Documentation
¶
Index ¶
- Variables
- type ProjectScopeAuthorizer
- type Service
- func (s *Service) Authorize(r *http.Request) error
- func (s *Service) AuthorizeProject(project string) error
- func (s *Service) EnrolledProjects() []string
- func (s *Service) MintDashboardSession(bearerToken string) (string, error)
- func (s *Service) ParseDashboardSession(sessionToken string) (string, error)
- func (s *Service) SetAllowedProjects(projects []string)
- func (s *Service) SetBearerToken(token string)
- func (s *Service) SetDashboardSessionTokens(tokens []string)
Constants ¶
This section is empty.
Variables ¶
var ErrBearerTokenNotConfigured = errors.New("cloud bearer token is not configured")
var ErrInvalidDashboardSessionToken = errors.New("invalid dashboard session token")
var ErrProjectNotAllowed = errors.New("project is not allowed for this token")
var ErrSecretTooShort = errors.New("jwt secret must be at least 32 bytes")
Functions ¶
This section is empty.
Types ¶
type ProjectScopeAuthorizer ¶ added in v1.13.0
type ProjectScopeAuthorizer struct {
// contains filtered or unexported fields
}
func NewProjectScopeAuthorizer ¶ added in v1.13.0
func NewProjectScopeAuthorizer(projects []string) *ProjectScopeAuthorizer
func (*ProjectScopeAuthorizer) AuthorizeProject ¶ added in v1.13.0
func (a *ProjectScopeAuthorizer) AuthorizeProject(project string) error
func (*ProjectScopeAuthorizer) EnrolledProjects ¶ added in v1.13.0
func (a *ProjectScopeAuthorizer) EnrolledProjects() []string
EnrolledProjects returns the sorted list of projects this authorizer allows. Matches the cloudserver.EnrolledProjectsProvider contract so mutation pull can filter server-side by the caller's enrolled projects (REQ-202) rather than fail-closing to an empty result set.
func (*ProjectScopeAuthorizer) SetAllowedProjects ¶ added in v1.13.0
func (a *ProjectScopeAuthorizer) SetAllowedProjects(projects []string)
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func NewService(store *cloudstore.CloudStore, jwtSecret string) (*Service, error)
func (*Service) AuthorizeProject ¶ added in v1.13.0
func (*Service) EnrolledProjects ¶ added in v1.13.0
EnrolledProjects returns the sorted list of projects that this Service is authorized to serve. Used by cloudserver's mutation pull to filter mutations to the caller's enrolled projects (REQ-202).
The interface is cloudserver.EnrolledProjectsProvider; this method makes *Service satisfy it without importing cloudserver (structural assertion).
func (*Service) MintDashboardSession ¶ added in v1.13.0
MintDashboardSession returns a signed dashboard session token. The token is opaque to clients and validated by ParseDashboardSession.
func (*Service) ParseDashboardSession ¶ added in v1.13.0
ParseDashboardSession verifies and decodes a signed dashboard session token.
Source Files