Documentation ¶
Overview ¶
Package zts contains a client library to talk to Athenz ZTS.
Index ¶
- func ZTSSchema() *rdl.Schema
- type AWSArnRoleName
- type AWSRoleName
- type AWSRolePath
- type AWSRolePathElement
- type AWSTemporaryCredentials
- type Access
- type AccessTokenRequest
- type AccessTokenResponse
- type ActionName
- type Assertion
- type AssertionEffect
- type AthenzJWKConfig
- type AuthorityName
- type CertType
- type CertificateAuthorityBundle
- type CompoundName
- type DomainMetric
- type DomainMetricType
- type DomainMetrics
- type DomainName
- type DomainSignedPolicyData
- type EntityList
- type EntityName
- type HostServices
- type Identity
- type Info
- type InstanceIdentity
- type InstanceRefreshInformation
- type InstanceRefreshRequest
- type InstanceRegisterInformation
- type InstanceRegisterToken
- type JWK
- type JWKList
- type JWSPolicyData
- type OAuthConfig
- type OIDCResponse
- type OpenIDConfig
- type PathElement
- type Policy
- type PolicyData
- type PublicKeyEntry
- type ResourceAccess
- type ResourceName
- type RoleAccess
- type RoleCertificate
- type RoleCertificateRequest
- type RoleToken
- type SSHCertRequest
- type SSHCertRequestData
- type SSHCertRequestMeta
- type SSHCertificate
- type SSHCertificates
- type ServiceIdentity
- type ServiceIdentityList
- type ServiceName
- type SignedPolicyData
- type SignedPolicyRequest
- type SignedToken
- type SimpleName
- type Status
- type TenantDomains
- type TransportDirection
- type TransportRule
- type TransportRules
- type Workload
- type Workloads
- type YBase64
- type YEncoded
- type ZTSClient
- func (client *ZTSClient) AddCredentials(header string, token string)
- func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, ...) error
- func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, ...) (*AWSTemporaryCredentials, error)
- func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)
- func (client ZTSClient) GetCertificateAuthorityBundle(name SimpleName) (*CertificateAuthorityBundle, error)
- func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)
- func (client ZTSClient) GetHostServices(host string) (*HostServices, error)
- func (client ZTSClient) GetInfo() (*Info, error)
- func (client ZTSClient) GetInstanceRegisterToken(provider ServiceName, domain DomainName, service SimpleName, ...) (*InstanceRegisterToken, error)
- func (client ZTSClient) GetJWKList(rfc *bool) (*JWKList, error)
- func (client ZTSClient) GetOAuthConfig() (*OAuthConfig, error)
- func (client ZTSClient) GetOIDCResponse(responseType string, clientId ServiceName, redirectUri string, scope string, ...) (*OIDCResponse, string, error)
- func (client ZTSClient) GetOpenIDConfig() (*OpenIDConfig, error)
- func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)
- func (client ZTSClient) GetRdlSchema() (*rdl.Schema, error)
- func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, ...) (*ResourceAccess, error)
- func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, ...) (*ResourceAccess, error)
- func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)
- func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, ...) (*RoleToken, error)
- func (client ZTSClient) GetRolesRequireRoleCert(principal EntityName) (*RoleAccess, error)
- func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)
- func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)
- func (client ZTSClient) GetStatus() (*Status, error)
- func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, ...) (*TenantDomains, error)
- func (client ZTSClient) GetTransportRules(domainName DomainName, serviceName EntityName) (*TransportRules, error)
- func (client ZTSClient) GetWorkloadsByIP(ip string) (*Workloads, error)
- func (client ZTSClient) GetWorkloadsByService(domainName DomainName, serviceName EntityName) (*Workloads, error)
- func (client ZTSClient) PostAccessTokenRequest(request AccessTokenRequest) (*AccessTokenResponse, error)
- func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, ...) (*InstanceIdentity, error)
- func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)
- func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)
- func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)
- func (client ZTSClient) PostRoleCertificateRequestExt(req *RoleCertificateRequest) (*RoleCertificate, error)
- func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)
- func (client ZTSClient) PostSignedPolicyRequest(domainName DomainName, request *SignedPolicyRequest, matchingTag string) (*JWSPolicyData, string, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AWSArnRoleName ¶ added in v1.7.33
type AWSArnRoleName string
AWSArnRoleName - AWS full role name with path
type AWSRoleName ¶ added in v1.7.33
type AWSRoleName string
AWSRoleName - AWS role name without the path
type AWSRolePathElement ¶ added in v1.7.33
type AWSRolePathElement string
AWSRolePathElement - AWS role path single element
type AWSTemporaryCredentials ¶
type AWSTemporaryCredentials struct { AccessKeyId string `json:"accessKeyId"` SecretAccessKey string `json:"secretAccessKey"` SessionToken string `json:"sessionToken"` Expiration rdl.Timestamp `json:"expiration"` }
AWSTemporaryCredentials -
func NewAWSTemporaryCredentials ¶
func NewAWSTemporaryCredentials(init ...*AWSTemporaryCredentials) *AWSTemporaryCredentials
NewAWSTemporaryCredentials - creates an initialized AWSTemporaryCredentials instance, returns a pointer to it
func (*AWSTemporaryCredentials) UnmarshalJSON ¶
func (self *AWSTemporaryCredentials) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AWSTemporaryCredentials
func (*AWSTemporaryCredentials) Validate ¶
func (self *AWSTemporaryCredentials) Validate() error
Validate - checks for missing required fields, etc
type Access ¶
type Access struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
Access - Access can be checked and returned as this resource.
func (*Access) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Access
type AccessTokenResponse ¶ added in v1.9.32
type AccessTokenResponse struct { // // access token // Access_token string `json:"access_token"` // // token type e.g. Bearer // Token_type string `json:"token_type"` // // expiration in seconds // Expires_in *int32 `json:"expires_in,omitempty" rdl:"optional"` // // scope of the access token e.g. openid // Scope string `json:"scope,omitempty" rdl:"optional"` // // refresh token // Refresh_token string `json:"refresh_token,omitempty" rdl:"optional"` // // id token // Id_token string `json:"id_token,omitempty" rdl:"optional"` }
AccessTokenResponse -
func NewAccessTokenResponse ¶ added in v1.9.32
func NewAccessTokenResponse(init ...*AccessTokenResponse) *AccessTokenResponse
NewAccessTokenResponse - creates an initialized AccessTokenResponse instance, returns a pointer to it
func (*AccessTokenResponse) UnmarshalJSON ¶ added in v1.9.32
func (self *AccessTokenResponse) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AccessTokenResponse
func (*AccessTokenResponse) Validate ¶ added in v1.9.32
func (self *AccessTokenResponse) Validate() error
Validate - checks for missing required fields, etc
type Assertion ¶
type Assertion struct { // // the subject of the assertion, a role // Role string `json:"role"` // // the object of the assertion. Must be in the local namespace. Can contain // wildcards // Resource string `json:"resource"` // // the predicate of the assertion. Can contain wildcards // Action string `json:"action"` // // the effect of the assertion in the policy language // Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"` // // assertion id - auto generated by server // Id *int64 `json:"id,omitempty" rdl:"optional"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"` }
Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.
func NewAssertion ¶
NewAssertion - creates an initialized Assertion instance, returns a pointer to it
func (*Assertion) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Assertion
type AssertionEffect ¶
type AssertionEffect int
AssertionEffect - Every assertion can have the effect of ALLOW or DENY.
const ( ALLOW AssertionEffect DENY )
AssertionEffect constants
func NewAssertionEffect ¶
func NewAssertionEffect(init ...interface{}) AssertionEffect
NewAssertionEffect - return a string representation of the enum
func (AssertionEffect) MarshalJSON ¶
func (e AssertionEffect) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a AssertionEffect
func (AssertionEffect) String ¶
func (e AssertionEffect) String() string
String - return a string representation of the enum
func (AssertionEffect) SymbolSet ¶
func (e AssertionEffect) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*AssertionEffect) UnmarshalJSON ¶
func (e *AssertionEffect) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect
type AthenzJWKConfig ¶ added in v1.11.2
type AthenzJWKConfig struct { // // ZMS JSON Web Key (JWK) List // Zms *JWKList `json:"zms"` // // ZTS JSON Web Key (JWK) List // Zts *JWKList `json:"zts"` // // the last modification timestamp of the Athenz JWK configuration // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` }
AthenzJWKConfig -
func NewAthenzJWKConfig ¶ added in v1.11.2
func NewAthenzJWKConfig(init ...*AthenzJWKConfig) *AthenzJWKConfig
NewAthenzJWKConfig - creates an initialized AthenzJWKConfig instance, returns a pointer to it
func (*AthenzJWKConfig) Init ¶ added in v1.11.2
func (self *AthenzJWKConfig) Init() *AthenzJWKConfig
Init - sets up the instance according to its default field values, if any
func (*AthenzJWKConfig) UnmarshalJSON ¶ added in v1.11.2
func (self *AthenzJWKConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AthenzJWKConfig
func (*AthenzJWKConfig) Validate ¶ added in v1.11.2
func (self *AthenzJWKConfig) Validate() error
Validate - checks for missing required fields, etc
type AuthorityName ¶
type AuthorityName string
AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.
type CertType ¶ added in v1.9.32
type CertType int
CertType - CertType denotes various types of certs issued by Athenz
const ( X509 CertType SSH_HOST SSH_USER )
CertType constants
func NewCertType ¶ added in v1.9.32
func NewCertType(init ...interface{}) CertType
NewCertType - return a string representation of the enum
func (CertType) MarshalJSON ¶ added in v1.9.32
MarshalJSON is defined for proper JSON encoding of a CertType
func (CertType) SymbolSet ¶ added in v1.9.32
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*CertType) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a CertType
type CertificateAuthorityBundle ¶ added in v1.9.32
type CertificateAuthorityBundle struct { // // name of the bundle // Name SimpleName `json:"name"` // // set of certificates included in the bundle // Certs string `json:"certs"` }
CertificateAuthorityBundle -
func NewCertificateAuthorityBundle ¶ added in v1.9.32
func NewCertificateAuthorityBundle(init ...*CertificateAuthorityBundle) *CertificateAuthorityBundle
NewCertificateAuthorityBundle - creates an initialized CertificateAuthorityBundle instance, returns a pointer to it
func (*CertificateAuthorityBundle) UnmarshalJSON ¶ added in v1.9.32
func (self *CertificateAuthorityBundle) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a CertificateAuthorityBundle
func (*CertificateAuthorityBundle) Validate ¶ added in v1.9.32
func (self *CertificateAuthorityBundle) Validate() error
Validate - checks for missing required fields, etc
type CompoundName ¶
type CompoundName string
CompoundName - A compound name. Most names in this API are compound names.
type DomainMetric ¶
type DomainMetric struct { MetricType DomainMetricType `json:"metricType"` MetricVal int32 `json:"metricVal"` }
DomainMetric -
func NewDomainMetric ¶
func NewDomainMetric(init ...*DomainMetric) *DomainMetric
NewDomainMetric - creates an initialized DomainMetric instance, returns a pointer to it
func (*DomainMetric) UnmarshalJSON ¶
func (self *DomainMetric) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetric
func (*DomainMetric) Validate ¶
func (self *DomainMetric) Validate() error
Validate - checks for missing required fields, etc
type DomainMetricType ¶
type DomainMetricType int
DomainMetricType - zpe metric attributes
const ( ACCESS_ALLOWED DomainMetricType ACCESS_ALLOWED_DENY ACCESS_ALLOWED_DENY_NO_MATCH ACCESS_ALLOWED_ALLOW ACCESS_ALLOWED_ERROR ACCESS_ALLOWED_TOKEN_INVALID ACCESS_Allowed_TOKEN_EXPIRED ACCESS_ALLOWED_DOMAIN_NOT_FOUND ACCESS_ALLOWED_DOMAIN_MISMATCH ACCESS_ALLOWED_DOMAIN_EXPIRED ACCESS_ALLOWED_DOMAIN_EMPTY ACCESS_ALLOWED_TOKEN_CACHE_FAILURE ACCESS_ALLOWED_TOKEN_CACHE_NOT_FOUND ACCESS_ALLOWED_TOKEN_CACHE_SUCCESS ACCESS_ALLOWED_TOKEN_VALIDATE LOAD_FILE_FAIL LOAD_FILE_GOOD LOAD_DOMAIN_GOOD )
DomainMetricType constants
func NewDomainMetricType ¶
func NewDomainMetricType(init ...interface{}) DomainMetricType
NewDomainMetricType - return a string representation of the enum
func (DomainMetricType) MarshalJSON ¶
func (e DomainMetricType) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a DomainMetricType
func (DomainMetricType) String ¶
func (e DomainMetricType) String() string
String - return a string representation of the enum
func (DomainMetricType) SymbolSet ¶
func (e DomainMetricType) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*DomainMetricType) UnmarshalJSON ¶
func (e *DomainMetricType) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetricType
type DomainMetrics ¶
type DomainMetrics struct { // // name of the domain the metrics pertain to // DomainName DomainName `json:"domainName"` // // list of the domains metrics // MetricList []*DomainMetric `json:"metricList"` }
DomainMetrics -
func NewDomainMetrics ¶
func NewDomainMetrics(init ...*DomainMetrics) *DomainMetrics
NewDomainMetrics - creates an initialized DomainMetrics instance, returns a pointer to it
func (*DomainMetrics) Init ¶
func (self *DomainMetrics) Init() *DomainMetrics
Init - sets up the instance according to its default field values, if any
func (*DomainMetrics) UnmarshalJSON ¶
func (self *DomainMetrics) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetrics
func (*DomainMetrics) Validate ¶
func (self *DomainMetrics) Validate() error
Validate - checks for missing required fields, etc
type DomainName ¶
type DomainName string
DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.
type DomainSignedPolicyData ¶
type DomainSignedPolicyData struct { // // policy data signed by ZMS // SignedPolicyData *SignedPolicyData `json:"signedPolicyData"` // // signature generated based on the domain policies object // Signature string `json:"signature"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId"` }
DomainSignedPolicyData - A signed bulk transfer of policies. The data is signed with server's private key.
func NewDomainSignedPolicyData ¶
func NewDomainSignedPolicyData(init ...*DomainSignedPolicyData) *DomainSignedPolicyData
NewDomainSignedPolicyData - creates an initialized DomainSignedPolicyData instance, returns a pointer to it
func (*DomainSignedPolicyData) Init ¶
func (self *DomainSignedPolicyData) Init() *DomainSignedPolicyData
Init - sets up the instance according to its default field values, if any
func (*DomainSignedPolicyData) UnmarshalJSON ¶
func (self *DomainSignedPolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainSignedPolicyData
func (*DomainSignedPolicyData) Validate ¶
func (self *DomainSignedPolicyData) Validate() error
Validate - checks for missing required fields, etc
type EntityList ¶ added in v1.7.30
type EntityList string
EntityList - An Entity list is comma separated compound Names
type EntityName ¶
type EntityName string
EntityName - An entity name is a short form of a resource name, including only the domain and entity.
type HostServices ¶
type HostServices struct { // // name of the host // Host string `json:"host"` // // list of service names authorized to run on this host // Names []EntityName `json:"names"` }
HostServices - The representation for an enumeration of services authorized to run on a specific host.
func NewHostServices ¶
func NewHostServices(init ...*HostServices) *HostServices
NewHostServices - creates an initialized HostServices instance, returns a pointer to it
func (*HostServices) Init ¶
func (self *HostServices) Init() *HostServices
Init - sets up the instance according to its default field values, if any
func (*HostServices) UnmarshalJSON ¶
func (self *HostServices) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a HostServices
func (*HostServices) Validate ¶
func (self *HostServices) Validate() error
Validate - checks for missing required fields, etc
type Identity ¶
type Identity struct { // // name of the identity, fully qualified, i.e. my.domain.service1, or // aws.1232321321312.myusername // Name CompoundName `json:"name"` // // a certificate usable for both client and server in TLS connections // Certificate string `json:"certificate,omitempty" rdl:"optional"` // // the CA certificate chain to use with all IMS-generated certs // CaCertBundle string `json:"caCertBundle,omitempty" rdl:"optional"` // // the SSH certificate, signed by the CA (user or host) // SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"` // // the SSH CA's public key for the sshCertificate (user or host) // SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"` // // service token instead of TLS certificate // ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"` // // other config-like attributes determined at boot time // Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"` }
Identity - Identity - a signed assertion of service or human identity, the response could be either a client certificate or just a regular NToken (depending if the request contained a csr or not).
func NewIdentity ¶
NewIdentity - creates an initialized Identity instance, returns a pointer to it
func (*Identity) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Identity
type Info ¶ added in v1.11.1
type Info struct { // // jdk build version // BuildJdkSpec string `json:"buildJdkSpec,omitempty" rdl:"optional"` // // implementation title - e.g. athenz-zms-server // ImplementationTitle string `json:"implementationTitle,omitempty" rdl:"optional"` // // implementation version - e.g. 1.11.1 // ImplementationVersion string `json:"implementationVersion,omitempty" rdl:"optional"` // // implementation vendor - Athenz // ImplementationVendor string `json:"implementationVendor,omitempty" rdl:"optional"` }
Info - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The representation for an info object
func NewInfo ¶ added in v1.11.1
NewInfo - creates an initialized Info instance, returns a pointer to it
func (*Info) UnmarshalJSON ¶ added in v1.11.1
UnmarshalJSON is defined for proper JSON decoding of a Info
type InstanceIdentity ¶ added in v1.7.3
type InstanceIdentity struct { // // the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1") // Provider ServiceName `json:"provider"` // // name of the identity, fully qualified, i.e. my.domain.service1 // Name ServiceName `json:"name"` // // unique instance id within provider's namespace // InstanceId PathElement `json:"instanceId"` // // an X.509 certificate usable for both client and server in TLS connections // X509Certificate string `json:"x509Certificate,omitempty" rdl:"optional"` // // the CA certificate chain to verify all generated X.509 certs // X509CertificateSigner string `json:"x509CertificateSigner,omitempty" rdl:"optional"` // // the SSH certificate, signed by the CA (user or host) // SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"` // // the SSH CA's public key for the sshCertificate (user or host) // SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"` // // service token instead of TLS certificate // ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"` // // other config-like attributes determined at boot time // Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"` // // the Athenz JSON Web Key (JWK) configuration object // AthenzJWK *AthenzJWKConfig `json:"athenzJWK,omitempty" rdl:"optional"` }
InstanceIdentity -
func NewInstanceIdentity ¶ added in v1.7.3
func NewInstanceIdentity(init ...*InstanceIdentity) *InstanceIdentity
NewInstanceIdentity - creates an initialized InstanceIdentity instance, returns a pointer to it
func (*InstanceIdentity) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceIdentity
func (*InstanceIdentity) Validate ¶ added in v1.7.3
func (self *InstanceIdentity) Validate() error
Validate - checks for missing required fields, etc
type InstanceRefreshInformation ¶ added in v1.7.3
type InstanceRefreshInformation struct { // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData,omitempty" rdl:"optional"` // // the Certificate Signing Request for the expected X.509 certificate in the // response // Csr string `json:"csr,omitempty" rdl:"optional"` // // deprecated - use sshCertRequest, if present, return an SSH host // certificate. Format is JSON. // Ssh string `json:"ssh,omitempty" rdl:"optional"` // // if present, return an SSH host certificate // SshCertRequest *SSHCertRequest `json:"sshCertRequest,omitempty" rdl:"optional"` // // if true, return a service token signed by ZTS for this service // Token *bool `json:"token,omitempty" rdl:"optional"` // // expiry time in minutes for the certificate (server enforces max expiry) // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // optional hostname in case included in the csr SAN dnsName attribute // Hostname DomainName `json:"hostname,omitempty" rdl:"optional"` // // optional host CNAMEs included in the csr SAN dnsName attribute // HostCnames []DomainName `json:"hostCnames,omitempty" rdl:"optional"` // // if true, return an Athenz JWK public keys file // AthenzJWK *bool `json:"athenzJWK,omitempty" rdl:"optional"` // // return the public keys file only if modified after the given timestamp // AthenzJWKModified *rdl.Timestamp `json:"athenzJWKModified,omitempty" rdl:"optional"` }
InstanceRefreshInformation -
func NewInstanceRefreshInformation ¶ added in v1.7.3
func NewInstanceRefreshInformation(init ...*InstanceRefreshInformation) *InstanceRefreshInformation
NewInstanceRefreshInformation - creates an initialized InstanceRefreshInformation instance, returns a pointer to it
func (*InstanceRefreshInformation) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceRefreshInformation) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshInformation
func (*InstanceRefreshInformation) Validate ¶ added in v1.7.3
func (self *InstanceRefreshInformation) Validate() error
Validate - checks for missing required fields, etc
type InstanceRefreshRequest ¶
type InstanceRefreshRequest struct { // // Cert CSR signed by the service's private key (public key registered in ZMS) // Csr string `json:"csr"` // // in minutes how long token should be valid for // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // public key identifier // KeyId string `json:"keyId,omitempty" rdl:"optional"` }
InstanceRefreshRequest - InstanceRefreshRequest - a certificate refresh request
func NewInstanceRefreshRequest ¶
func NewInstanceRefreshRequest(init ...*InstanceRefreshRequest) *InstanceRefreshRequest
NewInstanceRefreshRequest - creates an initialized InstanceRefreshRequest instance, returns a pointer to it
func (*InstanceRefreshRequest) UnmarshalJSON ¶
func (self *InstanceRefreshRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshRequest
func (*InstanceRefreshRequest) Validate ¶
func (self *InstanceRefreshRequest) Validate() error
Validate - checks for missing required fields, etc
type InstanceRegisterInformation ¶ added in v1.7.3
type InstanceRegisterInformation struct { // // the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1") // Provider ServiceName `json:"provider"` // // the domain of the instance // Domain DomainName `json:"domain"` // // the service this instance is supposed to run // Service SimpleName `json:"service"` // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData"` // // the Certificate Signing Request for the expected X.509 certificate in the // response // Csr string `json:"csr"` // // deprecated - use sshCertRequest, if present, return an SSH host // certificate. Format is JSON. // Ssh string `json:"ssh,omitempty" rdl:"optional"` // // if present, return an SSH host certificate // SshCertRequest *SSHCertRequest `json:"sshCertRequest,omitempty" rdl:"optional"` // // if true, return a service token signed by ZTS for this service // Token *bool `json:"token,omitempty" rdl:"optional"` // // expiry time in minutes for the certificate (server enforces max expiry) // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // optional hostname in case included in the csr SAN dnsName attribute // Hostname DomainName `json:"hostname,omitempty" rdl:"optional"` // // optional host CNAMEs included in the csr SAN dnsName attribute // HostCnames []DomainName `json:"hostCnames,omitempty" rdl:"optional"` // // if true, return an Athenz JWK public keys file // AthenzJWK *bool `json:"athenzJWK,omitempty" rdl:"optional"` // // return the public keys file only if modified after the given timestamp // AthenzJWKModified *rdl.Timestamp `json:"athenzJWKModified,omitempty" rdl:"optional"` }
InstanceRegisterInformation -
func NewInstanceRegisterInformation ¶ added in v1.7.3
func NewInstanceRegisterInformation(init ...*InstanceRegisterInformation) *InstanceRegisterInformation
NewInstanceRegisterInformation - creates an initialized InstanceRegisterInformation instance, returns a pointer to it
func (*InstanceRegisterInformation) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceRegisterInformation) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterInformation
func (*InstanceRegisterInformation) Validate ¶ added in v1.7.3
func (self *InstanceRegisterInformation) Validate() error
Validate - checks for missing required fields, etc
type InstanceRegisterToken ¶ added in v1.10.10
type InstanceRegisterToken struct { // // provider service name // Provider ServiceName `json:"provider"` // // the domain of the instance // Domain DomainName `json:"domain"` // // the service this instance is supposed to run // Service SimpleName `json:"service"` // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData"` // // additional non-signed attributes that assist in attestation. I.e. "keyId", // "accessKey", etc // Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"` }
InstanceRegisterToken -
func NewInstanceRegisterToken ¶ added in v1.10.10
func NewInstanceRegisterToken(init ...*InstanceRegisterToken) *InstanceRegisterToken
NewInstanceRegisterToken - creates an initialized InstanceRegisterToken instance, returns a pointer to it
func (*InstanceRegisterToken) UnmarshalJSON ¶ added in v1.10.10
func (self *InstanceRegisterToken) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterToken
func (*InstanceRegisterToken) Validate ¶ added in v1.10.10
func (self *InstanceRegisterToken) Validate() error
Validate - checks for missing required fields, etc
type JWK ¶ added in v1.9.32
type JWK struct { // // key type: EC or RSA // Kty string `json:"kty"` // // identifier // Kid string `json:"kid"` // // key algorithm // Alg string `json:"alg,omitempty" rdl:"optional"` // // usage: sig or enc // Use string `json:"use,omitempty" rdl:"optional"` // // ec curve name // Crv string `json:"crv,omitempty" rdl:"optional"` // // ec x value // X string `json:"x,omitempty" rdl:"optional"` // // ec y value // Y string `json:"y,omitempty" rdl:"optional"` // // rsa modulus value // N string `json:"n,omitempty" rdl:"optional"` // // rsa public exponent value // E string `json:"e,omitempty" rdl:"optional"` }
JWK -
func NewJWK ¶ added in v1.9.32
NewJWK - creates an initialized JWK instance, returns a pointer to it
func (*JWK) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a JWK
type JWKList ¶ added in v1.9.32
type JWKList struct { // // array of JWKs // Keys []*JWK `json:"keys"` }
JWKList - JSON Web Key (JWK) List
func NewJWKList ¶ added in v1.9.32
NewJWKList - creates an initialized JWKList instance, returns a pointer to it
func (*JWKList) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*JWKList) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a JWKList
type JWSPolicyData ¶ added in v1.10.32
type JWSPolicyData struct { Payload string `json:"payload"` Protected string `json:"protected"` Header map[string]string `json:"header"` Signature string `json:"signature"` }
JWSPolicyData - SignedPolicyData using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2
func NewJWSPolicyData ¶ added in v1.10.32
func NewJWSPolicyData(init ...*JWSPolicyData) *JWSPolicyData
NewJWSPolicyData - creates an initialized JWSPolicyData instance, returns a pointer to it
func (*JWSPolicyData) Init ¶ added in v1.10.32
func (self *JWSPolicyData) Init() *JWSPolicyData
Init - sets up the instance according to its default field values, if any
func (*JWSPolicyData) UnmarshalJSON ¶ added in v1.10.32
func (self *JWSPolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a JWSPolicyData
func (*JWSPolicyData) Validate ¶ added in v1.10.32
func (self *JWSPolicyData) Validate() error
Validate - checks for missing required fields, etc
type OAuthConfig ¶ added in v1.10.46
type OAuthConfig struct { // // url using the https scheme // Issuer string `json:"issuer"` // // oauth 2.0 authorization endpoint url // Authorization_endpoint string `json:"authorization_endpoint"` // // authorization server token endpoint // Token_endpoint string `json:"token_endpoint"` // // public server jwk set url // Jwks_uri string `json:"jwks_uri"` // // list of supported response types // Response_types_supported []string `json:"response_types_supported"` // // supported grant types // Grant_types_supported []string `json:"grant_types_supported"` // // list of supported algorithms for issued access tokens // Token_endpoint_auth_signing_alg_values_supported []string `json:"token_endpoint_auth_signing_alg_values_supported"` }
OAuthConfig -
func NewOAuthConfig ¶ added in v1.10.46
func NewOAuthConfig(init ...*OAuthConfig) *OAuthConfig
NewOAuthConfig - creates an initialized OAuthConfig instance, returns a pointer to it
func (*OAuthConfig) Init ¶ added in v1.10.46
func (self *OAuthConfig) Init() *OAuthConfig
Init - sets up the instance according to its default field values, if any
func (*OAuthConfig) UnmarshalJSON ¶ added in v1.10.46
func (self *OAuthConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a OAuthConfig
func (*OAuthConfig) Validate ¶ added in v1.10.46
func (self *OAuthConfig) Validate() error
Validate - checks for missing required fields, etc
type OIDCResponse ¶ added in v1.10.44
type OIDCResponse struct {
Location string `json:"location"`
}
OIDCResponse -
func NewOIDCResponse ¶ added in v1.10.44
func NewOIDCResponse(init ...*OIDCResponse) *OIDCResponse
NewOIDCResponse - creates an initialized OIDCResponse instance, returns a pointer to it
func (*OIDCResponse) UnmarshalJSON ¶ added in v1.10.44
func (self *OIDCResponse) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a OIDCResponse
func (*OIDCResponse) Validate ¶ added in v1.10.44
func (self *OIDCResponse) Validate() error
Validate - checks for missing required fields, etc
type OpenIDConfig ¶ added in v1.10.43
type OpenIDConfig struct { // // url using the https scheme // Issuer string `json:"issuer"` // // oauth 2.0 authorization endpoint url // Authorization_endpoint string `json:"authorization_endpoint"` // // public server jwk set url // Jwks_uri string `json:"jwks_uri"` // // list of supported response types // Response_types_supported []string `json:"response_types_supported"` // // list of supported subject identifier types // Subject_types_supported []string `json:"subject_types_supported"` // // list of supported algorithms for issued id tokens // Id_token_signing_alg_values_supported []string `json:"id_token_signing_alg_values_supported"` // // list of supported id claims // Claims_supported []string `json:"claims_supported,omitempty" rdl:"optional"` }
OpenIDConfig -
func NewOpenIDConfig ¶ added in v1.10.43
func NewOpenIDConfig(init ...*OpenIDConfig) *OpenIDConfig
NewOpenIDConfig - creates an initialized OpenIDConfig instance, returns a pointer to it
func (*OpenIDConfig) Init ¶ added in v1.10.43
func (self *OpenIDConfig) Init() *OpenIDConfig
Init - sets up the instance according to its default field values, if any
func (*OpenIDConfig) UnmarshalJSON ¶ added in v1.10.43
func (self *OpenIDConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a OpenIDConfig
func (*OpenIDConfig) Validate ¶ added in v1.10.43
func (self *OpenIDConfig) Validate() error
Validate - checks for missing required fields, etc
type Policy ¶
type Policy struct { // // name of the policy // Name ResourceName `json:"name"` // // last modification timestamp of this policy // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // list of defined assertions for this policy // Assertions []*Assertion `json:"assertions"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"` // // optional version string, defaults to 0 // Version SimpleName `json:"version,omitempty" rdl:"optional"` // // if multi-version policy then indicates active version // Active *bool `json:"active,omitempty" rdl:"optional"` }
Policy - The representation for a Policy with set of assertions.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policy
type PolicyData ¶
type PolicyData struct { // // name of the domain // Domain DomainName `json:"domain"` // // list of policies defined in this server // Policies []*Policy `json:"policies"` }
PolicyData -
func NewPolicyData ¶
func NewPolicyData(init ...*PolicyData) *PolicyData
NewPolicyData - creates an initialized PolicyData instance, returns a pointer to it
func (*PolicyData) Init ¶
func (self *PolicyData) Init() *PolicyData
Init - sets up the instance according to its default field values, if any
func (*PolicyData) UnmarshalJSON ¶
func (self *PolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PolicyData
func (*PolicyData) Validate ¶
func (self *PolicyData) Validate() error
Validate - checks for missing required fields, etc
type PublicKeyEntry ¶
type PublicKeyEntry struct { // // the public key for the service // Key string `json:"key"` // // the key identifier (version or zone name) // Id string `json:"id"` }
PublicKeyEntry - The representation of the public key in a service identity object.
func NewPublicKeyEntry ¶
func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry
NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it
func (*PublicKeyEntry) UnmarshalJSON ¶
func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry
func (*PublicKeyEntry) Validate ¶
func (self *PublicKeyEntry) Validate() error
Validate - checks for missing required fields, etc
type ResourceAccess ¶ added in v1.1.8
type ResourceAccess struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
ResourceAccess - ResourceAccess can be checked and returned as this resource. (same as ZMS.Access)
func NewResourceAccess ¶ added in v1.1.8
func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess
NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it
func (*ResourceAccess) UnmarshalJSON ¶ added in v1.1.8
func (self *ResourceAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess
func (*ResourceAccess) Validate ¶ added in v1.1.8
func (self *ResourceAccess) Validate() error
Validate - checks for missing required fields, etc
type ResourceName ¶
type ResourceName string
ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.
type RoleAccess ¶
type RoleAccess struct {
Roles []EntityName `json:"roles"`
}
RoleAccess -
func NewRoleAccess ¶
func NewRoleAccess(init ...*RoleAccess) *RoleAccess
NewRoleAccess - creates an initialized RoleAccess instance, returns a pointer to it
func (*RoleAccess) Init ¶
func (self *RoleAccess) Init() *RoleAccess
Init - sets up the instance according to its default field values, if any
func (*RoleAccess) UnmarshalJSON ¶
func (self *RoleAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleAccess
func (*RoleAccess) Validate ¶
func (self *RoleAccess) Validate() error
Validate - checks for missing required fields, etc
type RoleCertificate ¶ added in v1.9.32
type RoleCertificate struct {
X509Certificate string `json:"x509Certificate"`
}
RoleCertificate - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. RoleCertificate - a role certificate
func NewRoleCertificate ¶ added in v1.9.32
func NewRoleCertificate(init ...*RoleCertificate) *RoleCertificate
NewRoleCertificate - creates an initialized RoleCertificate instance, returns a pointer to it
func (*RoleCertificate) UnmarshalJSON ¶ added in v1.9.32
func (self *RoleCertificate) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleCertificate
func (*RoleCertificate) Validate ¶ added in v1.9.32
func (self *RoleCertificate) Validate() error
Validate - checks for missing required fields, etc
type RoleCertificateRequest ¶
type RoleCertificateRequest struct { // // role certificate singing request // Csr string `json:"csr"` // // this request is proxy for this principal // ProxyForPrincipal EntityName `json:"proxyForPrincipal,omitempty" rdl:"optional"` // // request an expiry time for the role certificate // ExpiryTime int64 `json:"expiryTime"` // // previous role certificate not before date // PrevCertNotBefore *rdl.Timestamp `json:"prevCertNotBefore,omitempty" rdl:"optional"` // // previous role certificate not after date // PrevCertNotAfter *rdl.Timestamp `json:"prevCertNotAfter,omitempty" rdl:"optional"` }
RoleCertificateRequest - RoleCertificateRequest - a certificate signing request. By including the optional previous Certificate NotBefore and NotAfter dates would all the server to correctly prioritize this request in case the certificate signer is under heavy load and it can't sign all submitted requests from the Athenz Server.
func NewRoleCertificateRequest ¶
func NewRoleCertificateRequest(init ...*RoleCertificateRequest) *RoleCertificateRequest
NewRoleCertificateRequest - creates an initialized RoleCertificateRequest instance, returns a pointer to it
func (*RoleCertificateRequest) UnmarshalJSON ¶
func (self *RoleCertificateRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleCertificateRequest
func (*RoleCertificateRequest) Validate ¶
func (self *RoleCertificateRequest) Validate() error
Validate - checks for missing required fields, etc
type RoleToken ¶
RoleToken - A representation of a signed RoleToken
func NewRoleToken ¶
NewRoleToken - creates an initialized RoleToken instance, returns a pointer to it
func (*RoleToken) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a RoleToken
type SSHCertRequest ¶ added in v1.7.53
type SSHCertRequest struct { // // ssh certificate request data // CertRequestData *SSHCertRequestData `json:"certRequestData"` // // ssh certificate request meta // CertRequestMeta *SSHCertRequestMeta `json:"certRequestMeta"` // // free-form csr if not using data/meta fields. // Csr string `json:"csr,omitempty" rdl:"optional"` // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData,omitempty" rdl:"optional"` }
SSHCertRequest -
func NewSSHCertRequest ¶ added in v1.7.53
func NewSSHCertRequest(init ...*SSHCertRequest) *SSHCertRequest
NewSSHCertRequest - creates an initialized SSHCertRequest instance, returns a pointer to it
func (*SSHCertRequest) Init ¶ added in v1.7.53
func (self *SSHCertRequest) Init() *SSHCertRequest
Init - sets up the instance according to its default field values, if any
func (*SSHCertRequest) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequest
func (*SSHCertRequest) Validate ¶ added in v1.7.53
func (self *SSHCertRequest) Validate() error
Validate - checks for missing required fields, etc
type SSHCertRequestData ¶ added in v1.7.53
type SSHCertRequestData struct { // // principals in the ssh certificate (usually only one) // Principals []string `json:"principals"` // // source FQDNs or ip addresses // Sources []string `json:"sources,omitempty" rdl:"optional"` // // destination FQDNs or ip addresses // Destinations []string `json:"destinations,omitempty" rdl:"optional"` // // public key for ssh certificate // PublicKey string `json:"publicKey,omitempty" rdl:"optional"` // // yubikey/touch public key for ssh certificate // TouchPublicKey string `json:"touchPublicKey,omitempty" rdl:"optional"` // // CA public key algorithm: 0: Unknown, 1: RSA, 3: ECDSA // CaPubKeyAlgo *int32 `json:"caPubKeyAlgo,omitempty" rdl:"optional"` // // optional force command option for certificate // Command string `json:"command,omitempty" rdl:"optional"` }
SSHCertRequestData -
func NewSSHCertRequestData ¶ added in v1.7.53
func NewSSHCertRequestData(init ...*SSHCertRequestData) *SSHCertRequestData
NewSSHCertRequestData - creates an initialized SSHCertRequestData instance, returns a pointer to it
func (*SSHCertRequestData) Init ¶ added in v1.7.53
func (self *SSHCertRequestData) Init() *SSHCertRequestData
Init - sets up the instance according to its default field values, if any
func (*SSHCertRequestData) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequestData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestData
func (*SSHCertRequestData) Validate ¶ added in v1.7.53
func (self *SSHCertRequestData) Validate() error
Validate - checks for missing required fields, etc
type SSHCertRequestMeta ¶ added in v1.7.53
type SSHCertRequestMeta struct { // // requesting user // Requestor string `json:"requestor"` // // origin FQDN or ip // Origin string `json:"origin"` // // client info // ClientInfo string `json:"clientInfo,omitempty" rdl:"optional"` // // ssh client version // SshClientVersion string `json:"sshClientVersion,omitempty" rdl:"optional"` // // cert type - user or host // CertType string `json:"certType"` // // principals included in the keyId field in the certificate // KeyIdPrincipals []string `json:"keyIdPrincipals,omitempty" rdl:"optional"` // // ssh host cert request is for this athenz service // AthenzService EntityName `json:"athenzService,omitempty" rdl:"optional"` // // ssh host cert request is for this instance id // InstanceId PathElement `json:"instanceId,omitempty" rdl:"optional"` // // previous ssh certificate validity from date // PrevCertValidFrom *rdl.Timestamp `json:"prevCertValidFrom,omitempty" rdl:"optional"` // // previous ssh certificate validity to date // PrevCertValidTo *rdl.Timestamp `json:"prevCertValidTo,omitempty" rdl:"optional"` // // ssh request transaction id // TransId string `json:"transId,omitempty" rdl:"optional"` }
SSHCertRequestMeta -
func NewSSHCertRequestMeta ¶ added in v1.7.53
func NewSSHCertRequestMeta(init ...*SSHCertRequestMeta) *SSHCertRequestMeta
NewSSHCertRequestMeta - creates an initialized SSHCertRequestMeta instance, returns a pointer to it
func (*SSHCertRequestMeta) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequestMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestMeta
func (*SSHCertRequestMeta) Validate ¶ added in v1.7.53
func (self *SSHCertRequestMeta) Validate() error
Validate - checks for missing required fields, etc
type SSHCertificate ¶ added in v1.7.53
type SSHCertificate struct { // // the SSH certificate, signed by the CA // Certificate string `json:"certificate"` // // certificate public key if generated by SSH RA // PublicKey string `json:"publicKey,omitempty" rdl:"optional"` // // certificate private key if generated by SSH Agent // PrivateKey string `json:"privateKey,omitempty" rdl:"optional"` }
SSHCertificate -
func NewSSHCertificate ¶ added in v1.7.53
func NewSSHCertificate(init ...*SSHCertificate) *SSHCertificate
NewSSHCertificate - creates an initialized SSHCertificate instance, returns a pointer to it
func (*SSHCertificate) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertificate) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertificate
func (*SSHCertificate) Validate ¶ added in v1.7.53
func (self *SSHCertificate) Validate() error
Validate - checks for missing required fields, etc
type SSHCertificates ¶ added in v1.7.53
type SSHCertificates struct { // // set of user ssh certificates // Certificates []*SSHCertificate `json:"certificates"` // // the SSH CA's public key for the sshCertificate (user or host) // CertificateSigner string `json:"certificateSigner,omitempty" rdl:"optional"` }
SSHCertificates -
func NewSSHCertificates ¶ added in v1.7.53
func NewSSHCertificates(init ...*SSHCertificates) *SSHCertificates
NewSSHCertificates - creates an initialized SSHCertificates instance, returns a pointer to it
func (*SSHCertificates) Init ¶ added in v1.7.53
func (self *SSHCertificates) Init() *SSHCertificates
Init - sets up the instance according to its default field values, if any
func (*SSHCertificates) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertificates) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertificates
func (*SSHCertificates) Validate ¶ added in v1.7.53
func (self *SSHCertificates) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentity ¶
type ServiceIdentity struct { // // the full name of the service, i.e. "sports.storage" // Name ServiceName `json:"name"` // // array of public keys for key rotation // PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"` // // if present, then this service can provision tenants via this endpoint. // ProviderEndpoint string `json:"providerEndpoint,omitempty" rdl:"optional"` // // the timestamp when this entry was last modified // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // the path of the executable that runs the service // Executable string `json:"executable,omitempty" rdl:"optional"` // // list of host names that this service can run on // Hosts []string `json:"hosts,omitempty" rdl:"optional"` // // local (unix) user name this service can run as // User string `json:"user,omitempty" rdl:"optional"` // // local (unix) group name this service can run as // Group string `json:"group,omitempty" rdl:"optional"` }
ServiceIdentity - The representation of the service identity object.
func NewServiceIdentity ¶
func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity
NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it
func (*ServiceIdentity) UnmarshalJSON ¶
func (self *ServiceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity
func (*ServiceIdentity) Validate ¶
func (self *ServiceIdentity) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentityList ¶
type ServiceIdentityList struct { // // list of service names // Names []EntityName `json:"names"` }
ServiceIdentityList - The representation for an enumeration of services in the namespace.
func NewServiceIdentityList ¶
func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList
NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it
func (*ServiceIdentityList) Init ¶
func (self *ServiceIdentityList) Init() *ServiceIdentityList
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentityList) UnmarshalJSON ¶
func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList
func (*ServiceIdentityList) Validate ¶
func (self *ServiceIdentityList) Validate() error
Validate - checks for missing required fields, etc
type ServiceName ¶
type ServiceName string
ServiceName - A service name will generally be a unique subdomain.
type SignedPolicyData ¶
type SignedPolicyData struct { // // list of policies defined in a domain // PolicyData *PolicyData `json:"policyData"` // // zms signature generated based on the domain policies object // ZmsSignature string `json:"zmsSignature,omitempty" rdl:"optional"` // // the identifier of the zms key used to generate the signature // ZmsKeyId string `json:"zmsKeyId,omitempty" rdl:"optional"` // // when the domain itself was last modified // Modified rdl.Timestamp `json:"modified"` // // timestamp specifying the expiration time for using this set of policies // Expires rdl.Timestamp `json:"expires"` }
SignedPolicyData - A representation of policies object defined in a given server.
func NewSignedPolicyData ¶
func NewSignedPolicyData(init ...*SignedPolicyData) *SignedPolicyData
NewSignedPolicyData - creates an initialized SignedPolicyData instance, returns a pointer to it
func (*SignedPolicyData) Init ¶
func (self *SignedPolicyData) Init() *SignedPolicyData
Init - sets up the instance according to its default field values, if any
func (*SignedPolicyData) UnmarshalJSON ¶
func (self *SignedPolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyData
func (*SignedPolicyData) Validate ¶
func (self *SignedPolicyData) Validate() error
Validate - checks for missing required fields, etc
type SignedPolicyRequest ¶ added in v1.10.33
type SignedPolicyRequest struct { PolicyVersions map[string]string `json:"policyVersions"` // // true if signature must be in P1363 format instead of ASN.1 DER // SignatureP1363Format bool `json:"signatureP1363Format"` }
SignedPolicyRequest -
func NewSignedPolicyRequest ¶ added in v1.10.33
func NewSignedPolicyRequest(init ...*SignedPolicyRequest) *SignedPolicyRequest
NewSignedPolicyRequest - creates an initialized SignedPolicyRequest instance, returns a pointer to it
func (*SignedPolicyRequest) Init ¶ added in v1.10.33
func (self *SignedPolicyRequest) Init() *SignedPolicyRequest
Init - sets up the instance according to its default field values, if any
func (*SignedPolicyRequest) UnmarshalJSON ¶ added in v1.10.33
func (self *SignedPolicyRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyRequest
func (*SignedPolicyRequest) Validate ¶ added in v1.10.33
func (self *SignedPolicyRequest) Validate() error
Validate - checks for missing required fields, etc
type SignedToken ¶
type SignedToken string
SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles
type SimpleName ¶
type SimpleName string
SimpleName - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.
type Status ¶ added in v1.7.30
type Status struct { // // status message code // Code int32 `json:"code"` // // status message of the server // Message string `json:"message"` }
Status - The representation for a status object
func NewStatus ¶ added in v1.7.30
NewStatus - creates an initialized Status instance, returns a pointer to it
func (*Status) UnmarshalJSON ¶ added in v1.7.30
UnmarshalJSON is defined for proper JSON decoding of a Status
type TenantDomains ¶
type TenantDomains struct {
TenantDomainNames []DomainName `json:"tenantDomainNames"`
}
TenantDomains -
func NewTenantDomains ¶
func NewTenantDomains(init ...*TenantDomains) *TenantDomains
NewTenantDomains - creates an initialized TenantDomains instance, returns a pointer to it
func (*TenantDomains) Init ¶
func (self *TenantDomains) Init() *TenantDomains
Init - sets up the instance according to its default field values, if any
func (*TenantDomains) UnmarshalJSON ¶
func (self *TenantDomains) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantDomains
func (*TenantDomains) Validate ¶
func (self *TenantDomains) Validate() error
Validate - checks for missing required fields, etc
type TransportDirection ¶ added in v1.10.10
type TransportDirection int
TransportDirection - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms.
const ( IN TransportDirection OUT )
TransportDirection constants
func NewTransportDirection ¶ added in v1.10.10
func NewTransportDirection(init ...interface{}) TransportDirection
NewTransportDirection - return a string representation of the enum
func (TransportDirection) MarshalJSON ¶ added in v1.10.10
func (e TransportDirection) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a TransportDirection
func (TransportDirection) String ¶ added in v1.10.10
func (e TransportDirection) String() string
String - return a string representation of the enum
func (TransportDirection) SymbolSet ¶ added in v1.10.10
func (e TransportDirection) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*TransportDirection) UnmarshalJSON ¶ added in v1.10.10
func (e *TransportDirection) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TransportDirection
type TransportRule ¶ added in v1.10.10
type TransportRule struct { // // source or destination endpoints defined in terms of CIDR notation // EndPoint string `json:"endPoint"` // // range of port numbers for incoming connections // SourcePortRange string `json:"sourcePortRange"` // // destination / listener port of the service // Port int32 `json:"port"` // // protocol of the connection // Protocol string `json:"protocol"` // // transport direction // Direction TransportDirection `json:"direction"` }
TransportRule -
func NewTransportRule ¶ added in v1.10.10
func NewTransportRule(init ...*TransportRule) *TransportRule
NewTransportRule - creates an initialized TransportRule instance, returns a pointer to it
func (*TransportRule) UnmarshalJSON ¶ added in v1.10.10
func (self *TransportRule) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TransportRule
func (*TransportRule) Validate ¶ added in v1.10.10
func (self *TransportRule) Validate() error
Validate - checks for missing required fields, etc
type TransportRules ¶ added in v1.10.10
type TransportRules struct { IngressRules []*TransportRule `json:"ingressRules"` EgressRules []*TransportRule `json:"egressRules"` }
TransportRules -
func NewTransportRules ¶ added in v1.10.10
func NewTransportRules(init ...*TransportRules) *TransportRules
NewTransportRules - creates an initialized TransportRules instance, returns a pointer to it
func (*TransportRules) Init ¶ added in v1.10.10
func (self *TransportRules) Init() *TransportRules
Init - sets up the instance according to its default field values, if any
func (*TransportRules) UnmarshalJSON ¶ added in v1.10.10
func (self *TransportRules) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TransportRules
func (*TransportRules) Validate ¶ added in v1.10.10
func (self *TransportRules) Validate() error
Validate - checks for missing required fields, etc
type Workload ¶ added in v1.10.10
type Workload struct { // // name of the domain, optional for getWorkloadsByService API call // DomainName DomainName `json:"domainName"` // // name of the service, , optional for getWorkloadsByService API call // ServiceName EntityName `json:"serviceName"` // // unique identifier for the workload, usually defined by provider // Uuid string `json:"uuid"` // // list of IP addresses associated with the workload, optional for // getWorkloadsByIP API call // IpAddresses []string `json:"ipAddresses"` // // hostname associated with the workload // Hostname string `json:"hostname"` // // infrastructure provider e.g. k8s, AWS, Azure, openstack etc. // Provider string `json:"provider"` // // most recent update timestamp in the backend // UpdateTime rdl.Timestamp `json:"updateTime"` // // certificate expiry time (ex: getNotAfter) // CertExpiryTime rdl.Timestamp `json:"certExpiryTime"` }
Workload -
func NewWorkload ¶ added in v1.10.10
NewWorkload - creates an initialized Workload instance, returns a pointer to it
func (*Workload) Init ¶ added in v1.10.10
Init - sets up the instance according to its default field values, if any
func (*Workload) UnmarshalJSON ¶ added in v1.10.10
UnmarshalJSON is defined for proper JSON decoding of a Workload
type Workloads ¶ added in v1.10.10
type Workloads struct { // // list of workloads // WorkloadList []*Workload `json:"workloadList"` }
Workloads -
func NewWorkloads ¶ added in v1.10.10
NewWorkloads - creates an initialized Workloads instance, returns a pointer to it
func (*Workloads) Init ¶ added in v1.10.10
Init - sets up the instance according to its default field values, if any
func (*Workloads) UnmarshalJSON ¶ added in v1.10.10
UnmarshalJSON is defined for proper JSON decoding of a Workloads
type YEncoded ¶
type YEncoded string
YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.
type ZTSClient ¶
type ZTSClient struct { URL string Transport http.RoundTripper CredsHeader *string CredsToken *string Timeout time.Duration DisableRedirect bool }
func NewClient ¶
func NewClient(url string, transport http.RoundTripper) ZTSClient
NewClient creates and returns a new HTTP client object for the ZTS service
func (*ZTSClient) AddCredentials ¶
AddCredentials adds the credentials to the client for subsequent requests.
func (ZTSClient) DeleteInstanceIdentity ¶ added in v1.7.3
func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) error
func (ZTSClient) GetAWSTemporaryCredentials ¶
func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, externalId string) (*AWSTemporaryCredentials, error)
func (ZTSClient) GetAccess ¶
func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)
func (ZTSClient) GetCertificateAuthorityBundle ¶ added in v1.9.32
func (client ZTSClient) GetCertificateAuthorityBundle(name SimpleName) (*CertificateAuthorityBundle, error)
func (ZTSClient) GetDomainSignedPolicyData ¶
func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)
func (ZTSClient) GetHostServices ¶
func (client ZTSClient) GetHostServices(host string) (*HostServices, error)
func (ZTSClient) GetInstanceRegisterToken ¶ added in v1.10.10
func (client ZTSClient) GetInstanceRegisterToken(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) (*InstanceRegisterToken, error)
func (ZTSClient) GetJWKList ¶ added in v1.9.32
func (ZTSClient) GetOAuthConfig ¶ added in v1.10.46
func (client ZTSClient) GetOAuthConfig() (*OAuthConfig, error)
func (ZTSClient) GetOIDCResponse ¶ added in v1.10.44
func (client ZTSClient) GetOIDCResponse(responseType string, clientId ServiceName, redirectUri string, scope string, state EntityName, nonce EntityName, keyType SimpleName, fullArn *bool, expiryTime *int32) (*OIDCResponse, string, error)
func (ZTSClient) GetOpenIDConfig ¶ added in v1.10.43
func (client ZTSClient) GetOpenIDConfig() (*OpenIDConfig, error)
func (ZTSClient) GetPublicKeyEntry ¶
func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)
func (ZTSClient) GetRdlSchema ¶ added in v1.11.12
func (ZTSClient) GetResourceAccess ¶ added in v1.1.8
func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)
func (ZTSClient) GetResourceAccessExt ¶ added in v1.1.8
func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)
func (ZTSClient) GetRoleAccess ¶
func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)
func (ZTSClient) GetRoleToken ¶
func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, maxExpiryTime *int32, proxyForPrincipal EntityName) (*RoleToken, error)
func (ZTSClient) GetRolesRequireRoleCert ¶ added in v1.10.30
func (client ZTSClient) GetRolesRequireRoleCert(principal EntityName) (*RoleAccess, error)
func (ZTSClient) GetServiceIdentity ¶
func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)
func (ZTSClient) GetServiceIdentityList ¶
func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)
func (ZTSClient) GetTenantDomains ¶
func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, serviceName ServiceName) (*TenantDomains, error)
func (ZTSClient) GetTransportRules ¶ added in v1.10.10
func (client ZTSClient) GetTransportRules(domainName DomainName, serviceName EntityName) (*TransportRules, error)
func (ZTSClient) GetWorkloadsByIP ¶ added in v1.10.10
func (ZTSClient) GetWorkloadsByService ¶ added in v1.10.10
func (client ZTSClient) GetWorkloadsByService(domainName DomainName, serviceName EntityName) (*Workloads, error)
func (ZTSClient) PostAccessTokenRequest ¶ added in v1.9.32
func (client ZTSClient) PostAccessTokenRequest(request AccessTokenRequest) (*AccessTokenResponse, error)
func (ZTSClient) PostInstanceRefreshInformation ¶ added in v1.7.3
func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement, info *InstanceRefreshInformation) (*InstanceIdentity, error)
func (ZTSClient) PostInstanceRefreshRequest ¶
func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)
func (ZTSClient) PostInstanceRegisterInformation ¶ added in v1.7.3
func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)
func (ZTSClient) PostRoleCertificateRequest ¶
func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)
func (ZTSClient) PostRoleCertificateRequestExt ¶ added in v1.9.32
func (client ZTSClient) PostRoleCertificateRequestExt(req *RoleCertificateRequest) (*RoleCertificate, error)
func (ZTSClient) PostSSHCertRequest ¶ added in v1.7.53
func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)
func (ZTSClient) PostSignedPolicyRequest ¶ added in v1.10.33
func (client ZTSClient) PostSignedPolicyRequest(domainName DomainName, request *SignedPolicyRequest, matchingTag string) (*JWSPolicyData, string, error)
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
|
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token. |