authz

package
v0.0.0-...-757fb74 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2024 License: MIT Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrNil     = errs.Kind("nil")
	ErrInvalid = errs.Kind("invalid")
	ErrExpired = errs.Kind("expired")
	ErrEmpty   = errs.Kind("empty")

	ErrCAAddress          = errs.Entity("CA address")
	ErrPublicKey          = errs.Entity("public key")
	ErrIDPublicKey        = errs.Entity("ID public key")
	ErrPrivateKey         = errs.Entity("private key")
	ErrServiceCertificate = errs.Entity("service certificate")
	ErrIDCertificate      = errs.Entity("ID certificate")
	ErrServicesRepo       = errs.Entity("services repository")
	ErrTokensRepo         = errs.Entity("tokens repository")
	ErrChallenge          = errs.Entity("challenge")
	ErrToken              = errs.Entity("token")
)
View Source 
const (
	ContextKey contextKey = "authz"
)

Variables

View Source 
var (
	ErrEmptyCAAddress            = errs.WithDomain(errDomain, ErrEmpty, ErrCAAddress)
	ErrNilServicesRepository     = errs.WithDomain(errDomain, ErrNil, ErrServicesRepo)
	ErrNilTokensRepository       = errs.WithDomain(errDomain, ErrNil, ErrTokensRepo)
	ErrNilPrivateKey             = errs.WithDomain(errDomain, ErrNil, ErrPrivateKey)
	ErrInvalidPublicKey          = errs.WithDomain(errDomain, ErrInvalid, ErrPublicKey)
	ErrInvalidServiceCertificate = errs.WithDomain(errDomain, ErrInvalid, ErrServiceCertificate)
	ErrInvalidIDPublicKey        = errs.WithDomain(errDomain, ErrInvalid, ErrIDPublicKey)
	ErrInvalidIDCertificate      = errs.WithDomain(errDomain, ErrInvalid, ErrIDCertificate)
	ErrInvalidChallenge          = errs.WithDomain(errDomain, ErrInvalid, ErrChallenge)
	ErrExpiredToken              = errs.WithDomain(errDomain, ErrExpired, ErrToken)
)
View Source 
var (
	ErrEmptyHeaders = errors.New("empty headers")
)

Functions

func StreamInterceptor 

func StreamInterceptor(client pb.AuthzClient) grpc.StreamServerInterceptor

func UnaryInterceptor 

func UnaryInterceptor(client pb.AuthzClient) grpc.UnaryServerInterceptor

func WithCSR 

func WithCSR(csr *pb.CSR) cfg.Option[Config]

func WithChallengeExpiry 

func WithChallengeExpiry(dur time.Duration) cfg.Option[Config]

func WithDurMonth 

func WithDurMonth(months int) cfg.Option[Config]

func WithLogHandler 

func WithLogHandler(handler slog.Handler) cfg.Option[Config]

func WithLogger 

func WithLogger(logger *slog.Logger) cfg.Option[Config]

func WithMetrics 

func WithMetrics(m Metrics) cfg.Option[Config]

func WithTokenExpiry 

func WithTokenExpiry(dur time.Duration) cfg.Option[Config]

func WithTracer 

func WithTracer(tracer trace.Tracer) cfg.Option[Config]

Types

type Authz 

type Authz struct {
	pb.UnimplementedAuthzServer
	pb.UnimplementedCertificateAuthorityServer
	// contains filtered or unexported fields
}

func NewAuthz 

func NewAuthz(
	name, caAddress string,
	privateKey *ecdsa.PrivateKey,
	services ServiceRepository,
	tokens TokensRepository,
	random Randomizer,
	opts ...cfg.Option[Config],
) (*Authz, error)

func (*Authz) CreateCertificate 

func (a *Authz) CreateCertificate(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)

func (*Authz) DeleteCertificate 

func (a *Authz) DeleteCertificate(ctx context.Context, req *pb.CertificateDeletionRequest) (*pb.CertificateDeletionResponse, error)

func (*Authz) DeleteService 

func (a *Authz) DeleteService(ctx context.Context, req *pb.DeletionRequest) (*pb.DeletionResponse, error)

func (*Authz) ListCertificates 

func (a *Authz) ListCertificates(ctx context.Context, req *pb.CertificateRequest) (*pb.ListCertificatesResponse, error)

func (*Authz) Login 

func (a *Authz) Login(ctx context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error)

func (*Authz) RegisterService 

func (a *Authz) RegisterService(ctx context.Context, req *pb.CertificateRequest) (*pb.CertificateResponse, error)

func (*Authz) RootCertificate 

func (a *Authz) RootCertificate(ctx context.Context, _ *pb.RootCertificateRequest) (*pb.RootCertificateResponse, error)

func (*Authz) Shutdown 

func (a *Authz) Shutdown(ctx context.Context) error

func (*Authz) SignUp 

func (a *Authz) SignUp(ctx context.Context, req *pb.SignUpRequest) (*pb.SignUpResponse, error)

func (*Authz) Token 

func (a *Authz) Token(ctx context.Context, req *pb.TokenRequest) (*pb.TokenResponse, error)

func (*Authz) VerifyCertificate 

func (a *Authz) VerifyCertificate(ctx context.Context, req *pb.VerificationRequest) (*pb.VerificationResponse, error)

func (*Authz) VerifyToken 

func (a *Authz) VerifyToken(ctx context.Context, req *pb.AuthRequest) (*pb.AuthResponse, error)

type Config 

type Config struct {
	// contains filtered or unexported fields
}

type Metrics 

type Metrics interface {
	// Authz metrics
	IncServiceLoginRequests(service string)
	IncServiceLoginFailed(service string)
	ObserveServiceLoginLatency(ctx context.Context, service string, duration time.Duration)
	IncServiceTokenRequests(service string)
	IncServiceTokenFailed(service string)
	ObserveServiceTokenLatency(ctx context.Context, service string, duration time.Duration)
	IncServiceTokenVerifications(service string)
	IncServiceTokenVerificationFailed(service string)
	ObserveServiceTokenVerificationLatency(ctx context.Context, service string, duration time.Duration)

	// CA metrics
	IncServiceRegistries()
	IncServiceRegistryFailed()
	ObserveServiceRegistryLatency(ctx context.Context, duration time.Duration)
	IncServiceDeletions()
	IncServiceDeletionFailed()
	ObserveServiceDeletionLatency(ctx context.Context, duration time.Duration)
	IncCertificatesCreated(service string)
	IncCertificatesCreateFailed(service string)
	ObserveCertificatesCreateLatency(ctx context.Context, service string, duration time.Duration)
	IncCertificatesListed(service string)
	IncCertificatesListFailed(service string)
	ObserveCertificatesListLatency(ctx context.Context, service string, duration time.Duration)
	IncCertificatesDeleted(service string)
	IncCertificatesDeleteFailed(service string)
	ObserveCertificatesDeleteLatency(ctx context.Context, service string, duration time.Duration)
	IncCertificatesVerified(service string)
	IncCertificateVerificationFailed(service string)
	ObserveCertificateVerificationLatency(ctx context.Context, service string, duration time.Duration)
	IncRootCertificateRequests()
	IncRootCertificateRequestFailed()
	ObserveRootCertificateRequestLatency(ctx context.Context, duration time.Duration)

	RegisterCollector(collector prometheus.Collector)
}

type Randomizer 

type Randomizer interface {
	Random() ([]byte, error)
}

type ServiceRepository 

type ServiceRepository interface {
	GetService(ctx context.Context, service string) (pubKey []byte, err error)
	CreateService(ctx context.Context, service string, pubKey []byte) (err error)
	DeleteService(ctx context.Context, service string) error

	ListCertificates(ctx context.Context, service string) (certs []*pb.CertificateResponse, err error)
	CreateCertificate(ctx context.Context, service string, cert []byte, expiry time.Time) error
	DeleteCertificate(ctx context.Context, service string, cert []byte) error

	Shutdown(ctx context.Context) error
}

type TokensRepository 

type TokensRepository interface {
	CreateChallenge(ctx context.Context, service string, challenge []byte, expiry time.Time) error
	ListChallenges(ctx context.Context, service string) (challenges []*pb.LoginResponse, err error)
	DeleteChallenge(ctx context.Context, service string, challenge []byte) error

	CreateToken(ctx context.Context, service string, token []byte, expiry time.Time) error
	ListTokens(ctx context.Context, service string) (tokens []*pb.TokenResponse, err error)
	DeleteToken(ctx context.Context, service string, token []byte) error

	Shutdown(ctx context.Context) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.