README
¶
MSX RBAC
https://github.com/CiscoDevNet/go-msx-rbac
Package CiscoDevNet/go-msx-rbac contains a simple object that can be used to validate permissions on incoming requests. The main features are:
- validate an MSX access token
- retrieve an MSX security context
- simply RBAC operations
Install
With a correctly configured Go toolchain:
go get -u github.com/CiscoDevNet/go-msx-swagger
Private SSO Security Clients
You will need to create a private SSO security client before you use msxrbac. First sign in to your MSX environment then either:
- open
Settings->SSO Configurations->Add SSO Clientsand add a new client, or - use the MSX Swagger documentation for
IDM Microservice->Security Clients->POST /idm/api/v2/clientsecurity.
This example payload is a good starting point, but be sure to change it meet your specific requirements.
{
"clientId": "my-private-client",
"clientSecret": "there-are-no-secrets-that-time-does-not-reveal",
"grantTypes": [
"password",
"urn:cisco:nfv:oauth:grant-type:switch-tenant",
"urn:cisco:nfv:oauth:grant-type:switch-user"
],
"maxTokensPerUser": -1,
"useSessionTimeout": false,
"resourceIds": [],
"scopes": [
"address",
"read",
"phone",
"openid",
"profile",
"write",
"email",
"tenant_hierarchy",
"token_details"
],
"autoApproveScopes": [
"address",
"read",
"phone",
"openid",
"profile",
"write",
"email",
"tenant_hierarchy",
"token_details"
],
"authorities": [
"ROLE_USER"
],
"accessTokenValiditySeconds": 9000,
"refreshTokenValiditySeconds": 18000,
"additionalInformation": {
}
}
Example
Checkout the example directory for a simple working example.
License
MIT licensed. See the LICENSE file for details.
Documentation
¶
Overview ¶
Copyright (c) 2021 Cisco Systems, Inc and its affiliates All Rights reserved
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
Cache represents a cache for storing token permissions locally to speed up RBAC actions.
type MSXRBAC ¶
type MSXRBAC struct {
Cfg MSXRBACConfig
Cache *bigcache.BigCache
Client *http.Client
}
func NewMsxRbac ¶
func NewMsxRbac(cfg MSXRBACConfig) *MSXRBAC
NewMsxRbac returns an MSXRBAC with default config set.
type MSXRBACConfig ¶
type MSXRBACConfig struct {
RbacURL string // URL to User Management Service in your MSX environment.
Cache Cache // Cache to use for local caching.
TLS *tls.Config // TLS config to use on outgoing client.
ClientID string // Credential to use when speaking to MSX.
ClientSecret string // Credential to use when speaking to MSX.
}
MSXRBACConfig represents the config for performing RBAC on the targeted MSX environment.
func DefaultMsxRbacConfig ¶
func DefaultMsxRbacConfig() MSXRBACConfig
DefaultMsxRbacConfig returns a default config. Note this default is not secure and should not be used in a production environment.
Source Files
Directories