aclstore

package

v0.0.0-...-7bb3757 Latest Latest Go to latest Published: Jan 18, 2022 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wostzone/hub

Documentation ¶

Index ¶

Constants
func IsRoleGreaterEqual(role string, minRole string) bool
func WriteAclsToTempFile(folder string, acls map[string]AclGroup) (tempFileName string, err error)
type AclFileStore
- func NewAclFileStore(filepath string, clientID string) *AclFileStore
type AclGroup

Constants ¶

View Source

const DefaultAclFile = "hub.acl"

DefaultAclFile recommended ACL filename for Hub authentication

Variables ¶

This section is empty.

Functions ¶

func IsRoleGreaterEqual ¶

func IsRoleGreaterEqual(role string, minRole string) bool

IsRoleGreaterEqual returns true if a user role has same or greater permissions than the minimum role.

func WriteAclsToTempFile ¶

func WriteAclsToTempFile(folder string, acls map[string]AclGroup) (tempFileName string, err error)

WriteAclsToTempFile write the ACL store to a temp file

Types ¶

type AclFileStore ¶

type AclFileStore struct {
	Groups map[string]AclGroup `yaml:"groups"` // store by group ID
	// contains filtered or unexported fields
}

AclFileStore stores ACL list in file. It includes a file watcher to automatically reload on update.

func NewAclFileStore ¶

func NewAclFileStore(filepath string, clientID string) *AclFileStore

NewAclFileStore creates an instance of a file based ACL store

filepath is the location of the store. See also DefaultAclFilename for the recommended name.
clientID is for logging which authservice is accessing it

func (*AclFileStore) Close ¶

func (aclStore *AclFileStore) Close()

Close the store

func (*AclFileStore) GetGroups ¶

func (aclStore *AclFileStore) GetGroups(clientID string) []string

GetGroups returns a list of groups a thing or user is a member of

func (*AclFileStore) GetRole ¶

func (aclStore *AclFileStore) GetRole(clientID string, groupIDs []string) string

GetRole returns the highest role of a user has in a list of group Intended to get client permissions in case of overlapping groups

func (*AclFileStore) Open ¶

func (aclStore *AclFileStore) Open() error

Open the store This reads the acl file and subscribes to file changes. The ACL file MUST exist, even if it is empty.

func (*AclFileStore) Reload ¶

func (aclStore *AclFileStore) Reload() error

Reload the ACL store from file

func (*AclFileStore) SetRole ¶

func (aclStore *AclFileStore) SetRole(clientID string, groupID string, role string) error

SetRole sets a user ACL and update the store. This updates the user's role, saves it to a temp file and move the result to the store file. Interruptions will not lead to data corruption as the resulting acl file is only moved after successful write. Note that concurrent writes by different processes is not supported and can lead to one of the writes being ignored.

clientID login name to assign the role
groupID  group where the role applies
role     one of GroupRoleViewer, GroupRoleEditor, GroupRoleManager, GroupRoleThing or GroupRoleNone to remove the role

type AclGroup ¶

type AclGroup map[string]string // map of clientID:role

AclGroup is a map of group clients and roles

Source Files ¶

View all Source files

AclFileStore.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL