claims

package module
v0.0.0-...-e3328c5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2025 License: Apache-2.0 Imports: 5 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidTypedID = errors.New("auth.identity.invalid-typed-id")
)

Functions

func CloudNamespaceFormatter 

func CloudNamespaceFormatter(id int64) string

func IsIdentityType 

func IsIdentityType(typ IdentityType, expected ...IdentityType) bool

IsIdentityType returns true if type matches any expected identity type

func NamespaceMatches 

func NamespaceMatches(a, b string) bool

func NewTypeID 

func NewTypeID(typ IdentityType, identifier string) string

func OrgNamespaceFormatter 

func OrgNamespaceFormatter(id int64) string

OrgNamespaceFormatter is the namespace format used in on-prem deployments

func WithClaims 

func WithClaims(ctx context.Context, claims AuthInfo) context.Context

Types

type AuthInfo 

type AuthInfo interface {
	// GetUID returns a unique value for a particular identity that will change
	// if the user is removed from the system and another user is added with
	// the same name.
	// This will be in the form: <IdentityType>:<Identifier>
	GetUID() string

	// GetIdentifier returns only the Identifier part.
	// For some identity types this can be empty e.g. Anonymous.
	GetIdentifier() string

	// GetIdentityType returns the identity type.
	GetIdentityType() IdentityType

	// GetNamespace returns a namespace in the form of '<type>-<id>', '*' means all namespaces.
	// In Grafana it the type can be either org or stacks.
	GetNamespace() string

	// GetGroups returns the names of the groups the identity is a member of
	// This is unused for now.
	GetGroups() []string

	// GetExtra can contain any additional information that the authenticator
	// thought was interesting.  One example would be scopes on a token.
	// Keys in this map should be namespaced to the authenticator or
	// authenticator/authorizer pair making use of them.
	// For instance: "example.org/foo" instead of "foo"
	// This is a map[string][]string because it needs to be serializeable into
	// a SubjectAccessReviewSpec.authorization.k8s.io for proper authorization
	// delegation flows
	// In order to faithfully round-trip through an impersonation flow, these keys
	// MUST be lowercase.
	GetExtra() map[string][]string

	// GetSubject return the subject for authenticated identity.
	// This will be in the form: <IdentityType>:<Identifier> and will use deprecated
	// integer id as the identitifier.
	GetSubject() string

	// GetAudience returns the audience.
	GetAudience() []string

	// GetTokenPermissions returns Grafana permissions that authenticated access token can perform.
	GetTokenPermissions() []string

	// GetTokenDelegatedPermissions returns Grafana permissions that can be performed on-behalf of another identity
	GetTokenDelegatedPermissions() []string

	// GetName returns the name that can be shown to identify the identity
	// This may be a configured display name, an email, or (worst case) a ID
	GetName() string

	// GetEmail returns the email.
	// This is only set for users.
	GetEmail() string

	// GetEmailVerified returns if the email has been verified.
	// This is only set for users
	GetEmailVerified() bool

	// GetUsername returns the username.
	// This is only set for users.
	GetUsername() string

	// GetAuthenticatedBy is the original method used to authenticate the identity.
	// Examples: password, oauth_azuread, etc
	GetAuthenticatedBy() string

	// GetIDToken returns the singed id token used during authentication.
	// Will be empty if authencation was performed only using access token.
	GetIDToken() string
}

AuthInfo provides access to the requested authnz info This includes the identity and access claims. This interface is also designed to fulfil the kubernetes user requirements: https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/user/user.go#L20

func From 

func From(ctx context.Context) (AuthInfo, bool)

type IdentityType 

type IdentityType string

The type of identity +enum 

const (
	TypeUser           IdentityType = "user"
	TypeAPIKey         IdentityType = "api-key"
	TypeServiceAccount IdentityType = "service-account"
	TypeAnonymous      IdentityType = "anonymous"
	TypeRenderService  IdentityType = "render"
	TypeAccessPolicy   IdentityType = "access-policy"
	TypeProvisioning   IdentityType = "provisioning"
	TypeEmpty          IdentityType = ""
)

func ParseType 

func ParseType(str string) (IdentityType, error)

func ParseTypeID 

func ParseTypeID(str string) (IdentityType, string, error)

func (IdentityType) String 

func (n IdentityType) String() string

type NamespaceFormatter 

type NamespaceFormatter func(int64) string

NamespaceFormatter defines a function that formats a stack or organization ID into the expected namespace format based on the deployment environment (Cloud/On-prem). Example: stacks-6481, org-12

type NamespaceInfo 

type NamespaceInfo struct {
	// The original namespace string regardless the input
	Value string

	// OrgID defined in namespace (1 when using stack ids)
	OrgID int64

	// The cloud stack ID (must match the value in cfg.Settings)
	StackID int64
}

func ParseNamespace 

func ParseNamespace(ns string) (NamespaceInfo, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.