Documentation ¶
Index ¶
- func Authorize(ctx context.Context, token string) context.Context
- type Client
- func (c *Client) AuthChangeSecret(ctx context.Context, entity, secret, oldsecret string) error
- func (c *Client) AuthEntity(ctx context.Context, entity, secret string) error
- func (c *Client) AuthGetToken(ctx context.Context, entity, secret string) (string, error)
- func (c *Client) AuthValidateToken(ctx context.Context, token string) error
- func (c *Client) EntityCreate(ctx context.Context, id, secret string, number int) error
- func (c *Client) EntityDestroy(ctx context.Context, id string) error
- func (c *Client) EntityGroups(ctx context.Context, id string) ([]*pb.Group, error)
- func (c *Client) EntityInfo(ctx context.Context, id string) (pb.Entity, error)
- func (c *Client) EntityKVAdd(ctx context.Context, id, key string, values []string) error
- func (c *Client) EntityKVDel(ctx context.Context, id, key string) error
- func (c *Client) EntityKVGet(ctx context.Context, id, key string) (map[string][]string, error)
- func (c *Client) EntityKVReplace(ctx context.Context, id, key string, values []string) error
- func (c *Client) EntityKeys(ctx context.Context, id, action, ktype, key string) (map[string][]string, error)
- func (c *Client) EntityLock(ctx context.Context, id string) error
- func (c *Client) EntitySearch(ctx context.Context, expr string) ([]*pb.Entity, error)
- func (c *Client) EntityUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)
- func (c *Client) EntityUnlock(ctx context.Context, id string) error
- func (c *Client) EntityUpdate(ctx context.Context, id string, meta *pb.EntityMeta) error
- func (c *Client) GroupAddMember(ctx context.Context, group, entity string) error
- func (c *Client) GroupCreate(ctx context.Context, name, displayName, managedBy string, number int) error
- func (c *Client) GroupDelMember(ctx context.Context, group, entity string) error
- func (c *Client) GroupDestroy(ctx context.Context, name string) error
- func (c *Client) GroupInfo(ctx context.Context, name string) (*pb.Group, []*pb.Group, error)
- func (c *Client) GroupKVAdd(ctx context.Context, id, key string, values []string) error
- func (c *Client) GroupKVDel(ctx context.Context, id, key string) error
- func (c *Client) GroupKVGet(ctx context.Context, id, key string) (map[string][]string, error)
- func (c *Client) GroupKVReplace(ctx context.Context, id, key string, values []string) error
- func (c *Client) GroupMembers(ctx context.Context, name string) ([]*pb.Entity, error)
- func (c *Client) GroupSearch(ctx context.Context, expression string) ([]*pb.Group, error)
- func (c *Client) GroupUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)
- func (c *Client) GroupUpdate(ctx context.Context, update *pb.Group) error
- func (c *Client) GroupUpdateRules(ctx context.Context, group, action, target string) error
- func (c *Client) SetServiceName(s string)
- func (c *Client) SystemCapabilities(ctx context.Context, target, action, capability string, direct bool) error
- func (c *Client) SystemPing(ctx context.Context) error
- func (c *Client) SystemStatus(ctx context.Context) (*rpc.ServerStatus, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an RPC client shim that makes communicating with the NetAuth server easier. The client has helpers for attaching parameters to the request, for crafting protobufs, and for handling other common tasks.
func NewWithLog ¶ added in v0.3.4
NewWithLog uses the specified logger to contruct a NetAuth client. Note that the log handler cannot be changed after setup, so the handler that is provided should have the correct name and be parented to the correct point on the log tree.
func (*Client) AuthChangeSecret ¶
AuthChangeSecret changes the secret for a given entity. If the entity is changing its own secret, then the original secret must be supplied. If an administrator is changing the secret, an appropriate token must be present.
func (*Client) AuthEntity ¶
AuthEntity performs authentication for an entity. It does not perform token acquisition, so if your request will require a token, ensure that you have obtained one already.
func (*Client) AuthGetToken ¶
AuthGetToken performs authentication for an entity and if successful will return a token which can be used to authenticate future requests.
func (*Client) AuthValidateToken ¶
AuthValidateToken performs server-side token validation. This can be useful when symmetric token algorithms are in use and clients are unable to validate tokens locally, or if you simply don't trust the local validation option.
func (*Client) EntityCreate ¶
EntityCreate creates an entity. The entity ID must be unique, and it is strongly encouraged that the number be unique as well. Passing a -1 for the number will select the next valid number and assign it to this entity.
func (*Client) EntityDestroy ¶
EntityDestroy is used to permanently remove entities from the server. This is not recommended and should not be done without good reason. The best practice is to instead have a group that defunct entities get moved to and then locked. This will prevent authentication, while maintaining integrity of the backing tree. This function does not maintain referential integrity, so be careful about removing the last standing admin of a particular type.
func (*Client) EntityGroups ¶
EntityGroups returns the effective group membership of the named entity.
func (*Client) EntityInfo ¶
EntityInfo returns information about an entity. This function does not require authentication, and can be performed with an unauthenticated context.
func (*Client) EntityKVAdd ¶ added in v0.4.0
EntityKVAdd adds a single key to the specified entity. The key specified must not already exist. The order values are provided will be preserved.
func (*Client) EntityKVDel ¶ added in v0.4.0
EntityKVDel deletes a single existing key from the target.
func (*Client) EntityKVGet ¶ added in v0.4.0
EntityKVGet returns the values for a key if it exists.
func (*Client) EntityKVReplace ¶ added in v0.4.0
EntityKVReplace replaces a the values for a single key that must already exist. Similar to add, ordering will be preserved.
func (*Client) EntityKeys ¶
func (c *Client) EntityKeys(ctx context.Context, id, action, ktype, key string) (map[string][]string, error)
EntityKeys handles updates to public keys stored on an entity. These keys are public and can be queried without authentication. The idea is to provide a means of distributing public keys for SSH and PGP.
func (*Client) EntityLock ¶
EntityLock sets the lock bit on the provided entity which will effectively prevent authentication from proceeding even if correct authentication information is provided.
func (*Client) EntitySearch ¶
EntitySearch performs a search of all entities. This search will return a slice of zero or more entities that matched the search criteria. Searching does not require an authenticated context.
func (*Client) EntityUM ¶
func (c *Client) EntityUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)
EntityUM handles operations concerning the untyped key-value store on each entity. This data is not directly processed by NetAuth or visible in search indexes, but is useful for integrating with 3rd party systems as it provides an ideal place to store alternate keys or IDs. Reads may be performed without authentication, writes must be authenticated.
func (*Client) EntityUnlock ¶
EntityUnlock is the inverse of EntityLock. See EntityLock for more information.
func (*Client) EntityUpdate ¶
EntityUpdate alters the generic metadata on an existing entity. It cannot modify keys or untyped metadata.
func (*Client) GroupAddMember ¶
GroupAddMember adds a member to a group. Keep in mind that not all systems hooking into NetAuth perform synchronous lookups, so membership changes may take some time to propagate.
func (*Client) GroupCreate ¶
func (c *Client) GroupCreate(ctx context.Context, name, displayName, managedBy string, number int) error
GroupCreate creates a new group with the specified parameters. If you do not require a specific group number you may pass -1 to select the next available number. To make a group managed by another group from the start, pass the name of another group here as the managed-by value in order to enable delegated management.
func (*Client) GroupDelMember ¶
GroupDelMember removes a member from a group. Keep in mind that not all systems hooking into NetAuth perform synchronous lookups, so membership changes may take some time to propagate.
func (*Client) GroupDestroy ¶
GroupDestroy permanently removes a group from the server. This is not recommended as NetAuth does not perform internal referential integrity checks, so it is possible to remove a group that has rules pointing at it or otherwise create cycles in the graph. The best practices are to keep groups forever. They're cheap and as long as they're not queried they don't represent additional load.
func (*Client) GroupInfo ¶
GroupInfo returns a single group to the caller. This function does not require an authorized context.
func (*Client) GroupKVAdd ¶ added in v0.4.0
GroupKVAdd adds a single key to the specified group. The key specified must not already exist. The order values are provided will be preserved.
func (*Client) GroupKVDel ¶ added in v0.4.0
GroupKVDel deletes a single existing key from the target.
func (*Client) GroupKVGet ¶ added in v0.4.0
GroupKVGet returns the values for a key if it exists.
func (*Client) GroupKVReplace ¶ added in v0.4.0
GroupKVReplace replaces a the values for a single key that must already exist. Similar to add, ordering will be preserved.
func (*Client) GroupMembers ¶
GroupMembers returns the membership of a group including any member alterations as a result of rules on the group.
func (*Client) GroupSearch ¶
GroupSearch returns a list of groups that satisfy the given search expression. This function requires no authorization.
func (*Client) GroupUM ¶
func (c *Client) GroupUM(ctx context.Context, target, action, key, value string) (map[string][]string, error)
GroupUM handles operations concerning the untyped key-value store on each group. This data is not directly processed by NetAuth or visible in search indexes, but is useful for integrating with 3rd party systems as it provides an ideal place to store alternate keys or IDs. Reads may be performed without authentication, writes must be authenticated.
func (*Client) GroupUpdate ¶
GroupUpdate allows an existing group to be updated. Only some fields on each group can be updated though, so this function will silently unset fields that are not permissible to edit.
func (*Client) GroupUpdateRules ¶
GroupUpdateRules manages the rules on groups. These rules can transparently include other groups, recursively remove members, or reset the behavior of a group to the default.
func (*Client) SetServiceName ¶
SetServiceName sets the self identified service this client serves. This should be set prior to making any calls to the server.
func (*Client) SystemCapabilities ¶
func (c *Client) SystemCapabilities(ctx context.Context, target, action, capability string, direct bool) error
SystemCapabilities handles the modification of capabilities within the server. Capabilities are the core of NetAuth's internal permissions system, and allow the holder to perform special actions within the server itself. Capabilities should generally be assigned to groups rather than directly to entities, but there are valid cases to assign to an entity directly.
func (*Client) SystemPing ¶
SystemPing pings the server and obtains back a pong if the server is healthy. If the server is not healthy error will be not nil. Use this function to gate healthy servers with a load balancer.
func (*Client) SystemStatus ¶
SystemStatus returns detailed status information about the server. This information includes a subsystem report and the first failure detected during a health check should a failure be detected.