Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11998 Commits
50 Branches
315 Tags
330 MiB
 
 
 
 
 
 
Tree: d7314e932c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7314e932c'
${ noResults }
seaweedfs/weed/iam/sts/constants.go

137 lines
4.0 KiB
Raw Blame History

package sts
// Store Types
const (
StoreTypeMemory = "memory"
StoreTypeFiler = "filer"
StoreTypeRedis = "redis"
)
// Provider Types
const (
ProviderTypeOIDC = "oidc"
ProviderTypeLDAP = "ldap"
ProviderTypeSAML = "saml"
ProviderTypeMock = "mock"
)
// Policy Effects
const (
EffectAllow = "Allow"
EffectDeny = "Deny"
)
// Default Paths - aligned with filer /etc/ convention
const (
DefaultSessionBasePath = "/etc/iam/sessions"
DefaultPolicyBasePath = "/etc/iam/policies"
DefaultRoleBasePath = "/etc/iam/roles"
)
// Default Values
const (
DefaultTokenDuration = 3600 // 1 hour in seconds
DefaultMaxSessionLength = 43200 // 12 hours in seconds
DefaultIssuer = "seaweedfs-sts"
DefaultStoreType = StoreTypeFiler // Default store type for persistence
MinSigningKeyLength = 16 // Minimum signing key length in bytes
)
// Configuration Field Names
const (
ConfigFieldFilerAddress = "filerAddress"
ConfigFieldBasePath = "basePath"
ConfigFieldIssuer = "issuer"
ConfigFieldClientID = "clientId"
ConfigFieldClientSecret = "clientSecret"
ConfigFieldJWKSUri = "jwksUri"
ConfigFieldScopes = "scopes"
ConfigFieldUserInfoUri = "userInfoUri"
ConfigFieldRedirectUri = "redirectUri"
)
// Error Messages
const (
ErrConfigCannotBeNil = "config cannot be nil"
ErrProviderCannotBeNil = "provider cannot be nil"
ErrProviderNameEmpty = "provider name cannot be empty"
ErrProviderTypeEmpty = "provider type cannot be empty"
ErrTokenCannotBeEmpty = "token cannot be empty"
ErrSessionTokenCannotBeEmpty = "session token cannot be empty"
ErrSessionIDCannotBeEmpty = "session ID cannot be empty"
ErrSTSServiceNotInitialized = "STS service not initialized"
ErrProviderNotInitialized = "provider not initialized"
ErrInvalidTokenDuration = "token duration must be positive"
ErrInvalidMaxSessionLength = "max session length must be positive"
ErrIssuerRequired = "issuer is required"
ErrSigningKeyTooShort = "signing key must be at least %d bytes"
ErrFilerAddressRequired = "filer address is required"
ErrClientIDRequired = "clientId is required for OIDC provider"
ErrUnsupportedStoreType = "unsupported store type: %s"
ErrUnsupportedProviderType = "unsupported provider type: %s"
ErrInvalidTokenFormat = "invalid session token format: %w"
ErrSessionValidationFailed = "session validation failed: %w"
ErrInvalidToken = "invalid token: %w"
ErrTokenNotValid = "token is not valid"
ErrInvalidTokenClaims = "invalid token claims"
ErrInvalidIssuer = "invalid issuer"
ErrMissingSessionID = "missing session ID"
)
// JWT Claims
const (
JWTClaimIssuer = "iss"
JWTClaimSubject = "sub"
JWTClaimAudience = "aud"
JWTClaimExpiration = "exp"
JWTClaimIssuedAt = "iat"
JWTClaimTokenType = "token_type"
)
// Token Types
const (
TokenTypeSession = "session"
TokenTypeAccess = "access"
TokenTypeRefresh = "refresh"
)
// AWS STS Actions
const (
ActionAssumeRole = "sts:AssumeRole"
ActionAssumeRoleWithWebIdentity = "sts:AssumeRoleWithWebIdentity"
ActionAssumeRoleWithCredentials = "sts:AssumeRoleWithCredentials"
ActionValidateSession = "sts:ValidateSession"
)
// Session File Prefixes
const (
SessionFilePrefix = "session_"
SessionFileExt = ".json"
PolicyFilePrefix = "policy_"
PolicyFileExt = ".json"
RoleFileExt = ".json"
)
// HTTP Headers
const (
HeaderAuthorization = "Authorization"
HeaderContentType = "Content-Type"
HeaderUserAgent = "User-Agent"
)
// Content Types
const (
ContentTypeJSON = "application/json"
ContentTypeFormURLEncoded = "application/x-www-form-urlencoded"
)
// Default Test Values
const (
TestSigningKey32Chars = "test-signing-key-32-characters-long"
TestIssuer = "test-sts"
TestClientID = "test-client"
TestSessionID = "test-session-123"
TestValidToken = "valid_test_token"
TestInvalidToken = "invalid_token"
TestExpiredToken = "expired_token"
)