identity

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2026 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProviderStatic = "static" // StaticTokenAuthenticator — token-to-principal map
	ProviderEntra  = "entra"  // Microsoft Entra ID (Azure AD) — future
	ProviderPing   = "ping"   // Ping Identity — future
)

Provider constants identify which authentication mechanism issued a Principal. Handlers and audit code can branch on these without importing provider packages.

View Source 
const (
	RolePlatformAdmin    = "platform.admin"
	RolePlatformOperator = "platform.operator"
	RolePlatformViewer   = "platform.viewer"
)

Platform domain roles govern access to MIDAS operations.

View Source 
const (
	RoleGovernanceApprover = "governance.approver"
	RoleGovernanceReviewer = "governance.reviewer"
)

Governance domain roles govern workflow participation (approval, review).

View Source 
const RoleAdmin = "admin"

Deprecated: use RolePlatformAdmin instead.

View Source 
const RoleApprover = "approver"

Deprecated: use RoleGovernanceApprover instead.

View Source 
const RoleOperator = "operator"

Deprecated: use RolePlatformOperator instead.

View Source 
const RoleReviewer = "reviewer"

Deprecated: use RoleGovernanceReviewer instead.

Variables

This section is empty.

Functions

func NormalizeRoles 

func NormalizeRoles(in []string) []string

NormalizeRoles maps legacy role strings to their canonical equivalents, deduplicates, and returns a deterministic sorted slice. Unknown or already-canonical roles are preserved as-is. Normalization is case-insensitive for legacy role lookup.

Types

type Principal 

type Principal struct {
	ID       string         // e.g. "user:alice" or an OIDC sub claim
	Name     string         // human-readable display name
	Roles    []string       // e.g. ["approver"], ["admin"]
	Provider string         // identifies the auth provider; use Provider* constants
	Subject  string         // raw subject claim from the provider (e.g. OIDC sub)
	Claims   map[string]any // arbitrary provider-specific claims (e.g. JWT payload)
}

Principal represents a verified caller identity. The Provider field indicates which authentication mechanism populated this struct, enabling handlers to apply provider-specific logic without type switches.

func (*Principal) HasAnyRole 

func (p *Principal) HasAnyRole(roles ...string) bool

HasAnyRole returns true if the principal holds at least one of the given roles. Comparison is case-insensitive, matching the semantics of HasRole.

func (Principal) HasRole 

func (p Principal) HasRole(role string) bool

HasRole returns true if the principal has the given role. Comparison is case-insensitive and trims surrounding whitespace.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.