identities

package
v1.29.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 25, 2026 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Access

type Access string

Access defines the access level for an identity.

const (
	AdminAccess     Access = "admin"
	ReadAccess      Access = "read"
	MetricsAccess   Access = "metrics"
	UntrustedAccess Access = "untrusted"
)

type BasicIdentity

type BasicIdentity struct {
	// Password holds the user's sha512-crypt-hashed password.
	Password string `json:"password"`
}

BasicIdentity holds identity configuration specific to the "basic" type (for HTTP basic authentication).

type CertIdentity

type CertIdentity struct {
	X509 *x509.Certificate
}

Certificate identity represents the client in an mTLS connection. We only support a self-signed x509 certificate without intermediaries.

func (*CertIdentity) MarshalJSON

func (c *CertIdentity) MarshalJSON() ([]byte, error)

func (*CertIdentity) UnmarshalJSON

func (c *CertIdentity) UnmarshalJSON(data []byte) error

type Identity

type Identity struct {
	Name   string `json:"-"`
	Access Access `json:"access"`

	// One or more of the following type-specific configuration fields must be
	// non-nil.
	Local *LocalIdentity `json:"local,omitempty"`
	Basic *BasicIdentity `json:"basic,omitempty"`
	Cert  *CertIdentity  `json:"cert,omitempty"`
}

Identity holds the configuration of a single identity.

IMPORTANT: When adding a new identity type, if there's sensitive fields in it (like passwords), be sure to omit it from API marshalling in api_identities.go.

func (*Identity) Validate

func (d *Identity) Validate(name string) error

Validate checks that the identity's fields (and name) are valid, returning an error if not.

type LocalIdentity

type LocalIdentity struct {
	UserID uint32 `json:"user-id"`
}

LocalIdentity holds identity configuration specific to the "local" type (for ucrednet/UID authentication).

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager

func NewManager(st *state.State) (*Manager, error)

func (*Manager) AddIdentities

func (m *Manager) AddIdentities(identities map[string]*Identity) error

AddIdentities adds the given identities to the system. It's an error if any of the named identities already exist.

The state lock must be held for the duration of this call.

func (*Manager) Ensure

func (m *Manager) Ensure() error

func (*Manager) Identities

func (m *Manager) Identities() map[string]*Identity

Identities returns all the identities in the system. The returned map is a shallow clone, so map mutations won't affect state.

The state lock must be held for the duration of this call.

func (*Manager) IdentityFromInputs

func (m *Manager) IdentityFromInputs(userID *uint32, username, password string, clientCert *x509.Certificate) *Identity

IdentityFromInputs returns an identity matching the given inputs.

We prioritize clientCert and username/password if either is provided, because they are intentionally setup by the client.

If no matching identity is found for the given inputs, nil is returned.

The state lock must be held for the duration of this call.

func (*Manager) RemoveIdentities

func (m *Manager) RemoveIdentities(identities map[string]struct{}) error

RemoveIdentities removes the named identities from the system. It's an error if any of the named identities do not exist.

The state lock must be held for the duration of this call.

func (*Manager) ReplaceIdentities

func (m *Manager) ReplaceIdentities(identities map[string]*Identity) error

ReplaceIdentities replaces the named identities in the system with the given identities (adding those that don't exist), or removes them if the map value is nil.

The state lock must be held for the duration of this call.

func (*Manager) UpdateIdentities

func (m *Manager) UpdateIdentities(identities map[string]*Identity) error

UpdateIdentities updates the given identities in the system. It's an error if any of the named identities do not exist.

The state lock must be held for the duration of this call.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL