auth

package
v42.0.0-...-56f38d9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2017 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package auth provides functionality related to authentication and authorization

Index

Constants

View Source 
const (
	// PermissionTypeResource is to used in a Keycloak Permission payload: {"type":"resource"}
	PermissionTypeResource = "resource"
	// PolicyTypeUser is to used in a Keycloak Policy payload: {"type":"user"}
	PolicyTypeUser = "user"
	// PolicyLogicPossitive is to used in a Keycloak Policy payload: {"logic":""POSITIVE"}
	PolicyLogicPossitive = "POSITIVE"
	// PolicyDecisionStrategyUnanimous is to used in a Keycloak Policy payload: {"decisionStrategy":""UNANIMOUS"}
	PolicyDecisionStrategyUnanimous = "UNANIMOUS"

	// EntitlementLimit is used to specify the number of entitlement resources info in the RPT
	EntitlementLimit = "1"
)

Variables

This section is empty.

Functions

func CreatePermission 

func CreatePermission(ctx context.Context, clientsEndpoint string, clientID string, permission KeycloakPermission, protectionAPIToken string) (string, error)

CreatePermission creates a Keycloak permission

func CreatePolicy 

func CreatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) (string, error)

CreatePolicy creates a Keycloak policy

func CreateResource 

func CreateResource(ctx context.Context, resource KeycloakResource, authzEndpoint string, protectionAPIToken string) (string, error)

CreateResource creates a Keycloak resource

func DeletePermission 

func DeletePermission(ctx context.Context, clientsEndpoint string, clientID string, permissionID string, protectionAPIToken string) error

DeletePermission deletes the Keycloak permission

func DeletePolicy 

func DeletePolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) error

DeletePolicy deletes the Keycloak policy

func DeleteResource 

func DeleteResource(ctx context.Context, kcResourceID string, authzEndpoint string, protectionAPIToken string) error

DeleteResource deletes the Keycloak resource assosiated with the space

func GetClientID 

func GetClientID(ctx context.Context, clientsEndpoint string, publicClientID string, protectionAPIToken string) (string, error)

GetClientID obtains the internal client ID associated with keycloak client

func GetEntitlement 

func GetEntitlement(ctx context.Context, entitlementEndpoint string, entitlementResource *EntitlementResource, userAccesToken string) (*string, error)

GetEntitlement obtains Entitlement for specific resource. If entitlementResource == nil then Entitlement for all resources available to the user is returned. Returns (nil, nil) if response status == Forbiden which means the user doesn't have permissions to obtain Entitlement

func GetProtectedAPIToken 

func GetProtectedAPIToken(ctx context.Context, openidConnectTokenURL string, clientID string, clientSecret string) (string, error)

GetProtectedAPIToken obtains a Protected API Token (PAT) from Keycloak

func UpdatePolicy 

func UpdatePolicy(ctx context.Context, clientsEndpoint string, clientID string, policy KeycloakPolicy, protectionAPIToken string) error

UpdatePolicy updates the Keycloak policy

func ValidateKeycloakUser 

func ValidateKeycloakUser(ctx context.Context, adminEndpoint string, userID, protectionAPIToken string) (bool, error)

ValidateKeycloakUser returns true if the user exists in Keycloak. Returns false if the user is not found

func VerifyResourceUser 

func VerifyResourceUser(ctx context.Context, token string, resourceName string, entitlementEndpoint string) (bool, error)

VerifyResourceUser returns true if the user among the resource collaborators

Types

type AuthServiceConfiguration 

type AuthServiceConfiguration interface {
	GetAuthEndpointSpaces(*http.Request) (string, error)
	IsAuthorizationEnabled() bool
}

AuthServiceConfiguration represents auth service configuration

type AuthorizationPayload 

type AuthorizationPayload struct {
	Permissions []Permissions `json:"permissions"`
}

AuthorizationPayload represents an authz payload in the rpt token

type AuthzPolicyManager 

type AuthzPolicyManager interface {
	GetPolicy(ctx context.Context, request *http.Request, policyID string) (*KeycloakPolicy, *string, error)
	UpdatePolicy(ctx context.Context, request *http.Request, policy KeycloakPolicy, pat string) error
	AddUserToPolicy(p *KeycloakPolicy, userID string) bool
	RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool
}

AuthzPolicyManager represents a space collaborators policy manager

type AuthzResourceManager 

type AuthzResourceManager struct {
	// contains filtered or unexported fields
}

AuthzResourceManager implements ResourceManager interface

func NewAuthzResourceManager 

func NewAuthzResourceManager(config AuthServiceConfiguration) *AuthzResourceManager

NewAuthzResourceManager constructs AuthzResourceManager

func (*AuthzResourceManager) CreateSpace 

func (m *AuthzResourceManager) CreateSpace(ctx context.Context, request *http.Request, spaceID string) (*authservice.SpaceResource, error)

CreateSpace calls auth service to create a keycloak resource associated with the space

func (*AuthzResourceManager) DeleteSpace 

func (m *AuthzResourceManager) DeleteSpace(ctx context.Context, request *http.Request, spaceID string) error

DeleteSpace calls auth service to delete the keycloak resource associated with the space

type EntitlementMeta 

type EntitlementMeta struct {
	Limit string `json:"limit"`
}

type EntitlementResource 

type EntitlementResource struct {
	Permissions     []ResourceSet   `json:"permissions"`
	MetaInformation EntitlementMeta `json:"metadata"`
}

EntitlementResource represents a payload for obtaining entitlement for specific resource

type GormOauthStateReferenceRepository 

type GormOauthStateReferenceRepository struct {
	// contains filtered or unexported fields
}

GormOauthStateReferenceRepository implements OauthStateReferenceRepository using gorm

func NewOauthStateReferenceRepository 

func NewOauthStateReferenceRepository(db *gorm.DB) *GormOauthStateReferenceRepository

NewOauthStateReferenceRepository creates a new oauth state reference repo

func (*GormOauthStateReferenceRepository) Create 

func (r *GormOauthStateReferenceRepository) Create(ctx context.Context, reference *OauthStateReference) (*OauthStateReference, error)

Create creates a new oauth state reference in the DB returns InternalError

func (*GormOauthStateReferenceRepository) Delete 

func (r *GormOauthStateReferenceRepository) Delete(ctx context.Context, ID uuid.UUID) error

Delete deletes the reference with the given id returns NotFoundError or InternalError

func (*GormOauthStateReferenceRepository) Load 

func (r *GormOauthStateReferenceRepository) Load(ctx context.Context, id uuid.UUID) (*OauthStateReference, error)

Load loads state reference by ID

type KeycloakConfiguration 

type KeycloakConfiguration interface {
	GetKeycloakEndpointAuthzResourceset(*http.Request) (string, error)
	GetKeycloakEndpointToken(*http.Request) (string, error)
	GetKeycloakEndpointClients(*http.Request) (string, error)
	GetKeycloakEndpointAdmin(*http.Request) (string, error)
	GetKeycloakEndpointEntitlement(*http.Request) (string, error)
	GetKeycloakClientID() string
	GetKeycloakSecret() string
}

KeycloakConfiguration represents a keycloak configuration

type KeycloakPermission 

type KeycloakPermission struct {
	ID               *string              `json:"id,omitempty"`
	Name             string               `json:"name"`
	Type             string               `json:"type"`
	Logic            string               `json:"logic"`
	DecisionStrategy string               `json:"decisionStrategy"`
	Config           PermissionConfigData `json:"config"`
}

KeycloakPermission represents a keycloak permission payload

type KeycloakPolicy 

type KeycloakPolicy struct {
	ID               *string          `json:"id,omitempty"`
	Name             string           `json:"name"`
	Type             string           `json:"type"`
	Logic            string           `json:"logic"`
	DecisionStrategy string           `json:"decisionStrategy"`
	Config           PolicyConfigData `json:"config"`
}

KeycloakPolicy represents a keycloak policy payload

func GetPolicy 

func GetPolicy(ctx context.Context, clientsEndpoint string, clientID string, policyID string, protectionAPIToken string) (*KeycloakPolicy, error)

GetPolicy obtains a policy from Keycloak

func (*KeycloakPolicy) AddUserToPolicy 

func (p *KeycloakPolicy) AddUserToPolicy(userID string) bool

AddUserToPolicy adds the user ID to the policy

func (*KeycloakPolicy) RemoveUserFromPolicy 

func (p *KeycloakPolicy) RemoveUserFromPolicy(userID string) bool

RemoveUserFromPolicy removes the user ID from the policy

type KeycloakPolicyManager 

type KeycloakPolicyManager struct {
	// contains filtered or unexported fields
}

KeycloakPolicyManager implements AuthzPolicyManager interface

func NewKeycloakPolicyManager 

func NewKeycloakPolicyManager(config KeycloakConfiguration) *KeycloakPolicyManager

NewKeycloakPolicyManager constructs KeycloakPolicyManager

func (*KeycloakPolicyManager) AddUserToPolicy 

func (m *KeycloakPolicyManager) AddUserToPolicy(p *KeycloakPolicy, userID string) bool

AddUserToPolicy adds the user ID to the policy

func (*KeycloakPolicyManager) GetPolicy 

func (m *KeycloakPolicyManager) GetPolicy(ctx context.Context, request *http.Request, policyID string) (*KeycloakPolicy, *string, error)

GetPolicy obtains the space collaborators policy

func (*KeycloakPolicyManager) RemoveUserFromPolicy 

func (m *KeycloakPolicyManager) RemoveUserFromPolicy(p *KeycloakPolicy, userID string) bool

RemoveUserFromPolicy removes the user ID from the policy

func (*KeycloakPolicyManager) UpdatePolicy 

func (m *KeycloakPolicyManager) UpdatePolicy(ctx context.Context, request *http.Request, policy KeycloakPolicy, pat string) error

UpdatePolicy updates the space collaborators policy

type KeycloakResource 

type KeycloakResource struct {
	Name   string    `json:"name"`
	Owner  *string   `json:"owner,omitempty"`
	Type   string    `json:"type"`
	Scopes *[]string `json:"scopes,omitempty"`
	URI    *string   `json:"uri,omitempty"`
}

KeycloakResource represents a keycloak resource payload

type OauthStateReference 

type OauthStateReference struct {
	gormsupport.Lifecycle
	ID       uuid.UUID `sql:"type:uuid default uuid_generate_v4()" gorm:"primary_key"`
	Referrer string
}

OauthStateReference represents a oauth state reference

func (OauthStateReference) Equal 

func (r OauthStateReference) Equal(u convert.Equaler) bool

Equal returns true if two States objects are equal; otherwise false is returned.

func (OauthStateReference) TableName 

func (r OauthStateReference) TableName() string

TableName implements gorm.tabler

type OauthStateReferenceRepository 

type OauthStateReferenceRepository interface {
	Create(ctx context.Context, state *OauthStateReference) (*OauthStateReference, error)
	Delete(ctx context.Context, ID uuid.UUID) error
	Load(ctx context.Context, ID uuid.UUID) (*OauthStateReference, error)
}

OauthStateReferenceRepository encapsulate storage & retrieval of state references

type PermissionConfigData 

type PermissionConfigData struct {
	Resources     string `json:"resources"`
	ApplyPolicies string `json:"applyPolicies"`
}

PermissionConfigData represents a config in the keycloak permission payload

type Permissions 

type Permissions struct {
	ResourceSetName *string `json:"resource_set_name"`
	ResourceSetID   *string `json:"resource_set_id"`
}

Permissions represents a "permissions" in the AuthorizationPayload

type PolicyConfigData 

type PolicyConfigData struct {
	//"users":"[\"<ID>\",\"<ID>\"]"
	UserIDs string `json:"users"`
}

PolicyConfigData represents a config in the keycloak policy payload

type ResourceManager 

type ResourceManager interface {
	CreateSpace(ctx context.Context, request *http.Request, spaceID string) (*authservice.SpaceResource, error)
	DeleteSpace(ctx context.Context, request *http.Request, spaceID string) error
}

ResourceManager represents a space resource manager

type ResourceSet 

type ResourceSet struct {
	Name string  `json:"resource_set_name"`
	ID   *string `json:"resource_set_id,omitempty"`
}

ResourceSet represents a resource set for Entitlement payload

type Token 

type Token struct {
	AccessToken      *string `json:"access_token,omitempty"`
	ExpiresIn        *int64  `json:"expires_in,omitempty"`
	NotBeforePolicy  *int64  `json:"not-before-policy,omitempty"`
	RefreshExpiresIn *int64  `json:"refresh_expires_in,omitempty"`
	RefreshToken     *string `json:"refresh_token,omitempty"`
	TokenType        *string `json:"token_type,omitempty"`
}

Token represents a Keycloak token response

func ReadToken 

func ReadToken(ctx context.Context, res *http.Response) (*Token, error)

ReadToken extracts json with token data from the response

type TokenPayload 

type TokenPayload struct {
	jwt.StandardClaims
	Authorization *AuthorizationPayload `json:"authorization"`
}

TokenPayload represents an rpt token

type UserInfo 

type UserInfo struct {
	Sub               string `json:"sub"`
	Name              string `json:"name"`
	PreferredUsername string `json:"preferred_username"`
	GivenName         string `json:"given_name"`
	FamilyName        string `json:"family_name"`
	Email             string `json:"email"`
}

UserInfo represents a user info Keycloak payload

func GetUserInfo 

func GetUserInfo(ctx context.Context, userInfoEndpoint string, userAccessToken string) (*UserInfo, error)

GetUserInfo gets user info from Keycloak

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.