auth

package
v0.14.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 13, 2024 License: Apache-2.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	AuthType_IGNORE       = "IGNORE"
	AuthType_ALTER_SYSTEM = "ALTER_SYSTEM"
	AuthType_CONNECT      = "CONNECT"
	AuthType_CREATE       = "CREATE"
	AuthType_DELETE       = "DELETE"
	AuthType_EXECUTE      = "EXECUTE"
	AuthType_INSERT       = "INSERT"
	AuthType_REFERENCES   = "REFERENCES"
	AuthType_SELECT       = "SELECT"
	AuthType_SET          = "SET"
	AuthType_TEMPORARY    = "TEMPORARY"
	AuthType_TRIGGER      = "TRIGGER"
	AuthType_TRUNCATE     = "TRUNCATE"
	AuthType_UPDATE       = "UPDATE"
	AuthType_USAGE        = "USAGE"
)

These AuthType_ enums are used as the AuthType in vitess.AuthInformation.

View Source 
const (
	AuthTargetType_Ignore                   = "IGNORE"
	AuthTargetType_DatabaseIdentifiers      = "DB_IDENTS"
	AuthTargetType_Global                   = "GLOBAL"
	AuthTargetType_MultipleTableIdentifiers = "DB_TABLE_IDENTS"
	AuthTargetType_SingleTableIdentifier    = "DB_TABLE_IDENT"
	AuthTargetType_TableColumn              = "DB_TABLE_COLUMN_IDENT"
	AuthTargetType_TODO                     = "TODO"
)

These AuthTargetType_ enums are used as the TargetType in vitess.AuthInformation.

View Source 
const (
	Privilege_SELECT       = "r"
	Privilege_INSERT       = "a"
	Privilege_UPDATE       = "w"
	Privilege_DELETE       = "d"
	Privilege_TRUNCATE     = "D"
	Privilege_REFERENCES   = "x"
	Privilege_TRIGGER      = "t"
	Privilege_CREATE       = "C"
	Privilege_CONNECT      = "c"
	Privilege_TEMPORARY    = "T"
	Privilege_EXECUTE      = "X"
	Privilege_USAGE        = "U"
	Privilege_SET          = "s"
	Privilege_ALTER_SYSTEM = "A"
)

Variables

This section is empty.

Functions

func AddOwner added in v0.14.0 

func AddOwner(key OwnershipKey, role RoleID)

AddOwner adds the given role as an owner to the global database.

func AddTablePrivilege added in v0.14.0 

func AddTablePrivilege(key TablePrivilegeKey, privilege GrantedPrivilege, withGrantOption bool)

AddTablePrivilege adds the given table privilege to the global database.

func ClearDatabase 

func ClearDatabase()

ClearDatabase clears the internal database, leaving only the default users. This is primarily for use by tests.

func DropRole 

func DropRole(name string)

DropRole removes the given role from the database. If the role does not exist, then this is a no-op.

func GenerateRandomOctetString 

func GenerateRandomOctetString(length int) rfc5802.OctetString

GenerateRandomOctetString generates an OctetString filled with random bytes.

func HasTablePrivilege added in v0.14.0 

func HasTablePrivilege(key TablePrivilegeKey, privilege Privilege) bool

HasTablePrivilege checks whether the user has the given privilege on the associated table.

func HasTablePrivilegeGrantOption added in v0.14.0 

func HasTablePrivilegeGrantOption(key TablePrivilegeKey, privilege Privilege) bool

HasTablePrivilegeGrantOption checks whether the user has WITH GRANT OPTION for the given privilege on the associated table.

func Init added in v0.14.0 

func Init(dEnv *env.DoltEnv)

Init handles all initialization needs in this package.

func IsOwner added in v0.14.0 

func IsOwner(key OwnershipKey, role RoleID) bool

IsOwner returns whether the given owner has an entry for the key.

func LockRead added in v0.14.0 

func LockRead(f func())

LockRead takes an anonymous function and runs it while using a read lock. This ensures that the lock is automatically released once the function finishes.

func LockWrite added in v0.14.0 

func LockWrite(f func())

LockWrite takes an anonymous function and runs it while using a write lock. This ensures that the lock is automatically released once the function finishes.

func PersistChanges added in v0.14.0 

func PersistChanges() error

PersistChanges will save the state of the global database to disk (assuming we are not using the pure in-memory implementation).

func RemoveOwner added in v0.14.0 

func RemoveOwner(key OwnershipKey, role RoleID)

RemoveOwner removes the role as an owner from the global database.

func RemoveTablePrivilege added in v0.14.0 

func RemoveTablePrivilege(key TablePrivilegeKey, privilege GrantedPrivilege, grantOptionOnly bool)

RemoveTablePrivilege removes the privilege from the global database. If `grantOptionOnly` is true, then only the WITH GRANT OPTION portion is revoked. If `grantOptionOnly` is false, then the full privilege is removed. If the GrantedBy field contains a valid RoleID, then only the privilege associated with that granter is removed. Otherwise, the privilege is completely removed for the grantee.

func RenameRole added in v0.14.0 

func RenameRole(oldName string, newName string)

RenameRole renames the role with the old name to the new name. If the role does not exist, then this is a no-op.

func RoleExists 

func RoleExists(name string) bool

RoleExists returns whether the given role exists.

func SetRole 

func SetRole(role Role)

SetRole sets the role matching the given name. This will add a role that does not yet exist, and overwrite an existing role.

Types

type AuthContext added in v0.14.0 

type AuthContext struct {
	// contains filtered or unexported fields
}

AuthContext contains the auth portion of the context when converting from the Postgres AST to the Vitess AST.

func NewAuthContext added in v0.14.0 

func NewAuthContext() *AuthContext

NewAuthContext returns a new *AuthContext.

func (*AuthContext) PeekAuthType added in v0.14.0 

func (ctx *AuthContext) PeekAuthType() string

PeekAuthType returns the AuthType that is on the top of the stack. This does not remove it from the stack. Returns AuthType_IGNORE if the stack is empty.

func (*AuthContext) PopAuthType added in v0.14.0 

func (ctx *AuthContext) PopAuthType() string

PopAuthType returns the AuthType that is on the top of the stack. This also removes it from the stack. Returns AuthType_IGNORE if the stack is empty.

func (*AuthContext) PushAuthType added in v0.14.0 

func (ctx *AuthContext) PushAuthType(authType string)

PushAuthType pushes the given AuthType into the context's stack.

type AuthorizationHandler added in v0.14.0 

type AuthorizationHandler struct {
	// contains filtered or unexported fields
}

AuthorizationHandler handles vitess.AuthInformation for Doltgres.

func (*AuthorizationHandler) CheckDatabase added in v0.14.0 

func (h *AuthorizationHandler) CheckDatabase(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string) error

CheckDatabase implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) CheckSchema added in v0.14.0 

func (h *AuthorizationHandler) CheckSchema(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string, schemaName string) error

CheckSchema implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) CheckTable added in v0.14.0 

func (h *AuthorizationHandler) CheckTable(ctx *sql.Context, aqs sql.AuthorizationQueryState, dbName string, schemaName string, tableName string) error

CheckTable implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) HandleAuth added in v0.14.0 

func (h *AuthorizationHandler) HandleAuth(ctx *sql.Context, aqs sql.AuthorizationQueryState, auth vitess.AuthInformation) error

HandleAuth implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) HandleAuthNode added in v0.14.0 

func (h *AuthorizationHandler) HandleAuthNode(ctx *sql.Context, aqs sql.AuthorizationQueryState, node sql.AuthorizationCheckerNode) error

HandleAuthNode implements the sql.AuthorizationHandler interface.

func (*AuthorizationHandler) NewQueryState added in v0.14.0 

func (h *AuthorizationHandler) NewQueryState(ctx *sql.Context) sql.AuthorizationQueryState

NewQueryState implements the sql.AuthorizationHandler interface.

type AuthorizationHandlerFactory added in v0.14.0 

type AuthorizationHandlerFactory struct{}

AuthorizationHandlerFactory is the factory for Doltgres.

func (AuthorizationHandlerFactory) CreateHandler added in v0.14.0 

func (h AuthorizationHandlerFactory) CreateHandler(cat sql.Catalog) sql.AuthorizationHandler

CreateHandler implements the sql.AuthorizationHandlerFactory interface.

type AuthorizationQueryState added in v0.14.0 

type AuthorizationQueryState struct {
	// contains filtered or unexported fields
}

AuthorizationQueryState contains any cached state for a query.

func (AuthorizationQueryState) AuthorizationQueryStateImpl added in v0.14.0 

func (state AuthorizationQueryState) AuthorizationQueryStateImpl()

AuthorizationQueryStateImpl implements the sql.AuthorizationQueryState interface.

func (AuthorizationQueryState) Error added in v0.14.0 

func (state AuthorizationQueryState) Error() error

Error implements the sql.AuthorizationQueryState interface.

type Database added in v0.14.0 

type Database struct {
	// contains filtered or unexported fields
}

Database contains all information pertaining to authorization and privileges. This is a global structure that is shared between all branches.

type GrantedPrivilege added in v0.14.0 

type GrantedPrivilege struct {
	Privilege
	GrantedBy RoleID
}

GrantedPrivilege specifies details.

type Ownership added in v0.14.0 

type Ownership struct {
	Data map[OwnershipKey]map[RoleID]struct{}
}

Ownership holds all of the data related to the ownership of roles and database objects.

func NewOwnership added in v0.14.0 

func NewOwnership() *Ownership

NewOwnership returns a new *Ownership.

type OwnershipKey added in v0.14.0 

type OwnershipKey struct {
	PrivilegeObject
	Schema string
	Name   string // TODO: this doesn't account for functions, which have: name(param_type1, param_type2, ...)
}

OwnershipKey points to a specific database object.

type Privilege added in v0.14.0 

type Privilege string

Privilege represents some permission for a database object. https://www.postgresql.org/docs/15/ddl-priv.html

func GetAllPrivileges added in v0.14.0 

func GetAllPrivileges() []Privilege

GetAllPrivileges returns every Privilege.

func (Privilege) ACLAbbreviation added in v0.14.0 

func (p Privilege) ACLAbbreviation() string

ACLAbbreviation returns the name of the privilege using the Access Control List abbreviation.

func (Privilege) String added in v0.14.0 

func (p Privilege) String() string

String returns the name of the privilege (uppercased).

type PrivilegeObject added in v0.14.0 

type PrivilegeObject byte

PrivilegeObject is the database object that privileges are applied to. https://www.postgresql.org/docs/15/ddl-priv.html 

const (
	PrivilegeObject_DATABASE PrivilegeObject = iota
	PrivilegeObject_DOMAIN
	PrivilegeObject_FUNCTION // Also applies to procedures and routines
	PrivilegeObject_FOREIGN_DATA_WRAPPER
	PrivilegeObject_FOREIGN_SERVER
	PrivilegeObject_LANGUAGE
	PrivilegeObject_LARGE_OBJECT
	PrivilegeObject_PARAMETER
	PrivilegeObject_SCHEMA
	PrivilegeObject_SEQUENCE
	PrivilegeObject_TABLE
	PrivilegeObject_TABLE_COLUMN
	PrivilegeObject_TABLESPACE
	PrivilegeObject_TYPE
)

func GetAllPrivilegeObjects added in v0.14.0 

func GetAllPrivilegeObjects() []PrivilegeObject

GetAllPrivilegeObjects returns every PrivilegeObject.

func (PrivilegeObject) AllPrivileges added in v0.14.0 

func (po PrivilegeObject) AllPrivileges() []Privilege

AllPrivileges returns all valid privileges that may be applied to this object.

func (PrivilegeObject) DefaultPublicPrivileges added in v0.14.0 

func (po PrivilegeObject) DefaultPublicPrivileges() []Privilege

DefaultPublicPrivileges return the default PUBLIC privileges for this object.

func (PrivilegeObject) IsValid added in v0.14.0 

func (po PrivilegeObject) IsValid(privilege Privilege) bool

IsValid returns whether the given Privilege is valid for the PrivilegeObject, as not all privileges are valid for all objects.

func (PrivilegeObject) String added in v0.14.0 

func (po PrivilegeObject) String() string

String returns the name of the privilege (uppercased).

type Role 

type Role struct {
	Name                      string               // rolname
	IsSuperUser               bool                 // rolsuper
	InheritPrivileges         bool                 // rolinherit
	CanCreateRoles            bool                 // rolcreaterole
	CanCreateDB               bool                 // rolcreatedb
	CanLogin                  bool                 // rolcanlogin
	IsReplicationRole         bool                 // rolreplication
	CanBypassRowLevelSecurity bool                 // rolbypassrls
	ConnectionLimit           int32                // rolconnlimit
	Password                  *ScramSha256Password // rolpassword
	ValidUntil                *time.Time           // rolvaliduntil
	// contains filtered or unexported fields
}

Role represents a role/user.

func CreateDefaultRole 

func CreateDefaultRole(name string) Role

CreateDefaultRole creates the given role object with all default values set.

func GetRole 

func GetRole(name string) Role

GetRole returns the role with the given name. Use RoleExists to determine if the role exists, as this will return a role with the default values set if it does not exist.

func (*Role) ID added in v0.14.0 

func (r *Role) ID() RoleID

ID returns this Role's ID value.

func (*Role) IsValid added in v0.14.0 

func (r *Role) IsValid() bool

IsValid returns true when the role has a valid ID.

type RoleID added in v0.14.0 

type RoleID uint64

RoleID represents a Role's ID. IDs are assigned during load and will be stable throughout the server's current process. IDs are useful for referencing a specific role without using their name, since names can change. This is basically a special OID specific to roles. Eventually, we'll have a proper OID system, but this is a placeholder for now.

func GetOwners added in v0.14.0 

func GetOwners(key OwnershipKey) []RoleID

GetOwners returns all owners matching the given key.

func (RoleID) IsValid added in v0.14.0 

func (id RoleID) IsValid() bool

IsValid returns true when the RoleID has a valid value. It does not indicate that the RoleID is attached to a role that actually exists.

type ScramSha256Password 

type ScramSha256Password struct {
	Iterations uint32
	Salt       rfc5802.OctetString
	StoredKey  rfc5802.OctetString
	ServerKey  rfc5802.OctetString
}

ScramSha256Password is the struct form of an encrypted password.

func NewScramSha256Password 

func NewScramSha256Password(rawPassword string) (*ScramSha256Password, error)

NewScramSha256Password creates a ScramSha256Password with a randomly-generated salt.

func (ScramSha256Password) AsPasswordString 

func (password ScramSha256Password) AsPasswordString() string

AsPasswordString returns the password as defined in https://www.postgresql.org/docs/15/catalog-pg-authid.html

type TablePrivilegeKey added in v0.14.0 

type TablePrivilegeKey struct {
	Role  RoleID
	Table doltdb.TableName
}

TablePrivilegeKey points to a specific table object.

type TablePrivilegeValue added in v0.14.0 

type TablePrivilegeValue struct {
	Key        TablePrivilegeKey
	Privileges map[Privilege]map[GrantedPrivilege]bool
}

TablePrivilegeValue is the value associated with the TablePrivilegeKey.

type TablePrivileges added in v0.14.0 

type TablePrivileges struct {
	Data map[TablePrivilegeKey]TablePrivilegeValue
}

TablePrivileges contains the privileges given to a role on a table.

func NewTablePrivileges added in v0.14.0 

func NewTablePrivileges() *TablePrivileges

NewTablePrivileges returns a new *TablePrivileges.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.