auth

package
v0.0.0-...-9fd48d3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 9, 2025 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrAuthDisabled      = errors.New("authentication is disabled")
	ErrPluginNotFound    = errors.New("plugin not found")
	ErrInvalidAPIKey     = errors.New("invalid API key")
	ErrAPIKeyExpired     = errors.New("API key expired")
	ErrRoleNotFound      = errors.New("role not found")
	ErrPermissionDenied  = errors.New("permission denied")
	ErrKeyGenerationFail = errors.New("failed to generate API key")
	ErrConfigSaveFailure = errors.New("failed to save config")
	ErrConfigLoadFailure = errors.New("failed to load config")
)

Functions

func SaveSecurityConfig 

func SaveSecurityConfig(config *SecurityConfig, configPath string) error

SaveSecurityConfig saves the security configuration to a file

Types

type APIKeyManager 

type APIKeyManager struct {
	// contains filtered or unexported fields
}

APIKeyManager manages API keys for plugins

func NewAPIKeyManager 

func NewAPIKeyManager(configPath string) (*APIKeyManager, error)

NewAPIKeyManager creates a new API key manager

func (*APIKeyManager) AddRole 

func (m *APIKeyManager) AddRole(role PluginRole) error

AddRole adds a new role

func (*APIKeyManager) CheckPermission 

func (m *APIKeyManager) CheckPermission(pluginName, permission string) (bool, error)

CheckPermission checks if a plugin has a specific permission

func (*APIKeyManager) DeleteRole 

func (m *APIKeyManager) DeleteRole(roleName string) error

DeleteRole deletes a role

func (*APIKeyManager) DisableAuth 

func (m *APIKeyManager) DisableAuth() error

DisableAuth disables authentication

func (*APIKeyManager) EnableAuth 

func (m *APIKeyManager) EnableAuth() error

EnableAuth enables authentication

func (*APIKeyManager) GenerateAPIKey 

func (m *APIKeyManager) GenerateAPIKey(pluginName, role, description string, expiresInDays int) (string, error)

GenerateAPIKey generates a new API key for a plugin

func (*APIKeyManager) GetAPIKey 

func (m *APIKeyManager) GetAPIKey(pluginName string) (string, error)

GetAPIKey gets an API key for a plugin

func (*APIKeyManager) GetAllPluginAPIKeys 

func (m *APIKeyManager) GetAllPluginAPIKeys() ([]PluginAPIKey, error)

GetAllPluginAPIKeys gets all plugin API keys

func (*APIKeyManager) GetRoles 

func (m *APIKeyManager) GetRoles() ([]PluginRole, error)

GetRoles gets all roles

func (*APIKeyManager) IsAuthEnabled 

func (m *APIKeyManager) IsAuthEnabled() bool

IsAuthEnabled returns whether authentication is enabled

func (*APIKeyManager) RevokeAPIKey 

func (m *APIKeyManager) RevokeAPIKey(pluginName string) error

RevokeAPIKey revokes an API key for a plugin

func (*APIKeyManager) UpdateRole 

func (m *APIKeyManager) UpdateRole(role PluginRole) error

UpdateRole updates an existing role

func (*APIKeyManager) ValidateAPIKey 

func (m *APIKeyManager) ValidateAPIKey(pluginName, apiKey string) (bool, string, error)

ValidateAPIKey validates an API key for a plugin

type AuthConfig 

type AuthConfig struct {
	Enabled bool           `json:"enabled"`
	APIKeys []PluginAPIKey `json:"api_keys"`
	Roles   []PluginRole   `json:"roles"`
}

AuthConfig represents the authentication configuration

type AuthPlugin 

type AuthPlugin struct {
	Impl   PluginAuthService
	Logger hclog.Logger
}

AuthPlugin is the implementation of plugin.Plugin for the auth plugin

func (*AuthPlugin) GRPCClient 

func (p *AuthPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error)

GRPCClient returns the auth client

func (*AuthPlugin) GRPCServer 

func (p *AuthPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error

GRPCServer registers the auth service with the gRPC server

type GRPCPluginAuthClient 

type GRPCPluginAuthClient struct {
	// contains filtered or unexported fields
}

GRPCPluginAuthClient is the gRPC client for PluginAuthService

func (*GRPCPluginAuthClient) Authenticate 

func (c *GRPCPluginAuthClient) Authenticate(ctx context.Context, pluginName, apiKey string) (bool, string, error)

Authenticate authenticates a plugin

func (*GRPCPluginAuthClient) CheckPermission 

func (c *GRPCPluginAuthClient) CheckPermission(ctx context.Context, pluginName, permission string) (bool, error)

CheckPermission checks if a plugin has a specific permission

type GRPCPluginAuthServer 

type GRPCPluginAuthServer struct {
	Impl PluginAuthService
	snoozePlugin.UnimplementedPluginAuthServer
}

GRPCPluginAuthServer is the gRPC server for PluginAuthService

func (*GRPCPluginAuthServer) Authenticate 

func (s *GRPCPluginAuthServer) Authenticate(ctx context.Context, req *snoozePlugin.AuthenticateRequest) (*snoozePlugin.AuthenticateResponse, error)

Authenticate authenticates a plugin

func (*GRPCPluginAuthServer) CheckPermission 

func (s *GRPCPluginAuthServer) CheckPermission(ctx context.Context, req *snoozePlugin.PermissionRequest) (*snoozePlugin.PermissionResponse, error)

CheckPermission checks if a plugin has a specific permission

type PluginAPIKey 

type PluginAPIKey struct {
	PluginName  string    `json:"plugin_name"`
	APIKey      string    `json:"api_key"`
	Role        string    `json:"role"`
	CreatedAt   time.Time `json:"created_at"`
	ExpiresAt   time.Time `json:"expires_at"`
	LastUsedAt  time.Time `json:"last_used_at,omitempty"`
	Description string    `json:"description,omitempty"`
}

PluginAPIKey represents an API key for a plugin

type PluginAuthService 

type PluginAuthService interface {
	Authenticate(ctx context.Context, pluginName, apiKey string) (bool, string, error)
	CheckPermission(ctx context.Context, pluginName, permission string) (bool, error)
}

PluginAuthService is the interface that plugins must implement for authentication

func NewPluginAuthService 

func NewPluginAuthService(configDir string, logger hclog.Logger) (PluginAuthService, error)

NewPluginAuthService creates a new PluginAuthService

type PluginAuthServiceImpl 

type PluginAuthServiceImpl struct {
	// contains filtered or unexported fields
}

PluginAuthServiceImpl is the implementation of PluginAuthService

func (*PluginAuthServiceImpl) Authenticate 

func (s *PluginAuthServiceImpl) Authenticate(ctx context.Context, pluginName, apiKey string) (bool, string, error)

Authenticate authenticates a plugin

func (*PluginAuthServiceImpl) CheckPermission 

func (s *PluginAuthServiceImpl) CheckPermission(ctx context.Context, pluginName, permission string) (bool, error)

CheckPermission checks if a plugin has a specific permission

type PluginPermission 

type PluginPermission struct {
	Name        string `json:"name"`
	Description string `json:"description"`
	Allowed     bool   `json:"allowed"`
}

PluginPermission represents a single permission for a plugin

type PluginRole 

type PluginRole struct {
	Name        string             `json:"name"`
	Description string             `json:"description"`
	Permissions []PluginPermission `json:"permissions"`
}

PluginRole represents a role with associated permissions

type SecurityConfig 

type SecurityConfig struct {
	Auth       AuthConfig      `json:"auth"`
	TLS        TLSConfig       `json:"tls"`
	Signatures SignatureConfig `json:"signatures"`
}

SecurityConfig represents the overall security configuration

func LoadSecurityConfig 

func LoadSecurityConfig(configPath string) (*SecurityConfig, error)

LoadSecurityConfig loads the security configuration from a file

type SignatureConfig 

type SignatureConfig struct {
	Enabled          bool   `json:"enabled"`
	PublicKeyPath    string `json:"public_key_path"`
	VerifySignatures bool   `json:"verify_signatures"`
}

SignatureConfig represents the signature verification configuration

type TLSConfig 

type TLSConfig struct {
	Enabled  bool   `json:"enabled"`
	CertPath string `json:"cert_path"`
	KeyPath  string `json:"key_path"`
}

TLSConfig represents the TLS configuration

Source Files

View all Source files

Directories

Path Synopsis
Package credentials provides standardized credential handling for cloud providers
 Package credentials provides standardized credential handling for cloud providers

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.