Documentation
¶
Overview ¶
Package auth is responsible for authentication
Index ¶
- Constants
- Variables
- func NewService(opts Options) *service
- type AuthService
- type Client
- func (c *Client) AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
- func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
- func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
- func (c *Client) DeleteTeam(ctx context.Context, id string) error
- func (c *Client) DeleteUser(ctx context.Context, username string) error
- func (c *Client) GetTeam(ctx context.Context, organization, name string) (*Team, error)
- func (c *Client) RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
- type CreateTeamOptions
- type NewUserOption
- type Options
- type OrganizationAccess
- type OrganizationAccessOptions
- type OrganizationService
- type Team
- type TeamMembershipOptions
- type TeamService
- type UpdateTeamOptions
- type User
- func (u *User) CanAccessOrganization(action rbac.Action, org string) bool
- func (u *User) CanAccessSite(action rbac.Action) bool
- func (u *User) CanAccessWorkspace(action rbac.Action, policy internal.WorkspacePolicy) bool
- func (u *User) IsOwner(organization string) bool
- func (u *User) IsSiteAdmin() bool
- func (u *User) IsTeamMember(teamID string) bool
- func (u *User) Organizations() []string
- func (u *User) String() string
- type UserListOptions
- type UserService
- type UserSpec
Constants ¶
View Source
const ( SiteAdminID = "user-site-admin" SiteAdminUsername = "site-admin" )
Variables ¶
View Source
var ErrCannotDeleteOnlyOwner = errors.New("cannot remove the last owner")
View Source
var ErrRemovingOwnersTeamNotPermitted = errors.New("the owners team cannot be deleted")
View Source
var (
SiteAdmin = User{ID: SiteAdminID, Username: SiteAdminUsername}
)
Functions ¶
func NewService ¶
func NewService(opts Options) *service
Types ¶
type AuthService ¶
type AuthService interface {
TeamService
UserService
}
type Client ¶
type Client struct {
internal.JSONAPIClient
}
func (*Client) AddTeamMembership ¶
func (c *Client) AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
AddTeamMembership adds users to a team via HTTP.
func (*Client) CreateTeam ¶
func (c *Client) CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
CreateTeam creates a team via HTTP/JSONAPI.
func (*Client) CreateUser ¶
func (c *Client) CreateUser(ctx context.Context, username string, _ ...NewUserOption) (*User, error)
CreateUser creates a user via HTTP/JSONAPI. Options are ignored.
func (*Client) DeleteTeam ¶
DeleteTeam deletes a team via HTTP/JSONAPI.
func (*Client) DeleteUser ¶
DeleteUser deletes a user via HTTP/JSONAPI.
func (*Client) RemoveTeamMembership ¶
func (c *Client) RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
RemoveTeamMembership removes users from a team via HTTP.
type CreateTeamOptions ¶
type CreateTeamOptions struct {
// Name of team to create
Name *string `schema:"name,required"`
OrganizationAccessOptions
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
SSOTeamID *string
Visibility *string
}
type NewUserOption ¶
type NewUserOption func(*User)
func WithTeams ¶
func WithTeams(memberships ...*Team) NewUserOption
type Options ¶
type Options struct {
*sql.DB
html.Renderer
internal.HostnameService
organization.OrganizationService
logr.Logger
}
type OrganizationAccess ¶
type OrganizationAccess struct {
ManageWorkspaces bool // admin access on all workspaces
ManageVCS bool // manage VCS providers
ManageModules bool // manage module registry
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
ManageProviders bool
ManagePolicies bool
ManagePolicyOverrides bool
}
OrganizationAccess defines a team's organization access.
type OrganizationAccessOptions ¶ added in v0.0.50
type OrganizationAccessOptions struct {
ManageWorkspaces *bool `schema:"manage_workspaces"`
ManageVCS *bool `schema:"manage_vcs"`
ManageModules *bool `schema:"manage_modules"`
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
ManageProviders *bool
ManagePolicies *bool
ManagePolicyOverrides *bool
}
OrganizationAccessOptions defines access to be granted upon team creation or to grant/rescind to/from an existing team.
type OrganizationService ¶
type OrganizationService organization.Service
Aliases to disambiguate service names when embedded together.
type Team ¶
type Team struct {
ID string
CreatedAt time.Time
Name string
Organization string
Access OrganizationAccess
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
Visibility string
SSOTeamID *string
}
Team is a group of users sharing a level of authorization.
func CreateTestTeam ¶
func CreateTestTeam(t *testing.T, db *sql.DB, organization *organization.Organization) *Team
func (*Team) OrganizationAccess ¶
func (t *Team) OrganizationAccess() OrganizationAccess
func (*Team) Update ¶
func (t *Team) Update(opts UpdateTeamOptions) error
type TeamMembershipOptions ¶
type TeamService ¶
type TeamService interface {
CreateTeam(ctx context.Context, organization string, opts CreateTeamOptions) (*Team, error)
GetTeam(ctx context.Context, organization, team string) (*Team, error)
GetTeamByID(ctx context.Context, teamID string) (*Team, error)
ListTeams(ctx context.Context, organization string) ([]*Team, error)
ListTeamMembers(ctx context.Context, teamID string) ([]*User, error)
UpdateTeam(ctx context.Context, teamID string, opts UpdateTeamOptions) (*Team, error)
DeleteTeam(ctx context.Context, teamID string) error
}
type UpdateTeamOptions ¶
type UpdateTeamOptions struct {
Name *string
OrganizationAccessOptions
// TFE fields that OTF does not support but persists merely to pass the
// go-tfe integration tests
SSOTeamID *string
Visibility *string
}
type User ¶
type User struct {
ID string // ID uniquely identifies users
CreatedAt time.Time
UpdatedAt time.Time
Username string // username is globally unique
SiteAdmin bool // Indicates whether user is a site admin
Teams []*Team // user belongs to many teams
}
User represents an otf user account.
func NewUser ¶
func NewUser(username string, opts ...NewUserOption) *User
func UserFromContext ¶
UserFromContext retrieves a user from a context
func (*User) CanAccessOrganization ¶
func (*User) CanAccessWorkspace ¶
func (*User) IsSiteAdmin ¶
IsSiteAdmin determines whether user is a site admin. A user is a site admin in either of two cases: (1) their account has been promoted to site admin (think sudo) (2) the account is *the* site admin (think root)
func (*User) IsTeamMember ¶
IsTeamMember determines whether user is a member of the given team.
func (*User) Organizations ¶
Organizations returns the user's membership of organizations (indirectly via their membership of teams).
NOTE: always returns a non-nil slice
type UserListOptions ¶
UserListOptions are options for the ListUsers endpoint.
type UserService ¶
type UserService interface {
CreateUser(ctx context.Context, username string, opts ...NewUserOption) (*User, error)
GetUser(ctx context.Context, spec UserSpec) (*User, error)
ListUsers(ctx context.Context) ([]*User, error)
ListOrganizationUsers(ctx context.Context, organization string) ([]*User, error)
DeleteUser(ctx context.Context, username string) error
AddTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
RemoveTeamMembership(ctx context.Context, opts TeamMembershipOptions) error
SetSiteAdmins(ctx context.Context, usernames ...string) error
}
Source Files
Click to show internal directories.
Click to hide internal directories.