manager

package

v0.0.0-...-db8f46d Latest Latest Go to latest Published: Apr 21, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.com/timeterm/timeterm/nats-manager

Links

Open Source Insights

Documentation ¶

Index ¶

type AccountClaimsEditor
type Manager
- func New(log logr.Logger, store *secrets.Store, dbw *database.Wrapper, ...) (*Manager, error)
type OperatorClaimsEditor
type OperatorConfig
- func DefaultOperatorConfig() OperatorConfig
- func (c OperatorConfig) Validate() error
type UserClaimsEditor

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccountClaimsEditor ¶

type AccountClaimsEditor func(c *jwt.AccountClaims)

An AccountClaimsEditor edits account claims.

type Manager ¶

type Manager struct {
	// contains filtered or unexported fields
}

Manager manages operators, accounts, users and the tokens of these entities.

func New ¶

func New(log logr.Logger, store *secrets.Store, dbw *database.Wrapper, oc OperatorConfig) (*Manager, error)

New creates a new Manager. All parameters must be non-nil and oc must be valid.

func (*Manager) AccountExists ¶

func (m *Manager) AccountExists(ctx context.Context, name string) (bool, error)

AccountExists checks if an account with a known name exists. It returns false if the account doesn't exist and true if it does.

func (*Manager) CheckJWTs ¶

func (m *Manager) CheckJWTs(ctx context.Context)

CheckJWTs checks all JWTs for validity and writes to the log for those that have issues.

func (*Manager) GenerateDeviceCredentials ¶

func (m *Manager) GenerateDeviceCredentials(ctx context.Context, id uuid.UUID) ([]byte, error)

GenerateDeviceCredentials generates new NATS credentials for a device with a known ID.

func (*Manager) GenerateUserCredentials ¶

func (m *Manager) GenerateUserCredentials(ctx context.Context, userName, accountName string) ([]byte, error)

GenerateUserCredentials generates new NATS credentials for a user with a known name and issuer (account).

func (*Manager) GetOperatorJWT ¶

func (m *Manager) GetOperatorJWT(ctx context.Context) (string, error)

GetOperatorJWT retrieves the operator JWT.

func (*Manager) GetSystemAccountPubKey ¶

func (m *Manager) GetSystemAccountPubKey(ctx context.Context) (string, error)

GetSystemAccountPubKey retrieves the public key for the system account.

func (*Manager) GetUserJWT ¶

func (m *Manager) GetUserJWT(ctx context.Context, name, accountName string) (string, error)

func (*Manager) GetUserKeyPair ¶

func (m *Manager) GetUserKeyPair(ctx context.Context, name, accountName string) (nkeys.KeyPair, error)

func (*Manager) Init ¶

func (m *Manager) Init(ctx context.Context) error

Init initializes the manager. Only has to run on the first run of the program (ever), as it configures the keys necessary for issuing other accounts and users.

func (*Manager) InitKeys ¶

func (m *Manager) InitKeys(ctx context.Context) error

InitKeys initializes the system account and the operator.

func (*Manager) NATSCredsCBs ¶

func (m *Manager) NATSCredsCBs(
	ctx context.Context,
	userName, accountName string,
) (nats.UserJWTHandler, nats.SignatureHandler)

func (*Manager) NewAccount ¶

func (m *Manager) NewAccount(ctx context.Context,
	name, operatorName string,
	editors ...AccountClaimsEditor,
) (string, error)

NewAccount creates a new account, automatically creating a key pair. The name for the account must be provided. The required information for validation is automatically registered in the database and Vault. It returns the public key (subject) of the newly created account.

func (*Manager) NewOperator ¶

func (m *Manager) NewOperator(
	ctx context.Context,
	systemAccountPubKey string,
	editors ...OperatorClaimsEditor,
) (string, error)

NewOperator creates a new operator. It requires the public key of the system account. Additional changes to the claims can be made using editors. It automatically creates the key pair and registers the required information in the database and Vault. It returns the public key (subject) of the operator. The name is decided by the Manager's configuration and defaults to the value provided by the environment variable OPERATOR_NAME.

func (*Manager) NewUser ¶

func (m *Manager) NewUser(
	ctx context.Context,
	name, accountName, operatorName string,
	editors ...UserClaimsEditor,
) (string, error)

NewUser creates a new user issued by an existing account. The default claims can be edited with editors.

func (*Manager) ProvisionNewDevice ¶

func (m *Manager) ProvisionNewDevice(ctx context.Context, id uuid.UUID) error

ProvisionNewDevice provision a new device with a user. The ID for the device must be provided.

func (*Manager) SaveAppCreds ¶

func (m *Manager) SaveAppCreds(ctx context.Context, userName, accountName string) error

func (*Manager) UpdateAccount ¶

func (m *Manager) UpdateAccount(ctx context.Context, name, operatorName string, editors ...AccountClaimsEditor) error

func (*Manager) UpdateOperator ¶

func (m *Manager) UpdateOperator(ctx context.Context, name string, editors ...OperatorClaimsEditor) error

func (*Manager) UpdateUser ¶

func (m *Manager) UpdateUser(
	ctx context.Context,
	name, accountName, operatorName string,
	editors ...UserClaimsEditor,
) error

func (*Manager) UserExists ¶

func (m *Manager) UserExists(ctx context.Context, name, accountName string) (bool, error)

UserExists checks if a user with a known name and issuer (account) exists. It returns false if the user doesn't exist and true if it does. If the name of the user is known but the account name is not, it will still return false.

type OperatorClaimsEditor ¶

type OperatorClaimsEditor func(c *jwt.OperatorClaims)

A OperatorClaimsEditor edits operator claims.

type OperatorConfig ¶

type OperatorConfig struct {
	Name        string
	AccountName string
	UserName    string
	ServiceURLs []string
}

OperatorConfig contains configuration about the operator used by the manager.

func DefaultOperatorConfig ¶

func DefaultOperatorConfig() OperatorConfig

DefaultOperatorConfig loads the default (unvalidated) OperatorConfig from the environment.

func (OperatorConfig) Validate ¶

func (c OperatorConfig) Validate() error

Validate validates the OperatorConfig.

type UserClaimsEditor ¶

type UserClaimsEditor func(c *jwt.UserClaims)

A UserClaimsEditor edits user claims.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
static

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL