netauth

package

v0.6.2 Latest Latest Go to latest Published: Feb 24, 2024 License: MIT Imports: 17 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/netauth/netauth

Links

Open Source Insights

Documentation ¶

Index ¶

func Authorize(ctx context.Context, token string) context.Context
type Client
- func New() (*Client, error)
- func NewWithLog(l hclog.Logger) (*Client, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Authorize ¶

func Authorize(ctx context.Context, token string) context.Context

Authorize attaches a token to a provided context, returning a new context that is authorized to make calls with the provided token.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client is an RPC client shim that makes communicating with the NetAuth server easier. The client has helpers for attaching parameters to the request, for crafting protobufs, and for handling other common tasks.

func New ¶

func New() (*Client, error)

New returns a client initialized, connected, and ready to use.

func NewWithLog ¶ added in v0.3.4

func NewWithLog(l hclog.Logger) (*Client, error)

NewWithLog uses the specified logger to contruct a NetAuth client. Note that the log handler cannot be changed after setup, so the handler that is provided should have the correct name and be parented to the correct point on the log tree.

func (*Client) AuthChangeSecret ¶

func (c *Client) AuthChangeSecret(ctx context.Context, entity, secret, oldsecret string) error

AuthChangeSecret changes the secret for a given entity. If the entity is changing its own secret, then the original secret must be supplied. If an administrator is changing the secret, an appropriate token must be present.

func (*Client) AuthEntity ¶

func (c *Client) AuthEntity(ctx context.Context, entity, secret string) error

AuthEntity performs authentication for an entity. It does not perform token acquisition, so if your request will require a token, ensure that you have obtained one already.

func (*Client) AuthGetToken ¶

func (c *Client) AuthGetToken(ctx context.Context, entity, secret string) (string, error)

AuthGetToken performs authentication for an entity and if successful will return a token which can be used to authenticate future requests.

func (*Client) AuthValidateToken ¶

func (c *Client) AuthValidateToken(ctx context.Context, token string) error

AuthValidateToken performs server-side token validation. This can be useful when symmetric token algorithms are in use and clients are unable to validate tokens locally, or if you simply don't trust the local validation option.

func (*Client) EntityCreate ¶

func (c *Client) EntityCreate(ctx context.Context, id, secret string, number int) error

EntityCreate creates an entity. The entity ID must be unique, and it is strongly encouraged that the number be unique as well. Passing a -1 for the number will select the next valid number and assign it to this entity.

func (*Client) EntityDestroy ¶

func (c *Client) EntityDestroy(ctx context.Context, id string) error

EntityDestroy is used to permanently remove entities from the server. This is not recommended and should not be done without good reason. The best practice is to instead have a group that defunct entities get moved to and then locked. This will prevent authentication, while maintaining integrity of the backing tree. This function does not maintain referential integrity, so be careful about removing the last standing admin of a particular type.

func (*Client) EntityGroups ¶

func (c *Client) EntityGroups(ctx context.Context, id string) ([]*pb.Group, error)

EntityGroups returns the effective group membership of the named entity.

func (*Client) EntityInfo ¶

func (c *Client) EntityInfo(ctx context.Context, id string) (pb.Entity, error)

EntityInfo returns information about an entity. This function does not require authentication, and can be performed with an unauthenticated context.

func (*Client) EntityKVAdd ¶ added in v0.4.0

func (c *Client) EntityKVAdd(ctx context.Context, id, key string, values []string) error

EntityKVAdd adds a single key to the specified entity. The key specified must not already exist. The order values are provided will be preserved.

func (*Client) EntityKVDel ¶ added in v0.4.0

func (c *Client) EntityKVDel(ctx context.Context, id, key string) error

EntityKVDel deletes a single existing key from the target.

func (*Client) EntityKVGet ¶ added in v0.4.0

func (c *Client) EntityKVGet(ctx context.Context, id, key string) (map[string][]string, error)

EntityKVGet returns the values for a key if it exists.

func (*Client) EntityKVReplace ¶ added in v0.4.0

func (c *Client) EntityKVReplace(ctx context.Context, id, key string, values []string) error

EntityKVReplace replaces a the values for a single key that must already exist. Similar to add, ordering will be preserved.

func (*Client) EntityKeys ¶

func (c *Client) EntityKeys(ctx context.Context, id, action, ktype, key string) (map[string][]string, error)

EntityKeys handles updates to public keys stored on an entity. These keys are public and can be queried without authentication. The idea is to provide a means of distributing public keys for SSH and PGP.

func (*Client) EntityLock ¶

func (c *Client) EntityLock(ctx context.Context, id string) error

EntityLock sets the lock bit on the provided entity which will effectively prevent authentication from proceeding even if correct authentication information is provided.

func (*Client) EntitySearch ¶

func (c *Client) EntitySearch(ctx context.Context, expr string) ([]*pb.Entity, error)

EntitySearch performs a search of all entities. This search will return a slice of zero or more entities that matched the search criteria. Searching does not require an authenticated context.

func (*Client) EntityUM ¶

func (c *Client) EntityUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)

EntityUM handles operations concerning the untyped key-value store on each entity. This data is not directly processed by NetAuth or visible in search indexes, but is useful for integrating with 3rd party systems as it provides an ideal place to store alternate keys or IDs. Reads may be performed without authentication, writes must be authenticated.

func (*Client) EntityUnlock ¶

func (c *Client) EntityUnlock(ctx context.Context, id string) error

EntityUnlock is the inverse of EntityLock. See EntityLock for more information.

func (*Client) EntityUpdate ¶

func (c *Client) EntityUpdate(ctx context.Context, id string, meta *pb.EntityMeta) error

EntityUpdate alters the generic metadata on an existing entity. It cannot modify keys or untyped metadata.

func (*Client) GroupAddMember ¶

func (c *Client) GroupAddMember(ctx context.Context, group, entity string) error

GroupAddMember adds a member to a group. Keep in mind that not all systems hooking into NetAuth perform synchronous lookups, so membership changes may take some time to propagate.

func (*Client) GroupCreate ¶

func (c *Client) GroupCreate(ctx context.Context, name, displayName, managedBy string, number int) error

GroupCreate creates a new group with the specified parameters. If you do not require a specific group number you may pass -1 to select the next available number. To make a group managed by another group from the start, pass the name of another group here as the managed-by value in order to enable delegated management.

func (*Client) GroupDelMember ¶

func (c *Client) GroupDelMember(ctx context.Context, group, entity string) error

GroupDelMember removes a member from a group. Keep in mind that not all systems hooking into NetAuth perform synchronous lookups, so membership changes may take some time to propagate.

func (*Client) GroupDestroy ¶

func (c *Client) GroupDestroy(ctx context.Context, name string) error

GroupDestroy permanently removes a group from the server. This is not recommended as NetAuth does not perform internal referential integrity checks, so it is possible to remove a group that has rules pointing at it or otherwise create cycles in the graph. The best practices are to keep groups forever. They're cheap and as long as they're not queried they don't represent additional load.

func (*Client) GroupInfo ¶

func (c *Client) GroupInfo(ctx context.Context, name string) (*pb.Group, []*pb.Group, error)

GroupInfo returns a single group to the caller. This function does not require an authorized context.

func (*Client) GroupKVAdd ¶ added in v0.4.0

func (c *Client) GroupKVAdd(ctx context.Context, id, key string, values []string) error

GroupKVAdd adds a single key to the specified group. The key specified must not already exist. The order values are provided will be preserved.

func (*Client) GroupKVDel ¶ added in v0.4.0

func (c *Client) GroupKVDel(ctx context.Context, id, key string) error

GroupKVDel deletes a single existing key from the target.

func (*Client) GroupKVGet ¶ added in v0.4.0

func (c *Client) GroupKVGet(ctx context.Context, id, key string) (map[string][]string, error)

GroupKVGet returns the values for a key if it exists.

func (*Client) GroupKVReplace ¶ added in v0.4.0

func (c *Client) GroupKVReplace(ctx context.Context, id, key string, values []string) error

GroupKVReplace replaces a the values for a single key that must already exist. Similar to add, ordering will be preserved.

func (*Client) GroupMembers ¶

func (c *Client) GroupMembers(ctx context.Context, name string) ([]*pb.Entity, error)

GroupMembers returns the membership of a group including any member alterations as a result of rules on the group.

func (*Client) GroupSearch ¶

func (c *Client) GroupSearch(ctx context.Context, expression string) ([]*pb.Group, error)

GroupSearch returns a list of groups that satisfy the given search expression. This function requires no authorization.

func (*Client) GroupUM ¶

func (c *Client) GroupUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)

GroupUM handles operations concerning the untyped key-value store on each group. This data is not directly processed by NetAuth or visible in search indexes, but is useful for integrating with 3rd party systems as it provides an ideal place to store alternate keys or IDs. Reads may be performed without authentication, writes must be authenticated.

func (*Client) GroupUpdate ¶

func (c *Client) GroupUpdate(ctx context.Context, update *pb.Group) error

GroupUpdate allows an existing group to be updated. Only some fields on each group can be updated though, so this function will silently unset fields that are not permissible to edit.

func (*Client) GroupUpdateRules ¶

func (c *Client) GroupUpdateRules(ctx context.Context, group, action, target string) error

GroupUpdateRules manages the rules on groups. These rules can transparently include other groups, recursively remove members, or reset the behavior of a group to the default.

func (*Client) SetServiceName ¶

func (c *Client) SetServiceName(s string)

SetServiceName sets the self identified service this client serves. This should be set prior to making any calls to the server.

func (*Client) SystemCapabilities ¶

func (c *Client) SystemCapabilities(ctx context.Context, target, action, capability string, direct bool) error

SystemCapabilities handles the modification of capabilities within the server. Capabilities are the core of NetAuth's internal permissions system, and allow the holder to perform special actions within the server itself. Capabilities should generally be assigned to groups rather than directly to entities, but there are valid cases to assign to an entity directly.

func (*Client) SystemPing ¶

func (c *Client) SystemPing(ctx context.Context) error

SystemPing pings the server and obtains back a pong if the server is healthy. If the server is not healthy error will be not nil. Use this function to gate healthy servers with a load balancer.

func (*Client) SystemStatus ¶

func (c *Client) SystemStatus(ctx context.Context) (*rpc.ServerStatus, error)

SystemStatus returns detailed status information about the server. This information includes a subsystem report and the first failure detected during a health check should a failure be detected.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
subtle

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL