Documentation
¶
Overview ¶
Package admin0 exposes the mock's control-plane endpoints under /admin0/*.
These endpoints are NEVER authenticated — they're meant for test setup and teardown from outside the bearer-protected Mgmt API surface.
Index ¶
- Variables
- func Mount(r chi.Router, d Deps)
- type DeleteAllPermissionsHandler
- type DeleteClaimsHandler
- type DeleteExpectationsHandler
- type DeletePermissionsHandler
- type Deps
- type GetAllPermissionsHandler
- type GetClaimsHandler
- type GetMFARequiredHandler
- type GetPermissionsHandler
- type ListExpectationsHandler
- type PostExpectationHandler
- type PutClaimsHandler
- type PutMFARequiredHandler
- type PutPermissionsHandler
- type ResetHandler
Constants ¶
This section is empty.
Variables ¶
var Fragment []byte
Fragment is the per-package OpenAPI 3.1 partial document describing every /admin0/* route registered in this package's Mount function. The genopenapi bundler merges it with the base Mgmt API spec to produce api/auth0-mock.openapi.json.
Functions ¶
Types ¶
type DeleteAllPermissionsHandler ¶
type DeleteAllPermissionsHandler struct {
Store *permissions.Store
}
DeleteAllPermissionsHandler removes every audience's permissions.
func (*DeleteAllPermissionsHandler) ServeHTTP ¶
func (h *DeleteAllPermissionsHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type DeleteClaimsHandler ¶
DeleteClaimsHandler clears every custom claim.
func (*DeleteClaimsHandler) ServeHTTP ¶
func (h *DeleteClaimsHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
type DeleteExpectationsHandler ¶
DeleteExpectationsHandler clears expectations. An empty body clears all; a {method, path} body clears every expectation registered for that operation (the catch-all and every request-matched one).
Two intentional behaviours worth noting:
- An empty/whitespace-only body means "clear all". The read error from io.ReadAll is deliberately ignored: a failed or empty read falls through to ResetAll, which is a benign outcome for a teardown DELETE.
- Clearing an operation that was never registered is an idempotent no-op (returns 204). ResetEndpoint is documented as a no-op for unregistered keys, and DELETE intentionally does NOT validate {method, path} against the spec (unlike POST) because teardown should be forgiving.
func (*DeleteExpectationsHandler) ServeHTTP ¶
func (h *DeleteExpectationsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type DeletePermissionsHandler ¶
type DeletePermissionsHandler struct {
Store *permissions.Store
}
DeletePermissionsHandler clears the permissions for one audience.
func (*DeletePermissionsHandler) ServeHTTP ¶
func (h *DeletePermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type Deps ¶
type Deps struct {
Matches *matches.Store
Claims *claims.Store
Permissions *permissions.Store
MFA *mfa.Store
Validator *spec.Validator
}
Deps groups the in-memory stores admin0 controls.
type GetAllPermissionsHandler ¶
type GetAllPermissionsHandler struct {
Store *permissions.Store
}
GetAllPermissionsHandler returns the full per-audience permission map.
func (*GetAllPermissionsHandler) ServeHTTP ¶
func (h *GetAllPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetClaimsHandler ¶
GetClaimsHandler returns the per-process custom-claim map.
func (*GetClaimsHandler) ServeHTTP ¶
func (h *GetClaimsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetMFARequiredHandler ¶
GetMFARequiredHandler reports whether the password and password-realm grants currently demand MFA step-up.
func (*GetMFARequiredHandler) ServeHTTP ¶
func (h *GetMFARequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type GetPermissionsHandler ¶
type GetPermissionsHandler struct {
Store *permissions.Store
}
GetPermissionsHandler returns the permissions registered for one audience.
func (*GetPermissionsHandler) ServeHTTP ¶
func (h *GetPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ListExpectationsHandler ¶
ListExpectationsHandler returns every registered expectation.
func (*ListExpectationsHandler) ServeHTTP ¶
func (h *ListExpectationsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PostExpectationHandler ¶
PostExpectationHandler registers (upserts) an expectation for the Management API operation identified by {method, path}.
func (*PostExpectationHandler) ServeHTTP ¶
func (h *PostExpectationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutClaimsHandler ¶
PutClaimsHandler replaces the per-process custom-claim map with the JSON object in the request body.
func (*PutClaimsHandler) ServeHTTP ¶
func (h *PutClaimsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutMFARequiredHandler ¶
PutMFARequiredHandler toggles MFA enforcement at runtime. Body: {"required":true|false}.
func (*PutMFARequiredHandler) ServeHTTP ¶
func (h *PutMFARequiredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type PutPermissionsHandler ¶
type PutPermissionsHandler struct {
Store *permissions.Store
}
PutPermissionsHandler sets the permissions for one audience to the JSON array in the request body.
func (*PutPermissionsHandler) ServeHTTP ¶
func (h *PutPermissionsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
type ResetHandler ¶
type ResetHandler struct {
Deps Deps
}
ResetHandler wipes every store admin0 governs: registered matches, custom claims, and per-audience permissions.
func (*ResetHandler) ServeHTTP ¶
func (h *ResetHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request)
Source Files