Documentation ¶
Index ¶
- type AccountClaimsEditor
- type Manager
- func (m *Manager) AccountExists(ctx context.Context, name string) (bool, error)
- func (m *Manager) CheckJWTs(ctx context.Context)
- func (m *Manager) GenerateDeviceCredentials(ctx context.Context, id uuid.UUID) ([]byte, error)
- func (m *Manager) GenerateUserCredentials(ctx context.Context, userName, accountName string) ([]byte, error)
- func (m *Manager) GetOperatorJWT(ctx context.Context) (string, error)
- func (m *Manager) GetSystemAccountPubKey(ctx context.Context) (string, error)
- func (m *Manager) GetUserJWT(ctx context.Context, name, accountName string) (string, error)
- func (m *Manager) GetUserKeyPair(ctx context.Context, name, accountName string) (nkeys.KeyPair, error)
- func (m *Manager) Init(ctx context.Context) error
- func (m *Manager) InitKeys(ctx context.Context) error
- func (m *Manager) NATSCredsCBs(ctx context.Context, userName, accountName string) (nats.UserJWTHandler, nats.SignatureHandler)
- func (m *Manager) NewAccount(ctx context.Context, name, operatorName string, editors ...AccountClaimsEditor) (string, error)
- func (m *Manager) NewOperator(ctx context.Context, systemAccountPubKey string, ...) (string, error)
- func (m *Manager) NewUser(ctx context.Context, name, accountName, operatorName string, ...) (string, error)
- func (m *Manager) ProvisionNewDevice(ctx context.Context, id uuid.UUID) error
- func (m *Manager) SaveAppCreds(ctx context.Context, userName, accountName string) error
- func (m *Manager) UpdateAccount(ctx context.Context, name, operatorName string, editors ...AccountClaimsEditor) error
- func (m *Manager) UpdateOperator(ctx context.Context, name string, editors ...OperatorClaimsEditor) error
- func (m *Manager) UpdateUser(ctx context.Context, name, accountName, operatorName string, ...) error
- func (m *Manager) UserExists(ctx context.Context, name, accountName string) (bool, error)
- type OperatorClaimsEditor
- type OperatorConfig
- type UserClaimsEditor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccountClaimsEditor ¶
type AccountClaimsEditor func(c *jwt.AccountClaims)
An AccountClaimsEditor edits account claims.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager manages operators, accounts, users and the tokens of these entities.
func New ¶
func New(log logr.Logger, store *secrets.Store, dbw *database.Wrapper, oc OperatorConfig) (*Manager, error)
New creates a new Manager. All parameters must be non-nil and oc must be valid.
func (*Manager) AccountExists ¶
AccountExists checks if an account with a known name exists. It returns false if the account doesn't exist and true if it does.
func (*Manager) CheckJWTs ¶
CheckJWTs checks all JWTs for validity and writes to the log for those that have issues.
func (*Manager) GenerateDeviceCredentials ¶
GenerateDeviceCredentials generates new NATS credentials for a device with a known ID.
func (*Manager) GenerateUserCredentials ¶
func (m *Manager) GenerateUserCredentials(ctx context.Context, userName, accountName string) ([]byte, error)
GenerateUserCredentials generates new NATS credentials for a user with a known name and issuer (account).
func (*Manager) GetOperatorJWT ¶
GetOperatorJWT retrieves the operator JWT.
func (*Manager) GetSystemAccountPubKey ¶
GetSystemAccountPubKey retrieves the public key for the system account.
func (*Manager) GetUserJWT ¶
func (*Manager) GetUserKeyPair ¶
func (*Manager) Init ¶
Init initializes the manager. Only has to run on the first run of the program (ever), as it configures the keys necessary for issuing other accounts and users.
func (*Manager) NATSCredsCBs ¶
func (*Manager) NewAccount ¶
func (m *Manager) NewAccount(ctx context.Context, name, operatorName string, editors ...AccountClaimsEditor, ) (string, error)
NewAccount creates a new account, automatically creating a key pair. The name for the account must be provided. The required information for validation is automatically registered in the database and Vault. It returns the public key (subject) of the newly created account.
func (*Manager) NewOperator ¶
func (m *Manager) NewOperator( ctx context.Context, systemAccountPubKey string, editors ...OperatorClaimsEditor, ) (string, error)
NewOperator creates a new operator. It requires the public key of the system account. Additional changes to the claims can be made using editors. It automatically creates the key pair and registers the required information in the database and Vault. It returns the public key (subject) of the operator. The name is decided by the Manager's configuration and defaults to the value provided by the environment variable OPERATOR_NAME.
func (*Manager) NewUser ¶
func (m *Manager) NewUser( ctx context.Context, name, accountName, operatorName string, editors ...UserClaimsEditor, ) (string, error)
NewUser creates a new user issued by an existing account. The default claims can be edited with editors.
func (*Manager) ProvisionNewDevice ¶
ProvisionNewDevice provision a new device with a user. The ID for the device must be provided.
func (*Manager) SaveAppCreds ¶
func (*Manager) UpdateAccount ¶
func (*Manager) UpdateOperator ¶
func (*Manager) UpdateUser ¶
func (*Manager) UserExists ¶
UserExists checks if a user with a known name and issuer (account) exists. It returns false if the user doesn't exist and true if it does. If the name of the user is known but the account name is not, it will still return false.
type OperatorClaimsEditor ¶
type OperatorClaimsEditor func(c *jwt.OperatorClaims)
A OperatorClaimsEditor edits operator claims.
type OperatorConfig ¶
OperatorConfig contains configuration about the operator used by the manager.
func DefaultOperatorConfig ¶
func DefaultOperatorConfig() OperatorConfig
DefaultOperatorConfig loads the default (unvalidated) OperatorConfig from the environment.
func (OperatorConfig) Validate ¶
func (c OperatorConfig) Validate() error
Validate validates the OperatorConfig.
type UserClaimsEditor ¶
type UserClaimsEditor func(c *jwt.UserClaims)
A UserClaimsEditor edits user claims.