes a group. There's no real logic here, it just passes the delete call through to the storage layer.

func (*Manager) DropEntityCapability2 added in v0.3.0 

func (m *Manager) DropEntityCapability2(ctx context.Context, ID string, c *pb.Capability) error

DropEntityCapability2 adds a capability to an entity directly, and does so with a strongly typed capability pointer.

func (*Manager) DropGroupCapability2 added in v0.3.0 

func (m *Manager) DropGroupCapability2(ctx context.Context, name string, c *pb.Capability) error

DropGroupCapability2 drops a capability from an existing group, and does so with a strongly typed capability pointer.

func (*Manager) EntityKVAdd added in v0.4.0 

func (m *Manager) EntityKVAdd(ctx context.Context, ID string, d []*pb.KVData) error

EntityKVAdd handles adding a new key to the KV store for an entity identified by ID. The key must not previously exist.

func (*Manager) EntityKVDel added in v0.4.0 

func (m *Manager) EntityKVDel(ctx context.Context, ID string, d []*pb.KVData) error

EntityKVDel handles removing an existing key from the entity identified by ID. An attempt to remove a key that does not exist will return an error.

func (*Manager) EntityKVGet added in v0.4.0 

func (m *Manager) EntityKVGet(ctx context.Context, ID string, keys []*pb.KVData) ([]*pb.KVData, error)

EntityKVGet returns a selected key or keys to the caller.

func (*Manager) EntityKVReplace added in v0.4.0 

func (m *Manager) EntityKVReplace(ctx context.Context, ID string, d []*pb.KVData) error

EntityKVReplace handles replacing an existing key on the entity identified by ID. An attempt to replace a key that does not exist will return an error.

func (*Manager) FetchEntity added in v0.0.12 

func (m *Manager) FetchEntity(ctx context.Context, ID string) (*pb.Entity, error)

FetchEntity returns an entity to the caller after first making a safe copy of it to remove secure fields.

func (*Manager) FetchGroup added in v0.0.12 

func (m *Manager) FetchGroup(ctx context.Context, name string) (*pb.Group, error)

FetchGroup fetches a group by name and returns a pointer to the group and a nil error. If the group cannot be loaded the error will explain why. This is very thin since it just obtains a value from the storage layer.

func (*Manager) GetMemberships 

func (m *Manager) GetMemberships(ctx context.Context, e *pb.Entity) []string

GetMemberships returns a list of group names that an entity is a member of. This membership may either be direct or it may be via an expanded group rule. This difference is not distinguished.

func (*Manager) GroupKVAdd added in v0.4.0 

func (m *Manager) GroupKVAdd(ctx context.Context, name string, d []*pb.KVData) error

GroupKVAdd adds a new key to a group. If the key already exists an error is returned.

func (*Manager) GroupKVDel added in v0.4.0 

func (m *Manager) GroupKVDel(ctx context.Context, name string, d []*pb.KVData) error

GroupKVDel removes an existing key from a group. If the key does not exist an error is returned.

func (*Manager) GroupKVGet added in v0.4.0 

func (m *Manager) GroupKVGet(ctx context.Context, name string, keys []*pb.KVData) ([]*pb.KVData, error)

GroupKVGet returns an existing key from a group. If the key does not exist an error is returned.

func (*Manager) GroupKVReplace added in v0.4.0 

func (m *Manager) GroupKVReplace(ctx context.Context, name string, d []*pb.KVData) error

GroupKVReplace replaces an existing key on a group. If the key does not exist an error is returned.

func (*Manager) InitializeEntityChains added in v0.0.12 

func (m *Manager) InitializeEntityChains(c ChainConfig) error

InitializeEntityChains initializes the map of chains stored on the manager. It is expected that any merging of an external configuration has happened before this function is called.

func (*Manager) InitializeEntityHooks added in v0.0.12 

func (m *Manager) InitializeEntityHooks()

InitializeEntityHooks runs all the EntityHookConstructors and registers the resulting hooks by name into m.entityProcessorHooks

func (*Manager) InitializeGroupChains added in v0.0.12 

func (m *Manager) InitializeGroupChains(c ChainConfig) error

InitializeGroupChains initializes the map of chains stored on the manager. It is expected that any merging of an external configuration has happened before this function is called.

func (*Manager) InitializeGroupHooks added in v0.0.12 

func (m *Manager) InitializeGroupHooks()

InitializeGroupHooks runs all the GroupHookConstructors and registers the resulting hooks by name into m.groupProcessorHooks

func (*Manager) ListMembers 

func (m *Manager) ListMembers(ctx context.Context, groupID string) ([]*pb.Entity, error)

ListMembers fetches the members of a single group and redacts authentication data.

func (*Manager) LockEntity added in v0.0.11 

func (m *Manager) LockEntity(ctx context.Context, ID string) error

LockEntity allows external callers to lock entities directly. Internal users can just set the value directly.

func (*Manager) ManageUntypedEntityMeta added in v0.0.10 

func (m *Manager) ManageUntypedEntityMeta(ctx context.Context, ID, mode, key, value string) ([]string, error)

ManageUntypedEntityMeta handles the things that may be annotated onto an entity. These annotations should be used sparingly as they incur a non-trivial lookup cost on the server.

func (*Manager) ManageUntypedGroupMeta added in v0.0.10 

func (m *Manager) ManageUntypedGroupMeta(ctx context.Context, name, mode, key, value string) ([]string, error)

ManageUntypedGroupMeta handles the things that may be annotated onto a group. These annotations should be used sparingly as they incur a non-trivial lookup cost on the server.

func (*Manager) ModifyGroupExpansions 

func (m *Manager) ModifyGroupExpansions(ctx context.Context, parent, child string, mode pb.ExpansionMode) error

ModifyGroupExpansions handles changing the expansions on a group. This can include adding an INCLUDE or EXCLUDE type expansion, or using the special expansion type DROP, removing an existing one.

func (*Manager) ModifyGroupRule added in v0.3.0 

func (m *Manager) ModifyGroupRule(ctx context.Context, group, target string, ruleaction rpc.RuleAction) error

ModifyGroupRule adjusts the rules on a group, which is the second iteration of the expansion system. Right now this function is a shim over the legacy ModifyGroupExpansions interface, but it will be modified to support the strongly typed group interface at a later date.

func (*Manager) RegisterEntityHookToChain added in v0.3.0 

func (m *Manager) RegisterEntityHookToChain(hook, chain string) error

RegisterEntityHookToChain registers a hook to a given chain.

func (*Manager) RegisterGroupHookToChain added in v0.3.0 

func (m *Manager) RegisterGroupHookToChain(hook, chain string) error

RegisterGroupHookToChain registers a hook to a given chain.

func (*Manager) RemoveEntityFromGroup 

func (m *Manager) RemoveEntityFromGroup(ctx context.Context, entityID, groupName string) error

RemoveEntityFromGroup performs the same function as the internal variant, but does so by name rather than by entity pointer.

func (*Manager) RunEntityChain added in v0.0.12 

func (m *Manager) RunEntityChain(ctx context.Context, chain string, de *pb.Entity) (*pb.Entity, error)

RunEntityChain runs the specified chain with de specifying values to be consumed by the chain.

func (*Manager) RunGroupChain added in v0.0.12 

func (m *Manager) RunGroupChain(ctx context.Context, chain string, de *pb.Group) (*pb.Group, error)

RunGroupChain runs the specified chain with de specifying values to be consumed by the chain.

func (*Manager) SearchEntities added in v0.0.12 

func (m *Manager) SearchEntities(ctx context.Context, r db.SearchRequest) ([]*pb.Entity, error)

SearchEntities returns a list of entities filtered by the search criteria.

func (*Manager) SearchGroups added in v0.0.12 

func (m *Manager) SearchGroups(ctx context.Context, r db.SearchRequest) ([]*pb.Group, error)

SearchGroups returns a list of groups filtered by the search criteria.

func (*Manager) SetEntityCapability2 added in v0.3.0 

func (m *Manager) SetEntityCapability2(ctx context.Context, ID string, c *pb.Capability) error

SetEntityCapability2 adds a capability to an entity directly, and does so with a strongly typed capability pointer.

func (*Manager) SetGroupCapability2 added in v0.3.0 

func (m *Manager) SetGroupCapability2(ctx context.Context, name string, c *pb.Capability) error

SetGroupCapability2 adds a capability to an existing group, and does so with a strongly typed capability pointer. It should be preferred to add capabilities to groups rather than to entities directly.

func (*Manager) SetSecret added in v0.0.12 

func (m *Manager) SetSecret(ctx context.Context, ID string, secret string) error

SetSecret sets the secret on a given entity using the crypto interface.

func (*Manager) UnlockEntity added in v0.0.11 

func (m *Manager) UnlockEntity(ctx context.Context, ID string) error

UnlockEntity allows external callers to lock entities directly. Internal users can just set the value directly.

func (*Manager) UpdateEntityKeys 

func (m *Manager) UpdateEntityKeys(ctx context.Context, ID, mode, keytype, key string) ([]string, error)

UpdateEntityKeys manages entity public keys. Additional setup occurs to select the correct processing chain based on what action was requested.

func (*Manager) UpdateEntityMeta 

func (m *Manager) UpdateEntityMeta(ctx context.Context, ID string, newMeta *pb.EntityMeta) error

UpdateEntityMeta drives the internal version by obtaining the entity from the database based on the ID.

func (*Manager) UpdateGroupMeta 

func (m *Manager) UpdateGroupMeta(ctx context.Context, name string, update *pb.Group) error

UpdateGroupMeta updates metadata within the group. Certain information is not mutable and so that information is not merged in.

func (*Manager) ValidateSecret 

func (m *Manager) ValidateSecret(ctx context.Context, ID string, secret string) error

ValidateSecret validates the identity of an entity by validating the authenticating entity with the secret.

type Option added in v0.6.1 

type Option func(m *Manager)

Option is a type used to feed in various configurables when initializing a new Manager construct. This follows the variadic types pattern for option passing.

func WithCrypto added in v0.6.1 

func WithCrypto(c crypto.EMCrypto) Option

func WithLogger added in v0.6.1 

func WithLogger(l hclog.Logger) Option

func WithStorage added in v0.6.1 

func WithStorage(d DB) Option

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.