README
¶
github.com/superfly/macaroon/flyio
This package contains fly.io-specific caveats.
Documentation
¶
Index ¶
- Constants
- Variables
- func AppScope(cs *macaroon.CaveatSet) []uint64
- func AppsAllowing(cs *macaroon.CaveatSet, action resset.Action) (uint64, []uint64, error)
- func ClusterScope(cs *macaroon.CaveatSet) []string
- func DangerousUserID(cs *macaroon.CaveatSet) (uint64, error)
- func DischargeClient(opts ...tp.ClientOption) *tp.Client
- func OrganizationScope(cs *macaroon.CaveatSet) (uint64, error)
- func ParsePermissionAndDischargeTokens(header string) ([]byte, [][]byte, error)
- type Access
- type Apps
- type Clusters
- type FeatureSet
- type FromMachine
- type IsUser
- type MachineFeatureSet
- type Machines
- type Mutations
- type NoAdminFeatures
- type Organization
- type Volumes
Constants ¶
const ( CavOrganization = macaroon.CavFlyioOrganization CavVolumes = macaroon.CavFlyioVolumes CavApps = macaroon.CavFlyioApps CavFeatureSet = macaroon.CavFlyioFeatureSet CavMutations = macaroon.CavFlyioMutations CavMachines = macaroon.CavFlyioMachines CavIsUser = macaroon.CavFlyioIsUser CavMachineFeatureSet = macaroon.CavFlyioMachineFeatureSet CavFromMachineSource = macaroon.CavFlyioFromMachineSource CavClusters = macaroon.CavFlyioClusters CavNoAdminFeatures = macaroon.CavNoAdminFeatures )
const ( FeatureWireGuard = "wg" FeatureDomains = "domain" FeatureSites = "site" FeatureRemoteBuilders = "builder" FeatureAddOns = "addon" FeatureChecks = "checks" FeatureLFSC = "litefs-cloud" FeatureMembership = "membership" FeatureBilling = "billing" FeatureDeletion = "deletion" FeatureDocumentSigning = "document_signing" FeatureAuthentication = "authentication" )
const ( // well-known locations LocationPermission = "https://api.fly.io/v1" LocationAuthentication = "https://api.fly.io/aaa/v1" LocationSecrets = "https://api.fly.io/secrets/v1" )
Variables ¶
var ( MemberFeatures = map[string]resset.Action{ FeatureWireGuard: resset.ActionAll, FeatureDomains: resset.ActionAll, FeatureSites: resset.ActionAll, FeatureRemoteBuilders: resset.ActionAll, FeatureAddOns: resset.ActionAll, FeatureChecks: resset.ActionAll, FeatureLFSC: resset.ActionAll, FeatureMembership: resset.ActionRead, FeatureBilling: resset.ActionRead, FeatureAuthentication: resset.ActionRead, FeatureDeletion: resset.ActionNone, FeatureDocumentSigning: resset.ActionNone, } )
Functions ¶
func AppScope ¶ added in v0.2.6
AppScope finds the IDs of the apps that application queries should be scoped to. This doesn't imply any specific access to the apps, since it disregards caveats requiring specific child/sibling resources and doesn't check for any level of access.
func AppsAllowing ¶ added in v0.2.6
WARNING: it is the caller's responsibility to ensure that apps actually belong to the organization before completing an operation for the user!
AppsAllowing gets the set of apps that allow the specified action. An organization ID and a slice of app IDs are returned. A nil slice means that the action is allowed on any org-owned app, which an empty slice (which won't be returned without an accompanying error) means that the action isn't allowed on any apps.
func ClusterScope ¶ added in v0.2.6
ClusterScope finds the IDs of the clusters that clusters queries should be scoped to. This doesn't imply any specific access to the clusters , since it disregards caveats requiring specific child/sibling resources and doesn't check for any level of access.
func DangerousUserID ¶ added in v0.2.8
DangerousUserID iterates over the caveats to determine the associated user ID. This identity should only be used for logging and auditing. It should not be used for making authorization decisions.
func DischargeClient ¶ added in v0.2.0
func DischargeClient(opts ...tp.ClientOption) *tp.Client
DischargeClient returns a *tp.Client suitable for discharging third party caveats in fly.io permission tokens.
func OrganizationScope ¶ added in v0.2.6
OrganizationScope finds the ID of the organization that application queries should be scoped to. This doesn't imply any specific access to the organization, since it disregards caveats requiring specific child resources and doesn't check for any level of access.
Types ¶
type Access ¶
type Access struct {
OrgSlug *string `json:"org_slug,omitempty"`
AppID *string `json:"apphid,omitempty"`
Action resset.Action `json:"action,omitempty"`
Feature *string `json:"feature,omitempty"`
Volume *string `json:"volume,omitempty"`
Machine *string `json:"machine,omitempty"`
MachineFeature *string `json:"machine_feature,omitempty"`
Mutation *string `json:"mutation,omitempty"`
SourceMachine *string `json:"sourceMachine,omitempty"`
Cluster *string `json:"cluster,omitempty"`
// deprecated
DeprecatedOrgID *uint64 `json:"orgid,omitempty"`
DeprecatedAppID *uint64 `json:"appid,omitempty"`
}
func (*Access) Validate ¶
validate checks that the Access has sensible values set. This consists of ensuring that parent-resources are specified when child-resources are present (e.g. machine requires app requires org) and ensuring that multiple child resources aren't specified for a single parent resource (e.g. machine and volume are mutually exclusive).
This ensure that a Access represents a single action taken on a single object.
type Apps ¶
type Apps struct {
Apps resset.ResourceSet[uint64] `json:"apps"`
}
Apps is a set of App caveats, with their RWX access levels. A token with this set can be used only with the listed apps, regardless of what the token says. Additional Apps can be added, but they can only narrow, not expand, which apps (or access levels) can be reached from the token.
func (*Apps) CaveatType ¶
func (c *Apps) CaveatType() macaroon.CaveatType
type Clusters ¶
type Clusters struct {
Clusters resset.ResourceSet[string] `json:"clusters"`
}
Clusters is a set of Cluster caveats, with their RWX access levels. Clusters belong to the "litefs-cloud" org-feature.
func (*Clusters) CaveatType ¶
func (c *Clusters) CaveatType() macaroon.CaveatType
type FeatureSet ¶
type FeatureSet struct {
Features resset.ResourceSet[string] `json:"features"`
}
FeatureSet is a collection of organization-level "features" that are managed as single units. For example, the ability to manage wireguard networks is gated by the "wg" feature, though you could conceptually gate access to them individually with a Networks caveat. The feature name is free-form and more should be addded as it makes sense.
func (*FeatureSet) CaveatType ¶
func (c *FeatureSet) CaveatType() macaroon.CaveatType
func (*FeatureSet) Name ¶ added in v0.0.5
func (c *FeatureSet) Name() string
type FromMachine ¶
type FromMachine struct {
ID string `json:"id"`
}
func (*FromMachine) CaveatType ¶
func (c *FromMachine) CaveatType() macaroon.CaveatType
func (*FromMachine) Name ¶ added in v0.0.5
func (c *FromMachine) Name() string
type IsUser ¶
type IsUser struct {
ID uint64 `json:"uint64"`
}
deprecated in favor of auth.FlyioUserID
func (*IsUser) CaveatType ¶
func (c *IsUser) CaveatType() macaroon.CaveatType
type MachineFeatureSet ¶
type MachineFeatureSet struct {
Features resset.ResourceSet[string] `json:"features"`
}
func (*MachineFeatureSet) CaveatType ¶
func (c *MachineFeatureSet) CaveatType() macaroon.CaveatType
func (*MachineFeatureSet) Name ¶ added in v0.0.5
func (c *MachineFeatureSet) Name() string
type Machines ¶
type Machines struct {
Machines resset.ResourceSet[string] `json:"machines"`
}
func (*Machines) CaveatType ¶
func (c *Machines) CaveatType() macaroon.CaveatType
type Mutations ¶
type Mutations struct {
Mutations []string `json:"mutations"`
}
Mutations is a set of GraphQL mutations allowed by this token.
func (*Mutations) CaveatType ¶
func (c *Mutations) CaveatType() macaroon.CaveatType
type NoAdminFeatures ¶ added in v0.2.4
type NoAdminFeatures struct{}
NoAdminFeatures is a shorthand for specifying that the token isn't allowed to access admin-only features. Same as:
resset.IfPresent{
Ifs: macaroon.NewCaveatSet(&FeatureSet{
"memberFeatureOne": resset.ActionAll,
"memberFeatureTwo": resset.ActionAll,
"memberFeatureNNN": resset.ActionAll,
}),
Else: resset.ActionAll
}
func (*NoAdminFeatures) CaveatType ¶ added in v0.2.4
func (c *NoAdminFeatures) CaveatType() macaroon.CaveatType
func (*NoAdminFeatures) Name ¶ added in v0.2.4
func (c *NoAdminFeatures) Name() string
type Organization ¶
Organization is an orgid, plus RWX-style access control.
func (*Organization) CaveatType ¶
func (c *Organization) CaveatType() macaroon.CaveatType
func (*Organization) Name ¶ added in v0.0.5
func (c *Organization) Name() string
type Volumes ¶
type Volumes struct {
Volumes resset.ResourceSet[string] `json:"volumes"`
}
func (*Volumes) CaveatType ¶
func (c *Volumes) CaveatType() macaroon.CaveatType
Source Files