Documentation
¶
Overview ¶
Package adminapi provides the admin API for managing subordinates in the lighthouse federation.
This file serves as the entry point for subordinate-related handlers. The actual handler implementations are split across multiple files:
- subordinates_base.go: Basic CRUD operations (list, create, get, update, delete)
- subordinates_metadata.go: Subordinate metadata endpoints
- subordinates_metadata_policies.go: Metadata policy endpoints (general and subordinate-specific)
- subordinates_constraints.go: Constraint endpoints
- subordinates_keys.go: JWKS endpoints
- subordinates_additional_claims.go: Additional claims endpoints
- subordinates_statement.go: Statement preview endpoint
- subordinates_lifetime.go: Lifetime configuration endpoint
- subordinates_helpers.go: Shared helper functions
Index ¶
- Variables
- func GetActor(c *fiber.Ctx) string
- func RecordEvent(store model.SubordinateEventStore, subordinateID uint, eventType string, ...) error
- func Register(r fiber.Router, serverURL string, storages model.Backends, ...) error
- func RegisterSubordinateHandlers(r fiber.Router, storages model.Backends, fedEntity oidfed.FederationEntity)
- func SetAuthUsername(c *fiber.Ctx, username string)
- type ActorConfig
- type ActorSource
- type EventOption
- type KeyManagement
- type Options
- type StatsAPI
- type TrustMarkConfigInvalidator
Constants ¶
This section is empty.
Variables ¶
var DefaultSubordinateStatus = model.StatusActive
DefaultSubordinateStatus is the default status for newly created subordinates.
Functions ¶
func GetActor ¶
GetActor retrieves the actor from Fiber's Locals. Returns an empty string if no actor is set.
func RecordEvent ¶
func RecordEvent( store model.SubordinateEventStore, subordinateID uint, eventType string, opts ...EventOption, ) error
RecordEvent records an event using the provided event store and returns any error. This is designed for use within transactions where event recording failure should cause the entire transaction to roll back. Use the EventOption functions (WithStatus, WithMessage, WithActor) to configure the event.
func Register ¶
func Register( r fiber.Router, serverURL string, storages model.Backends, fedEntity oidfed.FederationEntity, keyManagement KeyManagement, opts *Options, ) error
Register mounts all admin API routes under the provided group.
func RegisterSubordinateHandlers ¶
func RegisterSubordinateHandlers( r fiber.Router, storages model.Backends, fedEntity oidfed.FederationEntity, )
RegisterSubordinateHandlers registers all subordinate-related handlers on the given router. This includes basic CRUD, metadata, metadata policies, constraints, keys, additional claims, statement preview, and lifetime configuration endpoints.
All write operations are wrapped in database transactions to ensure atomicity of data changes and event recording.
func SetAuthUsername ¶
SetAuthUsername stores the authenticated username in Fiber's Locals. This should be called by the auth middleware after successful authentication.
Types ¶
type ActorConfig ¶
type ActorConfig struct {
// Header is the HTTP header name to extract the actor from.
// Default: "X-Actor"
Header string
// Source is the preferred source for actor extraction.
// Default: ActorSourceBasicAuth
Source ActorSource
}
ActorConfig holds configuration for actor extraction.
type ActorSource ¶
type ActorSource string
ActorSource defines the preferred source for actor extraction.
const ( // ActorSourceBasicAuth prefers the basic auth username, falling back to header. ActorSourceBasicAuth ActorSource = "basic_auth" // ActorSourceHeader prefers the configured header, falling back to basic auth username. ActorSourceHeader ActorSource = "header" )
type EventOption ¶
type EventOption func(*model.SubordinateEvent)
EventOption is a functional option for configuring an event.
func WithStatus ¶
func WithStatus(status model.Status) EventOption
WithStatus sets the event status.
type KeyManagement ¶
type KeyManagement struct {
KMS string
APIManagedPKs public.PublicKeyStorage
KMSManagedPKs public.PublicKeyStorage
BasicKeys kms.BasicKeyManagementSystem
Keys kms.KeyManagementSystem
}
KeyManagement holds references to key management components.
type Options ¶
type Options struct {
// UsersEnabled controls whether the user management API is mounted.
// Default behavior: enabled when left at zero value via a nil *Options in Register.
UsersEnabled bool
// Port, when > 0, is used to adapt the serverURL to the admin API port for docs.
Port int
// TrustMarkConfigInvalidator is called when entity configuration trust marks are modified
// to invalidate any cached configurations. Can be nil if not using trust mark refresh.
TrustMarkConfigInvalidator TrustMarkConfigInvalidator
// Actor holds configuration for actor extraction from requests.
// The actor is recorded in subordinate event history.
Actor ActorConfig
}
Options controls optional features of the admin API registration.
type StatsAPI ¶
type StatsAPI struct {
// contains filtered or unexported fields
}
StatsAPI provides REST endpoints for querying statistics.
func NewStatsAPI ¶
func NewStatsAPI(storage model.StatsStorageBackend) *StatsAPI
NewStatsAPI creates a new stats API instance.
func (*StatsAPI) RegisterRoutes ¶
RegisterRoutes registers all stats routes under the given router group.
type TrustMarkConfigInvalidator ¶
type TrustMarkConfigInvalidator interface {
Invalidate()
}
TrustMarkConfigInvalidator is implemented by types that cache trust mark configurations and need to be invalidated when trust marks change.
Source Files
¶
- actor.go
- auth.go
- authority_hints.go
- cache_middlewares.go
- entity_configuration.go
- entity_trustmarks.go
- keys.go
- router.go
- stats.go
- subordinates.go
- subordinates_additional_claims.go
- subordinates_base.go
- subordinates_constraints.go
- subordinates_events.go
- subordinates_helpers.go
- subordinates_keys.go
- subordinates_lifetime.go
- subordinates_metadata.go
- subordinates_metadata_policies.go
- subordinates_statement.go
- trustmark_issuance.go
- trustmark_owners_issuers.go
- trustmark_types.go
- users.go