Documentation ¶
Overview ¶
Package zms contains a client library to talk to Athenz ZMS.
Index ¶
- func Authenticator(url string) rdl.Authenticator
- func Authorizer(domain string, url string) rdl.Authorizer
- func ZMSSchema() *rdl.Schema
- type Access
- type ActionName
- type Assertion
- type AssertionEffect
- type AuthorityKeyword
- type AuthorityKeywords
- type AuthorityName
- type CompoundName
- type DanglingPolicy
- type DefaultAdmins
- type Domain
- type DomainData
- type DomainDataCheck
- type DomainGroupMember
- type DomainGroupMembers
- type DomainGroupMembership
- type DomainList
- type DomainMeta
- type DomainMetaList
- type DomainName
- type DomainPolicies
- type DomainRoleMember
- type DomainRoleMembers
- type DomainRoleMembership
- type DomainTemplate
- type DomainTemplateDetailsList
- type DomainTemplateList
- type Entity
- type EntityList
- type EntityName
- type Group
- type GroupAuditLog
- type GroupMember
- type GroupMemberName
- type GroupMembership
- type GroupMeta
- type GroupName
- type GroupSystemMeta
- type Groups
- type JWSDomain
- type LocationName
- type MemberName
- type MemberRole
- type Membership
- type Policies
- type Policy
- type PolicyList
- type ProviderResourceGroupRoles
- type PublicKeyEntry
- type Quota
- type ResourceAccess
- type ResourceAccessList
- type ResourceName
- type ResourceNames
- type Role
- type RoleAuditLog
- type RoleList
- type RoleMember
- type RoleMeta
- type RoleSystemMeta
- type Roles
- type ServerTemplateList
- type ServiceIdentities
- type ServiceIdentity
- type ServiceIdentityList
- type ServiceIdentitySystemMeta
- type ServiceName
- type ServicePrincipal
- type SignedDomain
- type SignedDomains
- type SignedPolicies
- type SignedToken
- type SimpleName
- type Status
- type StringList
- type SubDomain
- type Template
- type TemplateList
- type TemplateMetaData
- type TemplateParam
- type Tenancy
- type TenantResourceGroupRoles
- type TenantRoleAction
- type TopLevelDomain
- type User
- type UserDomain
- type UserList
- type UserToken
- type YBase64
- type YEncoded
- type ZMSClient
- func (client *ZMSClient) AddCredentials(header string, token string)
- func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, ...) error
- func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error
- func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error
- func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error
- func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string) error
- func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string) error
- func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) error
- func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string) error
- func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error
- func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string) error
- func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string) error
- func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string) error
- func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error
- func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string) error
- func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error
- func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string) error
- func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, ...) (*Access, error)
- func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, ...) (*Access, error)
- func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)
- func (client ZMSClient) GetDomain(domain DomainName) (*Domain, error)
- func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)
- func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, ...) (*DomainList, error)
- func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)
- func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)
- func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)
- func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)
- func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)
- func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)
- func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) (*GroupMembership, error)
- func (client ZMSClient) GetGroups(domainName DomainName, members *bool) (*Groups, error)
- func (client ZMSClient) GetJWSDomain(name DomainName) (*JWSDomain, error)
- func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) (*Membership, error)
- func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)
- func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName) (*DomainGroupMembership, error)
- func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName) (*DomainRoleMembership, error)
- func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool) (*Policies, error)
- func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)
- func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)
- func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)
- func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName) (*DomainRoleMember, error)
- func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) (*ProviderResourceGroupRoles, error)
- func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)
- func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)
- func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)
- func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, ...) (*Role, error)
- func (client ZMSClient) GetRoleList(domainName DomainName, limit *int32, skip string) (*RoleList, error)
- func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey CompoundName, ...) (*Roles, error)
- func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)
- func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool) (*ServiceIdentities, error)
- func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)
- func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)
- func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)
- func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, ...) (*SignedDomains, string, error)
- func (client ZMSClient) GetStatus() (*Status, error)
- func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)
- func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) (*TenantResourceGroupRoles, error)
- func (client ZMSClient) GetUserList() (*UserList, error)
- func (client ZMSClient) GetUserToken(userName SimpleName, serviceNames string, header *bool) (*UserToken, error)
- func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)
- func (client ZMSClient) PostSubDomain(parent DomainName, auditRef string, detail *SubDomain) (*Domain, error)
- func (client ZMSClient) PostTopLevelDomain(auditRef string, detail *TopLevelDomain) (*Domain, error)
- func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, detail *UserDomain) (*Domain, error)
- func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, ...) (*Assertion, error)
- func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error
- func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, detail *DomainMeta) error
- func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error
- func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error
- func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error
- func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, group *Group) error
- func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, group *Group) error
- func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, ...) error
- func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, policy *Policy) error
- func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) (*ProviderResourceGroupRoles, error)
- func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, ...) error
- func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error
- func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, role *Role) error
- func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, detail *RoleMeta) error
- func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, role *Role) error
- func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, ...) error
- func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error
- func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) (*TenantResourceGroupRoles, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authenticator ¶
func Authenticator(url string) rdl.Authenticator
Authenticator is an unoptimized authenticator that delegates to ZMS. The advantage is that there is no local state or config other than the url of ZMS (we don't need ZMS's public key to be local).
func Authorizer ¶
func Authorizer(domain string, url string) rdl.Authorizer
Authorizer returns an authorizer that calls zms. If the url is set to "", then the access is logged, but always succeeds (for debug purposes).
Types ¶
type Access ¶
type Access struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
Access - Access can be checked and returned as this resource.
func (*Access) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Access
type Assertion ¶
type Assertion struct { // // the subject of the assertion - a role // Role string `json:"role"` // // the object of the assertion. Must be in the local namespace. Can contain // wildcards // Resource string `json:"resource"` // // the predicate of the assertion. Can contain wildcards // Action string `json:"action"` // // the effect of the assertion in the policy language // Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"` // // assertion id - auto generated by server. Not required during put // operations. // Id *int64 `json:"id,omitempty" rdl:"optional"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"` }
Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.
func NewAssertion ¶
NewAssertion - creates an initialized Assertion instance, returns a pointer to it
func (*Assertion) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Assertion
type AssertionEffect ¶
type AssertionEffect int
AssertionEffect - Every assertion can have the effect of ALLOW or DENY.
const ( ALLOW AssertionEffect DENY )
AssertionEffect constants
func NewAssertionEffect ¶
func NewAssertionEffect(init ...interface{}) AssertionEffect
NewAssertionEffect - return a string representation of the enum
func (AssertionEffect) MarshalJSON ¶
func (e AssertionEffect) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a AssertionEffect
func (AssertionEffect) String ¶
func (e AssertionEffect) String() string
String - return a string representation of the enum
func (AssertionEffect) SymbolSet ¶
func (e AssertionEffect) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*AssertionEffect) UnmarshalJSON ¶
func (e *AssertionEffect) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect
type AuthorityKeyword ¶ added in v1.9.32
type AuthorityKeyword string
AuthorityKeyword - A comma separated list of authority keywords
type AuthorityName ¶
type AuthorityName string
AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.
type CompoundName ¶
type CompoundName string
CompoundName - A compound name. Most names in this API are compound names.
type DanglingPolicy ¶
type DanglingPolicy struct { PolicyName EntityName `json:"policyName"` RoleName EntityName `json:"roleName"` }
DanglingPolicy - A dangling policy where the assertion is referencing a role name that doesn't exist in the domain
func NewDanglingPolicy ¶
func NewDanglingPolicy(init ...*DanglingPolicy) *DanglingPolicy
NewDanglingPolicy - creates an initialized DanglingPolicy instance, returns a pointer to it
func (*DanglingPolicy) UnmarshalJSON ¶
func (self *DanglingPolicy) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DanglingPolicy
func (*DanglingPolicy) Validate ¶
func (self *DanglingPolicy) Validate() error
Validate - checks for missing required fields, etc
type DefaultAdmins ¶
type DefaultAdmins struct { // // list of domain administrators // Admins []ResourceName `json:"admins"` }
DefaultAdmins - The list of domain administrators.
func NewDefaultAdmins ¶
func NewDefaultAdmins(init ...*DefaultAdmins) *DefaultAdmins
NewDefaultAdmins - creates an initialized DefaultAdmins instance, returns a pointer to it
func (*DefaultAdmins) Init ¶
func (self *DefaultAdmins) Init() *DefaultAdmins
Init - sets up the instance according to its default field values, if any
func (*DefaultAdmins) UnmarshalJSON ¶
func (self *DefaultAdmins) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DefaultAdmins
func (*DefaultAdmins) Validate ¶
func (self *DefaultAdmins) Validate() error
Validate - checks for missing required fields, etc
type Domain ¶
type Domain struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // the common name to be referred to, the symbolic id. It is immutable // Name DomainName `json:"name"` // // the last modification timestamp of any object or attribute in this domain // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // unique identifier of the domain. generated on create, never reused // Id *rdl.UUID `json:"id,omitempty" rdl:"optional"` }
Domain - A domain is an independent partition of users, roles, and resources. Its name represents the definition of a namespace; the only way a new namespace can be created, from the top, is by creating Domains. Administration of a domain is governed by the parent domain (using reverse-DNS namespaces). The top level domains are governed by the special "sys.auth" domain.
func (*Domain) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Domain
type DomainData ¶
type DomainData struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // name of the domain // Name DomainName `json:"name"` // // list of roles in the domain // Roles []*Role `json:"roles"` // // list of policies in the domain signed with ZMS private key // Policies *SignedPolicies `json:"policies"` // // list of services in the domain // Services []*ServiceIdentity `json:"services"` // // list of entities in the domain // Entities []*Entity `json:"entities"` // // list of groups in the domain // Groups []*Group `json:"groups"` // // last modification timestamp // Modified rdl.Timestamp `json:"modified"` }
DomainData - A domain object that includes its roles, policies and services.
func NewDomainData ¶
func NewDomainData(init ...*DomainData) *DomainData
NewDomainData - creates an initialized DomainData instance, returns a pointer to it
func (*DomainData) Init ¶
func (self *DomainData) Init() *DomainData
Init - sets up the instance according to its default field values, if any
func (*DomainData) UnmarshalJSON ¶
func (self *DomainData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainData
func (*DomainData) Validate ¶
func (self *DomainData) Validate() error
Validate - checks for missing required fields, etc
type DomainDataCheck ¶
type DomainDataCheck struct { // // Names of roles not specified in any assertion. Might be empty or null if no // dangling roles. // DanglingRoles []EntityName `json:"danglingRoles,omitempty" rdl:"optional"` // // Policy+role tuples where role doesnt exist. Might be empty or null if no // dangling policies. // DanglingPolicies []*DanglingPolicy `json:"danglingPolicies,omitempty" rdl:"optional"` // // total number of policies // PolicyCount int32 `json:"policyCount"` // // total number of assertions // AssertionCount int32 `json:"assertionCount"` // // total number of assertions containing roles as wildcards // RoleWildCardCount int32 `json:"roleWildCardCount"` // // Service names (domain.service) that dont contain trust role if this is a // tenant domain. Might be empty or null, if not a tenant or if all providers // support this tenant. // ProvidersWithoutTrust []ServiceName `json:"providersWithoutTrust,omitempty" rdl:"optional"` // // Names of Tenant domains that dont contain assume role assertions if this is // a provider domain. Might be empty or null, if not a provider or if all // tenants support use this provider. // TenantsWithoutAssumeRole []DomainName `json:"tenantsWithoutAssumeRole,omitempty" rdl:"optional"` }
DomainDataCheck - Domain data object representing the results of a check operation looking for dangling roles, policies and trust relationships that are set either on tenant or provider side only
func NewDomainDataCheck ¶
func NewDomainDataCheck(init ...*DomainDataCheck) *DomainDataCheck
NewDomainDataCheck - creates an initialized DomainDataCheck instance, returns a pointer to it
func (*DomainDataCheck) UnmarshalJSON ¶
func (self *DomainDataCheck) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainDataCheck
func (*DomainDataCheck) Validate ¶
func (self *DomainDataCheck) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMember ¶ added in v1.9.32
type DomainGroupMember struct { // // name of the member // MemberName GroupMemberName `json:"memberName"` // // groups for this member // MemberGroups []*GroupMember `json:"memberGroups"` }
DomainGroupMember -
func NewDomainGroupMember ¶ added in v1.9.32
func NewDomainGroupMember(init ...*DomainGroupMember) *DomainGroupMember
NewDomainGroupMember - creates an initialized DomainGroupMember instance, returns a pointer to it
func (*DomainGroupMember) Init ¶ added in v1.9.32
func (self *DomainGroupMember) Init() *DomainGroupMember
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMember) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMember
func (*DomainGroupMember) Validate ¶ added in v1.9.32
func (self *DomainGroupMember) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMembers ¶ added in v1.9.32
type DomainGroupMembers struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // group members // Members []*DomainGroupMember `json:"members"` }
DomainGroupMembers -
func NewDomainGroupMembers ¶ added in v1.9.32
func NewDomainGroupMembers(init ...*DomainGroupMembers) *DomainGroupMembers
NewDomainGroupMembers - creates an initialized DomainGroupMembers instance, returns a pointer to it
func (*DomainGroupMembers) Init ¶ added in v1.9.32
func (self *DomainGroupMembers) Init() *DomainGroupMembers
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMembers) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMembers) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembers
func (*DomainGroupMembers) Validate ¶ added in v1.9.32
func (self *DomainGroupMembers) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMembership ¶ added in v1.9.32
type DomainGroupMembership struct {
DomainGroupMembersList []*DomainGroupMembers `json:"domainGroupMembersList"`
}
DomainGroupMembership -
func NewDomainGroupMembership ¶ added in v1.9.32
func NewDomainGroupMembership(init ...*DomainGroupMembership) *DomainGroupMembership
NewDomainGroupMembership - creates an initialized DomainGroupMembership instance, returns a pointer to it
func (*DomainGroupMembership) Init ¶ added in v1.9.32
func (self *DomainGroupMembership) Init() *DomainGroupMembership
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembership
func (*DomainGroupMembership) Validate ¶ added in v1.9.32
func (self *DomainGroupMembership) Validate() error
Validate - checks for missing required fields, etc
type DomainList ¶
type DomainList struct { // // list of domain names // Names []DomainName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next domain list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional"` }
DomainList - A paginated list of domains.
func NewDomainList ¶
func NewDomainList(init ...*DomainList) *DomainList
NewDomainList - creates an initialized DomainList instance, returns a pointer to it
func (*DomainList) Init ¶
func (self *DomainList) Init() *DomainList
Init - sets up the instance according to its default field values, if any
func (*DomainList) UnmarshalJSON ¶
func (self *DomainList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainList
func (*DomainList) Validate ¶
func (self *DomainList) Validate() error
Validate - checks for missing required fields, etc
type DomainMeta ¶
type DomainMeta struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` }
DomainMeta - Set of metadata attributes that all domains may have and can be changed.
func NewDomainMeta ¶
func NewDomainMeta(init ...*DomainMeta) *DomainMeta
NewDomainMeta - creates an initialized DomainMeta instance, returns a pointer to it
func (*DomainMeta) Init ¶
func (self *DomainMeta) Init() *DomainMeta
Init - sets up the instance according to its default field values, if any
func (*DomainMeta) UnmarshalJSON ¶
func (self *DomainMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMeta
func (*DomainMeta) Validate ¶
func (self *DomainMeta) Validate() error
Validate - checks for missing required fields, etc
type DomainMetaList ¶ added in v1.9.32
type DomainMetaList struct { // // list of domain objects // Domains []*Domain `json:"domains"` }
DomainMetaList - A list of domain objects with their meta attributes.
func NewDomainMetaList ¶ added in v1.9.32
func NewDomainMetaList(init ...*DomainMetaList) *DomainMetaList
NewDomainMetaList - creates an initialized DomainMetaList instance, returns a pointer to it
func (*DomainMetaList) Init ¶ added in v1.9.32
func (self *DomainMetaList) Init() *DomainMetaList
Init - sets up the instance according to its default field values, if any
func (*DomainMetaList) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainMetaList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetaList
func (*DomainMetaList) Validate ¶ added in v1.9.32
func (self *DomainMetaList) Validate() error
Validate - checks for missing required fields, etc
type DomainName ¶
type DomainName string
DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.
type DomainPolicies ¶
type DomainPolicies struct { // // name of the domain // Domain DomainName `json:"domain"` // // list of policies defined in this server // Policies []*Policy `json:"policies"` }
DomainPolicies - We need to include the name of the domain in this struct since this data will be passed back to ZPU through ZTS so we need to sign not only the list of policies but also the corresponding domain name that the policies belong to.
func NewDomainPolicies ¶
func NewDomainPolicies(init ...*DomainPolicies) *DomainPolicies
NewDomainPolicies - creates an initialized DomainPolicies instance, returns a pointer to it
func (*DomainPolicies) Init ¶
func (self *DomainPolicies) Init() *DomainPolicies
Init - sets up the instance according to its default field values, if any
func (*DomainPolicies) UnmarshalJSON ¶
func (self *DomainPolicies) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainPolicies
func (*DomainPolicies) Validate ¶
func (self *DomainPolicies) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMember ¶ added in v1.9.32
type DomainRoleMember struct { // // name of the member // MemberName MemberName `json:"memberName"` // // roles for this member // MemberRoles []*MemberRole `json:"memberRoles"` }
DomainRoleMember -
func NewDomainRoleMember ¶ added in v1.9.32
func NewDomainRoleMember(init ...*DomainRoleMember) *DomainRoleMember
NewDomainRoleMember - creates an initialized DomainRoleMember instance, returns a pointer to it
func (*DomainRoleMember) Init ¶ added in v1.9.32
func (self *DomainRoleMember) Init() *DomainRoleMember
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMember) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMember
func (*DomainRoleMember) Validate ¶ added in v1.9.32
func (self *DomainRoleMember) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMembers ¶ added in v1.9.32
type DomainRoleMembers struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // role members // Members []*DomainRoleMember `json:"members"` }
DomainRoleMembers -
func NewDomainRoleMembers ¶ added in v1.9.32
func NewDomainRoleMembers(init ...*DomainRoleMembers) *DomainRoleMembers
NewDomainRoleMembers - creates an initialized DomainRoleMembers instance, returns a pointer to it
func (*DomainRoleMembers) Init ¶ added in v1.9.32
func (self *DomainRoleMembers) Init() *DomainRoleMembers
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMembers) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMembers) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembers
func (*DomainRoleMembers) Validate ¶ added in v1.9.32
func (self *DomainRoleMembers) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMembership ¶ added in v1.9.32
type DomainRoleMembership struct {
DomainRoleMembersList []*DomainRoleMembers `json:"domainRoleMembersList"`
}
DomainRoleMembership -
func NewDomainRoleMembership ¶ added in v1.9.32
func NewDomainRoleMembership(init ...*DomainRoleMembership) *DomainRoleMembership
NewDomainRoleMembership - creates an initialized DomainRoleMembership instance, returns a pointer to it
func (*DomainRoleMembership) Init ¶ added in v1.9.32
func (self *DomainRoleMembership) Init() *DomainRoleMembership
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembership
func (*DomainRoleMembership) Validate ¶ added in v1.9.32
func (self *DomainRoleMembership) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplate ¶
type DomainTemplate struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` // // optional template parameters // Params []*TemplateParam `json:"params,omitempty" rdl:"optional"` }
DomainTemplate - solution template(s) to be applied to a domain
func NewDomainTemplate ¶
func NewDomainTemplate(init ...*DomainTemplate) *DomainTemplate
NewDomainTemplate - creates an initialized DomainTemplate instance, returns a pointer to it
func (*DomainTemplate) Init ¶
func (self *DomainTemplate) Init() *DomainTemplate
Init - sets up the instance according to its default field values, if any
func (*DomainTemplate) UnmarshalJSON ¶
func (self *DomainTemplate) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplate
func (*DomainTemplate) Validate ¶
func (self *DomainTemplate) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplateDetailsList ¶ added in v1.9.32
type DomainTemplateDetailsList struct { // // list of template metadata // MetaData []*TemplateMetaData `json:"metaData"` }
DomainTemplateDetailsList - List of templates with metadata details given a domain
func NewDomainTemplateDetailsList ¶ added in v1.9.32
func NewDomainTemplateDetailsList(init ...*DomainTemplateDetailsList) *DomainTemplateDetailsList
NewDomainTemplateDetailsList - creates an initialized DomainTemplateDetailsList instance, returns a pointer to it
func (*DomainTemplateDetailsList) Init ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) Init() *DomainTemplateDetailsList
Init - sets up the instance according to its default field values, if any
func (*DomainTemplateDetailsList) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateDetailsList
func (*DomainTemplateDetailsList) Validate ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplateList ¶
type DomainTemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
DomainTemplateList - List of solution templates to be applied to a domain
func NewDomainTemplateList ¶
func NewDomainTemplateList(init ...*DomainTemplateList) *DomainTemplateList
NewDomainTemplateList - creates an initialized DomainTemplateList instance, returns a pointer to it
func (*DomainTemplateList) Init ¶
func (self *DomainTemplateList) Init() *DomainTemplateList
Init - sets up the instance according to its default field values, if any
func (*DomainTemplateList) UnmarshalJSON ¶
func (self *DomainTemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateList
func (*DomainTemplateList) Validate ¶
func (self *DomainTemplateList) Validate() error
Validate - checks for missing required fields, etc
type Entity ¶
type Entity struct { // // name of the entity object // Name ResourceName `json:"name"` // // value of the entity // Value rdl.Struct `json:"value"` }
Entity - An entity is a name and a structured value. some entity names/prefixes are reserved (i.e. "role", "policy", "meta", "domain", "service")
func (*Entity) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Entity
type EntityList ¶
type EntityList struct { // // list of entity names // Names []EntityName `json:"names"` }
EntityList - The representation for an enumeration of entities in the namespace
func NewEntityList ¶
func NewEntityList(init ...*EntityList) *EntityList
NewEntityList - creates an initialized EntityList instance, returns a pointer to it
func (*EntityList) Init ¶
func (self *EntityList) Init() *EntityList
Init - sets up the instance according to its default field values, if any
func (*EntityList) UnmarshalJSON ¶
func (self *EntityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a EntityList
func (*EntityList) Validate ¶
func (self *EntityList) Validate() error
Validate - checks for missing required fields, etc
type EntityName ¶
type EntityName string
EntityName - An entity name is a short form of a resource name, including only the domain and entity.
type Group ¶ added in v1.9.32
type Group struct { // // Flag indicates whether or not group allows self service. Users can add // themselves in the group, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"` // // Flag indicates whether or not group updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"` // // name of the group // Name ResourceName `json:"name"` // // last modification timestamp of the group // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // members with expiration // GroupMembers []*GroupMember `json:"groupMembers,omitempty" rdl:"optional"` // // an audit log for group membership changes // AuditLog []*GroupAuditLog `json:"auditLog,omitempty" rdl:"optional"` // // Flag indicates whether or not group updates should require GRC approval. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // last review timestamp of the group // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional"` }
Group - The representation for a Group with set of members.
func NewGroup ¶ added in v1.9.32
NewGroup - creates an initialized Group instance, returns a pointer to it
func (*Group) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a Group
type GroupAuditLog ¶ added in v1.9.32
type GroupAuditLog struct { // // name of the group member // Member GroupMemberName `json:"member"` // // name of the principal executing the change // Admin ResourceName `json:"admin"` // // timestamp of the entry // Created rdl.Timestamp `json:"created"` // // log action - e.g. add, delete, approve, etc // Action string `json:"action"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` }
GroupAuditLog - An audit log entry for group membership change.
func NewGroupAuditLog ¶ added in v1.9.32
func NewGroupAuditLog(init ...*GroupAuditLog) *GroupAuditLog
NewGroupAuditLog - creates an initialized GroupAuditLog instance, returns a pointer to it
func (*GroupAuditLog) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupAuditLog) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupAuditLog
func (*GroupAuditLog) Validate ¶ added in v1.9.32
func (self *GroupAuditLog) Validate() error
Validate - checks for missing required fields, etc
type GroupMember ¶ added in v1.9.32
type GroupMember struct { // // name of the member // MemberName GroupMemberName `json:"memberName,omitempty" rdl:"optional"` // // name of the group // GroupName ResourceName `json:"groupName,omitempty" rdl:"optional"` // // name of the domain // DomainName DomainName `json:"domainName,omitempty" rdl:"optional"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled groups ) or by domain admins ( in case of selfserve // groups ) // Approved *bool `json:"approved,omitempty" rdl:"optional"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"` // // for pending membership requests, time when last notification was sent // LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"` // // for pending membership requests, time when last notification was sent (for // file store) // ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional"` // // user disabled by system based on configured group setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"` // // server use only - principal type: unknown(0), user(1) or service(2) // PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional"` }
GroupMember -
func NewGroupMember ¶ added in v1.9.32
func NewGroupMember(init ...*GroupMember) *GroupMember
NewGroupMember - creates an initialized GroupMember instance, returns a pointer to it
func (*GroupMember) Init ¶ added in v1.9.32
func (self *GroupMember) Init() *GroupMember
Init - sets up the instance according to its default field values, if any
func (*GroupMember) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupMember
func (*GroupMember) Validate ¶ added in v1.9.32
func (self *GroupMember) Validate() error
Validate - checks for missing required fields, etc
type GroupMemberName ¶ added in v1.9.32
type GroupMemberName string
GroupMemberName - A group member name
type GroupMembership ¶ added in v1.9.32
type GroupMembership struct { // // name of the member // MemberName GroupMemberName `json:"memberName"` // // flag to indicate whether or the user is a member or not // IsMember *bool `json:"isMember,omitempty" rdl:"optional"` // // name of the group // GroupName ResourceName `json:"groupName,omitempty" rdl:"optional"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled groups ) or by domain admins ( in case of selfserve // groups ) // Approved *bool `json:"approved,omitempty" rdl:"optional"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"` // // user disabled by system based on configured group setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"` }
GroupMembership - The representation for a group membership.
func NewGroupMembership ¶ added in v1.9.32
func NewGroupMembership(init ...*GroupMembership) *GroupMembership
NewGroupMembership - creates an initialized GroupMembership instance, returns a pointer to it
func (*GroupMembership) Init ¶ added in v1.9.32
func (self *GroupMembership) Init() *GroupMembership
Init - sets up the instance according to its default field values, if any
func (*GroupMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupMembership
func (*GroupMembership) Validate ¶ added in v1.9.32
func (self *GroupMembership) Validate() error
Validate - checks for missing required fields, etc
type GroupMeta ¶ added in v1.9.32
type GroupMeta struct { // // Flag indicates whether or not group allows self service. Users can add // themselves in the group, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"` // // Flag indicates whether or not group updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"` }
GroupMeta - Set of metadata attributes that all groups may have and can be changed by domain admins.
func NewGroupMeta ¶ added in v1.9.32
NewGroupMeta - creates an initialized GroupMeta instance, returns a pointer to it
func (*GroupMeta) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a GroupMeta
type GroupSystemMeta ¶ added in v1.9.32
type GroupSystemMeta struct { // // Flag indicates whether or not group updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` }
GroupSystemMeta - Set of system metadata attributes that all groups may have and can be changed by system admins.
func NewGroupSystemMeta ¶ added in v1.9.32
func NewGroupSystemMeta(init ...*GroupSystemMeta) *GroupSystemMeta
NewGroupSystemMeta - creates an initialized GroupSystemMeta instance, returns a pointer to it
func (*GroupSystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupSystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupSystemMeta
func (*GroupSystemMeta) Validate ¶ added in v1.9.32
func (self *GroupSystemMeta) Validate() error
Validate - checks for missing required fields, etc
type Groups ¶ added in v1.9.32
type Groups struct { // // list of group objects // List []*Group `json:"list"` }
Groups - The representation for a list of groups with full details
func NewGroups ¶ added in v1.9.32
NewGroups - creates an initialized Groups instance, returns a pointer to it
func (*Groups) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*Groups) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a Groups
type JWSDomain ¶ added in v1.9.32
type JWSDomain struct { Payload string `json:"payload"` Protected string `json:"protected"` Header map[string]string `json:"header"` Signature string `json:"signature"` }
JWSDomain - SignedDomain using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2
func NewJWSDomain ¶ added in v1.9.32
NewJWSDomain - creates an initialized JWSDomain instance, returns a pointer to it
func (*JWSDomain) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*JWSDomain) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a JWSDomain
type LocationName ¶
type LocationName string
LocationName - A location name is not yet defined, but will be a dotted name like everything else.
type MemberName ¶ added in v1.7.3
type MemberName string
MemberName - Role Member name - could be one of four values: *, DomainName.* or ServiceName[*], or GroupNames
type MemberRole ¶ added in v1.9.32
type MemberRole struct { // // name of the role // RoleName ResourceName `json:"roleName"` // // name of the domain // DomainName DomainName `json:"domainName,omitempty" rdl:"optional"` // // name of the member // MemberName MemberName `json:"memberName,omitempty" rdl:"optional"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` // // pending members only - name of the principal requesting the change // RequestPrincipal EntityName `json:"requestPrincipal,omitempty" rdl:"optional"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"` }
MemberRole -
func NewMemberRole ¶ added in v1.9.32
func NewMemberRole(init ...*MemberRole) *MemberRole
NewMemberRole - creates an initialized MemberRole instance, returns a pointer to it
func (*MemberRole) Init ¶ added in v1.9.32
func (self *MemberRole) Init() *MemberRole
Init - sets up the instance according to its default field values, if any
func (*MemberRole) UnmarshalJSON ¶ added in v1.9.32
func (self *MemberRole) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a MemberRole
func (*MemberRole) Validate ¶ added in v1.9.32
func (self *MemberRole) Validate() error
Validate - checks for missing required fields, etc
type Membership ¶
type Membership struct { // // name of the member // MemberName MemberName `json:"memberName"` // // flag to indicate whether or the user is a member or not // IsMember *bool `json:"isMember,omitempty" rdl:"optional"` // // name of the role // RoleName ResourceName `json:"roleName,omitempty" rdl:"optional"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled roles ) or by domain admins ( in case of selfserve roles // ) // Approved *bool `json:"approved,omitempty" rdl:"optional"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"` }
Membership - The representation for a role membership.
func NewMembership ¶
func NewMembership(init ...*Membership) *Membership
NewMembership - creates an initialized Membership instance, returns a pointer to it
func (*Membership) Init ¶
func (self *Membership) Init() *Membership
Init - sets up the instance according to its default field values, if any
func (*Membership) UnmarshalJSON ¶
func (self *Membership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a Membership
func (*Membership) Validate ¶
func (self *Membership) Validate() error
Validate - checks for missing required fields, etc
type Policies ¶
type Policies struct { // // list of policy objects // List []*Policy `json:"list"` }
Policies - The representation of list of policy objects
func NewPolicies ¶
NewPolicies - creates an initialized Policies instance, returns a pointer to it
func (*Policies) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policies
type Policy ¶
type Policy struct { // // name of the policy // Name ResourceName `json:"name"` // // last modification timestamp of this policy // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // list of defined assertions for this policy // Assertions []*Assertion `json:"assertions"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"` }
Policy - The representation for a Policy with set of assertions.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policy
type PolicyList ¶
type PolicyList struct { // // list of policy names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next policy list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional"` }
PolicyList - The representation for an enumeration of policies in the namespace, with pagination.
func NewPolicyList ¶
func NewPolicyList(init ...*PolicyList) *PolicyList
NewPolicyList - creates an initialized PolicyList instance, returns a pointer to it
func (*PolicyList) Init ¶
func (self *PolicyList) Init() *PolicyList
Init - sets up the instance according to its default field values, if any
func (*PolicyList) UnmarshalJSON ¶
func (self *PolicyList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PolicyList
func (*PolicyList) Validate ¶
func (self *PolicyList) Validate() error
Validate - checks for missing required fields, etc
type ProviderResourceGroupRoles ¶
type ProviderResourceGroupRoles struct { // // name of the provider domain // Domain DomainName `json:"domain"` // // name of the provider service // Service SimpleName `json:"service"` // // name of the tenant domain // Tenant DomainName `json:"tenant"` // // the role/action pairs to provision // Roles []*TenantRoleAction `json:"roles"` // // tenant resource group // ResourceGroup EntityName `json:"resourceGroup"` // // optional flag indicating whether to create a default tenancy admin role // CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional"` }
ProviderResourceGroupRoles - A representation of provider roles to be provisioned.
func NewProviderResourceGroupRoles ¶
func NewProviderResourceGroupRoles(init ...*ProviderResourceGroupRoles) *ProviderResourceGroupRoles
NewProviderResourceGroupRoles - creates an initialized ProviderResourceGroupRoles instance, returns a pointer to it
func (*ProviderResourceGroupRoles) Init ¶
func (self *ProviderResourceGroupRoles) Init() *ProviderResourceGroupRoles
Init - sets up the instance according to its default field values, if any
func (*ProviderResourceGroupRoles) UnmarshalJSON ¶
func (self *ProviderResourceGroupRoles) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ProviderResourceGroupRoles
func (*ProviderResourceGroupRoles) Validate ¶
func (self *ProviderResourceGroupRoles) Validate() error
Validate - checks for missing required fields, etc
type PublicKeyEntry ¶
type PublicKeyEntry struct { // // the public key for the service // Key string `json:"key"` // // the key identifier (version or zone name) // Id string `json:"id"` }
PublicKeyEntry - The representation of the public key in a service identity object.
func NewPublicKeyEntry ¶
func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry
NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it
func (*PublicKeyEntry) UnmarshalJSON ¶
func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry
func (*PublicKeyEntry) Validate ¶
func (self *PublicKeyEntry) Validate() error
Validate - checks for missing required fields, etc
type Quota ¶ added in v1.7.19
type Quota struct { // // name of the domain object // Name DomainName `json:"name"` // // number of subdomains allowed (applied at top level domain level) // Subdomain int32 `json:"subdomain"` // // number of roles allowed // Role int32 `json:"role"` // // number of members a role may have // RoleMember int32 `json:"roleMember"` // // number of policies allowed // Policy int32 `json:"policy"` // // total number of assertions a policy may have // Assertion int32 `json:"assertion"` // // total number of entity objects // Entity int32 `json:"entity"` // // number of services allowed // Service int32 `json:"service"` // // number of hosts allowed per service // ServiceHost int32 `json:"serviceHost"` // // number of public keys per service // PublicKey int32 `json:"publicKey"` // // number of groups per domain // Group int32 `json:"group"` // // number of members a group may have // GroupMember int32 `json:"groupMember"` // // the last modification timestamp of the quota object // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` }
Quota - The representation for a quota object
func NewQuota ¶ added in v1.7.19
NewQuota - creates an initialized Quota instance, returns a pointer to it
func (*Quota) UnmarshalJSON ¶ added in v1.7.19
UnmarshalJSON is defined for proper JSON decoding of a Quota
type ResourceAccess ¶
type ResourceAccess struct { Principal ResourceName `json:"principal"` Assertions []*Assertion `json:"assertions"` }
ResourceAccess -
func NewResourceAccess ¶
func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess
NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it
func (*ResourceAccess) Init ¶
func (self *ResourceAccess) Init() *ResourceAccess
Init - sets up the instance according to its default field values, if any
func (*ResourceAccess) UnmarshalJSON ¶
func (self *ResourceAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess
func (*ResourceAccess) Validate ¶
func (self *ResourceAccess) Validate() error
Validate - checks for missing required fields, etc
type ResourceAccessList ¶
type ResourceAccessList struct {
Resources []*ResourceAccess `json:"resources"`
}
ResourceAccessList -
func NewResourceAccessList ¶
func NewResourceAccessList(init ...*ResourceAccessList) *ResourceAccessList
NewResourceAccessList - creates an initialized ResourceAccessList instance, returns a pointer to it
func (*ResourceAccessList) Init ¶
func (self *ResourceAccessList) Init() *ResourceAccessList
Init - sets up the instance according to its default field values, if any
func (*ResourceAccessList) UnmarshalJSON ¶
func (self *ResourceAccessList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccessList
func (*ResourceAccessList) Validate ¶
func (self *ResourceAccessList) Validate() error
Validate - checks for missing required fields, etc
type ResourceName ¶
type ResourceName string
ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.
type ResourceNames ¶ added in v1.9.32
type ResourceNames string
ResourceNames - A comma separated list of resource names
type Role ¶
type Role struct { // // Flag indicates whether or not role allows self service. Users can add // themselves in the role, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"` // // all user members in the role will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this role will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // certs issued for this role will have specified max timeout in mins // CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the role will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all user members in the role will have specified max review days // MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional"` // // all services in the role will have specified max review days // ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional"` // // Flag indicates whether or not role updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // name of the role // Name ResourceName `json:"name"` // // last modification timestamp of the role // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // an explicit list of members. Might be empty or null, if trust is set // Members []MemberName `json:"members,omitempty" rdl:"optional"` // // members with expiration // RoleMembers []*RoleMember `json:"roleMembers,omitempty" rdl:"optional"` // // a trusted domain to delegate membership decisions to // Trust DomainName `json:"trust,omitempty" rdl:"optional"` // // an audit log for role membership changes // AuditLog []*RoleAuditLog `json:"auditLog,omitempty" rdl:"optional"` // // Flag indicates whether or not role updates should require GRC approval. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // last review timestamp of the role // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional"` }
Role - The representation for a Role with set of members.
func (*Role) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Role
type RoleAuditLog ¶
type RoleAuditLog struct { // // name of the role member // Member MemberName `json:"member"` // // name of the principal executing the change // Admin ResourceName `json:"admin"` // // timestamp of the entry // Created rdl.Timestamp `json:"created"` // // log action - e.g. add, delete, approve, etc // Action string `json:"action"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` }
RoleAuditLog - An audit log entry for role membership change.
func NewRoleAuditLog ¶
func NewRoleAuditLog(init ...*RoleAuditLog) *RoleAuditLog
NewRoleAuditLog - creates an initialized RoleAuditLog instance, returns a pointer to it
func (*RoleAuditLog) UnmarshalJSON ¶
func (self *RoleAuditLog) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleAuditLog
func (*RoleAuditLog) Validate ¶
func (self *RoleAuditLog) Validate() error
Validate - checks for missing required fields, etc
type RoleList ¶
type RoleList struct { // // list of role names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next role list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional"` }
RoleList - The representation for an enumeration of roles in the namespace, with pagination.
func NewRoleList ¶
NewRoleList - creates an initialized RoleList instance, returns a pointer to it
func (*RoleList) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a RoleList
type RoleMember ¶ added in v1.1.5
type RoleMember struct { // // name of the member // MemberName MemberName `json:"memberName"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled roles ) or by domain admins ( in case of selfserve roles // ) // Approved *bool `json:"approved,omitempty" rdl:"optional"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"` // // for pending membership requests, time when last notification was sent // LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"` // // for pending membership requests, time when last notification was sent (for // file store) // ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"` // // server use only - principal type: unknown(0), user(1), service(2), or // group(3) // PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional"` }
RoleMember -
func NewRoleMember ¶ added in v1.1.5
func NewRoleMember(init ...*RoleMember) *RoleMember
NewRoleMember - creates an initialized RoleMember instance, returns a pointer to it
func (*RoleMember) Init ¶ added in v1.9.32
func (self *RoleMember) Init() *RoleMember
Init - sets up the instance according to its default field values, if any
func (*RoleMember) UnmarshalJSON ¶ added in v1.1.5
func (self *RoleMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleMember
func (*RoleMember) Validate ¶ added in v1.1.5
func (self *RoleMember) Validate() error
Validate - checks for missing required fields, etc
type RoleMeta ¶ added in v1.9.32
type RoleMeta struct { // // Flag indicates whether or not role allows self service. Users can add // themselves in the role, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"` // // all user members in the role will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this role will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // certs issued for this role will have specified max timeout in mins // CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the role will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all user members in the role will have specified max review days // MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional"` // // all services in the role will have specified max review days // ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional"` // // Flag indicates whether or not role updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` }
RoleMeta - Set of metadata attributes that all roles may have and can be changed by domain admins.
func NewRoleMeta ¶ added in v1.9.32
NewRoleMeta - creates an initialized RoleMeta instance, returns a pointer to it
func (*RoleMeta) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a RoleMeta
type RoleSystemMeta ¶ added in v1.9.32
type RoleSystemMeta struct { // // Flag indicates whether or not role updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` }
RoleSystemMeta - Set of system metadata attributes that all roles may have and can be changed by system admins.
func NewRoleSystemMeta ¶ added in v1.9.32
func NewRoleSystemMeta(init ...*RoleSystemMeta) *RoleSystemMeta
NewRoleSystemMeta - creates an initialized RoleSystemMeta instance, returns a pointer to it
func (*RoleSystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *RoleSystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleSystemMeta
func (*RoleSystemMeta) Validate ¶ added in v1.9.32
func (self *RoleSystemMeta) Validate() error
Validate - checks for missing required fields, etc
type Roles ¶
type Roles struct { // // list of role objects // List []*Role `json:"list"` }
Roles - The representation for a list of roles with full details
func (*Roles) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Roles
type ServerTemplateList ¶
type ServerTemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
ServerTemplateList - List of solution templates available in the server
func NewServerTemplateList ¶
func NewServerTemplateList(init ...*ServerTemplateList) *ServerTemplateList
NewServerTemplateList - creates an initialized ServerTemplateList instance, returns a pointer to it
func (*ServerTemplateList) Init ¶
func (self *ServerTemplateList) Init() *ServerTemplateList
Init - sets up the instance according to its default field values, if any
func (*ServerTemplateList) UnmarshalJSON ¶
func (self *ServerTemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServerTemplateList
func (*ServerTemplateList) Validate ¶
func (self *ServerTemplateList) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentities ¶
type ServiceIdentities struct { // // list of services // List []*ServiceIdentity `json:"list"` }
ServiceIdentities - The representation of list of services
func NewServiceIdentities ¶
func NewServiceIdentities(init ...*ServiceIdentities) *ServiceIdentities
NewServiceIdentities - creates an initialized ServiceIdentities instance, returns a pointer to it
func (*ServiceIdentities) Init ¶
func (self *ServiceIdentities) Init() *ServiceIdentities
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentities) UnmarshalJSON ¶
func (self *ServiceIdentities) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentities
func (*ServiceIdentities) Validate ¶
func (self *ServiceIdentities) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentity ¶
type ServiceIdentity struct { // // the full name of the service, i.e. "sports.storage" // Name ServiceName `json:"name"` // // description of the service // Description string `json:"description" rdl:"optional"` // // array of public keys for key rotation // PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"` // // if present, then this service can provision tenants via this endpoint. // ProviderEndpoint string `json:"providerEndpoint" rdl:"optional"` // // the timestamp when this entry was last modified // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // the path of the executable that runs the service // Executable string `json:"executable" rdl:"optional"` // // list of host names that this service can run on // Hosts []string `json:"hosts,omitempty" rdl:"optional"` // // local (unix) user name this service can run as // User string `json:"user" rdl:"optional"` // // local (unix) group name this service can run as // Group string `json:"group" rdl:"optional"` }
ServiceIdentity - The representation of the service identity object.
func NewServiceIdentity ¶
func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity
NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it
func (*ServiceIdentity) UnmarshalJSON ¶
func (self *ServiceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity
func (*ServiceIdentity) Validate ¶
func (self *ServiceIdentity) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentityList ¶
type ServiceIdentityList struct { // // list of service names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next service list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional"` }
ServiceIdentityList - The representation for an enumeration of services in the namespace, with pagination.
func NewServiceIdentityList ¶
func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList
NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it
func (*ServiceIdentityList) Init ¶
func (self *ServiceIdentityList) Init() *ServiceIdentityList
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentityList) UnmarshalJSON ¶
func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList
func (*ServiceIdentityList) Validate ¶
func (self *ServiceIdentityList) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentitySystemMeta ¶ added in v1.9.32
type ServiceIdentitySystemMeta struct { // // provider callback endpoint // ProviderEndpoint string `json:"providerEndpoint" rdl:"optional"` }
ServiceIdentitySystemMeta - Set of system metadata attributes that all services may have and can be changed by system admins.
func NewServiceIdentitySystemMeta ¶ added in v1.9.32
func NewServiceIdentitySystemMeta(init ...*ServiceIdentitySystemMeta) *ServiceIdentitySystemMeta
NewServiceIdentitySystemMeta - creates an initialized ServiceIdentitySystemMeta instance, returns a pointer to it
func (*ServiceIdentitySystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *ServiceIdentitySystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentitySystemMeta
func (*ServiceIdentitySystemMeta) Validate ¶ added in v1.9.32
func (self *ServiceIdentitySystemMeta) Validate() error
Validate - checks for missing required fields, etc
type ServiceName ¶
type ServiceName string
ServiceName - A service name will generally be a unique subdomain.
type ServicePrincipal ¶
type ServicePrincipal struct { // // name of the domain // Domain DomainName `json:"domain"` // // name of the service // Service EntityName `json:"service"` // // service's signed token // Token SignedToken `json:"token"` }
ServicePrincipal - A service principal object identifying a given service.
func NewServicePrincipal ¶
func NewServicePrincipal(init ...*ServicePrincipal) *ServicePrincipal
NewServicePrincipal - creates an initialized ServicePrincipal instance, returns a pointer to it
func (*ServicePrincipal) UnmarshalJSON ¶
func (self *ServicePrincipal) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServicePrincipal
func (*ServicePrincipal) Validate ¶
func (self *ServicePrincipal) Validate() error
Validate - checks for missing required fields, etc
type SignedDomain ¶
type SignedDomain struct { // // domain object with its roles, policies and services // Domain *DomainData `json:"domain"` // // signature generated based on the domain object // Signature string `json:"signature" rdl:"optional"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId" rdl:"optional"` }
SignedDomain - A domain object signed with server's private key. The signature and keyid are optional if the metaonly flag is set to true in the getSignedDomains api call
func NewSignedDomain ¶
func NewSignedDomain(init ...*SignedDomain) *SignedDomain
NewSignedDomain - creates an initialized SignedDomain instance, returns a pointer to it
func (*SignedDomain) Init ¶
func (self *SignedDomain) Init() *SignedDomain
Init - sets up the instance according to its default field values, if any
func (*SignedDomain) UnmarshalJSON ¶
func (self *SignedDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedDomain
func (*SignedDomain) Validate ¶
func (self *SignedDomain) Validate() error
Validate - checks for missing required fields, etc
type SignedDomains ¶
type SignedDomains struct {
Domains []*SignedDomain `json:"domains"`
}
SignedDomains - A list of signed domain objects
func NewSignedDomains ¶
func NewSignedDomains(init ...*SignedDomains) *SignedDomains
NewSignedDomains - creates an initialized SignedDomains instance, returns a pointer to it
func (*SignedDomains) Init ¶
func (self *SignedDomains) Init() *SignedDomains
Init - sets up the instance according to its default field values, if any
func (*SignedDomains) UnmarshalJSON ¶
func (self *SignedDomains) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedDomains
func (*SignedDomains) Validate ¶
func (self *SignedDomains) Validate() error
Validate - checks for missing required fields, etc
type SignedPolicies ¶
type SignedPolicies struct { // // list of policies defined in a domain // Contents *DomainPolicies `json:"contents"` // // signature generated based on the domain policies object // Signature string `json:"signature"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId"` }
SignedPolicies - A signed bulk transfer of policies. The data is signed with server's private key.
func NewSignedPolicies ¶
func NewSignedPolicies(init ...*SignedPolicies) *SignedPolicies
NewSignedPolicies - creates an initialized SignedPolicies instance, returns a pointer to it
func (*SignedPolicies) Init ¶
func (self *SignedPolicies) Init() *SignedPolicies
Init - sets up the instance according to its default field values, if any
func (*SignedPolicies) UnmarshalJSON ¶
func (self *SignedPolicies) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedPolicies
func (*SignedPolicies) Validate ¶
func (self *SignedPolicies) Validate() error
Validate - checks for missing required fields, etc
type SignedToken ¶
type SignedToken string
SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles and : for IPv6 addresses
type SimpleName ¶
type SimpleName string
SimpleName - Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.
type Status ¶ added in v1.7.30
type Status struct { // // status message code // Code int32 `json:"code"` // // status message of the server // Message string `json:"message"` }
Status - The representation for a status object
func NewStatus ¶ added in v1.7.30
NewStatus - creates an initialized Status instance, returns a pointer to it
func (*Status) UnmarshalJSON ¶ added in v1.7.30
UnmarshalJSON is defined for proper JSON decoding of a Status
type StringList ¶ added in v1.9.32
type StringList struct { // // generic list of strings // List []CompoundName `json:"list"` }
StringList -
func NewStringList ¶ added in v1.9.32
func NewStringList(init ...*StringList) *StringList
NewStringList - creates an initialized StringList instance, returns a pointer to it
func (*StringList) Init ¶ added in v1.9.32
func (self *StringList) Init() *StringList
Init - sets up the instance according to its default field values, if any
func (*StringList) UnmarshalJSON ¶ added in v1.9.32
func (self *StringList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a StringList
func (*StringList) Validate ¶ added in v1.9.32
func (self *StringList) Validate() error
Validate - checks for missing required fields, etc
type SubDomain ¶
type SubDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // name of the domain // Name SimpleName `json:"name"` // // list of domain administrators // AdminUsers []ResourceName `json:"adminUsers"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"` // // name of the parent domain // Parent DomainName `json:"parent"` }
SubDomain - A Subdomain is a TopLevelDomain, except it has a parent.
func NewSubDomain ¶
NewSubDomain - creates an initialized SubDomain instance, returns a pointer to it
func (*SubDomain) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a SubDomain
type Template ¶
type Template struct { // // list of roles in the template // Roles []*Role `json:"roles"` // // list of policies defined in this template // Policies []*Policy `json:"policies"` // // list of services defined in this template // Services []*ServiceIdentity `json:"services,omitempty" rdl:"optional"` // // list of services defined in this template // Metadata *TemplateMetaData `json:"metadata,omitempty" rdl:"optional"` }
Template - Solution Template object defined on the server
func NewTemplate ¶
NewTemplate - creates an initialized Template instance, returns a pointer to it
func (*Template) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Template
type TemplateList ¶
type TemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
TemplateList - List of template names that is the base struct for server and domain templates
func NewTemplateList ¶
func NewTemplateList(init ...*TemplateList) *TemplateList
NewTemplateList - creates an initialized TemplateList instance, returns a pointer to it
func (*TemplateList) Init ¶
func (self *TemplateList) Init() *TemplateList
Init - sets up the instance according to its default field values, if any
func (*TemplateList) UnmarshalJSON ¶
func (self *TemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateList
func (*TemplateList) Validate ¶
func (self *TemplateList) Validate() error
Validate - checks for missing required fields, etc
type TemplateMetaData ¶ added in v1.9.32
type TemplateMetaData struct { // // name of the template // TemplateName string `json:"templateName" rdl:"optional"` // // description of the template // Description string `json:"description" rdl:"optional"` // // Version from DB(zms_store->domain_template->version) // CurrentVersion *int32 `json:"currentVersion,omitempty" rdl:"optional"` // // Bumped up version from solutions-template.json when there is a change // LatestVersion *int32 `json:"latestVersion,omitempty" rdl:"optional"` // // placeholders in the template roles/policies to replace (ex:_service_) // KeywordsToReplace string `json:"keywordsToReplace" rdl:"optional"` // // the updated timestamp of the template(solution_templates.json) // Timestamp *rdl.Timestamp `json:"timestamp,omitempty" rdl:"optional"` // // flag to automatically update the roles/policies that belongs to the // template // AutoUpdate *bool `json:"autoUpdate,omitempty" rdl:"optional"` }
TemplateMetaData - MetaData for template.
func NewTemplateMetaData ¶ added in v1.9.32
func NewTemplateMetaData(init ...*TemplateMetaData) *TemplateMetaData
NewTemplateMetaData - creates an initialized TemplateMetaData instance, returns a pointer to it
func (*TemplateMetaData) UnmarshalJSON ¶ added in v1.9.32
func (self *TemplateMetaData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateMetaData
func (*TemplateMetaData) Validate ¶ added in v1.9.32
func (self *TemplateMetaData) Validate() error
Validate - checks for missing required fields, etc
type TemplateParam ¶ added in v1.7.20
type TemplateParam struct { // // name of the parameter // Name SimpleName `json:"name"` // // value of the parameter // Value CompoundName `json:"value"` }
TemplateParam -
func NewTemplateParam ¶ added in v1.7.20
func NewTemplateParam(init ...*TemplateParam) *TemplateParam
NewTemplateParam - creates an initialized TemplateParam instance, returns a pointer to it
func (*TemplateParam) UnmarshalJSON ¶ added in v1.7.20
func (self *TemplateParam) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateParam
func (*TemplateParam) Validate ¶ added in v1.7.20
func (self *TemplateParam) Validate() error
Validate - checks for missing required fields, etc
type Tenancy ¶
type Tenancy struct { // // the domain that is to get a tenancy // Domain DomainName `json:"domain"` // // the provider service on which the tenancy is to reside // Service ServiceName `json:"service"` // // registered resource groups for this tenant // ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional"` // // optional flag indicating whether to create a default tenancy admin role // CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional"` }
Tenancy - A representation of tenant.
func NewTenancy ¶
NewTenancy - creates an initialized Tenancy instance, returns a pointer to it
func (*Tenancy) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*Tenancy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Tenancy
type TenantResourceGroupRoles ¶
type TenantResourceGroupRoles struct { // // name of the provider domain // Domain DomainName `json:"domain"` // // name of the provider service // Service SimpleName `json:"service"` // // name of the tenant domain // Tenant DomainName `json:"tenant"` // // the role/action pairs to provision // Roles []*TenantRoleAction `json:"roles"` // // tenant resource group // ResourceGroup EntityName `json:"resourceGroup"` }
TenantResourceGroupRoles - A representation of tenant roles for resource groups to be provisioned.
func NewTenantResourceGroupRoles ¶
func NewTenantResourceGroupRoles(init ...*TenantResourceGroupRoles) *TenantResourceGroupRoles
NewTenantResourceGroupRoles - creates an initialized TenantResourceGroupRoles instance, returns a pointer to it
func (*TenantResourceGroupRoles) Init ¶
func (self *TenantResourceGroupRoles) Init() *TenantResourceGroupRoles
Init - sets up the instance according to its default field values, if any
func (*TenantResourceGroupRoles) UnmarshalJSON ¶
func (self *TenantResourceGroupRoles) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantResourceGroupRoles
func (*TenantResourceGroupRoles) Validate ¶
func (self *TenantResourceGroupRoles) Validate() error
Validate - checks for missing required fields, etc
type TenantRoleAction ¶
type TenantRoleAction struct { // // name of the role // Role SimpleName `json:"role"` // // action value for the generated policy assertion // Action string `json:"action"` }
TenantRoleAction - A representation of tenant role action.
func NewTenantRoleAction ¶
func NewTenantRoleAction(init ...*TenantRoleAction) *TenantRoleAction
NewTenantRoleAction - creates an initialized TenantRoleAction instance, returns a pointer to it
func (*TenantRoleAction) UnmarshalJSON ¶
func (self *TenantRoleAction) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantRoleAction
func (*TenantRoleAction) Validate ¶
func (self *TenantRoleAction) Validate() error
Validate - checks for missing required fields, etc
type TopLevelDomain ¶
type TopLevelDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // name of the domain // Name SimpleName `json:"name"` // // list of domain administrators // AdminUsers []ResourceName `json:"adminUsers"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"` }
TopLevelDomain - Top Level Domain object. The required attributes include the name of the domain and list of domain administrators.
func NewTopLevelDomain ¶
func NewTopLevelDomain(init ...*TopLevelDomain) *TopLevelDomain
NewTopLevelDomain - creates an initialized TopLevelDomain instance, returns a pointer to it
func (*TopLevelDomain) Init ¶
func (self *TopLevelDomain) Init() *TopLevelDomain
Init - sets up the instance according to its default field values, if any
func (*TopLevelDomain) UnmarshalJSON ¶
func (self *TopLevelDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TopLevelDomain
func (*TopLevelDomain) Validate ¶
func (self *TopLevelDomain) Validate() error
Validate - checks for missing required fields, etc
type User ¶ added in v1.7.11
type User struct { // // name of the user // Name SimpleName `json:"name"` }
User - The representation for a user
func NewUser ¶ added in v1.7.11
NewUser - creates an initialized User instance, returns a pointer to it
func (*User) UnmarshalJSON ¶ added in v1.7.11
UnmarshalJSON is defined for proper JSON decoding of a User
type UserDomain ¶
type UserDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional"` // // a reference to an Organization. (i.e. org:media) // Org ResourceName `json:"org,omitempty" rdl:"optional"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"` // // associated aws account id (system attribute - uniqueness check) // Account string `json:"account" rdl:"optional"` // // associated product id (system attribute - uniqueness check) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"` // // associated azure subscription id (system attribute - uniqueness check) // AzureSubscription string `json:"azureSubscription" rdl:"optional"` // // key-value pair tags, tag might contain multiple values // Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"` // // user id which will be the domain name // Name SimpleName `json:"name"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"` }
UserDomain - A UserDomain is the user's own top level domain in user - e.g. user.hga
func NewUserDomain ¶
func NewUserDomain(init ...*UserDomain) *UserDomain
NewUserDomain - creates an initialized UserDomain instance, returns a pointer to it
func (*UserDomain) Init ¶
func (self *UserDomain) Init() *UserDomain
Init - sets up the instance according to its default field values, if any
func (*UserDomain) UnmarshalJSON ¶
func (self *UserDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a UserDomain
func (*UserDomain) Validate ¶
func (self *UserDomain) Validate() error
Validate - checks for missing required fields, etc
type UserList ¶ added in v1.7.11
type UserList struct { // // list of user names // Names []SimpleName `json:"names"` }
UserList -
func NewUserList ¶ added in v1.7.11
NewUserList - creates an initialized UserList instance, returns a pointer to it
func (*UserList) Init ¶ added in v1.7.11
Init - sets up the instance according to its default field values, if any
func (*UserList) UnmarshalJSON ¶ added in v1.7.11
UnmarshalJSON is defined for proper JSON decoding of a UserList
type UserToken ¶
type UserToken struct { // // Signed user token identifying a specific authenticated user // Token SignedToken `json:"token"` // // Authorization header name for the token // Header string `json:"header" rdl:"optional"` }
UserToken - A user token generated based on user's credentials
func NewUserToken ¶
NewUserToken - creates an initialized UserToken instance, returns a pointer to it
func (*UserToken) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a UserToken
type YEncoded ¶
type YEncoded string
YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.
type ZMSClient ¶
type ZMSClient struct { URL string Transport http.RoundTripper CredsHeader *string CredsToken *string Timeout time.Duration }
func NewClient ¶
func NewClient(url string, transport http.RoundTripper) ZMSClient
NewClient creates and returns a new HTTP client object for the ZMS service
func (*ZMSClient) AddCredentials ¶
AddCredentials adds the credentials to the client for subsequent requests.
func (ZMSClient) DeleteAssertion ¶
func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, auditRef string) error
func (ZMSClient) DeleteDomainRoleMember ¶ added in v1.9.32
func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error
func (ZMSClient) DeleteDomainTemplate ¶
func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error
func (ZMSClient) DeleteEntity ¶
func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error
func (ZMSClient) DeleteGroup ¶ added in v1.9.32
func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string) error
func (ZMSClient) DeleteGroupMembership ¶ added in v1.9.32
func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error
func (ZMSClient) DeleteMembership ¶
func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error
func (ZMSClient) DeletePendingGroupMembership ¶ added in v1.9.32
func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error
func (ZMSClient) DeletePendingMembership ¶ added in v1.9.32
func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error
func (ZMSClient) DeletePolicy ¶
func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string) error
func (ZMSClient) DeleteProviderResourceGroupRoles ¶
func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string) error
func (ZMSClient) DeletePublicKeyEntry ¶
func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string) error
func (ZMSClient) DeleteQuota ¶ added in v1.7.19
func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error
func (ZMSClient) DeleteRole ¶
func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string) error
func (ZMSClient) DeleteServiceIdentity ¶
func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string) error
func (ZMSClient) DeleteSubDomain ¶
func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string) error
func (ZMSClient) DeleteTenancy ¶
func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error
func (ZMSClient) DeleteTenant ¶ added in v1.9.32
func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string) error
func (ZMSClient) DeleteTenantResourceGroupRoles ¶
func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string) error
func (ZMSClient) DeleteTopLevelDomain ¶
func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string) error
func (ZMSClient) DeleteUser ¶ added in v1.7.11
func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error
func (ZMSClient) DeleteUserDomain ¶
func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string) error
func (ZMSClient) GetAccess ¶
func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*Access, error)
func (ZMSClient) GetAccessExt ¶
func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*Access, error)
func (ZMSClient) GetAssertion ¶
func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)
func (ZMSClient) GetDomainDataCheck ¶
func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)
func (ZMSClient) GetDomainList ¶
func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, productId *int32, roleMember ResourceName, roleName ResourceName, subscription string, tagKey CompoundName, tagValue CompoundName, modifiedSince string) (*DomainList, error)
func (ZMSClient) GetDomainRoleMembers ¶ added in v1.9.32
func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)
func (ZMSClient) GetDomainTemplateDetailsList ¶ added in v1.9.32
func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)
func (ZMSClient) GetDomainTemplateList ¶
func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)
func (ZMSClient) GetEntity ¶
func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)
func (ZMSClient) GetEntityList ¶
func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)
func (ZMSClient) GetGroup ¶ added in v1.9.32
func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)
func (ZMSClient) GetGroupMembership ¶ added in v1.9.32
func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, expiration string) (*GroupMembership, error)
func (ZMSClient) GetGroups ¶ added in v1.9.32
func (client ZMSClient) GetGroups(domainName DomainName, members *bool) (*Groups, error)
func (ZMSClient) GetJWSDomain ¶ added in v1.9.32
func (client ZMSClient) GetJWSDomain(name DomainName) (*JWSDomain, error)
func (ZMSClient) GetMembership ¶
func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, expiration string) (*Membership, error)
func (ZMSClient) GetOverdueReview ¶ added in v1.9.32
func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)
func (ZMSClient) GetPendingDomainGroupMembersList ¶ added in v1.9.32
func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName) (*DomainGroupMembership, error)
func (ZMSClient) GetPendingDomainRoleMembersList ¶ added in v1.9.32
func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName) (*DomainRoleMembership, error)
func (ZMSClient) GetPolicies ¶
func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool) (*Policies, error)
func (ZMSClient) GetPolicy ¶
func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)
func (ZMSClient) GetPolicyList ¶
func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)
func (ZMSClient) GetPrincipalGroups ¶ added in v1.9.32
func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)
func (ZMSClient) GetPrincipalRoles ¶ added in v1.9.32
func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName) (*DomainRoleMember, error)
func (ZMSClient) GetProviderResourceGroupRoles ¶
func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName) (*ProviderResourceGroupRoles, error)
func (ZMSClient) GetPublicKeyEntry ¶
func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)
func (ZMSClient) GetQuota ¶ added in v1.7.19
func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)
func (ZMSClient) GetResourceAccessList ¶
func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)
func (ZMSClient) GetRole ¶
func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, pending *bool) (*Role, error)
func (ZMSClient) GetRoleList ¶
func (ZMSClient) GetRoles ¶
func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey CompoundName, tagValue CompoundName) (*Roles, error)
func (ZMSClient) GetServerTemplateList ¶
func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)
func (ZMSClient) GetServiceIdentities ¶
func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool) (*ServiceIdentities, error)
func (ZMSClient) GetServiceIdentity ¶
func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)
func (ZMSClient) GetServiceIdentityList ¶
func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)
func (ZMSClient) GetServicePrincipal ¶
func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)
func (ZMSClient) GetSignedDomains ¶
func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, matchingTag string) (*SignedDomains, string, error)
func (ZMSClient) GetTemplate ¶
func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)
func (ZMSClient) GetTenantResourceGroupRoles ¶
func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName) (*TenantResourceGroupRoles, error)
func (ZMSClient) GetUserList ¶ added in v1.7.11
func (ZMSClient) GetUserToken ¶
func (ZMSClient) OptionsUserToken ¶
func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)
func (ZMSClient) PostSubDomain ¶
func (ZMSClient) PostTopLevelDomain ¶
func (client ZMSClient) PostTopLevelDomain(auditRef string, detail *TopLevelDomain) (*Domain, error)
func (ZMSClient) PostUserDomain ¶
func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, detail *UserDomain) (*Domain, error)
func (ZMSClient) PutAssertion ¶
func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, assertion *Assertion) (*Assertion, error)
func (ZMSClient) PutDefaultAdmins ¶
func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error
func (ZMSClient) PutDomainMeta ¶
func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, detail *DomainMeta) error
func (ZMSClient) PutDomainSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error
func (ZMSClient) PutDomainTemplate ¶
func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error
func (ZMSClient) PutDomainTemplateExt ¶ added in v1.7.32
func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, domainTemplate *DomainTemplate) error
func (ZMSClient) PutEntity ¶
func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error
func (ZMSClient) PutGroup ¶ added in v1.9.32
func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, group *Group) error
func (ZMSClient) PutGroupMembership ¶ added in v1.9.32
func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error
func (ZMSClient) PutGroupMembershipDecision ¶ added in v1.9.32
func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error
func (ZMSClient) PutGroupMeta ¶ added in v1.9.32
func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, detail *GroupMeta) error
func (ZMSClient) PutGroupReview ¶ added in v1.9.32
func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, group *Group) error
func (ZMSClient) PutGroupSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, auditRef string, detail *GroupSystemMeta) error
func (ZMSClient) PutMembership ¶
func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error
func (ZMSClient) PutMembershipDecision ¶ added in v1.9.32
func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error
func (ZMSClient) PutPolicy ¶
func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, policy *Policy) error
func (ZMSClient) PutProviderResourceGroupRoles ¶
func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string, detail *ProviderResourceGroupRoles) (*ProviderResourceGroupRoles, error)
func (ZMSClient) PutPublicKeyEntry ¶
func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, publicKeyEntry *PublicKeyEntry) error
func (ZMSClient) PutQuota ¶ added in v1.7.19
func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error
func (ZMSClient) PutRole ¶
func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, role *Role) error
func (ZMSClient) PutRoleMeta ¶ added in v1.9.32
func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, detail *RoleMeta) error
func (ZMSClient) PutRoleReview ¶ added in v1.9.32
func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, role *Role) error
func (ZMSClient) PutRoleSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, auditRef string, detail *RoleSystemMeta) error
func (ZMSClient) PutServiceIdentity ¶
func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, detail *ServiceIdentity) error
func (ZMSClient) PutServiceIdentitySystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, detail *ServiceIdentitySystemMeta) error
func (ZMSClient) PutTenancy ¶
func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error
func (ZMSClient) PutTenant ¶ added in v1.9.32
func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string, detail *Tenancy) error
func (ZMSClient) PutTenantResourceGroupRoles ¶
func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string, detail *TenantResourceGroupRoles) (*TenantResourceGroupRoles, error)
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
get-access
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.
|
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain. |