-
Notifications
You must be signed in to change notification settings - Fork 16
/
types.go
145 lines (131 loc) · 4.5 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package types
import (
log "github.com/Sirupsen/logrus"
"github.com/contiv/auth_proxy/common/errors"
)
const (
// TenantClaimKey is a prefix added to Claim keys in the
// authorization or token object to represent tenants
TenantClaimKey = "tenant:"
// RoleClaimKey is a const string which represents highest
// available role available to a principal in token object or
// authorization db
RoleClaimKey = "role"
)
// RoleType each role type is associated with a group and set of capabilities
type RoleType uint
// Set of pre-defined roles here
const (
Admin RoleType = iota // can perform any operation
Ops // restricted to only assigned tenants
Invalid // Invalid role, this needs to be the last role
)
// Tenant is a type to represent the name of the tenant
type Tenant string
// String returns the string representation of `RoleType`
func (role RoleType) String() string {
switch role {
case Ops:
return "ops"
case Admin:
return "admin"
default:
log.Debug("Illegal role type")
return ""
}
}
// Role returns the `RoleType` of given string
func Role(roleStr string) (RoleType, error) {
switch roleStr {
case Admin.String():
return Admin, nil
case Ops.String():
return Ops, nil
default:
log.Debugf("Unsupported role %q", roleStr)
return Invalid, errors.ErrUnsupportedType
}
}
// LocalUser information
//
// Fields:
// UserName: of the user. Read only field. Must be unique.
// FirstName: of the user
// LastName: of the user
// Password: of the user. Not stored anywhere. Used only for updates.
// Disable: if authorizations for this local user is disabled.
// PasswordHash: of the password string.
//
type LocalUser struct {
Username string `json:"username"`
Password string `json:"password,omitempty"`
FirstName string `json:"first_name"`
LastName string `json:"last_name"`
Disable bool `json:"disable"`
PasswordHash []byte `json:"password_hash,omitempty"`
}
// LdapConfiguration represents the LDAP/AD configuration.
// All the connection to LDAP/AD is established using this details.
//
// Fields:
// Server: FQDN or IP address of LDAP/AD server
// Port: listening port of LDAP/AD server
// BaseDN: Distinguished name for base entity.
// E.g., ou=eng,dc=auth,dc=com. All search queries will be scope to this BaseDN.
// ServiceAccountDN: DN of the service account. auth_proxy will use this
// account to communicate with LDAP/AD. Hence this account
// must have appropriate privileges, specifically for lookup.
// ServiceAccountPassword: of the service account
// StartTLS: if set, the connection will be upgrated to SSL/TLS mode
// InsecureSkipVerify: if set, the certificate verification is skipped;
// used only when `StartTLS` is enabled.
// TLSCertIssuedTo: Servername for which the TLS/SSL certificate was issued.
// This is used only when `StartTLS` is enabled.
// The connection is prone to man-in-the-middle attacks,
// if empty(TLSCertIssuedTo) and InsecureSkipVerify == false.
type LdapConfiguration struct {
Server string `json:"server"`
Port uint16 `json:"port"`
BaseDN string `json:"base_dn"`
ServiceAccountDN string `json:"service_account_dn"`
ServiceAccountPassword string `json:"service_account_password,omitempty"`
StartTLS bool `json:"start_tls"`
InsecureSkipVerify bool `json:"insecure_skip_verify"`
TLSCertIssuedTo string `json:"tls_cert_issued_to"`
}
//
// KVStoreConfig encapsulates config data that determines KV store
// details specific to a running instance of auth_proxy
//
// Fields:
// StoreURL: URL of the key-value store
//
type KVStoreConfig struct {
StoreURL string `json:"kvstore-url"`
StoreDriver string `json:"kvstore-driver"`
}
//
// WatchState encapsulates changes in the state stored in the KV store
// and constitutes both the current and previous state
//
// Fields:
// Curr: current state for a key in the KV store
// Prec: previous state for a key in the KV store
//
type WatchState struct {
Curr State
Prev State
}
//
// CommonState defines the fields common to all types.State
// implementations. This struct will be embedded as an anonymous
// field in all structs that implement types.State
//
// Fields:
// StateDriver: etcd or consul statedriver
// ID: identifier for the state
//
type CommonState struct {
StateDriver StateDriver `json:"-"`
ID string `json:"id"`
}