const (
    // StorePermsPrefix is the internal prefix of the storage layer dedicated to storing user data.
    StorePermsPrefix = "/2"

    // RootRoleName is the name of the ROOT role, with privileges to manage the cluster.
    RootRoleName = "root"

    // GuestRoleName is the name of the role that defines the privileges of an unauthenticated user.
    GuestRoleName = "guest"
)

type Error ¶

type Error struct {
    Status int
    Errmsg string
}

func (Error) Error ¶

func (ae Error) Error() string

func (Error) HTTPStatus ¶

func (ae Error) HTTPStatus() int

type PasswordStore ¶

type PasswordStore interface {
    CheckPassword(user User, password string) bool
    HashPassword(password string) (string, error)
}

type Permissions ¶

type Permissions struct {
    KV RWPermission `json:"kv"`
}

func (Permissions) Grant ¶

func (p Permissions) Grant(n *Permissions) (Permissions, error)

Grant adds a set of permissions to the permission object on which it is called, returning a new permission object.

func (*Permissions) IsEmpty ¶

func (p *Permissions) IsEmpty() bool

func (Permissions) Revoke ¶

func (p Permissions) Revoke(n *Permissions) (Permissions, error)

Revoke removes a set of permissions to the permission object on which it is called, returning a new permission object.

type RWPermission ¶

type RWPermission struct {
    Read  []string `json:"read"`
    Write []string `json:"write"`
}

func (RWPermission) Grant ¶

func (rw RWPermission) Grant(n RWPermission) (RWPermission, error)

Grant adds a set of permissions to the permission object on which it is called, returning a new permission object.

func (RWPermission) HasAccess ¶

func (rw RWPermission) HasAccess(key string, write bool) bool

func (RWPermission) HasRecursiveAccess ¶

func (rw RWPermission) HasRecursiveAccess(key string, write bool) bool

func (RWPermission) Revoke ¶

func (rw RWPermission) Revoke(n RWPermission) (RWPermission, error)

Revoke removes a set of permissions to the permission object on which it is called, returning a new permission object.

type Role ¶

type Role struct {
    Role        string       `json:"role"`
    Permissions Permissions  `json:"permissions"`
    Grant       *Permissions `json:"grant,omitempty"`
    Revoke      *Permissions `json:"revoke,omitempty"`
}

func (Role) HasKeyAccess ¶

func (r Role) HasKeyAccess(key string, write bool) bool

func (Role) HasRecursiveAccess ¶

func (r Role) HasRecursiveAccess(key string, write bool) bool

type Store ¶

type Store interface {
    AllUsers() ([]string, error)
    GetUser(name string) (User, error)
    CreateOrUpdateUser(user User) (out User, created bool, err error)
    CreateUser(user User) (User, error)
    DeleteUser(name string) error
    UpdateUser(user User) (User, error)
    AllRoles() ([]string, error)
    GetRole(name string) (Role, error)
    CreateRole(role Role) error
    DeleteRole(name string) error
    UpdateRole(role Role) (Role, error)
    AuthEnabled() bool
    EnableAuth() error
    DisableAuth() error
    PasswordStore
}

func NewStore ¶

func NewStore(server doer, timeout time.Duration) Store

type User ¶

type User struct {
    User     string   `json:"user"`
    Password string   `json:"password,omitempty"`
    Roles    []string `json:"roles"`
    Grant    []string `json:"grant,omitempty"`
    Revoke   []string `json:"revoke,omitempty"`
}

Package auth

Overview ▹

Overview ▾

Index ▹

Index ▾

Package files

Internal call graph ▹

Internal call graph ▾

Constants