auth

package
v0.54.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: Apache-2.0 Imports: 18 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	AuthType_IGNORE       = "IGNORE"
	AuthType_ALTER_SYSTEM = "ALTER_SYSTEM"
	AuthType_CONNECT      = "CONNECT"
	AuthType_CREATE       = "CREATE"
	AuthType_DELETE       = "DELETE"
	AuthType_DROPTABLE    = "DROPTABLE"
	AuthType_EXECUTE      = "EXECUTE"
	AuthType_INSERT       = "INSERT"
	AuthType_REFERENCES   = "REFERENCES"
	AuthType_SELECT       = "SELECT"
	AuthType_SET          = "SET"
	AuthType_TEMPORARY    = "TEMPORARY"
	AuthType_TRIGGER      = "TRIGGER"
	AuthType_TRUNCATE     = "TRUNCATE"
	AuthType_UPDATE       = "UPDATE"
	AuthType_USAGE        = "USAGE"
)

These AuthType_ enums are used as the AuthType in vitess.AuthInformation.

View Source 
const (
	AuthTargetType_Ignore              = "IGNORE"
	AuthTargetType_DatabaseIdentifiers = "DB_IDENTS"
	AuthTargetType_SchemaIdentifiers   = "DB_SCH_IDENTS"
	AuthTargetType_TableIdentifiers    = "DB_SCH_TABLE_IDENTS"
	AuthTargetType_TODO                = "TODO"
)

These AuthTargetType_ enums are used as the TargetType in vitess.AuthInformation.

View Source 
const (
	Privilege_SELECT       = "r"
	Privilege_INSERT       = "a"
	Privilege_UPDATE       = "w"
	Privilege_DELETE       = "d"
	Privilege_TRUNCATE     = "D"
	Privilege_REFERENCES   = "x"
	Privilege_TRIGGER      = "t"
	Privilege_CREATE       = "C"
	Privilege_CONNECT      = "c"
	Privilege_TEMPORARY    = "T"
	Privilege_EXECUTE      = "X"
	Privilege_USAGE        = "U"
	Privilege_SET          = "s"
	Privilege_ALTER_SYSTEM = "A"
	Privilege_DROP         = "Y"
)

Variables

This section is empty.

Functions

func AddDatabasePrivilege added in v0.15.0 

func AddDatabasePrivilege(key DatabasePrivilegeKey, privilege GrantedPrivilege, withGrantOption bool)

AddDatabasePrivilege adds the given database privilege to the global database.

func AddMemberToGroup added in v0.15.0 

func AddMemberToGroup(member RoleID, group RoleID, withAdminOption bool, grantedBy RoleID)

AddMemberToGroup adds the member role to the group role.

func AddSchemaPrivilege added in v0.15.0 

func AddSchemaPrivilege(key SchemaPrivilegeKey, privilege GrantedPrivilege, withGrantOption bool)

AddSchemaPrivilege adds the given schema privilege to the global database.

func AddTablePrivilege added in v0.14.0 

func AddTablePrivilege(key TablePrivilegeKey, privilege GrantedPrivilege, withGrantOption bool)

AddTablePrivilege adds the given table privilege to the global database.

func ClearDatabase 

func ClearDatabase()

ClearDatabase clears the internal database, leaving only the default users. This is primarily for use by tests.

func DropRole 

func DropRole(name string)

DropRole removes the given role from the database. If the role does not exist, then this is a no-op.

func GenerateRandomOctetString 

func GenerateRandomOctetString(length int) rfc5802.OctetString

GenerateRandomOctetString generates an OctetString filled with random bytes.

func GetSuperUserAndPassword added in v0.54.4 

func GetSuperUserAndPassword() (string, string)

GetSuperUserAndPassword returns the superuser and password for the server to use, as defined in the environment

func HasDatabasePrivilege added in v0.15.0 

func HasDatabasePrivilege(key DatabasePrivilegeKey, privilege Privilege) bool

HasDatabasePrivilege checks whether the user has the given privilege on the associated database.

func HasSchemaPrivilege added in v0.15.0 

func HasSchemaPrivilege(key SchemaPrivilegeKey, privilege Privilege) bool

HasSchemaPrivilege checks whether the user has the given privilege on the associated schema.

func HasTablePrivilege added in v0.14.0 

func HasTablePrivilege(key TablePrivilegeKey, privilege Privilege) bool

HasTablePrivilege checks whether the user has the given privilege on the associated table.

func Init added in v0.14.0 

func Init(dEnv *env.DoltEnv, cfg Config)

Init handles all initialization needs in this package.

func IsSuperUser added in v0.15.0 

func IsSuperUser(role RoleID) bool

IsSuperUser returns whether the given role is a SUPERUSER.

func LockRead added in v0.14.0 

func LockRead(f func())

LockRead takes an anonymous function and runs it while using a read lock. This ensures that the lock is automatically released once the function finishes.

func LockWrite added in v0.14.0 

func LockWrite(f func())

LockWrite takes an anonymous function and runs it while using a write lock. This ensures that the lock is automatically released once the function finishes.

func PersistChanges added in v0.14.0 

func PersistChanges() error

PersistChanges will save the state of the global database to disk (assuming we are not using the pure in-memory implementation).

func RemoveDatabasePrivilege added in v0.15.0 

func RemoveDatabasePrivilege(key DatabasePrivilegeKey, privilege GrantedPrivilege, grantOptionOnly bool)

RemoveDatabasePrivilege removes the privilege from the global database. If `grantOptionOnly` is true, then only the WITH GRANT OPTION portion is revoked. If `grantOptionOnly` is false, then the full privilege is removed. If the GrantedBy field contains a valid RoleID, then only the privilege associated with that granter is removed. Otherwise, the privilege is completely removed for the grantee.

func RemoveMemberFromGroup added in v0.15.0 

func RemoveMemberFromGroup(member RoleID, group RoleID, adminOptionOnly bool)

RemoveMemberFromGroup removes the member from the group. If `adminOptionOnly` is true, then only the WITH ADMIN OPTION portion is revoked. If `adminOptionOnly` is false, then the member is fully is removed.

func RemoveSchemaPrivilege added in v0.15.0 

func RemoveSchemaPrivilege(key SchemaPrivilegeKey, privilege GrantedPrivilege, grantOptionOnly bool)

RemoveSchemaPrivilege removes the privilege from the global database. If `grantOptionOnly` is true, then only the WITH GRANT OPTION portion is revoked. If `grantOptionOnly` is false, then the full privilege is removed. If the GrantedBy field contains a valid RoleID, then only the privilege associated with that granter is removed. Otherwise, the privilege is completely removed for the grantee.

func RemoveTablePrivilege added in v0.14.0 

func RemoveTablePrivilege(key TablePrivilegeKey, privilege GrantedPrivilege, grantOptionOnly bool)

RemoveTablePrivilege removes the privilege from the global database. If `grantOptionOnly` is true, then only the WITH GRANT OPTION portion is revoked. If `grantOptionOnly` is false, then the full privilege is removed. If the GrantedBy field contains a valid RoleID, then only the privilege associated with that granter is removed. Otherwise, the privilege is completely removed for the grantee.

func RenameRole added in v0.14.0 

func RenameRole(oldName string, newName string)

RenameRole renames the role with the old name to the new name. If the role does not exist, then this is a no-op.

func RoleExists 

func RoleExists(name string) bool

RoleExists returns whether the given role exists.

func SetRole 

func SetRole(role Role)

SetRole sets the role matching the given name. This will add a role that does not yet exist, and overwrite an existing role.

Types

type AuthContext added in v0.14.0 

type AuthContext struct {
	// contains filtered or unexported fields
}

AuthContext contains the auth portion of the context when converting from the Postgres AST to the Vitess AST.

func NewAuthContext added in v0.14.0 

func NewAuthContext() *AuthContext

NewAuthContext returns a new *AuthContext.

func (*AuthContext) PeekAuthType added in v0.14.0 

func (ctx *AuthContext) PeekAuthType() string

PeekAuthType returns the AuthType that is on the top of the stack. This does not remove it from the stack. Returns AuthType_IGNORE if the stack is empty.

func (*AuthContext) PopAuthType added in v0.14.0 

func (ctx *AuthContext) PopAuthType() string

PopAuthType returns the AuthType that is on the top of the stack. This also removes it from the stack. Returns AuthType_IGNORE if the stack is empty.

func (*AuthContext) PushAuthType added in v0.14.0 

func (ctx *AuthContext) PushAuthType(authType string)

PushAuthType pushes the given AuthType into the context's stack.

type AuthorizationHandler added in v0.14.0 

type AuthorizationHandler struct {
	// contains filtered or unexported fields
}

AuthorizationHandler handles vitess.AuthInformation for Doltgres.

func (*AuthorizationHandler) CheckDatabase added in v0.14.0 

func (h *AuthorizationHandler) CheckDatabase(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string) error

CheckDatabase implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) CheckSchema added in v0.14.0 

func (h *AuthorizationHandler) CheckSchema(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string, schemaName string) error

CheckSchema implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) CheckTable added in v0.14.0 

func (h *AuthorizationHandler) CheckTable(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string, schemaName string, tableName string) error

CheckTable implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) HandleAuth added in v0.14.0 

func (h *AuthorizationHandler) HandleAuth(ctx *sql.Context, aqs sql.AuthorizationQueryState, auth vitess.AuthInformation) error

HandleAuth implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) HandleAuthNode added in v0.14.0 

func (h *AuthorizationHandler) HandleAuthNode(ctx *sql.Context, aqs sql.AuthorizationQueryState, node sql.AuthorizationCheckerNode) error

HandleAuthNode implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) NewQueryState added in v0.14.0 

func (h *AuthorizationHandler) NewQueryState(ctx *sql.Context) sql.AuthorizationQueryState

NewQueryState implements the sql.AuthorizationHandler interface.

type AuthorizationHandlerFactory added in v0.14.0 

type AuthorizationHandlerFactory struct{}

AuthorizationHandlerFactory is the factory for Doltgres.

func (AuthorizationHandlerFactory) CreateHandler added in v0.14.0 

func (h AuthorizationHandlerFactory) CreateHandler(cat sql.Catalog) sql.AuthorizationHandler

CreateHandler implements the sql.AuthorizationHandlerFactory interface.

type AuthorizationQueryState added in v0.14.0 

type AuthorizationQueryState struct {
	// contains filtered or unexported fields
}

AuthorizationQueryState contains any cached state for a query.

func (AuthorizationQueryState) AuthorizationQueryStateImpl added in v0.14.0 

func (state AuthorizationQueryState) AuthorizationQueryStateImpl()

AuthorizationQueryStateImpl implements the sql.AuthorizationQueryState interface.

func (AuthorizationQueryState) Error added in v0.14.0 

func (state AuthorizationQueryState) Error() error

Error implements the sql.AuthorizationQueryState interface.

type Config added in v0.54.6 

type Config interface {
	AuthFilePath() string
}

Config is an interface that exists as pulling the actual config package would cause a cyclical dependency.

type Database added in v0.14.0 

type Database struct {
	// contains filtered or unexported fields
}

Database contains all information pertaining to authorization and privileges. This is a global structure that is shared between all branches.

type DatabasePrivilegeKey added in v0.15.0 

type DatabasePrivilegeKey struct {
	Role RoleID
	Name string
}

DatabasePrivilegeKey points to a specific database object.

type DatabasePrivilegeValue added in v0.15.0 

type DatabasePrivilegeValue struct {
	Key        DatabasePrivilegeKey
	Privileges map[Privilege]map[GrantedPrivilege]bool
}

DatabasePrivilegeValue is the value associated with the DatabasePrivilegeKey.

type DatabasePrivileges added in v0.15.0 

type DatabasePrivileges struct {
	Data map[DatabasePrivilegeKey]DatabasePrivilegeValue
}

DatabasePrivileges contains the privileges given to a role on a database.

func NewDatabasePrivileges added in v0.15.0 

func NewDatabasePrivileges() *DatabasePrivileges

NewDatabasePrivileges returns a new *DatabasePrivileges.

type GrantedPrivilege added in v0.14.0 

type GrantedPrivilege struct {
	Privilege
	GrantedBy RoleID
}

GrantedPrivilege specifies details.

type Privilege added in v0.14.0 

type Privilege string

Privilege represents some permission for a database object. https://www.postgresql.org/docs/15/ddl-priv.html

func GetAllPrivileges added in v0.14.0 

func GetAllPrivileges() []Privilege

GetAllPrivileges returns every Privilege.

func (Privilege) ACLAbbreviation added in v0.14.0 

func (p Privilege) ACLAbbreviation() string

ACLAbbreviation returns the name of the privilege using the Access Control List abbreviation.

func (Privilege) String added in v0.14.0 

func (p Privilege) String() string

String returns the name of the privilege (uppercased).

type PrivilegeObject added in v0.14.0 

type PrivilegeObject byte

PrivilegeObject is the database object that privileges are applied to. https://www.postgresql.org/docs/15/ddl-priv.html 

const (
	PrivilegeObject_DATABASE PrivilegeObject = iota
	PrivilegeObject_DOMAIN
	PrivilegeObject_FUNCTION // Also applies to procedures and routines
	PrivilegeObject_FOREIGN_DATA_WRAPPER
	PrivilegeObject_FOREIGN_SERVER
	PrivilegeObject_LANGUAGE
	PrivilegeObject_LARGE_OBJECT
	PrivilegeObject_PARAMETER
	PrivilegeObject_SCHEMA
	PrivilegeObject_SEQUENCE
	PrivilegeObject_TABLE
	PrivilegeObject_TABLE_COLUMN
	PrivilegeObject_TABLESPACE
	PrivilegeObject_TYPE
)

func GetAllPrivilegeObjects added in v0.14.0 

func GetAllPrivilegeObjects() []PrivilegeObject

GetAllPrivilegeObjects returns every PrivilegeObject.

func (PrivilegeObject) AllPrivileges added in v0.14.0 

func (po PrivilegeObject) AllPrivileges() []Privilege

AllPrivileges returns all valid privileges that may be applied to this object.

func (PrivilegeObject) DefaultPublicPrivileges added in v0.14.0 

func (po PrivilegeObject) DefaultPublicPrivileges() []Privilege

DefaultPublicPrivileges return the default PUBLIC privileges for this object.

func (PrivilegeObject) IsValid added in v0.14.0 

func (po PrivilegeObject) IsValid(privilege Privilege) bool

IsValid returns whether the given Privilege is valid for the PrivilegeObject, as not all privileges are valid for all objects.

func (PrivilegeObject) String added in v0.14.0 

func (po PrivilegeObject) String() string

String returns the name of the privilege (uppercased).

type Role 

type Role struct {
	Name                      string               // rolname
	IsSuperUser               bool                 // rolsuper
	InheritPrivileges         bool                 // rolinherit
	CanCreateRoles            bool                 // rolcreaterole
	CanCreateDB               bool                 // rolcreatedb
	CanLogin                  bool                 // rolcanlogin
	IsReplicationRole         bool                 // rolreplication
	CanBypassRowLevelSecurity bool                 // rolbypassrls
	ConnectionLimit           int32                // rolconnlimit
	Password                  *ScramSha256Password // rolpassword
	ValidUntil                *time.Time           // rolvaliduntil
	// contains filtered or unexported fields
}

Role represents a role/user.

func CreateDefaultRole 

func CreateDefaultRole(name string) Role

CreateDefaultRole creates the given role object with all default values set.

func GetRole 

func GetRole(name string) Role

GetRole returns the role with the given name. Use RoleExists to determine if the role exists, as this will return a role with the default values set if it does not exist.

func (*Role) ID added in v0.14.0 

func (r *Role) ID() RoleID

ID returns this Role's ID value.

func (*Role) IsValid added in v0.14.0 

func (r *Role) IsValid() bool

IsValid returns true when the role has a valid ID.

type RoleID added in v0.14.0 

type RoleID uint64

RoleID represents a Role's ID. IDs are assigned during load and will be stable throughout the server's current process. IDs are useful for referencing a specific role without using their name, since names can change. This is basically a special OID specific to roles. Eventually, we'll have a proper OID system, but this is a placeholder for now. TODO: need to replace with id.InternalUser

func GetAllGroupsWithMember added in v0.15.0 

func GetAllGroupsWithMember(member RoleID, inheritsPrivilegesOnly bool) []RoleID

GetAllGroupsWithMember returns every group that the role is a direct member of. This can also filter by groups that the member has privilege access on.

func HasDatabasePrivilegeGrantOption added in v0.15.0 

func HasDatabasePrivilegeGrantOption(key DatabasePrivilegeKey, privilege Privilege) RoleID

HasDatabasePrivilegeGrantOption checks whether the user has WITH GRANT OPTION for the given privilege on the associated database. Returns the role that has WITH GRANT OPTION, or an invalid role if WITH GRANT OPTION is not available.

func HasSchemaPrivilegeGrantOption added in v0.15.0 

func HasSchemaPrivilegeGrantOption(key SchemaPrivilegeKey, privilege Privilege) RoleID

HasSchemaPrivilegeGrantOption checks whether the user has WITH GRANT OPTION for the given privilege on the associated schema. Returns the role that has WITH GRANT OPTION, or an invalid role if WITH GRANT OPTION is not available.

func HasTablePrivilegeGrantOption added in v0.14.0 

func HasTablePrivilegeGrantOption(key TablePrivilegeKey, privilege Privilege) RoleID

HasTablePrivilegeGrantOption checks whether the user has WITH GRANT OPTION for the given privilege on the associated table. Returns the role that has WITH GRANT OPTION, or an invalid role if WITH GRANT OPTION is not available.

func IsRoleAMember added in v0.15.0 

func IsRoleAMember(member RoleID, group RoleID) (groupID RoleID, inheritsPrivileges bool, hasWithAdminOption bool)

IsRoleAMember returns whether the given role is a member of the group by returning the group's ID. Also returns whether the member was granted WITH ADMIN OPTION, allowing it to grant membership to the group to other roles. A member does not automatically have ADMIN OPTION on itself, therefore this check must be performed.

func (RoleID) IsValid added in v0.14.0 

func (id RoleID) IsValid() bool

IsValid returns true when the RoleID has a valid value. It does not indicate that the RoleID is attached to a role that actually exists.

type RoleMembership added in v0.15.0 

type RoleMembership struct {
	Data map[RoleID]map[RoleID]RoleMembershipValue
}

RoleMembership contains all roles that have been granted to other roles.

func NewRoleMembership added in v0.15.0 

func NewRoleMembership() *RoleMembership

NewRoleMembership returns a new *RoleMembership.

type RoleMembershipValue added in v0.15.0 

type RoleMembershipValue struct {
	Member          RoleID
	Group           RoleID
	WithAdminOption bool
	GrantedBy       RoleID
}

RoleMembershipValue contains specific membership information between two roles.

type SchemaPrivilegeKey added in v0.15.0 

type SchemaPrivilegeKey struct {
	Role   RoleID
	Schema string
}

SchemaPrivilegeKey points to a specific schema object.

type SchemaPrivilegeValue added in v0.15.0 

type SchemaPrivilegeValue struct {
	Key        SchemaPrivilegeKey
	Privileges map[Privilege]map[GrantedPrivilege]bool
}

SchemaPrivilegeValue is the value associated with the SchemaPrivilegeKey.

type SchemaPrivileges added in v0.15.0 

type SchemaPrivileges struct {
	Data map[SchemaPrivilegeKey]SchemaPrivilegeValue
}

SchemaPrivileges contains the privileges given to a role on a schema.

func NewSchemaPrivileges added in v0.15.0 

func NewSchemaPrivileges() *SchemaPrivileges

NewSchemaPrivileges returns a new *SchemaPrivileges.

type ScramSha256Password 

type ScramSha256Password struct {
	Iterations uint32
	Salt       rfc5802.OctetString
	StoredKey  rfc5802.OctetString
	ServerKey  rfc5802.OctetString
}

ScramSha256Password is the struct form of an encrypted password.

func NewScramSha256Password 

func NewScramSha256Password(rawPassword string) (*ScramSha256Password, error)

NewScramSha256Password creates a ScramSha256Password with a randomly-generated salt.

func (ScramSha256Password) AsPasswordString 

func (password ScramSha256Password) AsPasswordString() string

AsPasswordString returns the password as defined in https://www.postgresql.org/docs/15/catalog-pg-authid.html

type TablePrivilegeKey added in v0.14.0 

type TablePrivilegeKey struct {
	Role  RoleID
	Table doltdb.TableName
}

TablePrivilegeKey points to a specific table object.

type TablePrivilegeValue added in v0.14.0 

type TablePrivilegeValue struct {
	Key        TablePrivilegeKey
	Privileges map[Privilege]map[GrantedPrivilege]bool
}

TablePrivilegeValue is the value associated with the TablePrivilegeKey.

type TablePrivileges added in v0.14.0 

type TablePrivileges struct {
	Data map[TablePrivilegeKey]TablePrivilegeValue
}

TablePrivileges contains the privileges given to a role on a table.

func NewTablePrivileges added in v0.14.0 

func NewTablePrivileges() *TablePrivileges

NewTablePrivileges returns a new *TablePrivileges.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.