auth

package
v0.0.32 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2023 License: MPL-2.0 Imports: 29 Imported by: 0

Documentation

Overview

Package auth is responsible for authentication

Index

Constants

View Source 
const (
	SiteAdminID       = "user-site-admin"
	SiteAdminUsername = "site-admin"
)

Variables

View Source 
var ErrOAuthCredentialsIncomplete = errors.New("must specify both client ID and client secret")
View Source 
var (
	SiteAdmin = User{ID: SiteAdminID, Username: SiteAdminUsername}
)

Functions

func AuthenticateSession 

func AuthenticateSession(svc AuthenticateSessionService) mux.MiddlewareFunc

AuthenticateSession verifies that all requests to /app endpoints possess a valid session cookie before attaching the corresponding user and session to the context.

func AuthenticateToken 

func AuthenticateToken(svc AuthenticateTokenService, siteToken string) mux.MiddlewareFunc

AuthenticateToken verifies that all requests to /api/v2 endpoints possess a valid bearer token.

func NewService 

func NewService(opts Options) (*service, error)

Types

type AgentToken 

type AgentToken struct {
	ID           string
	CreatedAt    time.Time
	Token        string
	Description  string
	Organization string
}

AgentToken is an long-lived authentication token for an external agent.

func NewAgentToken 

func NewAgentToken(opts CreateAgentTokenOptions) (*AgentToken, error)

func NewTestAgentToken 

func NewTestAgentToken(t *testing.T, org string) *AgentToken

func (*AgentToken) CanAccessOrganization 

func (t *AgentToken) CanAccessOrganization(action rbac.Action, name string) bool

func (*AgentToken) CanAccessSite 

func (*AgentToken) CanAccessSite(action rbac.Action) bool

func (*AgentToken) CanAccessWorkspace 

func (t *AgentToken) CanAccessWorkspace(action rbac.Action, policy otf.WorkspacePolicy) bool

func (*AgentToken) IsOwner 

func (t *AgentToken) IsOwner(string) bool

func (*AgentToken) IsSiteAdmin 

func (t *AgentToken) IsSiteAdmin() bool

func (*AgentToken) ListOrganizations 

func (t *AgentToken) ListOrganizations() []string

func (*AgentToken) String 

func (t *AgentToken) String() string

type AgentTokenService 

type AgentTokenService interface {
	CreateAgentToken(ctx context.Context, options CreateAgentTokenOptions) (*AgentToken, error)
	// GetAgentToken retrieves an agent token using the given token.
	GetAgentToken(ctx context.Context, token string) (*AgentToken, error)
	ListAgentTokens(ctx context.Context, organization string) ([]*AgentToken, error)
	DeleteAgentToken(ctx context.Context, id string) (*AgentToken, error)
}

type AuthService 

type AuthService interface {
	AgentTokenService
	RegistrySessionService

	TeamService

	UserService

	StartExpirer(context.Context)
	// contains filtered or unexported methods
}

type AuthenticateSessionService 

type AuthenticateSessionService interface {
	GetSession(ctx context.Context, token string) (*Session, error)
	GetUser(context.Context, UserSpec) (*User, error)
}

type AuthenticateTokenService 

type AuthenticateTokenService interface {
	GetAgentToken(context.Context, string) (*AgentToken, error)
	GetRegistrySession(context.Context, string) (*RegistrySession, error)
	GetUser(ctx context.Context, spec UserSpec) (*User, error)
}

type Client 

type Client struct {
	otf.JSONAPIClient
}

func (*Client) AddOrganizationMembership 

func (c *Client) AddOrganizationMembership(ctx context.Context, username, organization string) error

AddOrganizationMembership adds a user to an organization via HTTP.

func (*Client) AddTeamMembership 

func (c *Client) AddTeamMembership(ctx context.Context, username, teamID string) error

AddTeamMembership adds a user to a team via HTTP.

func (*Client) CreateAgentToken 

func (c *Client) CreateAgentToken(ctx context.Context, options CreateAgentTokenOptions) (*AgentToken, error)

func (*Client) CreateRegistrySession 

func (c *Client) CreateRegistrySession(ctx context.Context, opts CreateRegistrySessionOptions) (*RegistrySession, error)

CreateRegistrySession creates a registry session via HTTP/JSONAPI

func (*Client) CreateTeam 

func (c *Client) CreateTeam(ctx context.Context, opts NewTeamOptions) (*Team, error)

CreateTeam creates a team via HTTP/JSONAPI.

func (*Client) CreateUser 

func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)

CreateUser creates a user via HTTP/JSONAPI. Options are ignored.

func (*Client) DeleteTeam 

func (c *Client) DeleteTeam(ctx context.Context, id string) error

DeleteTeam deletes a team via HTTP/JSONAPI.

func (*Client) DeleteUser 

func (c *Client) DeleteUser(ctx context.Context, username string) error

DeleteUser deletes a user via HTTP/JSONAPI.

func (*Client) GetAgentToken 

func (c *Client) GetAgentToken(ctx context.Context, token string) (*AgentToken, error)

func (*Client) GetTeam 

func (c *Client) GetTeam(ctx context.Context, organization, name string) (*Team, error)

GetTeam retrieves a team via HTTP/JSONAPI.

func (*Client) RemoveOrganizationMembership 

func (c *Client) RemoveOrganizationMembership(ctx context.Context, username, organization string) error

RemoveOrganizationMembership removes a user from an organization via HTTP.

func (*Client) RemoveTeamMembership 

func (c *Client) RemoveTeamMembership(ctx context.Context, username, teamID string) error

RemoveTeamMembership removes a user from a team via HTTP.

type CreateAgentTokenOptions 

type CreateAgentTokenOptions struct {
	Organization string `schema:"organization_name,required"`
	Description  string `schema:"description,required"`
}

type CreateRegistrySessionOptions 

type CreateRegistrySessionOptions struct {
	Organization *string    // required organization
	Expiry       *time.Time // optionally override expiry
}

type CreateSessionOptions 

type CreateSessionOptions struct {
	Request  *http.Request
	Username *string
	Expiry   *time.Time
}

type NewTeamOptions 

type NewTeamOptions struct {
	Name         string `schema:"team_name,required"`
	Organization string `schema:"organization_name,required"`
}

type NewUserOption 

type NewUserOption func(*User)

func WithOrganizations 

func WithOrganizations(organizations ...string) NewUserOption

func WithTeams 

func WithTeams(memberships ...*Team) NewUserOption

type OAuthClient 

type OAuthClient struct {
	otf.HostnameService // for retrieving otf system hostname for use in redirects back to otf

	*oauth2.Config
	// contains filtered or unexported fields
}

OAuthClient performs the client role in an oauth handshake, requesting authorization from the user to access their account details on a particular cloud.

func NewOAuthClient 

func NewOAuthClient(cfg OAuthClientConfig) (*OAuthClient, error)

func (*OAuthClient) CallbackHandler 

func (a *OAuthClient) CallbackHandler(r *http.Request) (*oauth2.Token, error)

func (*OAuthClient) CallbackPath 

func (a *OAuthClient) CallbackPath() string

func (*OAuthClient) NewClient 

func (a *OAuthClient) NewClient(ctx context.Context, token *oauth2.Token) (cloud.Client, error)

NewClient constructs a cloud client configured with the given oauth token for authentication.

func (*OAuthClient) RequestHandler 

func (a *OAuthClient) RequestHandler(w http.ResponseWriter, r *http.Request)

RequestHandler initiates the oauth flow, redirecting user to the auth server

func (*OAuthClient) RequestPath 

func (a *OAuthClient) RequestPath() string

func (*OAuthClient) String 

func (a *OAuthClient) String() string

String provides a human-readable identifier for the oauth client, using the name of its underlying cloud provider

type OAuthClientConfig 

type OAuthClientConfig struct {
	cloud.CloudOAuthConfig
	// contains filtered or unexported fields
}

OAuthClientConfig is configuration for constructing an OAuth client

type Options 

type Options struct {
	Configs   []cloud.CloudOAuthConfig
	SiteToken string

	OrganizationService
	otf.DB
	otf.Renderer
	otf.HostnameService
	logr.Logger
}

type OrganizationAccess 

type OrganizationAccess struct {
	ManageWorkspaces bool `schema:"manage_workspaces"` // admin access on all workspaces
	ManageVCS        bool `schema:"manage_vcs"`        // manage VCS providers
	ManageRegistry   bool `schema:"manage_registry"`   // manage module and provider registry
}

OrganizationAccess defines a team's organization access.

type OrganizationService 

type OrganizationService organization.Service

type RegistrySession 

type RegistrySession struct {
	Token        string
	Expiry       time.Time
	Organization string
}

RegistrySession provides access to the module registry for a short period. Intended for use with the terraform binary, which needs authenticated access to the registry in order to retrieve modules.

func NewRegistrySession 

func NewRegistrySession(opts CreateRegistrySessionOptions) (*RegistrySession, error)

func (*RegistrySession) CanAccessOrganization 

func (t *RegistrySession) CanAccessOrganization(action rbac.Action, name string) bool

func (*RegistrySession) CanAccessSite 

func (t *RegistrySession) CanAccessSite(action rbac.Action) bool

func (*RegistrySession) CanAccessWorkspace 

func (t *RegistrySession) CanAccessWorkspace(action rbac.Action, policy otf.WorkspacePolicy) bool

func (*RegistrySession) ID 

func (t *RegistrySession) ID() string

func (*RegistrySession) IsOwner 

func (t *RegistrySession) IsOwner(string) bool

func (*RegistrySession) IsSiteAdmin 

func (t *RegistrySession) IsSiteAdmin() bool

func (*RegistrySession) ListOrganizations 

func (t *RegistrySession) ListOrganizations() []string

func (*RegistrySession) MarshalLog 

func (t *RegistrySession) MarshalLog() any

func (*RegistrySession) String 

func (t *RegistrySession) String() string

func (*RegistrySession) ToJSONAPI 

func (t *RegistrySession) ToJSONAPI() any

ToJSONAPI assembles a JSON-API DTO.

type RegistrySessionService 

type RegistrySessionService interface {
	CreateRegistrySession(ctx context.Context, opts CreateRegistrySessionOptions) (*RegistrySession, error)
	// GetRegistrySession retrieves a registry session using a token. Intended
	// as means of checking whether a given token is valid.
	GetRegistrySession(ctx context.Context, token string) (*RegistrySession, error)
}

type Session 

type Session struct {
	// contains filtered or unexported fields
}

Session is a user session for the web UI

func (*Session) Address 

func (s *Session) Address() string

func (*Session) CreatedAt 

func (s *Session) CreatedAt() time.Time

func (*Session) Expiry 

func (s *Session) Expiry() time.Time

func (*Session) ID 

func (s *Session) ID() string

func (*Session) Token 

func (s *Session) Token() string

func (*Session) Username 

func (s *Session) Username() string

type Team 

type Team struct {
	ID           string
	CreatedAt    time.Time
	Name         string
	Organization string

	Access OrganizationAccess
}

Team is a group of users sharing a level of authorization.

func CreateTestTeam 

func CreateTestTeam(t *testing.T, db otf.DB, organization *organization.Organization) *Team

func NewTeam 

func NewTeam(opts NewTeamOptions) *Team

func NewTestTeam 

func NewTestTeam(t *testing.T, organization string) *Team

func (*Team) IsOwners 

func (u *Team) IsOwners() bool

func (*Team) OrganizationAccess 

func (u *Team) OrganizationAccess() OrganizationAccess

func (*Team) String 

func (u *Team) String() string

func (*Team) Update 

func (u *Team) Update(opts UpdateTeamOptions) error

type TeamService 

type TeamService interface {
	CreateTeam(ctx context.Context, opts NewTeamOptions) (*Team, error)
	GetTeam(ctx context.Context, organization, team string) (*Team, error)
	GetTeamByID(ctx context.Context, teamID string) (*Team, error)
	ListTeams(ctx context.Context, organization string) ([]*Team, error)
	ListTeamMembers(ctx context.Context, teamID string) ([]*User, error)
	UpdateTeam(ctx context.Context, teamID string, opts UpdateTeamOptions) (*Team, error)
	DeleteTeam(ctx context.Context, teamID string) error
}

type Token 

type Token struct {
	ID          string
	CreatedAt   time.Time
	Token       string
	Description string
	Username    string // Token belongs to a user
}

Token is a user API token.

func NewTestToken 

func NewTestToken(t *testing.T, org string) *Token

func NewToken 

func NewToken(uid, description string) (*Token, error)

type TokenCreateOptions 

type TokenCreateOptions struct {
	Description string
}

type TokenService 

type TokenService interface {
	// CreateToken creates a user token.
	CreateToken(ctx context.Context, username string, opts *TokenCreateOptions) (*Token, error)
	// ListTokens lists API tokens for a user
	ListTokens(ctx context.Context, username string) ([]*Token, error)
	// DeleteToken deletes a user token.
	DeleteToken(ctx context.Context, username string, tokenID string) error
}

type TokenStore 

type TokenStore interface {
	// CreateToken creates a user token.
	CreateToken(ctx context.Context, token *Token) error
	// ListTokens lists user tokens.
	ListTokens(ctx context.Context, userID string) ([]*Token, error)
	// DeleteToken deletes a user token.
	DeleteToken(ctx context.Context, id string) error
}

TokenStore is a persistence store for user authentication tokens.

type UpdateTeamOptions 

type UpdateTeamOptions struct {
	OrganizationAccess
}

type User 

type User struct {
	ID            string // ID uniquely identifies users
	CreatedAt     time.Time
	UpdatedAt     time.Time
	Username      string   // username is globally unique
	Organizations []string // user belongs to many organizations
	Teams         []*Team  // user belongs to many teams
}

User represents an otf user account.

func NewUser 

func NewUser(username string, opts ...NewUserOption) *User

func (*User) CanAccessOrganization 

func (u *User) CanAccessOrganization(action rbac.Action, org string) bool

func (*User) CanAccessSite 

func (u *User) CanAccessSite(action rbac.Action) bool

func (*User) CanAccessWorkspace 

func (u *User) CanAccessWorkspace(action rbac.Action, policy otf.WorkspacePolicy) bool

func (*User) IsOwner 

func (u *User) IsOwner(organization string) bool

IsOwner determines if user is an owner of an organization

func (*User) IsSiteAdmin 

func (u *User) IsSiteAdmin() bool

func (*User) IsTeamMember 

func (u *User) IsTeamMember(teamID string) bool

IsTeamMember determines whether user is a member of the given team.

func (*User) ListOrganizations 

func (u *User) ListOrganizations() []string

func (*User) String 

func (u *User) String() string

type UserListOptions 

type UserListOptions struct {
	Organization *string
	TeamName     *string
}

UserListOptions are options for the ListUsers endpoint.

type UserService 

type UserService interface {
	CreateUser(ctx context.Context, username string, opts ...NewUserOption) (*User, error)
	GetUser(ctx context.Context, spec UserSpec) (*User, error)
	ListUsers(ctx context.Context, organization string) ([]*User, error)
	DeleteUser(ctx context.Context, username string) error
	AddOrganizationMembership(ctx context.Context, username, organization string) error
	RemoveOrganizationMembership(ctx context.Context, username, organization string) error
	AddTeamMembership(ctx context.Context, username, teamID string) error
	RemoveTeamMembership(ctx context.Context, username, teamID string) error
	// contains filtered or unexported methods
}

type UserSpec 

type UserSpec struct {
	UserID              *string
	Username            *string
	SessionToken        *string
	AuthenticationToken *string
}

func (UserSpec) MarshalLog 

func (s UserSpec) MarshalLog() any

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.