principal

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package principal provides routines to set and check security for users, groups, files, and folders.

Use NewManager() to get an operating system specific implementation.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrorsNamespace    = errorx.NewNamespace("security")
	UserNotFoundError  = ErrorsNamespace.NewType("user_not_found_*errorx.Error")
	GroupNotFoundError = ErrorsNamespace.NewType("group_not_found_*errorx.Error")
)

Functions

func NewGroupNotFoundError 

func NewGroupNotFoundError(cause error, name string, gid string) *errorx.Error

func NewUserNotFoundError 

func NewUserNotFoundError(cause error, name string, uid string) *errorx.Error

func SafeErrorDetails 

func SafeErrorDetails(err *errorx.Error) []string

SafeErrorDetails emits a PII-safe slice.

Types

type Group 

type Group interface {
	// Id returns the group id.
	Gid() string
	// Name returns the group name.
	Name() string
	// Users returns the users that are members of this group.
	Users() []User
	// Validate returns an error if the group is not valid.
	Validate() error
}

Group is an operating system agnostic representation of a local or directory service connected group principal.

type Manager 

type Manager interface {
	// UserExistsByName provided the username returns true if it exists else false.
	UserExistsByName(userName string) bool
	// GroupExistsByName provided the group name returns true if it exists else false.
	GroupExistsByName(groupName string) bool
	// CreateUser creates a user with the given username.  The UID will be automatically generated.
	CreateUser(userName string) (User, error)
	// CreateUserWithId creates a user with the given username and predefined UID.
	// On windows, the uid parameter is ignored; therefore, this method would be synonymous with the CreateUser method.
	CreateUserWithId(userName string, uid int) (User, error)
	// CreateGroup creates a group with the given group name.  The GID will be automatically generated.
	CreateGroup(groupName string) (Group, error)
	// CreateGroupWithId creates a group with the given group name and predefined GID.
	// On windows, the gid parameter is ignored; therefore, this method would be synonymous with the CreateGroup method.
	CreateGroupWithId(groupName string, gid int) (Group, error)
	// LookupUserByName provided the username returns the user object or an error. If the user does not exist, an error is returned.
	LookupUserByName(userName string) (User, error)
	// LookupUserById provided the user id returns the user object or an error. If the user does not exist, an error is returned.
	LookupUserById(uid string) (User, error)
	// LookupGroupByName provided the group name returns the group object or an error. If the group does not exist, an error is returned.
	LookupGroupByName(groupName string) (Group, error)
	// LookupGroupById provided the group id returns the group object or an error. If the group does not exist, an error is returned.
	LookupGroupById(gid string) (Group, error)
	// Refresh refreshes the user and group cache.
	Refresh() error
}

Manager provides routines to set and check security for users, groups, files, and folders.

The Manager interface is used with the NewManager() method to allow for multiple implementations based on the operating system. The current implementation is to support Linux as Linux machines, VMs, and Docker containers are our primary focus at this time.

func NewManager 

func NewManager() (Manager, error)

NewManager will detect the operating system and return a Manager implementation to use. This will attempt to initialize the user and group cache, returning any errors.

type Provider 

type Provider interface {
	// EnumerateUsers queries the underlying operating system registry for all users.
	EnumerateUsers(m Manager) ([]User, error)
	// EnumerateGroups queries the underlying operating system registry for all groups.
	EnumerateGroups(m Manager) ([]Group, error)
}

Provider is an abstraction for user and group principal operations which provides the environment specific logic. The default implementation uses the operating system's user and group database. All Provider implementations must be thread safe.

func NewProvider 

func NewProvider() Provider

type User 

type User interface {
	// Id returns the user id.
	Uid() string
	// Name returns the username. This is the name that the user logs in with.
	Name() string
	// DisplayName returns the user's display name. On windows, this is the user's full name.
	DisplayName() string
	// HomeDir returns the user's home directory.
	HomeDir() string
	// PrimaryGroup returns the user's primary group.
	PrimaryGroup() Group
	// Groups returns the user's groups.
	Groups() []Group
	// Validate returns an error if the user is not valid.
	Validate() error
}

User is an operating system agnostic representation of a local or directory service connected user principal.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.