zts

package
v1.11.28 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 29, 2023 License: Apache-2.0 Imports: 12 Imported by: 5

README

zts-go-client

A Go client library to talk to Athenz ZTS.

The model.go and client.go files are generated from zts_core, and checked in so users of this library need not know that.

Release Notes:

Version 1.0 (2016-09-06)
 - Initial opensource release

## Usage

To get it into your workspace:

    go get github.com/AthenZ/athenz/clients/go/zts

Then in your Go code:

    import (
        zts "github.com/AthenZ/athenz/clients/go/zts"
    )
    func main() {
         var principal rdl.Principal /* NToken */
         ...
         client := zts.NewClient()
         client.AddCredentials(principal.GetHTTPHeaderName(), principal.GetCredentials())
         svc, err := client.GetServiceIdentity("athenz", "storage")
         ...
    }

## License

Copyright The Athenz Authors

Licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

Documentation

Overview

Package zts contains a client library to talk to Athenz ZTS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ZTSSchema

func ZTSSchema() *rdl.Schema

Types

type AWSArnRoleName added in v1.7.33

type AWSArnRoleName string

AWSArnRoleName - AWS full role name with path

type AWSRoleName added in v1.7.33

type AWSRoleName string

AWSRoleName - AWS role name without the path

type AWSRolePath added in v1.7.34

type AWSRolePath string

AWSRolePath - AWS role path

type AWSRolePathElement added in v1.7.33

type AWSRolePathElement string

AWSRolePathElement - AWS role path single element

type AWSTemporaryCredentials

type AWSTemporaryCredentials struct {
	AccessKeyId     string        `json:"accessKeyId"`
	SecretAccessKey string        `json:"secretAccessKey"`
	SessionToken    string        `json:"sessionToken"`
	Expiration      rdl.Timestamp `json:"expiration"`
}

AWSTemporaryCredentials -

func NewAWSTemporaryCredentials

func NewAWSTemporaryCredentials(init ...*AWSTemporaryCredentials) *AWSTemporaryCredentials

NewAWSTemporaryCredentials - creates an initialized AWSTemporaryCredentials instance, returns a pointer to it

func (*AWSTemporaryCredentials) UnmarshalJSON

func (self *AWSTemporaryCredentials) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AWSTemporaryCredentials

func (*AWSTemporaryCredentials) Validate

func (self *AWSTemporaryCredentials) Validate() error

Validate - checks for missing required fields, etc

type Access

type Access struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

Access - Access can be checked and returned as this resource.

func NewAccess

func NewAccess(init ...*Access) *Access

NewAccess - creates an initialized Access instance, returns a pointer to it

func (*Access) UnmarshalJSON

func (self *Access) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Access

func (*Access) Validate

func (self *Access) Validate() error

Validate - checks for missing required fields, etc

type AccessTokenRequest added in v1.9.32

type AccessTokenRequest string

AccessTokenRequest -

type AccessTokenResponse added in v1.9.32

type AccessTokenResponse struct {

	//
	// access token
	//
	Access_token string `json:"access_token"`

	//
	// token type e.g. Bearer
	//
	Token_type string `json:"token_type"`

	//
	// expiration in seconds
	//
	Expires_in *int32 `json:"expires_in,omitempty" rdl:"optional"`

	//
	// scope of the access token e.g. openid
	//
	Scope string `json:"scope,omitempty" rdl:"optional"`

	//
	// refresh token
	//
	Refresh_token string `json:"refresh_token,omitempty" rdl:"optional"`

	//
	// id token
	//
	Id_token string `json:"id_token,omitempty" rdl:"optional"`
}

AccessTokenResponse -

func NewAccessTokenResponse added in v1.9.32

func NewAccessTokenResponse(init ...*AccessTokenResponse) *AccessTokenResponse

NewAccessTokenResponse - creates an initialized AccessTokenResponse instance, returns a pointer to it

func (*AccessTokenResponse) UnmarshalJSON added in v1.9.32

func (self *AccessTokenResponse) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AccessTokenResponse

func (*AccessTokenResponse) Validate added in v1.9.32

func (self *AccessTokenResponse) Validate() error

Validate - checks for missing required fields, etc

type ActionName

type ActionName string

ActionName - An action (operation) name.

type Assertion

type Assertion struct {

	//
	// the subject of the assertion, a role
	//
	Role string `json:"role"`

	//
	// the object of the assertion. Must be in the local namespace. Can contain
	// wildcards
	//
	Resource string `json:"resource"`

	//
	// the predicate of the assertion. Can contain wildcards
	//
	Action string `json:"action"`

	//
	// the effect of the assertion in the policy language
	//
	Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"`

	//
	// assertion id - auto generated by server
	//
	Id *int64 `json:"id,omitempty" rdl:"optional"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"`
}

Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.

func NewAssertion

func NewAssertion(init ...*Assertion) *Assertion

NewAssertion - creates an initialized Assertion instance, returns a pointer to it

func (*Assertion) UnmarshalJSON

func (self *Assertion) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Assertion

func (*Assertion) Validate

func (self *Assertion) Validate() error

Validate - checks for missing required fields, etc

type AssertionEffect

type AssertionEffect int

AssertionEffect - Every assertion can have the effect of ALLOW or DENY.

const (
	ALLOW AssertionEffect
	DENY
)

AssertionEffect constants

func NewAssertionEffect

func NewAssertionEffect(init ...interface{}) AssertionEffect

NewAssertionEffect - return a string representation of the enum

func (AssertionEffect) MarshalJSON

func (e AssertionEffect) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionEffect

func (AssertionEffect) String

func (e AssertionEffect) String() string

String - return a string representation of the enum

func (AssertionEffect) SymbolSet

func (e AssertionEffect) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionEffect) UnmarshalJSON

func (e *AssertionEffect) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect

type AthenzJWKConfig added in v1.11.2

type AthenzJWKConfig struct {

	//
	// ZMS JSON Web Key (JWK) List
	//
	Zms *JWKList `json:"zms"`

	//
	// ZTS JSON Web Key (JWK) List
	//
	Zts *JWKList `json:"zts"`

	//
	// the last modification timestamp of the Athenz JWK configuration
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`
}

AthenzJWKConfig -

func NewAthenzJWKConfig added in v1.11.2

func NewAthenzJWKConfig(init ...*AthenzJWKConfig) *AthenzJWKConfig

NewAthenzJWKConfig - creates an initialized AthenzJWKConfig instance, returns a pointer to it

func (*AthenzJWKConfig) Init added in v1.11.2

func (self *AthenzJWKConfig) Init() *AthenzJWKConfig

Init - sets up the instance according to its default field values, if any

func (*AthenzJWKConfig) UnmarshalJSON added in v1.11.2

func (self *AthenzJWKConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AthenzJWKConfig

func (*AthenzJWKConfig) Validate added in v1.11.2

func (self *AthenzJWKConfig) Validate() error

Validate - checks for missing required fields, etc

type AuthorityName

type AuthorityName string

AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.

type CertType added in v1.9.32

type CertType int

CertType - CertType denotes various types of certs issued by Athenz

const (
	X509 CertType
	SSH_HOST
	SSH_USER
)

CertType constants

func NewCertType added in v1.9.32

func NewCertType(init ...interface{}) CertType

NewCertType - return a string representation of the enum

func (CertType) MarshalJSON added in v1.9.32

func (e CertType) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a CertType

func (CertType) String added in v1.9.32

func (e CertType) String() string

String - return a string representation of the enum

func (CertType) SymbolSet added in v1.9.32

func (e CertType) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*CertType) UnmarshalJSON added in v1.9.32

func (e *CertType) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a CertType

type CertificateAuthorityBundle added in v1.9.32

type CertificateAuthorityBundle struct {

	//
	// name of the bundle
	//
	Name SimpleName `json:"name"`

	//
	// set of certificates included in the bundle
	//
	Certs string `json:"certs"`
}

CertificateAuthorityBundle -

func NewCertificateAuthorityBundle added in v1.9.32

func NewCertificateAuthorityBundle(init ...*CertificateAuthorityBundle) *CertificateAuthorityBundle

NewCertificateAuthorityBundle - creates an initialized CertificateAuthorityBundle instance, returns a pointer to it

func (*CertificateAuthorityBundle) UnmarshalJSON added in v1.9.32

func (self *CertificateAuthorityBundle) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a CertificateAuthorityBundle

func (*CertificateAuthorityBundle) Validate added in v1.9.32

func (self *CertificateAuthorityBundle) Validate() error

Validate - checks for missing required fields, etc

type CompoundName

type CompoundName string

CompoundName - A compound name. Most names in this API are compound names.

type DomainMetric

type DomainMetric struct {
	MetricType DomainMetricType `json:"metricType"`
	MetricVal  int32            `json:"metricVal"`
}

DomainMetric -

func NewDomainMetric

func NewDomainMetric(init ...*DomainMetric) *DomainMetric

NewDomainMetric - creates an initialized DomainMetric instance, returns a pointer to it

func (*DomainMetric) UnmarshalJSON

func (self *DomainMetric) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetric

func (*DomainMetric) Validate

func (self *DomainMetric) Validate() error

Validate - checks for missing required fields, etc

type DomainMetricType

type DomainMetricType int

DomainMetricType - zpe metric attributes

const (
	ACCESS_ALLOWED DomainMetricType
	ACCESS_ALLOWED_DENY
	ACCESS_ALLOWED_DENY_NO_MATCH
	ACCESS_ALLOWED_ALLOW
	ACCESS_ALLOWED_ERROR
	ACCESS_ALLOWED_TOKEN_INVALID
	ACCESS_Allowed_TOKEN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_NOT_FOUND
	ACCESS_ALLOWED_DOMAIN_MISMATCH
	ACCESS_ALLOWED_DOMAIN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_EMPTY
	ACCESS_ALLOWED_TOKEN_CACHE_FAILURE
	ACCESS_ALLOWED_TOKEN_CACHE_NOT_FOUND
	ACCESS_ALLOWED_TOKEN_CACHE_SUCCESS
	ACCESS_ALLOWED_TOKEN_VALIDATE
	LOAD_FILE_FAIL
	LOAD_FILE_GOOD
	LOAD_DOMAIN_GOOD
)

DomainMetricType constants

func NewDomainMetricType

func NewDomainMetricType(init ...interface{}) DomainMetricType

NewDomainMetricType - return a string representation of the enum

func (DomainMetricType) MarshalJSON

func (e DomainMetricType) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a DomainMetricType

func (DomainMetricType) String

func (e DomainMetricType) String() string

String - return a string representation of the enum

func (DomainMetricType) SymbolSet

func (e DomainMetricType) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*DomainMetricType) UnmarshalJSON

func (e *DomainMetricType) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetricType

type DomainMetrics

type DomainMetrics struct {

	//
	// name of the domain the metrics pertain to
	//
	DomainName DomainName `json:"domainName"`

	//
	// list of the domains metrics
	//
	MetricList []*DomainMetric `json:"metricList"`
}

DomainMetrics -

func NewDomainMetrics

func NewDomainMetrics(init ...*DomainMetrics) *DomainMetrics

NewDomainMetrics - creates an initialized DomainMetrics instance, returns a pointer to it

func (*DomainMetrics) Init

func (self *DomainMetrics) Init() *DomainMetrics

Init - sets up the instance according to its default field values, if any

func (*DomainMetrics) UnmarshalJSON

func (self *DomainMetrics) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetrics

func (*DomainMetrics) Validate

func (self *DomainMetrics) Validate() error

Validate - checks for missing required fields, etc

type DomainName

type DomainName string

DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.

type DomainSignedPolicyData

type DomainSignedPolicyData struct {

	//
	// policy data signed by ZMS
	//
	SignedPolicyData *SignedPolicyData `json:"signedPolicyData"`

	//
	// signature generated based on the domain policies object
	//
	Signature string `json:"signature"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId"`
}

DomainSignedPolicyData - A signed bulk transfer of policies. The data is signed with server's private key.

func NewDomainSignedPolicyData

func NewDomainSignedPolicyData(init ...*DomainSignedPolicyData) *DomainSignedPolicyData

NewDomainSignedPolicyData - creates an initialized DomainSignedPolicyData instance, returns a pointer to it

func (*DomainSignedPolicyData) Init

Init - sets up the instance according to its default field values, if any

func (*DomainSignedPolicyData) UnmarshalJSON

func (self *DomainSignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainSignedPolicyData

func (*DomainSignedPolicyData) Validate

func (self *DomainSignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type EntityList added in v1.7.30

type EntityList string

EntityList - An Entity list is comma separated compound Names

type EntityName

type EntityName string

EntityName - An entity name is a short form of a resource name, including only the domain and entity.

type HostServices

type HostServices struct {

	//
	// name of the host
	//
	Host string `json:"host"`

	//
	// list of service names authorized to run on this host
	//
	Names []EntityName `json:"names"`
}

HostServices - The representation for an enumeration of services authorized to run on a specific host.

func NewHostServices

func NewHostServices(init ...*HostServices) *HostServices

NewHostServices - creates an initialized HostServices instance, returns a pointer to it

func (*HostServices) Init

func (self *HostServices) Init() *HostServices

Init - sets up the instance according to its default field values, if any

func (*HostServices) UnmarshalJSON

func (self *HostServices) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a HostServices

func (*HostServices) Validate

func (self *HostServices) Validate() error

Validate - checks for missing required fields, etc

type Identity

type Identity struct {

	//
	// name of the identity, fully qualified, i.e. my.domain.service1, or
	// aws.1232321321312.myusername
	//
	Name CompoundName `json:"name"`

	//
	// a certificate usable for both client and server in TLS connections
	//
	Certificate string `json:"certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to use with all IMS-generated certs
	//
	CaCertBundle string `json:"caCertBundle,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

Identity - Identity - a signed assertion of service or human identity, the response could be either a client certificate or just a regular NToken (depending if the request contained a csr or not).

func NewIdentity

func NewIdentity(init ...*Identity) *Identity

NewIdentity - creates an initialized Identity instance, returns a pointer to it

func (*Identity) UnmarshalJSON

func (self *Identity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Identity

func (*Identity) Validate

func (self *Identity) Validate() error

Validate - checks for missing required fields, etc

type Info added in v1.11.1

type Info struct {

	//
	// jdk build version
	//
	BuildJdkSpec string `json:"buildJdkSpec,omitempty" rdl:"optional"`

	//
	// implementation title - e.g. athenz-zms-server
	//
	ImplementationTitle string `json:"implementationTitle,omitempty" rdl:"optional"`

	//
	// implementation version - e.g. 1.11.1
	//
	ImplementationVersion string `json:"implementationVersion,omitempty" rdl:"optional"`

	//
	// implementation vendor - Athenz
	//
	ImplementationVendor string `json:"implementationVendor,omitempty" rdl:"optional"`
}

Info - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The representation for an info object

func NewInfo added in v1.11.1

func NewInfo(init ...*Info) *Info

NewInfo - creates an initialized Info instance, returns a pointer to it

func (*Info) UnmarshalJSON added in v1.11.1

func (self *Info) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Info

func (*Info) Validate added in v1.11.1

func (self *Info) Validate() error

Validate - checks for missing required fields, etc

type InstanceIdentity added in v1.7.3

type InstanceIdentity struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// name of the identity, fully qualified, i.e. my.domain.service1
	//
	Name ServiceName `json:"name"`

	//
	// unique instance id within provider's namespace
	//
	InstanceId PathElement `json:"instanceId"`

	//
	// an X.509 certificate usable for both client and server in TLS connections
	//
	X509Certificate string `json:"x509Certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to verify all generated X.509 certs
	//
	X509CertificateSigner string `json:"x509CertificateSigner,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`

	//
	// the Athenz JSON Web Key (JWK) configuration object
	//
	AthenzJWK *AthenzJWKConfig `json:"athenzJWK,omitempty" rdl:"optional"`
}

InstanceIdentity -

func NewInstanceIdentity added in v1.7.3

func NewInstanceIdentity(init ...*InstanceIdentity) *InstanceIdentity

NewInstanceIdentity - creates an initialized InstanceIdentity instance, returns a pointer to it

func (*InstanceIdentity) UnmarshalJSON added in v1.7.3

func (self *InstanceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceIdentity

func (*InstanceIdentity) Validate added in v1.7.3

func (self *InstanceIdentity) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshInformation added in v1.7.3

type InstanceRefreshInformation struct {

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData,omitempty" rdl:"optional"`

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`

	//
	// deprecated - use sshCertRequest, if present, return an SSH host
	// certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if present, return an SSH host certificate
	//
	SshCertRequest *SSHCertRequest `json:"sshCertRequest,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`

	//
	// expiry time in minutes for the certificate (server enforces max expiry)
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// optional hostname in case included in the csr SAN dnsName attribute
	//
	Hostname DomainName `json:"hostname,omitempty" rdl:"optional"`

	//
	// optional host CNAMEs included in the csr SAN dnsName attribute
	//
	HostCnames []DomainName `json:"hostCnames,omitempty" rdl:"optional"`

	//
	// if true, return an Athenz JWK public keys file
	//
	AthenzJWK *bool `json:"athenzJWK,omitempty" rdl:"optional"`

	//
	// return the public keys file only if modified after the given timestamp
	//
	AthenzJWKModified *rdl.Timestamp `json:"athenzJWKModified,omitempty" rdl:"optional"`
}

InstanceRefreshInformation -

func NewInstanceRefreshInformation added in v1.7.3

func NewInstanceRefreshInformation(init ...*InstanceRefreshInformation) *InstanceRefreshInformation

NewInstanceRefreshInformation - creates an initialized InstanceRefreshInformation instance, returns a pointer to it

func (*InstanceRefreshInformation) UnmarshalJSON added in v1.7.3

func (self *InstanceRefreshInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshInformation

func (*InstanceRefreshInformation) Validate added in v1.7.3

func (self *InstanceRefreshInformation) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshRequest

type InstanceRefreshRequest struct {

	//
	// Cert CSR signed by the service's private key (public key registered in ZMS)
	//
	Csr string `json:"csr"`

	//
	// in minutes how long token should be valid for
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// public key identifier
	//
	KeyId string `json:"keyId,omitempty" rdl:"optional"`
}

InstanceRefreshRequest - InstanceRefreshRequest - a certificate refresh request

func NewInstanceRefreshRequest

func NewInstanceRefreshRequest(init ...*InstanceRefreshRequest) *InstanceRefreshRequest

NewInstanceRefreshRequest - creates an initialized InstanceRefreshRequest instance, returns a pointer to it

func (*InstanceRefreshRequest) UnmarshalJSON

func (self *InstanceRefreshRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshRequest

func (*InstanceRefreshRequest) Validate

func (self *InstanceRefreshRequest) Validate() error

Validate - checks for missing required fields, etc

type InstanceRegisterInformation added in v1.7.3

type InstanceRegisterInformation struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// the domain of the instance
	//
	Domain DomainName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData"`

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr"`

	//
	// deprecated - use sshCertRequest, if present, return an SSH host
	// certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if present, return an SSH host certificate
	//
	SshCertRequest *SSHCertRequest `json:"sshCertRequest,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`

	//
	// expiry time in minutes for the certificate (server enforces max expiry)
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// optional hostname in case included in the csr SAN dnsName attribute
	//
	Hostname DomainName `json:"hostname,omitempty" rdl:"optional"`

	//
	// optional host CNAMEs included in the csr SAN dnsName attribute
	//
	HostCnames []DomainName `json:"hostCnames,omitempty" rdl:"optional"`

	//
	// if true, return an Athenz JWK public keys file
	//
	AthenzJWK *bool `json:"athenzJWK,omitempty" rdl:"optional"`

	//
	// return the public keys file only if modified after the given timestamp
	//
	AthenzJWKModified *rdl.Timestamp `json:"athenzJWKModified,omitempty" rdl:"optional"`
}

InstanceRegisterInformation -

func NewInstanceRegisterInformation added in v1.7.3

func NewInstanceRegisterInformation(init ...*InstanceRegisterInformation) *InstanceRegisterInformation

NewInstanceRegisterInformation - creates an initialized InstanceRegisterInformation instance, returns a pointer to it

func (*InstanceRegisterInformation) UnmarshalJSON added in v1.7.3

func (self *InstanceRegisterInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterInformation

func (*InstanceRegisterInformation) Validate added in v1.7.3

func (self *InstanceRegisterInformation) Validate() error

Validate - checks for missing required fields, etc

type InstanceRegisterToken added in v1.10.10

type InstanceRegisterToken struct {

	//
	// provider service name
	//
	Provider ServiceName `json:"provider"`

	//
	// the domain of the instance
	//
	Domain DomainName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData"`

	//
	// additional non-signed attributes that assist in attestation. I.e. "keyId",
	// "accessKey", etc
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

InstanceRegisterToken -

func NewInstanceRegisterToken added in v1.10.10

func NewInstanceRegisterToken(init ...*InstanceRegisterToken) *InstanceRegisterToken

NewInstanceRegisterToken - creates an initialized InstanceRegisterToken instance, returns a pointer to it

func (*InstanceRegisterToken) UnmarshalJSON added in v1.10.10

func (self *InstanceRegisterToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterToken

func (*InstanceRegisterToken) Validate added in v1.10.10

func (self *InstanceRegisterToken) Validate() error

Validate - checks for missing required fields, etc

type JWK added in v1.9.32

type JWK struct {

	//
	// key type: EC or RSA
	//
	Kty string `json:"kty"`

	//
	// identifier
	//
	Kid string `json:"kid"`

	//
	// key algorithm
	//
	Alg string `json:"alg,omitempty" rdl:"optional"`

	//
	// usage: sig or enc
	//
	Use string `json:"use,omitempty" rdl:"optional"`

	//
	// ec curve name
	//
	Crv string `json:"crv,omitempty" rdl:"optional"`

	//
	// ec x value
	//
	X string `json:"x,omitempty" rdl:"optional"`

	//
	// ec y value
	//
	Y string `json:"y,omitempty" rdl:"optional"`

	//
	// rsa modulus value
	//
	N string `json:"n,omitempty" rdl:"optional"`

	//
	// rsa public exponent value
	//
	E string `json:"e,omitempty" rdl:"optional"`
}

JWK -

func NewJWK added in v1.9.32

func NewJWK(init ...*JWK) *JWK

NewJWK - creates an initialized JWK instance, returns a pointer to it

func (*JWK) UnmarshalJSON added in v1.9.32

func (self *JWK) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWK

func (*JWK) Validate added in v1.9.32

func (self *JWK) Validate() error

Validate - checks for missing required fields, etc

type JWKList added in v1.9.32

type JWKList struct {

	//
	// array of JWKs
	//
	Keys []*JWK `json:"keys"`
}

JWKList - JSON Web Key (JWK) List

func NewJWKList added in v1.9.32

func NewJWKList(init ...*JWKList) *JWKList

NewJWKList - creates an initialized JWKList instance, returns a pointer to it

func (*JWKList) Init added in v1.9.32

func (self *JWKList) Init() *JWKList

Init - sets up the instance according to its default field values, if any

func (*JWKList) UnmarshalJSON added in v1.9.32

func (self *JWKList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWKList

func (*JWKList) Validate added in v1.9.32

func (self *JWKList) Validate() error

Validate - checks for missing required fields, etc

type JWSPolicyData added in v1.10.32

type JWSPolicyData struct {
	Payload   string            `json:"payload"`
	Protected string            `json:"protected"`
	Header    map[string]string `json:"header"`
	Signature string            `json:"signature"`
}

JWSPolicyData - SignedPolicyData using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2

func NewJWSPolicyData added in v1.10.32

func NewJWSPolicyData(init ...*JWSPolicyData) *JWSPolicyData

NewJWSPolicyData - creates an initialized JWSPolicyData instance, returns a pointer to it

func (*JWSPolicyData) Init added in v1.10.32

func (self *JWSPolicyData) Init() *JWSPolicyData

Init - sets up the instance according to its default field values, if any

func (*JWSPolicyData) UnmarshalJSON added in v1.10.32

func (self *JWSPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWSPolicyData

func (*JWSPolicyData) Validate added in v1.10.32

func (self *JWSPolicyData) Validate() error

Validate - checks for missing required fields, etc

type OAuthConfig added in v1.10.46

type OAuthConfig struct {

	//
	// url using the https scheme
	//
	Issuer string `json:"issuer"`

	//
	// oauth 2.0 authorization endpoint url
	//
	Authorization_endpoint string `json:"authorization_endpoint"`

	//
	// authorization server token endpoint
	//
	Token_endpoint string `json:"token_endpoint"`

	//
	// public server jwk set url
	//
	Jwks_uri string `json:"jwks_uri"`

	//
	// list of supported response types
	//
	Response_types_supported []string `json:"response_types_supported"`

	//
	// supported grant types
	//
	Grant_types_supported []string `json:"grant_types_supported"`

	//
	// list of supported algorithms for issued access tokens
	//
	Token_endpoint_auth_signing_alg_values_supported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
}

OAuthConfig -

func NewOAuthConfig added in v1.10.46

func NewOAuthConfig(init ...*OAuthConfig) *OAuthConfig

NewOAuthConfig - creates an initialized OAuthConfig instance, returns a pointer to it

func (*OAuthConfig) Init added in v1.10.46

func (self *OAuthConfig) Init() *OAuthConfig

Init - sets up the instance according to its default field values, if any

func (*OAuthConfig) UnmarshalJSON added in v1.10.46

func (self *OAuthConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OAuthConfig

func (*OAuthConfig) Validate added in v1.10.46

func (self *OAuthConfig) Validate() error

Validate - checks for missing required fields, etc

type OIDCResponse added in v1.10.44

type OIDCResponse struct {
	Location string `json:"location"`
}

OIDCResponse -

func NewOIDCResponse added in v1.10.44

func NewOIDCResponse(init ...*OIDCResponse) *OIDCResponse

NewOIDCResponse - creates an initialized OIDCResponse instance, returns a pointer to it

func (*OIDCResponse) UnmarshalJSON added in v1.10.44

func (self *OIDCResponse) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OIDCResponse

func (*OIDCResponse) Validate added in v1.10.44

func (self *OIDCResponse) Validate() error

Validate - checks for missing required fields, etc

type OpenIDConfig added in v1.10.43

type OpenIDConfig struct {

	//
	// url using the https scheme
	//
	Issuer string `json:"issuer"`

	//
	// oauth 2.0 authorization endpoint url
	//
	Authorization_endpoint string `json:"authorization_endpoint"`

	//
	// public server jwk set url
	//
	Jwks_uri string `json:"jwks_uri"`

	//
	// list of supported response types
	//
	Response_types_supported []string `json:"response_types_supported"`

	//
	// list of supported subject identifier types
	//
	Subject_types_supported []string `json:"subject_types_supported"`

	//
	// list of supported algorithms for issued id tokens
	//
	Id_token_signing_alg_values_supported []string `json:"id_token_signing_alg_values_supported"`

	//
	// list of supported id claims
	//
	Claims_supported []string `json:"claims_supported,omitempty" rdl:"optional"`
}

OpenIDConfig -

func NewOpenIDConfig added in v1.10.43

func NewOpenIDConfig(init ...*OpenIDConfig) *OpenIDConfig

NewOpenIDConfig - creates an initialized OpenIDConfig instance, returns a pointer to it

func (*OpenIDConfig) Init added in v1.10.43

func (self *OpenIDConfig) Init() *OpenIDConfig

Init - sets up the instance according to its default field values, if any

func (*OpenIDConfig) UnmarshalJSON added in v1.10.43

func (self *OpenIDConfig) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OpenIDConfig

func (*OpenIDConfig) Validate added in v1.10.43

func (self *OpenIDConfig) Validate() error

Validate - checks for missing required fields, etc

type PathElement added in v1.7.3

type PathElement string

PathElement - A uri-safe path element

type Policy

type Policy struct {

	//
	// name of the policy
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of this policy
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// list of defined assertions for this policy
	//
	Assertions []*Assertion `json:"assertions"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"`

	//
	// optional version string, defaults to 0
	//
	Version SimpleName `json:"version,omitempty" rdl:"optional"`

	//
	// if multi-version policy then indicates active version
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`
}

Policy - The representation for a Policy with set of assertions.

func NewPolicy

func NewPolicy(init ...*Policy) *Policy

NewPolicy - creates an initialized Policy instance, returns a pointer to it

func (*Policy) Init

func (self *Policy) Init() *Policy

Init - sets up the instance according to its default field values, if any

func (*Policy) UnmarshalJSON

func (self *Policy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policy

func (*Policy) Validate

func (self *Policy) Validate() error

Validate - checks for missing required fields, etc

type PolicyData

type PolicyData struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// list of policies defined in this server
	//
	Policies []*Policy `json:"policies"`
}

PolicyData -

func NewPolicyData

func NewPolicyData(init ...*PolicyData) *PolicyData

NewPolicyData - creates an initialized PolicyData instance, returns a pointer to it

func (*PolicyData) Init

func (self *PolicyData) Init() *PolicyData

Init - sets up the instance according to its default field values, if any

func (*PolicyData) UnmarshalJSON

func (self *PolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyData

func (*PolicyData) Validate

func (self *PolicyData) Validate() error

Validate - checks for missing required fields, etc

type PublicKeyEntry

type PublicKeyEntry struct {

	//
	// the public key for the service
	//
	Key string `json:"key"`

	//
	// the key identifier (version or zone name)
	//
	Id string `json:"id"`
}

PublicKeyEntry - The representation of the public key in a service identity object.

func NewPublicKeyEntry

func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry

NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it

func (*PublicKeyEntry) UnmarshalJSON

func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry

func (*PublicKeyEntry) Validate

func (self *PublicKeyEntry) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccess added in v1.1.8

type ResourceAccess struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

ResourceAccess - ResourceAccess can be checked and returned as this resource. (same as ZMS.Access)

func NewResourceAccess added in v1.1.8

func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess

NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it

func (*ResourceAccess) UnmarshalJSON added in v1.1.8

func (self *ResourceAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess

func (*ResourceAccess) Validate added in v1.1.8

func (self *ResourceAccess) Validate() error

Validate - checks for missing required fields, etc

type ResourceName

type ResourceName string

ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.

type RoleAccess

type RoleAccess struct {
	Roles []EntityName `json:"roles"`
}

RoleAccess -

func NewRoleAccess

func NewRoleAccess(init ...*RoleAccess) *RoleAccess

NewRoleAccess - creates an initialized RoleAccess instance, returns a pointer to it

func (*RoleAccess) Init

func (self *RoleAccess) Init() *RoleAccess

Init - sets up the instance according to its default field values, if any

func (*RoleAccess) UnmarshalJSON

func (self *RoleAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleAccess

func (*RoleAccess) Validate

func (self *RoleAccess) Validate() error

Validate - checks for missing required fields, etc

type RoleCertificate added in v1.9.32

type RoleCertificate struct {
	X509Certificate string `json:"x509Certificate"`
}

RoleCertificate - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. RoleCertificate - a role certificate

func NewRoleCertificate added in v1.9.32

func NewRoleCertificate(init ...*RoleCertificate) *RoleCertificate

NewRoleCertificate - creates an initialized RoleCertificate instance, returns a pointer to it

func (*RoleCertificate) UnmarshalJSON added in v1.9.32

func (self *RoleCertificate) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleCertificate

func (*RoleCertificate) Validate added in v1.9.32

func (self *RoleCertificate) Validate() error

Validate - checks for missing required fields, etc

type RoleCertificateRequest

type RoleCertificateRequest struct {

	//
	// role certificate singing request
	//
	Csr string `json:"csr"`

	//
	// this request is proxy for this principal
	//
	ProxyForPrincipal EntityName `json:"proxyForPrincipal,omitempty" rdl:"optional"`

	//
	// request an expiry time for the role certificate
	//
	ExpiryTime int64 `json:"expiryTime"`

	//
	// previous role certificate not before date
	//
	PrevCertNotBefore *rdl.Timestamp `json:"prevCertNotBefore,omitempty" rdl:"optional"`

	//
	// previous role certificate not after date
	//
	PrevCertNotAfter *rdl.Timestamp `json:"prevCertNotAfter,omitempty" rdl:"optional"`
}

RoleCertificateRequest - RoleCertificateRequest - a certificate signing request. By including the optional previous Certificate NotBefore and NotAfter dates would all the server to correctly prioritize this request in case the certificate signer is under heavy load and it can't sign all submitted requests from the Athenz Server.

func NewRoleCertificateRequest

func NewRoleCertificateRequest(init ...*RoleCertificateRequest) *RoleCertificateRequest

NewRoleCertificateRequest - creates an initialized RoleCertificateRequest instance, returns a pointer to it

func (*RoleCertificateRequest) UnmarshalJSON

func (self *RoleCertificateRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleCertificateRequest

func (*RoleCertificateRequest) Validate

func (self *RoleCertificateRequest) Validate() error

Validate - checks for missing required fields, etc

type RoleToken

type RoleToken struct {
	Token      string `json:"token"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleToken - A representation of a signed RoleToken

func NewRoleToken

func NewRoleToken(init ...*RoleToken) *RoleToken

NewRoleToken - creates an initialized RoleToken instance, returns a pointer to it

func (*RoleToken) UnmarshalJSON

func (self *RoleToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleToken

func (*RoleToken) Validate

func (self *RoleToken) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequest added in v1.7.53

type SSHCertRequest struct {

	//
	// ssh certificate request data
	//
	CertRequestData *SSHCertRequestData `json:"certRequestData"`

	//
	// ssh certificate request meta
	//
	CertRequestMeta *SSHCertRequestMeta `json:"certRequestMeta"`

	//
	// free-form csr if not using data/meta fields.
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData,omitempty" rdl:"optional"`
}

SSHCertRequest -

func NewSSHCertRequest added in v1.7.53

func NewSSHCertRequest(init ...*SSHCertRequest) *SSHCertRequest

NewSSHCertRequest - creates an initialized SSHCertRequest instance, returns a pointer to it

func (*SSHCertRequest) Init added in v1.7.53

func (self *SSHCertRequest) Init() *SSHCertRequest

Init - sets up the instance according to its default field values, if any

func (*SSHCertRequest) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequest

func (*SSHCertRequest) Validate added in v1.7.53

func (self *SSHCertRequest) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequestData added in v1.7.53

type SSHCertRequestData struct {

	//
	// principals in the ssh certificate (usually only one)
	//
	Principals []string `json:"principals"`

	//
	// source FQDNs or ip addresses
	//
	Sources []string `json:"sources,omitempty" rdl:"optional"`

	//
	// destination FQDNs or ip addresses
	//
	Destinations []string `json:"destinations,omitempty" rdl:"optional"`

	//
	// public key for ssh certificate
	//
	PublicKey string `json:"publicKey,omitempty" rdl:"optional"`

	//
	// yubikey/touch public key for ssh certificate
	//
	TouchPublicKey string `json:"touchPublicKey,omitempty" rdl:"optional"`

	//
	// CA public key algorithm: 0: Unknown, 1: RSA, 3: ECDSA
	//
	CaPubKeyAlgo *int32 `json:"caPubKeyAlgo,omitempty" rdl:"optional"`

	//
	// optional force command option for certificate
	//
	Command string `json:"command,omitempty" rdl:"optional"`
}

SSHCertRequestData -

func NewSSHCertRequestData added in v1.7.53

func NewSSHCertRequestData(init ...*SSHCertRequestData) *SSHCertRequestData

NewSSHCertRequestData - creates an initialized SSHCertRequestData instance, returns a pointer to it

func (*SSHCertRequestData) Init added in v1.7.53

func (self *SSHCertRequestData) Init() *SSHCertRequestData

Init - sets up the instance according to its default field values, if any

func (*SSHCertRequestData) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequestData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestData

func (*SSHCertRequestData) Validate added in v1.7.53

func (self *SSHCertRequestData) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequestMeta added in v1.7.53

type SSHCertRequestMeta struct {

	//
	// requesting user
	//
	Requestor string `json:"requestor"`

	//
	// origin FQDN or ip
	//
	Origin string `json:"origin"`

	//
	// client info
	//
	ClientInfo string `json:"clientInfo,omitempty" rdl:"optional"`

	//
	// ssh client version
	//
	SshClientVersion string `json:"sshClientVersion,omitempty" rdl:"optional"`

	//
	// cert type - user or host
	//
	CertType string `json:"certType"`

	//
	// principals included in the keyId field in the certificate
	//
	KeyIdPrincipals []string `json:"keyIdPrincipals,omitempty" rdl:"optional"`

	//
	// ssh host cert request is for this athenz service
	//
	AthenzService EntityName `json:"athenzService,omitempty" rdl:"optional"`

	//
	// ssh host cert request is for this instance id
	//
	InstanceId PathElement `json:"instanceId,omitempty" rdl:"optional"`

	//
	// previous ssh certificate validity from date
	//
	PrevCertValidFrom *rdl.Timestamp `json:"prevCertValidFrom,omitempty" rdl:"optional"`

	//
	// previous ssh certificate validity to date
	//
	PrevCertValidTo *rdl.Timestamp `json:"prevCertValidTo,omitempty" rdl:"optional"`

	//
	// ssh request transaction id
	//
	TransId string `json:"transId,omitempty" rdl:"optional"`
}

SSHCertRequestMeta -

func NewSSHCertRequestMeta added in v1.7.53

func NewSSHCertRequestMeta(init ...*SSHCertRequestMeta) *SSHCertRequestMeta

NewSSHCertRequestMeta - creates an initialized SSHCertRequestMeta instance, returns a pointer to it

func (*SSHCertRequestMeta) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequestMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestMeta

func (*SSHCertRequestMeta) Validate added in v1.7.53

func (self *SSHCertRequestMeta) Validate() error

Validate - checks for missing required fields, etc

type SSHCertificate added in v1.7.53

type SSHCertificate struct {

	//
	// the SSH certificate, signed by the CA
	//
	Certificate string `json:"certificate"`

	//
	// certificate public key if generated by SSH RA
	//
	PublicKey string `json:"publicKey,omitempty" rdl:"optional"`

	//
	// certificate private key if generated by SSH Agent
	//
	PrivateKey string `json:"privateKey,omitempty" rdl:"optional"`
}

SSHCertificate -

func NewSSHCertificate added in v1.7.53

func NewSSHCertificate(init ...*SSHCertificate) *SSHCertificate

NewSSHCertificate - creates an initialized SSHCertificate instance, returns a pointer to it

func (*SSHCertificate) UnmarshalJSON added in v1.7.53

func (self *SSHCertificate) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertificate

func (*SSHCertificate) Validate added in v1.7.53

func (self *SSHCertificate) Validate() error

Validate - checks for missing required fields, etc

type SSHCertificates added in v1.7.53

type SSHCertificates struct {

	//
	// set of user ssh certificates
	//
	Certificates []*SSHCertificate `json:"certificates"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	CertificateSigner string `json:"certificateSigner,omitempty" rdl:"optional"`
}

SSHCertificates -

func NewSSHCertificates added in v1.7.53

func NewSSHCertificates(init ...*SSHCertificates) *SSHCertificates

NewSSHCertificates - creates an initialized SSHCertificates instance, returns a pointer to it

func (*SSHCertificates) Init added in v1.7.53

func (self *SSHCertificates) Init() *SSHCertificates

Init - sets up the instance according to its default field values, if any

func (*SSHCertificates) UnmarshalJSON added in v1.7.53

func (self *SSHCertificates) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertificates

func (*SSHCertificates) Validate added in v1.7.53

func (self *SSHCertificates) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentity

type ServiceIdentity struct {

	//
	// the full name of the service, i.e. "sports.storage"
	//
	Name ServiceName `json:"name"`

	//
	// array of public keys for key rotation
	//
	PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"`

	//
	// if present, then this service can provision tenants via this endpoint.
	//
	ProviderEndpoint string `json:"providerEndpoint,omitempty" rdl:"optional"`

	//
	// the timestamp when this entry was last modified
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// the path of the executable that runs the service
	//
	Executable string `json:"executable,omitempty" rdl:"optional"`

	//
	// list of host names that this service can run on
	//
	Hosts []string `json:"hosts,omitempty" rdl:"optional"`

	//
	// local (unix) user name this service can run as
	//
	User string `json:"user,omitempty" rdl:"optional"`

	//
	// local (unix) group name this service can run as
	//
	Group string `json:"group,omitempty" rdl:"optional"`
}

ServiceIdentity - The representation of the service identity object.

func NewServiceIdentity

func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity

NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it

func (*ServiceIdentity) UnmarshalJSON

func (self *ServiceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity

func (*ServiceIdentity) Validate

func (self *ServiceIdentity) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentityList

type ServiceIdentityList struct {

	//
	// list of service names
	//
	Names []EntityName `json:"names"`
}

ServiceIdentityList - The representation for an enumeration of services in the namespace.

func NewServiceIdentityList

func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList

NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it

func (*ServiceIdentityList) Init

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentityList) UnmarshalJSON

func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList

func (*ServiceIdentityList) Validate

func (self *ServiceIdentityList) Validate() error

Validate - checks for missing required fields, etc

type ServiceName

type ServiceName string

ServiceName - A service name will generally be a unique subdomain.

type SignedPolicyData

type SignedPolicyData struct {

	//
	// list of policies defined in a domain
	//
	PolicyData *PolicyData `json:"policyData"`

	//
	// zms signature generated based on the domain policies object
	//
	ZmsSignature string `json:"zmsSignature,omitempty" rdl:"optional"`

	//
	// the identifier of the zms key used to generate the signature
	//
	ZmsKeyId string `json:"zmsKeyId,omitempty" rdl:"optional"`

	//
	// when the domain itself was last modified
	//
	Modified rdl.Timestamp `json:"modified"`

	//
	// timestamp specifying the expiration time for using this set of policies
	//
	Expires rdl.Timestamp `json:"expires"`
}

SignedPolicyData - A representation of policies object defined in a given server.

func NewSignedPolicyData

func NewSignedPolicyData(init ...*SignedPolicyData) *SignedPolicyData

NewSignedPolicyData - creates an initialized SignedPolicyData instance, returns a pointer to it

func (*SignedPolicyData) Init

func (self *SignedPolicyData) Init() *SignedPolicyData

Init - sets up the instance according to its default field values, if any

func (*SignedPolicyData) UnmarshalJSON

func (self *SignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyData

func (*SignedPolicyData) Validate

func (self *SignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type SignedPolicyRequest added in v1.10.33

type SignedPolicyRequest struct {
	PolicyVersions map[string]string `json:"policyVersions"`

	//
	// true if signature must be in P1363 format instead of ASN.1 DER
	//
	SignatureP1363Format bool `json:"signatureP1363Format"`
}

SignedPolicyRequest -

func NewSignedPolicyRequest added in v1.10.33

func NewSignedPolicyRequest(init ...*SignedPolicyRequest) *SignedPolicyRequest

NewSignedPolicyRequest - creates an initialized SignedPolicyRequest instance, returns a pointer to it

func (*SignedPolicyRequest) Init added in v1.10.33

Init - sets up the instance according to its default field values, if any

func (*SignedPolicyRequest) UnmarshalJSON added in v1.10.33

func (self *SignedPolicyRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyRequest

func (*SignedPolicyRequest) Validate added in v1.10.33

func (self *SignedPolicyRequest) Validate() error

Validate - checks for missing required fields, etc

type SignedToken

type SignedToken string

SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles

type SimpleName

type SimpleName string

SimpleName - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.

type Status added in v1.7.30

type Status struct {

	//
	// status message code
	//
	Code int32 `json:"code"`

	//
	// status message of the server
	//
	Message string `json:"message"`
}

Status - The representation for a status object

func NewStatus added in v1.7.30

func NewStatus(init ...*Status) *Status

NewStatus - creates an initialized Status instance, returns a pointer to it

func (*Status) UnmarshalJSON added in v1.7.30

func (self *Status) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Status

func (*Status) Validate added in v1.7.30

func (self *Status) Validate() error

Validate - checks for missing required fields, etc

type TenantDomains

type TenantDomains struct {
	TenantDomainNames []DomainName `json:"tenantDomainNames"`
}

TenantDomains -

func NewTenantDomains

func NewTenantDomains(init ...*TenantDomains) *TenantDomains

NewTenantDomains - creates an initialized TenantDomains instance, returns a pointer to it

func (*TenantDomains) Init

func (self *TenantDomains) Init() *TenantDomains

Init - sets up the instance according to its default field values, if any

func (*TenantDomains) UnmarshalJSON

func (self *TenantDomains) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantDomains

func (*TenantDomains) Validate

func (self *TenantDomains) Validate() error

Validate - checks for missing required fields, etc

type TransportDirection added in v1.10.10

type TransportDirection int

TransportDirection - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms.

const (
	IN TransportDirection
	OUT
)

TransportDirection constants

func NewTransportDirection added in v1.10.10

func NewTransportDirection(init ...interface{}) TransportDirection

NewTransportDirection - return a string representation of the enum

func (TransportDirection) MarshalJSON added in v1.10.10

func (e TransportDirection) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a TransportDirection

func (TransportDirection) String added in v1.10.10

func (e TransportDirection) String() string

String - return a string representation of the enum

func (TransportDirection) SymbolSet added in v1.10.10

func (e TransportDirection) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*TransportDirection) UnmarshalJSON added in v1.10.10

func (e *TransportDirection) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TransportDirection

type TransportRule added in v1.10.10

type TransportRule struct {

	//
	// source or destination endpoints defined in terms of CIDR notation
	//
	EndPoint string `json:"endPoint"`

	//
	// range of port numbers for incoming connections
	//
	SourcePortRange string `json:"sourcePortRange"`

	//
	// destination / listener port of the service
	//
	Port int32 `json:"port"`

	//
	// protocol of the connection
	//
	Protocol string `json:"protocol"`

	//
	// transport direction
	//
	Direction TransportDirection `json:"direction"`
}

TransportRule -

func NewTransportRule added in v1.10.10

func NewTransportRule(init ...*TransportRule) *TransportRule

NewTransportRule - creates an initialized TransportRule instance, returns a pointer to it

func (*TransportRule) UnmarshalJSON added in v1.10.10

func (self *TransportRule) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TransportRule

func (*TransportRule) Validate added in v1.10.10

func (self *TransportRule) Validate() error

Validate - checks for missing required fields, etc

type TransportRules added in v1.10.10

type TransportRules struct {
	IngressRules []*TransportRule `json:"ingressRules"`
	EgressRules  []*TransportRule `json:"egressRules"`
}

TransportRules -

func NewTransportRules added in v1.10.10

func NewTransportRules(init ...*TransportRules) *TransportRules

NewTransportRules - creates an initialized TransportRules instance, returns a pointer to it

func (*TransportRules) Init added in v1.10.10

func (self *TransportRules) Init() *TransportRules

Init - sets up the instance according to its default field values, if any

func (*TransportRules) UnmarshalJSON added in v1.10.10

func (self *TransportRules) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TransportRules

func (*TransportRules) Validate added in v1.10.10

func (self *TransportRules) Validate() error

Validate - checks for missing required fields, etc

type Workload added in v1.10.10

type Workload struct {

	//
	// name of the domain, optional for getWorkloadsByService API call
	//
	DomainName DomainName `json:"domainName"`

	//
	// name of the service, , optional for getWorkloadsByService API call
	//
	ServiceName EntityName `json:"serviceName"`

	//
	// unique identifier for the workload, usually defined by provider
	//
	Uuid string `json:"uuid"`

	//
	// list of IP addresses associated with the workload, optional for
	// getWorkloadsByIP API call
	//
	IpAddresses []string `json:"ipAddresses"`

	//
	// hostname associated with the workload
	//
	Hostname string `json:"hostname"`

	//
	// infrastructure provider e.g. k8s, AWS, Azure, openstack etc.
	//
	Provider string `json:"provider"`

	//
	// most recent update timestamp in the backend
	//
	UpdateTime rdl.Timestamp `json:"updateTime"`

	//
	// certificate expiry time (ex: getNotAfter)
	//
	CertExpiryTime rdl.Timestamp `json:"certExpiryTime"`
}

Workload -

func NewWorkload added in v1.10.10

func NewWorkload(init ...*Workload) *Workload

NewWorkload - creates an initialized Workload instance, returns a pointer to it

func (*Workload) Init added in v1.10.10

func (self *Workload) Init() *Workload

Init - sets up the instance according to its default field values, if any

func (*Workload) UnmarshalJSON added in v1.10.10

func (self *Workload) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Workload

func (*Workload) Validate added in v1.10.10

func (self *Workload) Validate() error

Validate - checks for missing required fields, etc

type Workloads added in v1.10.10

type Workloads struct {

	//
	// list of workloads
	//
	WorkloadList []*Workload `json:"workloadList"`
}

Workloads -

func NewWorkloads added in v1.10.10

func NewWorkloads(init ...*Workloads) *Workloads

NewWorkloads - creates an initialized Workloads instance, returns a pointer to it

func (*Workloads) Init added in v1.10.10

func (self *Workloads) Init() *Workloads

Init - sets up the instance according to its default field values, if any

func (*Workloads) UnmarshalJSON added in v1.10.10

func (self *Workloads) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Workloads

func (*Workloads) Validate added in v1.10.10

func (self *Workloads) Validate() error

Validate - checks for missing required fields, etc

type YBase64

type YBase64 string

YBase64 - The Y-specific URL-safe Base64 variant.

type YEncoded

type YEncoded string

YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.

type ZTSClient

type ZTSClient struct {
	URL             string
	Transport       http.RoundTripper
	CredsHeader     *string
	CredsToken      *string
	Timeout         time.Duration
	DisableRedirect bool
}

func NewClient

func NewClient(url string, transport http.RoundTripper) ZTSClient

NewClient creates and returns a new HTTP client object for the ZTS service

func (*ZTSClient) AddCredentials

func (client *ZTSClient) AddCredentials(header string, token string)

AddCredentials adds the credentials to the client for subsequent requests.

func (ZTSClient) DeleteInstanceIdentity added in v1.7.3

func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) error

func (ZTSClient) GetAWSTemporaryCredentials

func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, externalId string) (*AWSTemporaryCredentials, error)

func (ZTSClient) GetAccess

func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)

func (ZTSClient) GetCertificateAuthorityBundle added in v1.9.32

func (client ZTSClient) GetCertificateAuthorityBundle(name SimpleName) (*CertificateAuthorityBundle, error)

func (ZTSClient) GetDomainSignedPolicyData

func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)

func (ZTSClient) GetHostServices

func (client ZTSClient) GetHostServices(host string) (*HostServices, error)

func (ZTSClient) GetInfo added in v1.11.1

func (client ZTSClient) GetInfo() (*Info, error)

func (ZTSClient) GetInstanceRegisterToken added in v1.10.10

func (client ZTSClient) GetInstanceRegisterToken(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) (*InstanceRegisterToken, error)

func (ZTSClient) GetJWKList added in v1.9.32

func (client ZTSClient) GetJWKList(rfc *bool) (*JWKList, error)

func (ZTSClient) GetOAuthConfig added in v1.10.46

func (client ZTSClient) GetOAuthConfig() (*OAuthConfig, error)

func (ZTSClient) GetOIDCResponse added in v1.10.44

func (client ZTSClient) GetOIDCResponse(responseType string, clientId ServiceName, redirectUri string, scope string, state EntityName, nonce EntityName, keyType SimpleName, fullArn *bool, expiryTime *int32) (*OIDCResponse, string, error)

func (ZTSClient) GetOpenIDConfig added in v1.10.43

func (client ZTSClient) GetOpenIDConfig() (*OpenIDConfig, error)

func (ZTSClient) GetPublicKeyEntry

func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)

func (ZTSClient) GetRdlSchema added in v1.11.12

func (client ZTSClient) GetRdlSchema() (*rdl.Schema, error)

func (ZTSClient) GetResourceAccess added in v1.1.8

func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetResourceAccessExt added in v1.1.8

func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetRoleAccess

func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)

func (ZTSClient) GetRoleToken

func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, maxExpiryTime *int32, proxyForPrincipal EntityName) (*RoleToken, error)

func (ZTSClient) GetRolesRequireRoleCert added in v1.10.30

func (client ZTSClient) GetRolesRequireRoleCert(principal EntityName) (*RoleAccess, error)

func (ZTSClient) GetServiceIdentity

func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)

func (ZTSClient) GetServiceIdentityList

func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)

func (ZTSClient) GetStatus added in v1.7.30

func (client ZTSClient) GetStatus() (*Status, error)

func (ZTSClient) GetTenantDomains

func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, serviceName ServiceName) (*TenantDomains, error)

func (ZTSClient) GetTransportRules added in v1.10.10

func (client ZTSClient) GetTransportRules(domainName DomainName, serviceName EntityName) (*TransportRules, error)

func (ZTSClient) GetWorkloadsByIP added in v1.10.10

func (client ZTSClient) GetWorkloadsByIP(ip string) (*Workloads, error)

func (ZTSClient) GetWorkloadsByService added in v1.10.10

func (client ZTSClient) GetWorkloadsByService(domainName DomainName, serviceName EntityName) (*Workloads, error)

func (ZTSClient) PostAccessTokenRequest added in v1.9.32

func (client ZTSClient) PostAccessTokenRequest(request AccessTokenRequest) (*AccessTokenResponse, error)

func (ZTSClient) PostInstanceRefreshInformation added in v1.7.3

func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement, info *InstanceRefreshInformation) (*InstanceIdentity, error)

func (ZTSClient) PostInstanceRefreshRequest

func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)

func (ZTSClient) PostInstanceRegisterInformation added in v1.7.3

func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)

func (ZTSClient) PostRoleCertificateRequest

func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)

func (ZTSClient) PostRoleCertificateRequestExt added in v1.9.32

func (client ZTSClient) PostRoleCertificateRequestExt(req *RoleCertificateRequest) (*RoleCertificate, error)

func (ZTSClient) PostSSHCertRequest added in v1.7.53

func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)

func (ZTSClient) PostSignedPolicyRequest added in v1.10.33

func (client ZTSClient) PostSignedPolicyRequest(domainName DomainName, request *SignedPolicyRequest, matchingTag string) (*JWSPolicyData, string, error)

Directories

Path Synopsis
examples
get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL