package acl

import "go.chromium.org/goma/server/auth/acl"

Package acl performs access control with ACL.

Index ¶

• Constants
• type ACL
• func (a *ACL) Update(ctx context.Context) error
• type AuthDB
• type Checker
• func (c *Checker) CheckToken(ctx context.Context, token *oauth2.Token, tokenInfo *auth.TokenInfo) (string, *oauth2.Token, error)
• func (c *Checker) Set(ctx context.Context, config *pb.ACL) error
• type DefaultAllowlist
• func (DefaultAllowlist) Load(ctx context.Context) (*pb.ACL, error)
• type FileLoader
• func (l FileLoader) Load(ctx context.Context) (*pb.ACL, error)
• type Loader
• type StaticLoader
• func (l StaticLoader) Load(ctx context.Context) (*pb.ACL, error)

Package Files ¶

acl.go allowlist.go checker.go loader.go

Constants ¶

const (
    // new goma client client_id
    // https://chromium.googlesource.com/infra/goma/client/+/70685d6cbb19c108d8abf2235edd2d02bed8dded/client/oauth2.cc#72
    GomaClientClientID = "687418631491-r6m1c3pr0lth5atp4ie07f03ae8omefc.apps.googleusercontent.com"
)

type ACL ¶ Uses

type ACL struct {
    Loader
    Checker
}

ACL manages access control list.

func (*ACL) Update ¶ Uses

func (a *ACL) Update(ctx context.Context) error

Update loads acl by Loader and sets it to Checker.

type AuthDB ¶ Uses

type AuthDB interface {
    IsMember(ctx context.Context, email, group string) bool
}

AuthDB provides authentication database; user groups.

type Checker ¶ Uses

type Checker struct {
    AuthDB
    account.Pool
    // contains filtered or unexported fields
}

Checker checks token.

func (*Checker) CheckToken ¶ Uses

func (c *Checker) CheckToken(ctx context.Context, token *oauth2.Token, tokenInfo *auth.TokenInfo) (string, *oauth2.Token, error)

CheckToken checks token and returns group id and token used for backend API.

func (*Checker) Set ¶ Uses

func (c *Checker) Set(ctx context.Context, config *pb.ACL) error

Set sets config in the checker.

type DefaultAllowlist ¶ Uses

type DefaultAllowlist struct{}

DefaultAllowlist is a loader to provide default allow list, which pass through EUC.

func (DefaultAllowlist) Load ¶ Uses

func (DefaultAllowlist) Load(ctx context.Context) (*pb.ACL, error)

type FileLoader ¶ Uses

type FileLoader struct {
    Filename string
}

FileLoader loads acl data from Filename.

func (FileLoader) Load ¶ Uses

func (l FileLoader) Load(ctx context.Context) (*pb.ACL, error)

Loads loads acl stored as text proto in file.

type Loader ¶ Uses

type Loader interface {
    Load(ctx context.Context) (*pb.ACL, error)
}

Loader loads acl data.

type StaticLoader ¶ Uses

type StaticLoader struct {
    *pb.ACL
}

StaticLoader loads static acl data.

func (StaticLoader) Load ¶ Uses

func (l StaticLoader) Load(ctx context.Context) (*pb.ACL, error)