Documentation ¶
Overview ¶
Package auth is a lightweight credential store. It provides functionality for loading credentials, as well as validating credentials.
Index ¶
- Constants
- type BasicAuther
- type Credential
- type CredentialsStore
- func (c *CredentialsStore) AA(username, password, perm string) bool
- func (c *CredentialsStore) Check(username, password string) bool
- func (c *CredentialsStore) CheckRequest(b BasicAuther) bool
- func (c *CredentialsStore) HasAnyPerm(username string, perm ...string) bool
- func (c *CredentialsStore) HasPerm(username string, perm string) bool
- func (c *CredentialsStore) HasPermRequest(b BasicAuther, perm string) bool
- func (c *CredentialsStore) Load(r io.Reader) error
- func (c *CredentialsStore) Password(username string) (string, bool)
Constants ¶
const ( // AllUsers is the username that indicates all users, even anonymous users (requests without // any BasicAuth information). AllUsers = "*" // PermAll means all actions permitted. PermAll = "all" // PermJoin means user is permitted to join cluster. PermJoin = "join" // PermJoinReadOnly means user is permitted to join the cluster only as a read-only node PermJoinReadOnly = "join-read-only" // PermRemove means user is permitted to remove a node. PermRemove = "remove" // PermExecute means user can access execute endpoint. PermExecute = "execute" // PermQuery means user can access query endpoint PermQuery = "query" // PermStatus means user can retrieve node status. PermStatus = "status" // PermReady means user can retrieve ready status. PermReady = "ready" // PermBackup means user can backup node. PermBackup = "backup" // PermLoad means user can load a SQLite dump into a node. PermLoad = "load" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BasicAuther ¶
BasicAuther is the interface an object must support to return basic auth information.
type Credential ¶
type Credential struct { Username string `json:"username,omitempty"` Password string `json:"password,omitempty"` Perms []string `json:"perms,omitempty"` }
Credential represents authentication and authorization configuration for a single user.
type CredentialsStore ¶
type CredentialsStore struct {
// contains filtered or unexported fields
}
CredentialsStore stores authentication and authorization information for all users.
func NewCredentialsStore ¶
func NewCredentialsStore() *CredentialsStore
NewCredentialsStore returns a new instance of a CredentialStore.
func NewCredentialsStoreFromFile ¶
func NewCredentialsStoreFromFile(path string) (*CredentialsStore, error)
NewCredentialsStoreFromFile returns a new instance of a CredentialStore loaded from a file.
func (*CredentialsStore) AA ¶
func (c *CredentialsStore) AA(username, password, perm string) bool
AA authenticates and checks authorization for the given username and password for the given perm. If the credential store is nil, then this function always returns true. If AllUsers have the given perm, authentication is not done. Only then are the credentials checked, and then the perm checked.
func (*CredentialsStore) Check ¶
func (c *CredentialsStore) Check(username, password string) bool
Check returns true if the password is correct for the given username.
func (*CredentialsStore) CheckRequest ¶
func (c *CredentialsStore) CheckRequest(b BasicAuther) bool
CheckRequest returns true if b contains a valid username and password.
func (*CredentialsStore) HasAnyPerm ¶
func (c *CredentialsStore) HasAnyPerm(username string, perm ...string) bool
HasAnyPerm returns true if username has at least one of the given perms, either directly, or via AllUsers. It does not perform any password checking.
func (*CredentialsStore) HasPerm ¶
func (c *CredentialsStore) HasPerm(username string, perm string) bool
HasPerm returns true if username has the given perm, either directly or via AllUsers. It does not perform any password checking.
func (*CredentialsStore) HasPermRequest ¶
func (c *CredentialsStore) HasPermRequest(b BasicAuther, perm string) bool
HasPermRequest returns true if the username returned by b has the given perm. It does not perform any password checking, but if there is no username in the request, it returns false.