README
¶
github.com/superfly/macaroon/flyio
This package contains fly.io-specific caveats.
Documentation
¶
Index ¶
- Constants
- Variables
- func AppScope(cs *macaroon.CaveatSet) []uint64
- func AppsAllowing(cs *macaroon.CaveatSet, action resset.Action) (uint64, []uint64, error)
- func ClusterScope(cs *macaroon.CaveatSet) []string
- func DangerousUserID(cs *macaroon.CaveatSet) (uint64, error)
- func DischargeClient(opts ...tp.ClientOption) *tp.Client
- func IsForOrg(orgID uint64) bundle.Predicate
- func IsForOrgUnverified(oid uint64) bundle.Predicate
- func NonceEmail(n macaroon.Nonce) string
- func OrganizationScope(cs *macaroon.CaveatSet) (uint64, error)
- func ParseBundle(hdr string) (*bundle.Bundle, error)
- func ParseBundleWithFilter(hdr string, filter bundle.Filter) (*bundle.Bundle, error)
- func ParsePermissionAndDischargeTokens(header string) ([]byte, [][]byte, error)
- type Access
- func (a *Access) GetAction() resset.Action
- func (a *Access) GetAppFeature() *string
- func (a *Access) GetAppID() *uint64
- func (a *Access) GetCluster() *string
- func (a *Access) GetCommand() []string
- func (a *Access) GetFeature() *string
- func (a *Access) GetMachine() *string
- func (a *Access) GetMachineFeature() *string
- func (a *Access) GetMutation() *string
- func (a *Access) GetOrgID() *uint64
- func (a *Access) GetPermittedRoles() []Role
- func (a *Access) GetSourceApp() *string
- func (a *Access) GetSourceMachine() *string
- func (a *Access) GetSourceOrganization() *string
- func (a *Access) GetStorageObject() *resset.Prefix
- func (a *Access) GetVolume() *string
- func (a *Access) Now() time.Time
- func (f *Access) Validate() error
- type AllowedRoles
- type AppFeatureGetter
- type AppFeatureSet
- type AppIDGetter
- type Apps
- type CSV
- type ClusterGetter
- type Clusters
- type Command
- type CommandGetter
- type Commands
- type FeatureGetter
- type FeatureSet
- type FlySrc
- type FromMachine
- type IsMember
- type IsUser
- type MachineFeatureGetter
- type MachineFeatureSet
- type MachineGetter
- type Machines
- type MutationGetter
- type Mutations
- type OrgIDGetter
- type Organization
- type PermittedRolesGetter
- type Role
- type SourceAppGetter
- type SourceMachineGetter
- type SourceOrganizationGetter
- type StorageObjectGetter
- type StorageObjects
- type VolumeGetter
- type Volumes
Constants ¶
const ( FeatureWireGuard = "wg" FeatureDomains = "domain" FeatureSites = "site" FeatureRemoteBuilders = "builder" FeatureAddOns = "addon" FeatureChecks = "checks" FeatureLFSC = "litefs-cloud" FeatureMembership = "membership" FeatureBilling = "billing" FeatureDeletion = "deletion" FeatureDocumentSigning = "document_signing" FeatureAuthentication = "authentication" )
const ( CavOrganization = macaroon.CavFlyioOrganization CavVolumes = macaroon.CavFlyioVolumes CavApps = macaroon.CavFlyioApps CavFeatureSet = macaroon.CavFlyioFeatureSet CavMutations = macaroon.CavFlyioMutations CavMachines = macaroon.CavFlyioMachines CavIsUser = macaroon.CavFlyioIsUser CavMachineFeatureSet = macaroon.CavFlyioMachineFeatureSet CavFromMachineSource = macaroon.CavFlyioFromMachineSource CavClusters = macaroon.CavFlyioClusters CavIsMember = macaroon.CavFlyioIsMember CavCommands = macaroon.CavFlyioCommands CavAppFeatureSet = macaroon.CavFlyioAppFeatureSet CavStorageObjects = macaroon.CavFlyioStorageObjects CavAllowedRoles = macaroon.CavAllowedRoles CavFlySrc = macaroon.CavFlyioFlySrc )
const ( // well-known locations LocationPermission = "https://api.fly.io/v1" LocationAuthentication = "https://api.fly.io/aaa/v1" LocationNewAuthentication = "https://auth.fly.io" LocationSecrets = "https://api.fly.io/secrets/v1" )
Variables ¶
var ( IsPermissionToken = bundle.LocationFilter(LocationPermission).Predicate() IsAuthToken = bundle.LocationFilter(LocationAuthentication).Predicate() IsNewAuthToken = bundle.LocationFilter(LocationNewAuthentication).Predicate() IsSecretsToken = bundle.LocationFilter(LocationSecrets).Predicate() )
var (
)
var ( // MemberFeatures describes the level of access that non-admins are allowed // for various org features. MemberFeatures = map[string]resset.Action{ FeatureWireGuard: resset.ActionAll, FeatureDomains: resset.ActionAll, FeatureSites: resset.ActionAll, FeatureRemoteBuilders: resset.ActionAll, FeatureAddOns: resset.ActionAll, FeatureChecks: resset.ActionAll, FeatureLFSC: resset.ActionAll, FeatureMembership: resset.ActionRead, FeatureBilling: resset.ActionRead, FeatureAuthentication: resset.ActionRead, FeatureDeletion: resset.ActionNone, FeatureDocumentSigning: resset.ActionNone, } )
Functions ¶
func AppScope ¶ added in v0.2.6
AppScope finds the IDs of the apps that application queries should be scoped to. This doesn't imply any specific access to the apps, since it disregards caveats requiring specific child/sibling resources and doesn't check for any level of access.
func AppsAllowing ¶ added in v0.2.6
WARNING: it is the caller's responsibility to ensure that apps actually belong to the organization before completing an operation for the user!
AppsAllowing gets the set of apps that allow the specified action. An organization ID and a slice of app IDs are returned. A nil slice means that the action is allowed on any org-owned app, which an empty slice (which won't be returned without an accompanying error) means that the action isn't allowed on any apps.
func ClusterScope ¶ added in v0.2.6
ClusterScope finds the IDs of the clusters that clusters queries should be scoped to. This doesn't imply any specific access to the clusters , since it disregards caveats requiring specific child/sibling resources and doesn't check for any level of access.
func DangerousUserID ¶ added in v0.2.8
DangerousUserID iterates over the caveats to determine the associated user ID. This identity should only be used for logging and auditing. It should not be used for making authorization decisions.
func DischargeClient ¶ added in v0.2.0
func DischargeClient(opts ...tp.ClientOption) *tp.Client
DischargeClient returns a *tp.Client suitable for discharging third party caveats in fly.io permission tokens.
func IsForOrg ¶ added in v0.3.0
IsForOrg returns a Predicate, checking that the token is scoped to the given organization. This doesn't imply any specific level of access to the organization.
func IsForOrgUnverified ¶ added in v0.3.0
IsForOrgUnverified returns a Predicate, checking that the token is scoped to the given organization. Because this operates on unverified tokens, it doesn't imply any level of access to the org or that the selected tokens are valid.
func NonceEmail ¶ added in v0.3.0
NonceEmail is a pseudo-email address for a nonce. It's useful when we want an email address associated with a token.
func OrganizationScope ¶ added in v0.2.6
OrganizationScope finds the ID of the organization that application queries should be scoped to. This doesn't imply any specific access to the organization, since it disregards caveats requiring specific child resources and doesn't check for any level of access.
func ParseBundleWithFilter ¶ added in v0.3.0
Types ¶
type Access ¶
type Access struct {
Action resset.Action `json:"action,omitempty"`
OrgID *uint64 `json:"orgid,omitempty"`
AppID *uint64 `json:"appid,omitempty"`
AppFeature *string `json:"app_feature,omitempty"`
Feature *string `json:"feature,omitempty"`
Volume *string `json:"volume,omitempty"`
Machine *string `json:"machine,omitempty"`
MachineFeature *string `json:"machine_feature,omitempty"`
Mutation *string `json:"mutation,omitempty"`
SourceMachine *string `json:"sourceMachine,omitempty"`
SourceApp *string `json:"sourceApp,omitempty"`
SourceOrganization *string `json:"sourceOrganization,omitempty"`
Cluster *string `json:"cluster,omitempty"`
Command []string `json:"command,omitempty"`
StorageObject *resset.Prefix `json:"storage_object,omitempty"`
}
func (*Access) GetAppFeature ¶ added in v0.3.0
GetAppFeature implements AppFeatureGetter.
func (*Access) GetCluster ¶ added in v0.2.11
GetCluster implements ClusterGetter.
func (*Access) GetCommand ¶ added in v0.2.13
GetCommand implements CommandGetter.
func (*Access) GetFeature ¶ added in v0.2.11
GetFeature implements FeatureGetter.
func (*Access) GetMachine ¶ added in v0.2.11
GetMachine implements MachineGetter.
func (*Access) GetMachineFeature ¶ added in v0.2.11
GetMachineFeature implements MachineFeatureGetter.
func (*Access) GetMutation ¶ added in v0.2.11
GetMutation implements MutationGetter.
func (*Access) GetPermittedRoles ¶ added in v0.3.0
GetPermittedRoles implements macaroon.PermittedRolesGetter. We require RoleAdmin for unrecognized organization features or features for which the attempted action is not allowed by ordinary members.
func (*Access) GetSourceApp ¶ added in v0.3.0
GetSourceApp implements SourceAppGetter.
func (*Access) GetSourceMachine ¶ added in v0.2.11
GetSourceMachine implements SourceMachineGetter.
func (*Access) GetSourceOrganization ¶ added in v0.3.0
GetSourceOrganization implements SourceOrganizationGetter.
func (*Access) GetStorageObject ¶ added in v0.3.0
GetStorageObject implements StorageObjectGetter.
func (*Access) Validate ¶
validate checks that the Access has sensible values set. This consists of ensuring that parent-resources are specified when child-resources are present (e.g. machine requires app requires org) and ensuring that multiple child resources aren't specified for a single parent resource (e.g. machine and volume are mutually exclusive).
This ensure that a Access represents a single action taken on a single object.
type AllowedRoles ¶ added in v0.3.0
type AllowedRoles Role
AllowedRoles is a bitmask of roles that may be assumed. Only usable with Accesses implementing PermittedRolesGetter. Checks that a role returned by [GetPermittedRoles] matches the mask.
func (*AllowedRoles) CaveatType ¶ added in v0.3.0
func (c *AllowedRoles) CaveatType() macaroon.CaveatType
func (*AllowedRoles) Name ¶ added in v0.3.0
func (c *AllowedRoles) Name() string
type AppFeatureGetter ¶ added in v0.3.0
AppFeatureGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type AppFeatureSet ¶ added in v0.3.0
type AppFeatureSet struct {
Features resset.ResourceSet[string, resset.Action] `json:"features"`
}
func (*AppFeatureSet) CaveatType ¶ added in v0.3.0
func (c *AppFeatureSet) CaveatType() macaroon.CaveatType
func (*AppFeatureSet) Name ¶ added in v0.3.0
func (c *AppFeatureSet) Name() string
type AppIDGetter ¶ added in v0.2.11
AppIDGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Apps ¶
type Apps struct {
Apps resset.ResourceSet[uint64, resset.Action] `json:"apps"`
}
Apps is a set of App caveats, with their RWX access levels. A token with this set can be used only with the listed apps, regardless of what the token says. Additional Apps can be added, but they can only narrow, not expand, which apps (or access levels) can be reached from the token.
func (*Apps) CaveatType ¶
func (c *Apps) CaveatType() macaroon.CaveatType
type CSV ¶ added in v0.3.0
type CSV []string
func NonceEmails ¶ added in v0.3.0
NonceEmails returns a CSV of the permission token pseudo email addresses for the given bundle.
type ClusterGetter ¶ added in v0.2.11
ClusterGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Clusters ¶
type Clusters struct {
Clusters resset.ResourceSet[string, resset.Action] `json:"clusters"`
}
Clusters is a set of Cluster caveats, with their RWX access levels. Clusters belong to the "litefs-cloud" org-feature.
func (*Clusters) CaveatType ¶
func (c *Clusters) CaveatType() macaroon.CaveatType
type Command ¶ added in v0.2.13
Command is a single command to allow. The zero value allows any command. If exact is true, the args must match exactly. Otherwise the args must match the prefix of the command being executed.
type CommandGetter ¶ added in v0.2.13
CommandGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Commands ¶ added in v0.2.13
type Commands []Command
Commands is a list of commands allowed by this token. The zero value rejects any command.
func (*Commands) CaveatType ¶ added in v0.2.13
func (c *Commands) CaveatType() macaroon.CaveatType
type FeatureGetter ¶ added in v0.2.11
FeatureGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type FeatureSet ¶
type FeatureSet struct {
Features resset.ResourceSet[string, resset.Action] `json:"features"`
}
FeatureSet is a collection of organization-level "features" that are managed as single units. For example, the ability to manage wireguard networks is gated by the "wg" feature, though you could conceptually gate access to them individually with a Networks caveat. The feature name is free-form and more should be addded as it makes sense.
func (*FeatureSet) CaveatType ¶
func (c *FeatureSet) CaveatType() macaroon.CaveatType
func (*FeatureSet) Name ¶ added in v0.0.5
func (c *FeatureSet) Name() string
type FlySrc ¶ added in v0.3.0
type FlySrc struct {
Organization string `json:"organization"`
App string `json:"app"`
Instance string `json:"instance"`
}
FlySrc limits tokens to being used by specific machines, based on the Fly-Src header included in flycast requests.
func (*FlySrc) CaveatType ¶ added in v0.3.0
func (c *FlySrc) CaveatType() macaroon.CaveatType
type FromMachine ¶
type FromMachine struct {
ID string `json:"id"`
}
func (*FromMachine) CaveatType ¶
func (c *FromMachine) CaveatType() macaroon.CaveatType
func (*FromMachine) Name ¶ added in v0.0.5
func (c *FromMachine) Name() string
type IsMember ¶ added in v0.3.0
type IsMember struct{}
IsMember is an alias for RoleMask(RoleMember). It used to be called NoAdminFeatures.
func (*IsMember) CaveatType ¶ added in v0.3.0
func (c *IsMember) CaveatType() macaroon.CaveatType
type IsUser ¶
type IsUser struct {
ID uint64 `json:"uint64"`
}
deprecated in favor of auth.FlyioUserID
func (*IsUser) CaveatType ¶
func (c *IsUser) CaveatType() macaroon.CaveatType
type MachineFeatureGetter ¶ added in v0.2.11
MachineFeatureGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type MachineFeatureSet ¶
type MachineFeatureSet struct {
Features resset.ResourceSet[string, resset.Action] `json:"features"`
}
func (*MachineFeatureSet) CaveatType ¶
func (c *MachineFeatureSet) CaveatType() macaroon.CaveatType
func (*MachineFeatureSet) Name ¶ added in v0.0.5
func (c *MachineFeatureSet) Name() string
type MachineGetter ¶ added in v0.2.11
MachineGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Machines ¶
type Machines struct {
Machines resset.ResourceSet[string, resset.Action] `json:"machines"`
}
func (*Machines) CaveatType ¶
func (c *Machines) CaveatType() macaroon.CaveatType
type MutationGetter ¶ added in v0.2.11
MutationGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Mutations ¶
type Mutations struct {
Mutations []string `json:"mutations"`
}
Mutations is a set of GraphQL mutations allowed by this token.
func (*Mutations) CaveatType ¶
func (c *Mutations) CaveatType() macaroon.CaveatType
type OrgIDGetter ¶ added in v0.2.11
OrgIDGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Organization ¶
Organization is an orgid, plus RWX-style access control.
func (*Organization) CaveatType ¶
func (c *Organization) CaveatType() macaroon.CaveatType
func (*Organization) Name ¶ added in v0.0.5
func (c *Organization) Name() string
type PermittedRolesGetter ¶ added in v0.3.0
type PermittedRolesGetter interface {
macaroon.Access
// GetPermittedRoles returns a slice of roles that are allowed to perform the
// operation.
GetPermittedRoles() []Role
}
PermittedRolesGetter is an interface for Accesses capable of indicating what roles are allowed for the operation.
type Role ¶ added in v0.3.0
type Role uint32
Role is used by the AllowedRoles and IsMember caveats.
func (Role) HasAllRoles ¶ added in v0.3.0
HasAllRoles returns whether other is a subset of r.
type SourceAppGetter ¶ added in v0.3.0
SourceAppGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type SourceMachineGetter ¶ added in v0.2.11
SourceMachineGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type SourceOrganizationGetter ¶ added in v0.3.0
SourceOrganizationGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type StorageObjectGetter ¶ added in v0.3.0
StorageObjectGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type StorageObjects ¶ added in v0.3.0
type StorageObjects struct {
Prefixes resset.ResourceSet[resset.Prefix, resset.Action] `json:"storage_objects"`
}
StorageObjects limits what storage objects can be accessed. Objects are identified by a URL prefix string, so you can specify just the storage provider (e.g. `https://storage.fly/`), a specific bucket within a storage provider (e.g. `https://storage.fly/my_bucket`), or a object within a bucket (e.g. `https://storage.fly/my_bucket/my_file`).
func (*StorageObjects) CaveatType ¶ added in v0.3.0
func (c *StorageObjects) CaveatType() macaroon.CaveatType
func (*StorageObjects) Name ¶ added in v0.3.0
func (c *StorageObjects) Name() string
type VolumeGetter ¶ added in v0.2.11
VolumeGetter is an interface allowing other packages to implement Accesses that work with Caveats defined in this package.
type Volumes ¶
type Volumes struct {
Volumes resset.ResourceSet[string, resset.Action] `json:"volumes"`
}
func (*Volumes) CaveatType ¶
func (c *Volumes) CaveatType() macaroon.CaveatType
Source Files
Directories