zms

package
v1.10.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2021 License: Apache-2.0 Imports: 12 Imported by: 2

README

zms-go-client

A Go client library to talk to Athenz ZMS.

The model.go and client.go files are generated from zms_core, and checked in so users of this library need not know that.

Additionally, an implementation of rdl.Authorizer and rdl.Authenticator are provided that use this library to delegate that functionality to Athenz ZMS:

Release Notes:

Version 1.0 (2016-09-06)
 - Initial opensource release

## Usage

To get it into your workspace:

    go get github.com/AthenZ/athenz/clients/go/zms

Then in your Go code:

    import (
        zms "github.com/AthenZ/athenz/clients/go/zms"
    )
    func main() {
         var principal rdl.Principal /* init this from an actual user credential */
         ...
         client := zms.NewClient()
         client.AddCredentials(principal.GetHTTPHeaderName(), principal.GetCredentials())
         dmn, err := client.GetDomain("athenz") //
         ...
    }

To use the ZMSAuthorizer from your RDL-generated server:

    import (
        zms "github.com/AthenZ/athenz/clients/go/zms"
    )
    ...
    endpoint := "localhost:4080"
    domain := "your.server.domain"

    zmsURL := "http://localhost:10080/zms/v1" //set this to "" for debug mode
    authn := zms.Authenticator(zmsURL)
    authz := zms.Authorizer(domain, zmsURL)

    handler := contacts.Init(impl, url, authz, authn)
    http.ListenAndServe(endpoint, handler)

## License

Copyright 2016 Yahoo Inc.

Licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

Documentation

Overview

Package zms contains a client library to talk to Athenz ZMS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authenticator

func Authenticator(url string) rdl.Authenticator

Authenticator is an unoptimized authenticator that delegates to ZMS. The advantage is that there is no local state or config other than the url of ZMS (we don't need ZMS's public key to be local).

func Authorizer

func Authorizer(domain string, url string) rdl.Authorizer

Authorizer returns an authorizer that calls zms. If the url is set to "", then the access is logged, but always succeeds (for debug purposes).

func ZMSSchema

func ZMSSchema() *rdl.Schema

Types

type Access

type Access struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

Access - Access can be checked and returned as this resource.

func NewAccess

func NewAccess(init ...*Access) *Access

NewAccess - creates an initialized Access instance, returns a pointer to it

func (*Access) UnmarshalJSON

func (self *Access) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Access

func (*Access) Validate

func (self *Access) Validate() error

Validate - checks for missing required fields, etc

type ActionName

type ActionName string

ActionName - An action (operation) name.

type Assertion

type Assertion struct {

	//
	// the subject of the assertion - a role
	//
	Role string `json:"role"`

	//
	// the object of the assertion. Must be in the local namespace. Can contain
	// wildcards
	//
	Resource string `json:"resource"`

	//
	// the predicate of the assertion. Can contain wildcards
	//
	Action string `json:"action"`

	//
	// the effect of the assertion in the policy language
	//
	Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"`

	//
	// assertion id - auto generated by server. Not required during put
	// operations.
	//
	Id *int64 `json:"id,omitempty" rdl:"optional"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"`
}

Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.

func NewAssertion

func NewAssertion(init ...*Assertion) *Assertion

NewAssertion - creates an initialized Assertion instance, returns a pointer to it

func (*Assertion) UnmarshalJSON

func (self *Assertion) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Assertion

func (*Assertion) Validate

func (self *Assertion) Validate() error

Validate - checks for missing required fields, etc

type AssertionEffect

type AssertionEffect int

AssertionEffect - Every assertion can have the effect of ALLOW or DENY.

const (
	ALLOW AssertionEffect
	DENY
)

AssertionEffect constants

func NewAssertionEffect

func NewAssertionEffect(init ...interface{}) AssertionEffect

NewAssertionEffect - return a string representation of the enum

func (AssertionEffect) MarshalJSON

func (e AssertionEffect) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionEffect

func (AssertionEffect) String

func (e AssertionEffect) String() string

String - return a string representation of the enum

func (AssertionEffect) SymbolSet

func (e AssertionEffect) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionEffect) UnmarshalJSON

func (e *AssertionEffect) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect

type AuthorityKeyword added in v1.9.32

type AuthorityKeyword string

AuthorityKeyword - A comma separated list of authority keywords

type AuthorityKeywords added in v1.9.32

type AuthorityKeywords string

AuthorityKeywords -

type AuthorityName

type AuthorityName string

AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.

type CompoundName

type CompoundName string

CompoundName - A compound name. Most names in this API are compound names.

type DanglingPolicy

type DanglingPolicy struct {
	PolicyName EntityName `json:"policyName"`
	RoleName   EntityName `json:"roleName"`
}

DanglingPolicy - A dangling policy where the assertion is referencing a role name that doesn't exist in the domain

func NewDanglingPolicy

func NewDanglingPolicy(init ...*DanglingPolicy) *DanglingPolicy

NewDanglingPolicy - creates an initialized DanglingPolicy instance, returns a pointer to it

func (*DanglingPolicy) UnmarshalJSON

func (self *DanglingPolicy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DanglingPolicy

func (*DanglingPolicy) Validate

func (self *DanglingPolicy) Validate() error

Validate - checks for missing required fields, etc

type DefaultAdmins

type DefaultAdmins struct {

	//
	// list of domain administrators
	//
	Admins []ResourceName `json:"admins"`
}

DefaultAdmins - The list of domain administrators.

func NewDefaultAdmins

func NewDefaultAdmins(init ...*DefaultAdmins) *DefaultAdmins

NewDefaultAdmins - creates an initialized DefaultAdmins instance, returns a pointer to it

func (*DefaultAdmins) Init

func (self *DefaultAdmins) Init() *DefaultAdmins

Init - sets up the instance according to its default field values, if any

func (*DefaultAdmins) UnmarshalJSON

func (self *DefaultAdmins) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DefaultAdmins

func (*DefaultAdmins) Validate

func (self *DefaultAdmins) Validate() error

Validate - checks for missing required fields, etc

type Domain

type Domain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// the common name to be referred to, the symbolic id. It is immutable
	//
	Name DomainName `json:"name"`

	//
	// the last modification timestamp of any object or attribute in this domain
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// unique identifier of the domain. generated on create, never reused
	//
	Id *rdl.UUID `json:"id,omitempty" rdl:"optional"`
}

Domain - A domain is an independent partition of users, roles, and resources. Its name represents the definition of a namespace; the only way a new namespace can be created, from the top, is by creating Domains. Administration of a domain is governed by the parent domain (using reverse-DNS namespaces). The top level domains are governed by the special "sys.auth" domain.

func NewDomain

func NewDomain(init ...*Domain) *Domain

NewDomain - creates an initialized Domain instance, returns a pointer to it

func (*Domain) Init

func (self *Domain) Init() *Domain

Init - sets up the instance according to its default field values, if any

func (*Domain) UnmarshalJSON

func (self *Domain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Domain

func (*Domain) Validate

func (self *Domain) Validate() error

Validate - checks for missing required fields, etc

type DomainData

type DomainData struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// name of the domain
	//
	Name DomainName `json:"name"`

	//
	// list of roles in the domain
	//
	Roles []*Role `json:"roles"`

	//
	// list of policies in the domain signed with ZMS private key
	//
	Policies *SignedPolicies `json:"policies"`

	//
	// list of services in the domain
	//
	Services []*ServiceIdentity `json:"services"`

	//
	// list of entities in the domain
	//
	Entities []*Entity `json:"entities"`

	//
	// list of groups in the domain
	//
	Groups []*Group `json:"groups"`

	//
	// last modification timestamp
	//
	Modified rdl.Timestamp `json:"modified"`
}

DomainData - A domain object that includes its roles, policies and services.

func NewDomainData

func NewDomainData(init ...*DomainData) *DomainData

NewDomainData - creates an initialized DomainData instance, returns a pointer to it

func (*DomainData) Init

func (self *DomainData) Init() *DomainData

Init - sets up the instance according to its default field values, if any

func (*DomainData) UnmarshalJSON

func (self *DomainData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainData

func (*DomainData) Validate

func (self *DomainData) Validate() error

Validate - checks for missing required fields, etc

type DomainDataCheck

type DomainDataCheck struct {

	//
	// Names of roles not specified in any assertion. Might be empty or null if no
	// dangling roles.
	//
	DanglingRoles []EntityName `json:"danglingRoles,omitempty" rdl:"optional"`

	//
	// Policy+role tuples where role doesnt exist. Might be empty or null if no
	// dangling policies.
	//
	DanglingPolicies []*DanglingPolicy `json:"danglingPolicies,omitempty" rdl:"optional"`

	//
	// total number of policies
	//
	PolicyCount int32 `json:"policyCount"`

	//
	// total number of assertions
	//
	AssertionCount int32 `json:"assertionCount"`

	//
	// total number of assertions containing roles as wildcards
	//
	RoleWildCardCount int32 `json:"roleWildCardCount"`

	//
	// Service names (domain.service) that dont contain trust role if this is a
	// tenant domain. Might be empty or null, if not a tenant or if all providers
	// support this tenant.
	//
	ProvidersWithoutTrust []ServiceName `json:"providersWithoutTrust,omitempty" rdl:"optional"`

	//
	// Names of Tenant domains that dont contain assume role assertions if this is
	// a provider domain. Might be empty or null, if not a provider or if all
	// tenants support use this provider.
	//
	TenantsWithoutAssumeRole []DomainName `json:"tenantsWithoutAssumeRole,omitempty" rdl:"optional"`
}

DomainDataCheck - Domain data object representing the results of a check operation looking for dangling roles, policies and trust relationships that are set either on tenant or provider side only

func NewDomainDataCheck

func NewDomainDataCheck(init ...*DomainDataCheck) *DomainDataCheck

NewDomainDataCheck - creates an initialized DomainDataCheck instance, returns a pointer to it

func (*DomainDataCheck) UnmarshalJSON

func (self *DomainDataCheck) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainDataCheck

func (*DomainDataCheck) Validate

func (self *DomainDataCheck) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMember added in v1.9.32

type DomainGroupMember struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName"`

	//
	// groups for this member
	//
	MemberGroups []*GroupMember `json:"memberGroups"`
}

DomainGroupMember -

func NewDomainGroupMember added in v1.9.32

func NewDomainGroupMember(init ...*DomainGroupMember) *DomainGroupMember

NewDomainGroupMember - creates an initialized DomainGroupMember instance, returns a pointer to it

func (*DomainGroupMember) Init added in v1.9.32

func (self *DomainGroupMember) Init() *DomainGroupMember

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMember) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMember

func (*DomainGroupMember) Validate added in v1.9.32

func (self *DomainGroupMember) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMembers added in v1.9.32

type DomainGroupMembers struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// group members
	//
	Members []*DomainGroupMember `json:"members"`
}

DomainGroupMembers -

func NewDomainGroupMembers added in v1.9.32

func NewDomainGroupMembers(init ...*DomainGroupMembers) *DomainGroupMembers

NewDomainGroupMembers - creates an initialized DomainGroupMembers instance, returns a pointer to it

func (*DomainGroupMembers) Init added in v1.9.32

func (self *DomainGroupMembers) Init() *DomainGroupMembers

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMembers) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMembers) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembers

func (*DomainGroupMembers) Validate added in v1.9.32

func (self *DomainGroupMembers) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMembership added in v1.9.32

type DomainGroupMembership struct {
	DomainGroupMembersList []*DomainGroupMembers `json:"domainGroupMembersList"`
}

DomainGroupMembership -

func NewDomainGroupMembership added in v1.9.32

func NewDomainGroupMembership(init ...*DomainGroupMembership) *DomainGroupMembership

NewDomainGroupMembership - creates an initialized DomainGroupMembership instance, returns a pointer to it

func (*DomainGroupMembership) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMembership) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembership

func (*DomainGroupMembership) Validate added in v1.9.32

func (self *DomainGroupMembership) Validate() error

Validate - checks for missing required fields, etc

type DomainList

type DomainList struct {

	//
	// list of domain names
	//
	Names []DomainName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next domain list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional"`
}

DomainList - A paginated list of domains.

func NewDomainList

func NewDomainList(init ...*DomainList) *DomainList

NewDomainList - creates an initialized DomainList instance, returns a pointer to it

func (*DomainList) Init

func (self *DomainList) Init() *DomainList

Init - sets up the instance according to its default field values, if any

func (*DomainList) UnmarshalJSON

func (self *DomainList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainList

func (*DomainList) Validate

func (self *DomainList) Validate() error

Validate - checks for missing required fields, etc

type DomainMeta

type DomainMeta struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`
}

DomainMeta - Set of metadata attributes that all domains may have and can be changed.

func NewDomainMeta

func NewDomainMeta(init ...*DomainMeta) *DomainMeta

NewDomainMeta - creates an initialized DomainMeta instance, returns a pointer to it

func (*DomainMeta) Init

func (self *DomainMeta) Init() *DomainMeta

Init - sets up the instance according to its default field values, if any

func (*DomainMeta) UnmarshalJSON

func (self *DomainMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMeta

func (*DomainMeta) Validate

func (self *DomainMeta) Validate() error

Validate - checks for missing required fields, etc

type DomainMetaList added in v1.9.32

type DomainMetaList struct {

	//
	// list of domain objects
	//
	Domains []*Domain `json:"domains"`
}

DomainMetaList - A list of domain objects with their meta attributes.

func NewDomainMetaList added in v1.9.32

func NewDomainMetaList(init ...*DomainMetaList) *DomainMetaList

NewDomainMetaList - creates an initialized DomainMetaList instance, returns a pointer to it

func (*DomainMetaList) Init added in v1.9.32

func (self *DomainMetaList) Init() *DomainMetaList

Init - sets up the instance according to its default field values, if any

func (*DomainMetaList) UnmarshalJSON added in v1.9.32

func (self *DomainMetaList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetaList

func (*DomainMetaList) Validate added in v1.9.32

func (self *DomainMetaList) Validate() error

Validate - checks for missing required fields, etc

type DomainName

type DomainName string

DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.

type DomainPolicies

type DomainPolicies struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// list of policies defined in this server
	//
	Policies []*Policy `json:"policies"`
}

DomainPolicies - We need to include the name of the domain in this struct since this data will be passed back to ZPU through ZTS so we need to sign not only the list of policies but also the corresponding domain name that the policies belong to.

func NewDomainPolicies

func NewDomainPolicies(init ...*DomainPolicies) *DomainPolicies

NewDomainPolicies - creates an initialized DomainPolicies instance, returns a pointer to it

func (*DomainPolicies) Init

func (self *DomainPolicies) Init() *DomainPolicies

Init - sets up the instance according to its default field values, if any

func (*DomainPolicies) UnmarshalJSON

func (self *DomainPolicies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainPolicies

func (*DomainPolicies) Validate

func (self *DomainPolicies) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMember added in v1.9.32

type DomainRoleMember struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// roles for this member
	//
	MemberRoles []*MemberRole `json:"memberRoles"`
}

DomainRoleMember -

func NewDomainRoleMember added in v1.9.32

func NewDomainRoleMember(init ...*DomainRoleMember) *DomainRoleMember

NewDomainRoleMember - creates an initialized DomainRoleMember instance, returns a pointer to it

func (*DomainRoleMember) Init added in v1.9.32

func (self *DomainRoleMember) Init() *DomainRoleMember

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMember) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMember

func (*DomainRoleMember) Validate added in v1.9.32

func (self *DomainRoleMember) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMembers added in v1.9.32

type DomainRoleMembers struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// role members
	//
	Members []*DomainRoleMember `json:"members"`
}

DomainRoleMembers -

func NewDomainRoleMembers added in v1.9.32

func NewDomainRoleMembers(init ...*DomainRoleMembers) *DomainRoleMembers

NewDomainRoleMembers - creates an initialized DomainRoleMembers instance, returns a pointer to it

func (*DomainRoleMembers) Init added in v1.9.32

func (self *DomainRoleMembers) Init() *DomainRoleMembers

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMembers) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMembers) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembers

func (*DomainRoleMembers) Validate added in v1.9.32

func (self *DomainRoleMembers) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMembership added in v1.9.32

type DomainRoleMembership struct {
	DomainRoleMembersList []*DomainRoleMembers `json:"domainRoleMembersList"`
}

DomainRoleMembership -

func NewDomainRoleMembership added in v1.9.32

func NewDomainRoleMembership(init ...*DomainRoleMembership) *DomainRoleMembership

NewDomainRoleMembership - creates an initialized DomainRoleMembership instance, returns a pointer to it

func (*DomainRoleMembership) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMembership) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembership

func (*DomainRoleMembership) Validate added in v1.9.32

func (self *DomainRoleMembership) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplate

type DomainTemplate struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`

	//
	// optional template parameters
	//
	Params []*TemplateParam `json:"params,omitempty" rdl:"optional"`
}

DomainTemplate - solution template(s) to be applied to a domain

func NewDomainTemplate

func NewDomainTemplate(init ...*DomainTemplate) *DomainTemplate

NewDomainTemplate - creates an initialized DomainTemplate instance, returns a pointer to it

func (*DomainTemplate) Init

func (self *DomainTemplate) Init() *DomainTemplate

Init - sets up the instance according to its default field values, if any

func (*DomainTemplate) UnmarshalJSON

func (self *DomainTemplate) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplate

func (*DomainTemplate) Validate

func (self *DomainTemplate) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplateDetailsList added in v1.9.32

type DomainTemplateDetailsList struct {

	//
	// list of template metadata
	//
	MetaData []*TemplateMetaData `json:"metaData"`
}

DomainTemplateDetailsList - List of templates with metadata details given a domain

func NewDomainTemplateDetailsList added in v1.9.32

func NewDomainTemplateDetailsList(init ...*DomainTemplateDetailsList) *DomainTemplateDetailsList

NewDomainTemplateDetailsList - creates an initialized DomainTemplateDetailsList instance, returns a pointer to it

func (*DomainTemplateDetailsList) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainTemplateDetailsList) UnmarshalJSON added in v1.9.32

func (self *DomainTemplateDetailsList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateDetailsList

func (*DomainTemplateDetailsList) Validate added in v1.9.32

func (self *DomainTemplateDetailsList) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplateList

type DomainTemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

DomainTemplateList - List of solution templates to be applied to a domain

func NewDomainTemplateList

func NewDomainTemplateList(init ...*DomainTemplateList) *DomainTemplateList

NewDomainTemplateList - creates an initialized DomainTemplateList instance, returns a pointer to it

func (*DomainTemplateList) Init

func (self *DomainTemplateList) Init() *DomainTemplateList

Init - sets up the instance according to its default field values, if any

func (*DomainTemplateList) UnmarshalJSON

func (self *DomainTemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateList

func (*DomainTemplateList) Validate

func (self *DomainTemplateList) Validate() error

Validate - checks for missing required fields, etc

type Entity

type Entity struct {

	//
	// name of the entity object
	//
	Name ResourceName `json:"name"`

	//
	// value of the entity
	//
	Value rdl.Struct `json:"value"`
}

Entity - An entity is a name and a structured value. some entity names/prefixes are reserved (i.e. "role", "policy", "meta", "domain", "service")

func NewEntity

func NewEntity(init ...*Entity) *Entity

NewEntity - creates an initialized Entity instance, returns a pointer to it

func (*Entity) Init

func (self *Entity) Init() *Entity

Init - sets up the instance according to its default field values, if any

func (*Entity) UnmarshalJSON

func (self *Entity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Entity

func (*Entity) Validate

func (self *Entity) Validate() error

Validate - checks for missing required fields, etc

type EntityList

type EntityList struct {

	//
	// list of entity names
	//
	Names []EntityName `json:"names"`
}

EntityList - The representation for an enumeration of entities in the namespace

func NewEntityList

func NewEntityList(init ...*EntityList) *EntityList

NewEntityList - creates an initialized EntityList instance, returns a pointer to it

func (*EntityList) Init

func (self *EntityList) Init() *EntityList

Init - sets up the instance according to its default field values, if any

func (*EntityList) UnmarshalJSON

func (self *EntityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a EntityList

func (*EntityList) Validate

func (self *EntityList) Validate() error

Validate - checks for missing required fields, etc

type EntityName

type EntityName string

EntityName - An entity name is a short form of a resource name, including only the domain and entity.

type Group added in v1.9.32

type Group struct {

	//
	// Flag indicates whether or not group allows self service. Users can add
	// themselves in the group, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not group updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"`

	//
	// name of the group
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of the group
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// members with expiration
	//
	GroupMembers []*GroupMember `json:"groupMembers,omitempty" rdl:"optional"`

	//
	// an audit log for group membership changes
	//
	AuditLog []*GroupAuditLog `json:"auditLog,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not group updates should require GRC approval. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// last review timestamp of the group
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional"`
}

Group - The representation for a Group with set of members.

func NewGroup added in v1.9.32

func NewGroup(init ...*Group) *Group

NewGroup - creates an initialized Group instance, returns a pointer to it

func (*Group) UnmarshalJSON added in v1.9.32

func (self *Group) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Group

func (*Group) Validate added in v1.9.32

func (self *Group) Validate() error

Validate - checks for missing required fields, etc

type GroupAuditLog added in v1.9.32

type GroupAuditLog struct {

	//
	// name of the group member
	//
	Member GroupMemberName `json:"member"`

	//
	// name of the principal executing the change
	//
	Admin ResourceName `json:"admin"`

	//
	// timestamp of the entry
	//
	Created rdl.Timestamp `json:"created"`

	//
	// log action - e.g. add, delete, approve, etc
	//
	Action string `json:"action"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`
}

GroupAuditLog - An audit log entry for group membership change.

func NewGroupAuditLog added in v1.9.32

func NewGroupAuditLog(init ...*GroupAuditLog) *GroupAuditLog

NewGroupAuditLog - creates an initialized GroupAuditLog instance, returns a pointer to it

func (*GroupAuditLog) UnmarshalJSON added in v1.9.32

func (self *GroupAuditLog) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupAuditLog

func (*GroupAuditLog) Validate added in v1.9.32

func (self *GroupAuditLog) Validate() error

Validate - checks for missing required fields, etc

type GroupMember added in v1.9.32

type GroupMember struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName,omitempty" rdl:"optional"`

	//
	// name of the group
	//
	GroupName ResourceName `json:"groupName,omitempty" rdl:"optional"`

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName,omitempty" rdl:"optional"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled groups ) or by domain admins ( in case of selfserve
	// groups )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"`

	//
	// for pending membership requests, time when last notification was sent
	//
	LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"`

	//
	// for pending membership requests, time when last notification was sent (for
	// file store)
	//
	ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional"`

	//
	// user disabled by system based on configured group setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"`

	//
	// server use only - principal type: unknown(0), user(1) or service(2)
	//
	PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional"`
}

GroupMember -

func NewGroupMember added in v1.9.32

func NewGroupMember(init ...*GroupMember) *GroupMember

NewGroupMember - creates an initialized GroupMember instance, returns a pointer to it

func (*GroupMember) Init added in v1.9.32

func (self *GroupMember) Init() *GroupMember

Init - sets up the instance according to its default field values, if any

func (*GroupMember) UnmarshalJSON added in v1.9.32

func (self *GroupMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMember

func (*GroupMember) Validate added in v1.9.32

func (self *GroupMember) Validate() error

Validate - checks for missing required fields, etc

type GroupMemberName added in v1.9.32

type GroupMemberName string

GroupMemberName - A group member name

type GroupMembership added in v1.9.32

type GroupMembership struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName"`

	//
	// flag to indicate whether or the user is a member or not
	//
	IsMember *bool `json:"isMember,omitempty" rdl:"optional"`

	//
	// name of the group
	//
	GroupName ResourceName `json:"groupName,omitempty" rdl:"optional"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled groups ) or by domain admins ( in case of selfserve
	// groups )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"`

	//
	// user disabled by system based on configured group setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"`
}

GroupMembership - The representation for a group membership.

func NewGroupMembership added in v1.9.32

func NewGroupMembership(init ...*GroupMembership) *GroupMembership

NewGroupMembership - creates an initialized GroupMembership instance, returns a pointer to it

func (*GroupMembership) Init added in v1.9.32

func (self *GroupMembership) Init() *GroupMembership

Init - sets up the instance according to its default field values, if any

func (*GroupMembership) UnmarshalJSON added in v1.9.32

func (self *GroupMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMembership

func (*GroupMembership) Validate added in v1.9.32

func (self *GroupMembership) Validate() error

Validate - checks for missing required fields, etc

type GroupMeta added in v1.9.32

type GroupMeta struct {

	//
	// Flag indicates whether or not group allows self service. Users can add
	// themselves in the group, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not group updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"`
}

GroupMeta - Set of metadata attributes that all groups may have and can be changed by domain admins.

func NewGroupMeta added in v1.9.32

func NewGroupMeta(init ...*GroupMeta) *GroupMeta

NewGroupMeta - creates an initialized GroupMeta instance, returns a pointer to it

func (*GroupMeta) UnmarshalJSON added in v1.9.32

func (self *GroupMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMeta

func (*GroupMeta) Validate added in v1.9.32

func (self *GroupMeta) Validate() error

Validate - checks for missing required fields, etc

type GroupName added in v1.9.32

type GroupName string

GroupName - A group name

type GroupSystemMeta added in v1.9.32

type GroupSystemMeta struct {

	//
	// Flag indicates whether or not group updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`
}

GroupSystemMeta - Set of system metadata attributes that all groups may have and can be changed by system admins.

func NewGroupSystemMeta added in v1.9.32

func NewGroupSystemMeta(init ...*GroupSystemMeta) *GroupSystemMeta

NewGroupSystemMeta - creates an initialized GroupSystemMeta instance, returns a pointer to it

func (*GroupSystemMeta) UnmarshalJSON added in v1.9.32

func (self *GroupSystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupSystemMeta

func (*GroupSystemMeta) Validate added in v1.9.32

func (self *GroupSystemMeta) Validate() error

Validate - checks for missing required fields, etc

type Groups added in v1.9.32

type Groups struct {

	//
	// list of group objects
	//
	List []*Group `json:"list"`
}

Groups - The representation for a list of groups with full details

func NewGroups added in v1.9.32

func NewGroups(init ...*Groups) *Groups

NewGroups - creates an initialized Groups instance, returns a pointer to it

func (*Groups) Init added in v1.9.32

func (self *Groups) Init() *Groups

Init - sets up the instance according to its default field values, if any

func (*Groups) UnmarshalJSON added in v1.9.32

func (self *Groups) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Groups

func (*Groups) Validate added in v1.9.32

func (self *Groups) Validate() error

Validate - checks for missing required fields, etc

type JWSDomain added in v1.9.32

type JWSDomain struct {
	Payload   string            `json:"payload"`
	Protected string            `json:"protected"`
	Header    map[string]string `json:"header"`
	Signature string            `json:"signature"`
}

JWSDomain - SignedDomain using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2

func NewJWSDomain added in v1.9.32

func NewJWSDomain(init ...*JWSDomain) *JWSDomain

NewJWSDomain - creates an initialized JWSDomain instance, returns a pointer to it

func (*JWSDomain) Init added in v1.9.32

func (self *JWSDomain) Init() *JWSDomain

Init - sets up the instance according to its default field values, if any

func (*JWSDomain) UnmarshalJSON added in v1.9.32

func (self *JWSDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWSDomain

func (*JWSDomain) Validate added in v1.9.32

func (self *JWSDomain) Validate() error

Validate - checks for missing required fields, etc

type LocationName

type LocationName string

LocationName - A location name is not yet defined, but will be a dotted name like everything else.

type MemberName added in v1.7.3

type MemberName string

MemberName - Role Member name - could be one of four values: *, DomainName.* or ServiceName[*], or GroupNames

type MemberRole added in v1.9.32

type MemberRole struct {

	//
	// name of the role
	//
	RoleName ResourceName `json:"roleName"`

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName,omitempty" rdl:"optional"`

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName,omitempty" rdl:"optional"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal EntityName `json:"requestPrincipal,omitempty" rdl:"optional"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"`
}

MemberRole -

func NewMemberRole added in v1.9.32

func NewMemberRole(init ...*MemberRole) *MemberRole

NewMemberRole - creates an initialized MemberRole instance, returns a pointer to it

func (*MemberRole) Init added in v1.9.32

func (self *MemberRole) Init() *MemberRole

Init - sets up the instance according to its default field values, if any

func (*MemberRole) UnmarshalJSON added in v1.9.32

func (self *MemberRole) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a MemberRole

func (*MemberRole) Validate added in v1.9.32

func (self *MemberRole) Validate() error

Validate - checks for missing required fields, etc

type Membership

type Membership struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// flag to indicate whether or the user is a member or not
	//
	IsMember *bool `json:"isMember,omitempty" rdl:"optional"`

	//
	// name of the role
	//
	RoleName ResourceName `json:"roleName,omitempty" rdl:"optional"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled roles ) or by domain admins ( in case of selfserve roles
	// )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"`
}

Membership - The representation for a role membership.

func NewMembership

func NewMembership(init ...*Membership) *Membership

NewMembership - creates an initialized Membership instance, returns a pointer to it

func (*Membership) Init

func (self *Membership) Init() *Membership

Init - sets up the instance according to its default field values, if any

func (*Membership) UnmarshalJSON

func (self *Membership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Membership

func (*Membership) Validate

func (self *Membership) Validate() error

Validate - checks for missing required fields, etc

type Policies

type Policies struct {

	//
	// list of policy objects
	//
	List []*Policy `json:"list"`
}

Policies - The representation of list of policy objects

func NewPolicies

func NewPolicies(init ...*Policies) *Policies

NewPolicies - creates an initialized Policies instance, returns a pointer to it

func (*Policies) Init

func (self *Policies) Init() *Policies

Init - sets up the instance according to its default field values, if any

func (*Policies) UnmarshalJSON

func (self *Policies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policies

func (*Policies) Validate

func (self *Policies) Validate() error

Validate - checks for missing required fields, etc

type Policy

type Policy struct {

	//
	// name of the policy
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of this policy
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// list of defined assertions for this policy
	//
	Assertions []*Assertion `json:"assertions"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional"`
}

Policy - The representation for a Policy with set of assertions.

func NewPolicy

func NewPolicy(init ...*Policy) *Policy

NewPolicy - creates an initialized Policy instance, returns a pointer to it

func (*Policy) Init

func (self *Policy) Init() *Policy

Init - sets up the instance according to its default field values, if any

func (*Policy) UnmarshalJSON

func (self *Policy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policy

func (*Policy) Validate

func (self *Policy) Validate() error

Validate - checks for missing required fields, etc

type PolicyList

type PolicyList struct {

	//
	// list of policy names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next policy list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional"`
}

PolicyList - The representation for an enumeration of policies in the namespace, with pagination.

func NewPolicyList

func NewPolicyList(init ...*PolicyList) *PolicyList

NewPolicyList - creates an initialized PolicyList instance, returns a pointer to it

func (*PolicyList) Init

func (self *PolicyList) Init() *PolicyList

Init - sets up the instance according to its default field values, if any

func (*PolicyList) UnmarshalJSON

func (self *PolicyList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyList

func (*PolicyList) Validate

func (self *PolicyList) Validate() error

Validate - checks for missing required fields, etc

type ProviderResourceGroupRoles

type ProviderResourceGroupRoles struct {

	//
	// name of the provider domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the provider service
	//
	Service SimpleName `json:"service"`

	//
	// name of the tenant domain
	//
	Tenant DomainName `json:"tenant"`

	//
	// the role/action pairs to provision
	//
	Roles []*TenantRoleAction `json:"roles"`

	//
	// tenant resource group
	//
	ResourceGroup EntityName `json:"resourceGroup"`

	//
	// optional flag indicating whether to create a default tenancy admin role
	//
	CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional"`
}

ProviderResourceGroupRoles - A representation of provider roles to be provisioned.

func NewProviderResourceGroupRoles

func NewProviderResourceGroupRoles(init ...*ProviderResourceGroupRoles) *ProviderResourceGroupRoles

NewProviderResourceGroupRoles - creates an initialized ProviderResourceGroupRoles instance, returns a pointer to it

func (*ProviderResourceGroupRoles) Init

Init - sets up the instance according to its default field values, if any

func (*ProviderResourceGroupRoles) UnmarshalJSON

func (self *ProviderResourceGroupRoles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ProviderResourceGroupRoles

func (*ProviderResourceGroupRoles) Validate

func (self *ProviderResourceGroupRoles) Validate() error

Validate - checks for missing required fields, etc

type PublicKeyEntry

type PublicKeyEntry struct {

	//
	// the public key for the service
	//
	Key string `json:"key"`

	//
	// the key identifier (version or zone name)
	//
	Id string `json:"id"`
}

PublicKeyEntry - The representation of the public key in a service identity object.

func NewPublicKeyEntry

func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry

NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it

func (*PublicKeyEntry) UnmarshalJSON

func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry

func (*PublicKeyEntry) Validate

func (self *PublicKeyEntry) Validate() error

Validate - checks for missing required fields, etc

type Quota added in v1.7.19

type Quota struct {

	//
	// name of the domain object
	//
	Name DomainName `json:"name"`

	//
	// number of subdomains allowed (applied at top level domain level)
	//
	Subdomain int32 `json:"subdomain"`

	//
	// number of roles allowed
	//
	Role int32 `json:"role"`

	//
	// number of members a role may have
	//
	RoleMember int32 `json:"roleMember"`

	//
	// number of policies allowed
	//
	Policy int32 `json:"policy"`

	//
	// total number of assertions a policy may have
	//
	Assertion int32 `json:"assertion"`

	//
	// total number of entity objects
	//
	Entity int32 `json:"entity"`

	//
	// number of services allowed
	//
	Service int32 `json:"service"`

	//
	// number of hosts allowed per service
	//
	ServiceHost int32 `json:"serviceHost"`

	//
	// number of public keys per service
	//
	PublicKey int32 `json:"publicKey"`

	//
	// number of groups per domain
	//
	Group int32 `json:"group"`

	//
	// number of members a group may have
	//
	GroupMember int32 `json:"groupMember"`

	//
	// the last modification timestamp of the quota object
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`
}

Quota - The representation for a quota object

func NewQuota added in v1.7.19

func NewQuota(init ...*Quota) *Quota

NewQuota - creates an initialized Quota instance, returns a pointer to it

func (*Quota) UnmarshalJSON added in v1.7.19

func (self *Quota) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Quota

func (*Quota) Validate added in v1.7.19

func (self *Quota) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccess

type ResourceAccess struct {
	Principal  ResourceName `json:"principal"`
	Assertions []*Assertion `json:"assertions"`
}

ResourceAccess -

func NewResourceAccess

func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess

NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it

func (*ResourceAccess) Init

func (self *ResourceAccess) Init() *ResourceAccess

Init - sets up the instance according to its default field values, if any

func (*ResourceAccess) UnmarshalJSON

func (self *ResourceAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess

func (*ResourceAccess) Validate

func (self *ResourceAccess) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccessList

type ResourceAccessList struct {
	Resources []*ResourceAccess `json:"resources"`
}

ResourceAccessList -

func NewResourceAccessList

func NewResourceAccessList(init ...*ResourceAccessList) *ResourceAccessList

NewResourceAccessList - creates an initialized ResourceAccessList instance, returns a pointer to it

func (*ResourceAccessList) Init

func (self *ResourceAccessList) Init() *ResourceAccessList

Init - sets up the instance according to its default field values, if any

func (*ResourceAccessList) UnmarshalJSON

func (self *ResourceAccessList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccessList

func (*ResourceAccessList) Validate

func (self *ResourceAccessList) Validate() error

Validate - checks for missing required fields, etc

type ResourceName

type ResourceName string

ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.

type ResourceNames added in v1.9.32

type ResourceNames string

ResourceNames - A comma separated list of resource names

type Role

type Role struct {

	//
	// Flag indicates whether or not role allows self service. Users can add
	// themselves in the role, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"`

	//
	// all user members in the role will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this role will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// certs issued for this role will have specified max timeout in mins
	//
	CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the role will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all user members in the role will have specified max review days
	//
	MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional"`

	//
	// all services in the role will have specified max review days
	//
	ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not role updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// name of the role
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of the role
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// an explicit list of members. Might be empty or null, if trust is set
	//
	Members []MemberName `json:"members,omitempty" rdl:"optional"`

	//
	// members with expiration
	//
	RoleMembers []*RoleMember `json:"roleMembers,omitempty" rdl:"optional"`

	//
	// a trusted domain to delegate membership decisions to
	//
	Trust DomainName `json:"trust,omitempty" rdl:"optional"`

	//
	// an audit log for role membership changes
	//
	AuditLog []*RoleAuditLog `json:"auditLog,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not role updates should require GRC approval. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// last review timestamp of the role
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional"`
}

Role - The representation for a Role with set of members.

func NewRole

func NewRole(init ...*Role) *Role

NewRole - creates an initialized Role instance, returns a pointer to it

func (*Role) UnmarshalJSON

func (self *Role) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Role

func (*Role) Validate

func (self *Role) Validate() error

Validate - checks for missing required fields, etc

type RoleAuditLog

type RoleAuditLog struct {

	//
	// name of the role member
	//
	Member MemberName `json:"member"`

	//
	// name of the principal executing the change
	//
	Admin ResourceName `json:"admin"`

	//
	// timestamp of the entry
	//
	Created rdl.Timestamp `json:"created"`

	//
	// log action - e.g. add, delete, approve, etc
	//
	Action string `json:"action"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`
}

RoleAuditLog - An audit log entry for role membership change.

func NewRoleAuditLog

func NewRoleAuditLog(init ...*RoleAuditLog) *RoleAuditLog

NewRoleAuditLog - creates an initialized RoleAuditLog instance, returns a pointer to it

func (*RoleAuditLog) UnmarshalJSON

func (self *RoleAuditLog) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleAuditLog

func (*RoleAuditLog) Validate

func (self *RoleAuditLog) Validate() error

Validate - checks for missing required fields, etc

type RoleList

type RoleList struct {

	//
	// list of role names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next role list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional"`
}

RoleList - The representation for an enumeration of roles in the namespace, with pagination.

func NewRoleList

func NewRoleList(init ...*RoleList) *RoleList

NewRoleList - creates an initialized RoleList instance, returns a pointer to it

func (*RoleList) Init

func (self *RoleList) Init() *RoleList

Init - sets up the instance according to its default field values, if any

func (*RoleList) UnmarshalJSON

func (self *RoleList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleList

func (*RoleList) Validate

func (self *RoleList) Validate() error

Validate - checks for missing required fields, etc

type RoleMember added in v1.1.5

type RoleMember struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled roles ) or by domain admins ( in case of selfserve roles
	// )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional"`

	//
	// for pending membership requests, time when last notification was sent
	//
	LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional"`

	//
	// for pending membership requests, time when last notification was sent (for
	// file store)
	//
	ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional"`

	//
	// server use only - principal type: unknown(0), user(1), service(2), or
	// group(3)
	//
	PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional"`
}

RoleMember -

func NewRoleMember added in v1.1.5

func NewRoleMember(init ...*RoleMember) *RoleMember

NewRoleMember - creates an initialized RoleMember instance, returns a pointer to it

func (*RoleMember) Init added in v1.9.32

func (self *RoleMember) Init() *RoleMember

Init - sets up the instance according to its default field values, if any

func (*RoleMember) UnmarshalJSON added in v1.1.5

func (self *RoleMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleMember

func (*RoleMember) Validate added in v1.1.5

func (self *RoleMember) Validate() error

Validate - checks for missing required fields, etc

type RoleMeta added in v1.9.32

type RoleMeta struct {

	//
	// Flag indicates whether or not role allows self service. Users can add
	// themselves in the role, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional"`

	//
	// all user members in the role will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this role will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// certs issued for this role will have specified max timeout in mins
	//
	CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the role will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all user members in the role will have specified max review days
	//
	MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional"`

	//
	// all services in the role will have specified max review days
	//
	ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not role updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`
}

RoleMeta - Set of metadata attributes that all roles may have and can be changed by domain admins.

func NewRoleMeta added in v1.9.32

func NewRoleMeta(init ...*RoleMeta) *RoleMeta

NewRoleMeta - creates an initialized RoleMeta instance, returns a pointer to it

func (*RoleMeta) UnmarshalJSON added in v1.9.32

func (self *RoleMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleMeta

func (*RoleMeta) Validate added in v1.9.32

func (self *RoleMeta) Validate() error

Validate - checks for missing required fields, etc

type RoleSystemMeta added in v1.9.32

type RoleSystemMeta struct {

	//
	// Flag indicates whether or not role updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`
}

RoleSystemMeta - Set of system metadata attributes that all roles may have and can be changed by system admins.

func NewRoleSystemMeta added in v1.9.32

func NewRoleSystemMeta(init ...*RoleSystemMeta) *RoleSystemMeta

NewRoleSystemMeta - creates an initialized RoleSystemMeta instance, returns a pointer to it

func (*RoleSystemMeta) UnmarshalJSON added in v1.9.32

func (self *RoleSystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleSystemMeta

func (*RoleSystemMeta) Validate added in v1.9.32

func (self *RoleSystemMeta) Validate() error

Validate - checks for missing required fields, etc

type Roles

type Roles struct {

	//
	// list of role objects
	//
	List []*Role `json:"list"`
}

Roles - The representation for a list of roles with full details

func NewRoles

func NewRoles(init ...*Roles) *Roles

NewRoles - creates an initialized Roles instance, returns a pointer to it

func (*Roles) Init

func (self *Roles) Init() *Roles

Init - sets up the instance according to its default field values, if any

func (*Roles) UnmarshalJSON

func (self *Roles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Roles

func (*Roles) Validate

func (self *Roles) Validate() error

Validate - checks for missing required fields, etc

type ServerTemplateList

type ServerTemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

ServerTemplateList - List of solution templates available in the server

func NewServerTemplateList

func NewServerTemplateList(init ...*ServerTemplateList) *ServerTemplateList

NewServerTemplateList - creates an initialized ServerTemplateList instance, returns a pointer to it

func (*ServerTemplateList) Init

func (self *ServerTemplateList) Init() *ServerTemplateList

Init - sets up the instance according to its default field values, if any

func (*ServerTemplateList) UnmarshalJSON

func (self *ServerTemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServerTemplateList

func (*ServerTemplateList) Validate

func (self *ServerTemplateList) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentities

type ServiceIdentities struct {

	//
	// list of services
	//
	List []*ServiceIdentity `json:"list"`
}

ServiceIdentities - The representation of list of services

func NewServiceIdentities

func NewServiceIdentities(init ...*ServiceIdentities) *ServiceIdentities

NewServiceIdentities - creates an initialized ServiceIdentities instance, returns a pointer to it

func (*ServiceIdentities) Init

func (self *ServiceIdentities) Init() *ServiceIdentities

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentities) UnmarshalJSON

func (self *ServiceIdentities) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentities

func (*ServiceIdentities) Validate

func (self *ServiceIdentities) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentity

type ServiceIdentity struct {

	//
	// the full name of the service, i.e. "sports.storage"
	//
	Name ServiceName `json:"name"`

	//
	// description of the service
	//
	Description string `json:"description" rdl:"optional"`

	//
	// array of public keys for key rotation
	//
	PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"`

	//
	// if present, then this service can provision tenants via this endpoint.
	//
	ProviderEndpoint string `json:"providerEndpoint" rdl:"optional"`

	//
	// the timestamp when this entry was last modified
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// the path of the executable that runs the service
	//
	Executable string `json:"executable" rdl:"optional"`

	//
	// list of host names that this service can run on
	//
	Hosts []string `json:"hosts,omitempty" rdl:"optional"`

	//
	// local (unix) user name this service can run as
	//
	User string `json:"user" rdl:"optional"`

	//
	// local (unix) group name this service can run as
	//
	Group string `json:"group" rdl:"optional"`
}

ServiceIdentity - The representation of the service identity object.

func NewServiceIdentity

func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity

NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it

func (*ServiceIdentity) UnmarshalJSON

func (self *ServiceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity

func (*ServiceIdentity) Validate

func (self *ServiceIdentity) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentityList

type ServiceIdentityList struct {

	//
	// list of service names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next service list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional"`
}

ServiceIdentityList - The representation for an enumeration of services in the namespace, with pagination.

func NewServiceIdentityList

func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList

NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it

func (*ServiceIdentityList) Init

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentityList) UnmarshalJSON

func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList

func (*ServiceIdentityList) Validate

func (self *ServiceIdentityList) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentitySystemMeta added in v1.9.32

type ServiceIdentitySystemMeta struct {

	//
	// provider callback endpoint
	//
	ProviderEndpoint string `json:"providerEndpoint" rdl:"optional"`
}

ServiceIdentitySystemMeta - Set of system metadata attributes that all services may have and can be changed by system admins.

func NewServiceIdentitySystemMeta added in v1.9.32

func NewServiceIdentitySystemMeta(init ...*ServiceIdentitySystemMeta) *ServiceIdentitySystemMeta

NewServiceIdentitySystemMeta - creates an initialized ServiceIdentitySystemMeta instance, returns a pointer to it

func (*ServiceIdentitySystemMeta) UnmarshalJSON added in v1.9.32

func (self *ServiceIdentitySystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentitySystemMeta

func (*ServiceIdentitySystemMeta) Validate added in v1.9.32

func (self *ServiceIdentitySystemMeta) Validate() error

Validate - checks for missing required fields, etc

type ServiceName

type ServiceName string

ServiceName - A service name will generally be a unique subdomain.

type ServicePrincipal

type ServicePrincipal struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the service
	//
	Service EntityName `json:"service"`

	//
	// service's signed token
	//
	Token SignedToken `json:"token"`
}

ServicePrincipal - A service principal object identifying a given service.

func NewServicePrincipal

func NewServicePrincipal(init ...*ServicePrincipal) *ServicePrincipal

NewServicePrincipal - creates an initialized ServicePrincipal instance, returns a pointer to it

func (*ServicePrincipal) UnmarshalJSON

func (self *ServicePrincipal) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServicePrincipal

func (*ServicePrincipal) Validate

func (self *ServicePrincipal) Validate() error

Validate - checks for missing required fields, etc

type SignedDomain

type SignedDomain struct {

	//
	// domain object with its roles, policies and services
	//
	Domain *DomainData `json:"domain"`

	//
	// signature generated based on the domain object
	//
	Signature string `json:"signature" rdl:"optional"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId" rdl:"optional"`
}

SignedDomain - A domain object signed with server's private key. The signature and keyid are optional if the metaonly flag is set to true in the getSignedDomains api call

func NewSignedDomain

func NewSignedDomain(init ...*SignedDomain) *SignedDomain

NewSignedDomain - creates an initialized SignedDomain instance, returns a pointer to it

func (*SignedDomain) Init

func (self *SignedDomain) Init() *SignedDomain

Init - sets up the instance according to its default field values, if any

func (*SignedDomain) UnmarshalJSON

func (self *SignedDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedDomain

func (*SignedDomain) Validate

func (self *SignedDomain) Validate() error

Validate - checks for missing required fields, etc

type SignedDomains

type SignedDomains struct {
	Domains []*SignedDomain `json:"domains"`
}

SignedDomains - A list of signed domain objects

func NewSignedDomains

func NewSignedDomains(init ...*SignedDomains) *SignedDomains

NewSignedDomains - creates an initialized SignedDomains instance, returns a pointer to it

func (*SignedDomains) Init

func (self *SignedDomains) Init() *SignedDomains

Init - sets up the instance according to its default field values, if any

func (*SignedDomains) UnmarshalJSON

func (self *SignedDomains) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedDomains

func (*SignedDomains) Validate

func (self *SignedDomains) Validate() error

Validate - checks for missing required fields, etc

type SignedPolicies

type SignedPolicies struct {

	//
	// list of policies defined in a domain
	//
	Contents *DomainPolicies `json:"contents"`

	//
	// signature generated based on the domain policies object
	//
	Signature string `json:"signature"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId"`
}

SignedPolicies - A signed bulk transfer of policies. The data is signed with server's private key.

func NewSignedPolicies

func NewSignedPolicies(init ...*SignedPolicies) *SignedPolicies

NewSignedPolicies - creates an initialized SignedPolicies instance, returns a pointer to it

func (*SignedPolicies) Init

func (self *SignedPolicies) Init() *SignedPolicies

Init - sets up the instance according to its default field values, if any

func (*SignedPolicies) UnmarshalJSON

func (self *SignedPolicies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicies

func (*SignedPolicies) Validate

func (self *SignedPolicies) Validate() error

Validate - checks for missing required fields, etc

type SignedToken

type SignedToken string

SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles and : for IPv6 addresses

type SimpleName

type SimpleName string

SimpleName - Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.

type Status added in v1.7.30

type Status struct {

	//
	// status message code
	//
	Code int32 `json:"code"`

	//
	// status message of the server
	//
	Message string `json:"message"`
}

Status - The representation for a status object

func NewStatus added in v1.7.30

func NewStatus(init ...*Status) *Status

NewStatus - creates an initialized Status instance, returns a pointer to it

func (*Status) UnmarshalJSON added in v1.7.30

func (self *Status) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Status

func (*Status) Validate added in v1.7.30

func (self *Status) Validate() error

Validate - checks for missing required fields, etc

type StringList added in v1.9.32

type StringList struct {

	//
	// generic list of strings
	//
	List []CompoundName `json:"list"`
}

StringList -

func NewStringList added in v1.9.32

func NewStringList(init ...*StringList) *StringList

NewStringList - creates an initialized StringList instance, returns a pointer to it

func (*StringList) Init added in v1.9.32

func (self *StringList) Init() *StringList

Init - sets up the instance according to its default field values, if any

func (*StringList) UnmarshalJSON added in v1.9.32

func (self *StringList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a StringList

func (*StringList) Validate added in v1.9.32

func (self *StringList) Validate() error

Validate - checks for missing required fields, etc

type SubDomain

type SubDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// name of the domain
	//
	Name SimpleName `json:"name"`

	//
	// list of domain administrators
	//
	AdminUsers []ResourceName `json:"adminUsers"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"`

	//
	// name of the parent domain
	//
	Parent DomainName `json:"parent"`
}

SubDomain - A Subdomain is a TopLevelDomain, except it has a parent.

func NewSubDomain

func NewSubDomain(init ...*SubDomain) *SubDomain

NewSubDomain - creates an initialized SubDomain instance, returns a pointer to it

func (*SubDomain) Init

func (self *SubDomain) Init() *SubDomain

Init - sets up the instance according to its default field values, if any

func (*SubDomain) UnmarshalJSON

func (self *SubDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SubDomain

func (*SubDomain) Validate

func (self *SubDomain) Validate() error

Validate - checks for missing required fields, etc

type Template

type Template struct {

	//
	// list of roles in the template
	//
	Roles []*Role `json:"roles"`

	//
	// list of policies defined in this template
	//
	Policies []*Policy `json:"policies"`

	//
	// list of services defined in this template
	//
	Services []*ServiceIdentity `json:"services,omitempty" rdl:"optional"`

	//
	// list of services defined in this template
	//
	Metadata *TemplateMetaData `json:"metadata,omitempty" rdl:"optional"`
}

Template - Solution Template object defined on the server

func NewTemplate

func NewTemplate(init ...*Template) *Template

NewTemplate - creates an initialized Template instance, returns a pointer to it

func (*Template) Init

func (self *Template) Init() *Template

Init - sets up the instance according to its default field values, if any

func (*Template) UnmarshalJSON

func (self *Template) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Template

func (*Template) Validate

func (self *Template) Validate() error

Validate - checks for missing required fields, etc

type TemplateList

type TemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

TemplateList - List of template names that is the base struct for server and domain templates

func NewTemplateList

func NewTemplateList(init ...*TemplateList) *TemplateList

NewTemplateList - creates an initialized TemplateList instance, returns a pointer to it

func (*TemplateList) Init

func (self *TemplateList) Init() *TemplateList

Init - sets up the instance according to its default field values, if any

func (*TemplateList) UnmarshalJSON

func (self *TemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateList

func (*TemplateList) Validate

func (self *TemplateList) Validate() error

Validate - checks for missing required fields, etc

type TemplateMetaData added in v1.9.32

type TemplateMetaData struct {

	//
	// name of the template
	//
	TemplateName string `json:"templateName" rdl:"optional"`

	//
	// description of the template
	//
	Description string `json:"description" rdl:"optional"`

	//
	// Version from DB(zms_store->domain_template->version)
	//
	CurrentVersion *int32 `json:"currentVersion,omitempty" rdl:"optional"`

	//
	// Bumped up version from solutions-template.json when there is a change
	//
	LatestVersion *int32 `json:"latestVersion,omitempty" rdl:"optional"`

	//
	// placeholders in the template roles/policies to replace (ex:_service_)
	//
	KeywordsToReplace string `json:"keywordsToReplace" rdl:"optional"`

	//
	// the updated timestamp of the template(solution_templates.json)
	//
	Timestamp *rdl.Timestamp `json:"timestamp,omitempty" rdl:"optional"`

	//
	// flag to automatically update the roles/policies that belongs to the
	// template
	//
	AutoUpdate *bool `json:"autoUpdate,omitempty" rdl:"optional"`
}

TemplateMetaData - MetaData for template.

func NewTemplateMetaData added in v1.9.32

func NewTemplateMetaData(init ...*TemplateMetaData) *TemplateMetaData

NewTemplateMetaData - creates an initialized TemplateMetaData instance, returns a pointer to it

func (*TemplateMetaData) UnmarshalJSON added in v1.9.32

func (self *TemplateMetaData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateMetaData

func (*TemplateMetaData) Validate added in v1.9.32

func (self *TemplateMetaData) Validate() error

Validate - checks for missing required fields, etc

type TemplateParam added in v1.7.20

type TemplateParam struct {

	//
	// name of the parameter
	//
	Name SimpleName `json:"name"`

	//
	// value of the parameter
	//
	Value CompoundName `json:"value"`
}

TemplateParam -

func NewTemplateParam added in v1.7.20

func NewTemplateParam(init ...*TemplateParam) *TemplateParam

NewTemplateParam - creates an initialized TemplateParam instance, returns a pointer to it

func (*TemplateParam) UnmarshalJSON added in v1.7.20

func (self *TemplateParam) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateParam

func (*TemplateParam) Validate added in v1.7.20

func (self *TemplateParam) Validate() error

Validate - checks for missing required fields, etc

type Tenancy

type Tenancy struct {

	//
	// the domain that is to get a tenancy
	//
	Domain DomainName `json:"domain"`

	//
	// the provider service on which the tenancy is to reside
	//
	Service ServiceName `json:"service"`

	//
	// registered resource groups for this tenant
	//
	ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional"`

	//
	// optional flag indicating whether to create a default tenancy admin role
	//
	CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional"`
}

Tenancy - A representation of tenant.

func NewTenancy

func NewTenancy(init ...*Tenancy) *Tenancy

NewTenancy - creates an initialized Tenancy instance, returns a pointer to it

func (*Tenancy) Init added in v1.9.32

func (self *Tenancy) Init() *Tenancy

Init - sets up the instance according to its default field values, if any

func (*Tenancy) UnmarshalJSON

func (self *Tenancy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Tenancy

func (*Tenancy) Validate

func (self *Tenancy) Validate() error

Validate - checks for missing required fields, etc

type TenantResourceGroupRoles

type TenantResourceGroupRoles struct {

	//
	// name of the provider domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the provider service
	//
	Service SimpleName `json:"service"`

	//
	// name of the tenant domain
	//
	Tenant DomainName `json:"tenant"`

	//
	// the role/action pairs to provision
	//
	Roles []*TenantRoleAction `json:"roles"`

	//
	// tenant resource group
	//
	ResourceGroup EntityName `json:"resourceGroup"`
}

TenantResourceGroupRoles - A representation of tenant roles for resource groups to be provisioned.

func NewTenantResourceGroupRoles

func NewTenantResourceGroupRoles(init ...*TenantResourceGroupRoles) *TenantResourceGroupRoles

NewTenantResourceGroupRoles - creates an initialized TenantResourceGroupRoles instance, returns a pointer to it

func (*TenantResourceGroupRoles) Init

Init - sets up the instance according to its default field values, if any

func (*TenantResourceGroupRoles) UnmarshalJSON

func (self *TenantResourceGroupRoles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantResourceGroupRoles

func (*TenantResourceGroupRoles) Validate

func (self *TenantResourceGroupRoles) Validate() error

Validate - checks for missing required fields, etc

type TenantRoleAction

type TenantRoleAction struct {

	//
	// name of the role
	//
	Role SimpleName `json:"role"`

	//
	// action value for the generated policy assertion
	//
	Action string `json:"action"`
}

TenantRoleAction - A representation of tenant role action.

func NewTenantRoleAction

func NewTenantRoleAction(init ...*TenantRoleAction) *TenantRoleAction

NewTenantRoleAction - creates an initialized TenantRoleAction instance, returns a pointer to it

func (*TenantRoleAction) UnmarshalJSON

func (self *TenantRoleAction) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantRoleAction

func (*TenantRoleAction) Validate

func (self *TenantRoleAction) Validate() error

Validate - checks for missing required fields, etc

type TopLevelDomain

type TopLevelDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// name of the domain
	//
	Name SimpleName `json:"name"`

	//
	// list of domain administrators
	//
	AdminUsers []ResourceName `json:"adminUsers"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"`
}

TopLevelDomain - Top Level Domain object. The required attributes include the name of the domain and list of domain administrators.

func NewTopLevelDomain

func NewTopLevelDomain(init ...*TopLevelDomain) *TopLevelDomain

NewTopLevelDomain - creates an initialized TopLevelDomain instance, returns a pointer to it

func (*TopLevelDomain) Init

func (self *TopLevelDomain) Init() *TopLevelDomain

Init - sets up the instance according to its default field values, if any

func (*TopLevelDomain) UnmarshalJSON

func (self *TopLevelDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TopLevelDomain

func (*TopLevelDomain) Validate

func (self *TopLevelDomain) Validate() error

Validate - checks for missing required fields, etc

type User added in v1.7.11

type User struct {

	//
	// name of the user
	//
	Name SimpleName `json:"name"`
}

User - The representation for a user

func NewUser added in v1.7.11

func NewUser(init ...*User) *User

NewUser - creates an initialized User instance, returns a pointer to it

func (*User) UnmarshalJSON added in v1.7.11

func (self *User) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a User

func (*User) Validate added in v1.7.11

func (self *User) Validate() error

Validate - checks for missing required fields, etc

type UserDomain

type UserDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional"`

	//
	// a reference to an Organization. (i.e. org:media)
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional"`

	//
	// associated aws account id (system attribute - uniqueness check)
	//
	Account string `json:"account" rdl:"optional"`

	//
	// associated product id (system attribute - uniqueness check)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm SimpleName `json:"signAlgorithm,omitempty" rdl:"optional"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional"`

	//
	// associated azure subscription id (system attribute - uniqueness check)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[CompoundName]*StringList `json:"tags,omitempty" rdl:"optional"`

	//
	// user id which will be the domain name
	//
	Name SimpleName `json:"name"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional"`
}

UserDomain - A UserDomain is the user's own top level domain in user - e.g. user.hga

func NewUserDomain

func NewUserDomain(init ...*UserDomain) *UserDomain

NewUserDomain - creates an initialized UserDomain instance, returns a pointer to it

func (*UserDomain) Init

func (self *UserDomain) Init() *UserDomain

Init - sets up the instance according to its default field values, if any

func (*UserDomain) UnmarshalJSON

func (self *UserDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserDomain

func (*UserDomain) Validate

func (self *UserDomain) Validate() error

Validate - checks for missing required fields, etc

type UserList added in v1.7.11

type UserList struct {

	//
	// list of user names
	//
	Names []SimpleName `json:"names"`
}

UserList -

func NewUserList added in v1.7.11

func NewUserList(init ...*UserList) *UserList

NewUserList - creates an initialized UserList instance, returns a pointer to it

func (*UserList) Init added in v1.7.11

func (self *UserList) Init() *UserList

Init - sets up the instance according to its default field values, if any

func (*UserList) UnmarshalJSON added in v1.7.11

func (self *UserList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserList

func (*UserList) Validate added in v1.7.11

func (self *UserList) Validate() error

Validate - checks for missing required fields, etc

type UserToken

type UserToken struct {

	//
	// Signed user token identifying a specific authenticated user
	//
	Token SignedToken `json:"token"`

	//
	// Authorization header name for the token
	//
	Header string `json:"header" rdl:"optional"`
}

UserToken - A user token generated based on user's credentials

func NewUserToken

func NewUserToken(init ...*UserToken) *UserToken

NewUserToken - creates an initialized UserToken instance, returns a pointer to it

func (*UserToken) UnmarshalJSON

func (self *UserToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserToken

func (*UserToken) Validate

func (self *UserToken) Validate() error

Validate - checks for missing required fields, etc

type YBase64

type YBase64 string

YBase64 - The Y-specific URL-safe Base64 variant.

type YEncoded

type YEncoded string

YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.

type ZMSClient

type ZMSClient struct {
	URL         string
	Transport   http.RoundTripper
	CredsHeader *string
	CredsToken  *string
	Timeout     time.Duration
}

func NewClient

func NewClient(url string, transport http.RoundTripper) ZMSClient

NewClient creates and returns a new HTTP client object for the ZMS service

func (*ZMSClient) AddCredentials

func (client *ZMSClient) AddCredentials(header string, token string)

AddCredentials adds the credentials to the client for subsequent requests.

func (ZMSClient) DeleteAssertion

func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, auditRef string) error

func (ZMSClient) DeleteDomainRoleMember added in v1.9.32

func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error

func (ZMSClient) DeleteDomainTemplate

func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error

func (ZMSClient) DeleteEntity

func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error

func (ZMSClient) DeleteGroup added in v1.9.32

func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string) error

func (ZMSClient) DeleteGroupMembership added in v1.9.32

func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error

func (ZMSClient) DeleteMembership

func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error

func (ZMSClient) DeletePendingGroupMembership added in v1.9.32

func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error

func (ZMSClient) DeletePendingMembership added in v1.9.32

func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error

func (ZMSClient) DeletePolicy

func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string) error

func (ZMSClient) DeleteProviderResourceGroupRoles

func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string) error

func (ZMSClient) DeletePublicKeyEntry

func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string) error

func (ZMSClient) DeleteQuota added in v1.7.19

func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error

func (ZMSClient) DeleteRole

func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string) error

func (ZMSClient) DeleteServiceIdentity

func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string) error

func (ZMSClient) DeleteSubDomain

func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string) error

func (ZMSClient) DeleteTenancy

func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error

func (ZMSClient) DeleteTenant added in v1.9.32

func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string) error

func (ZMSClient) DeleteTenantResourceGroupRoles

func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string) error

func (ZMSClient) DeleteTopLevelDomain

func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string) error

func (ZMSClient) DeleteUser added in v1.7.11

func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error

func (ZMSClient) DeleteUserDomain

func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string) error

func (ZMSClient) GetAccess

func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*Access, error)

func (ZMSClient) GetAccessExt

func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*Access, error)

func (ZMSClient) GetAssertion

func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)

func (ZMSClient) GetDomain

func (client ZMSClient) GetDomain(domain DomainName) (*Domain, error)

func (ZMSClient) GetDomainDataCheck

func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)

func (ZMSClient) GetDomainList

func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, productId *int32, roleMember ResourceName, roleName ResourceName, subscription string, tagKey CompoundName, tagValue CompoundName, modifiedSince string) (*DomainList, error)

func (ZMSClient) GetDomainRoleMembers added in v1.9.32

func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)

func (ZMSClient) GetDomainTemplateDetailsList added in v1.9.32

func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)

func (ZMSClient) GetDomainTemplateList

func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)

func (ZMSClient) GetEntity

func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)

func (ZMSClient) GetEntityList

func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)

func (ZMSClient) GetGroup added in v1.9.32

func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)

func (ZMSClient) GetGroupMembership added in v1.9.32

func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, expiration string) (*GroupMembership, error)

func (ZMSClient) GetGroups added in v1.9.32

func (client ZMSClient) GetGroups(domainName DomainName, members *bool) (*Groups, error)

func (ZMSClient) GetJWSDomain added in v1.9.32

func (client ZMSClient) GetJWSDomain(name DomainName) (*JWSDomain, error)

func (ZMSClient) GetMembership

func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, expiration string) (*Membership, error)

func (ZMSClient) GetOverdueReview added in v1.9.32

func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)

func (ZMSClient) GetPendingDomainGroupMembersList added in v1.9.32

func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName) (*DomainGroupMembership, error)

func (ZMSClient) GetPendingDomainRoleMembersList added in v1.9.32

func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName) (*DomainRoleMembership, error)

func (ZMSClient) GetPolicies

func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool) (*Policies, error)

func (ZMSClient) GetPolicy

func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)

func (ZMSClient) GetPolicyList

func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)

func (ZMSClient) GetPrincipalGroups added in v1.9.32

func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)

func (ZMSClient) GetPrincipalRoles added in v1.9.32

func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName) (*DomainRoleMember, error)

func (ZMSClient) GetProviderResourceGroupRoles

func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName) (*ProviderResourceGroupRoles, error)

func (ZMSClient) GetPublicKeyEntry

func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)

func (ZMSClient) GetQuota added in v1.7.19

func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)

func (ZMSClient) GetResourceAccessList

func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)

func (ZMSClient) GetRole

func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, pending *bool) (*Role, error)

func (ZMSClient) GetRoleList

func (client ZMSClient) GetRoleList(domainName DomainName, limit *int32, skip string) (*RoleList, error)

func (ZMSClient) GetRoles

func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey CompoundName, tagValue CompoundName) (*Roles, error)

func (ZMSClient) GetServerTemplateList

func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)

func (ZMSClient) GetServiceIdentities

func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool) (*ServiceIdentities, error)

func (ZMSClient) GetServiceIdentity

func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)

func (ZMSClient) GetServiceIdentityList

func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)

func (ZMSClient) GetServicePrincipal

func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)

func (ZMSClient) GetSignedDomains

func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, matchingTag string) (*SignedDomains, string, error)

func (ZMSClient) GetStatus added in v1.7.30

func (client ZMSClient) GetStatus() (*Status, error)

func (ZMSClient) GetTemplate

func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)

func (ZMSClient) GetTenantResourceGroupRoles

func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName) (*TenantResourceGroupRoles, error)

func (ZMSClient) GetUserList added in v1.7.11

func (client ZMSClient) GetUserList() (*UserList, error)

func (ZMSClient) GetUserToken

func (client ZMSClient) GetUserToken(userName SimpleName, serviceNames string, header *bool) (*UserToken, error)

func (ZMSClient) OptionsUserToken

func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)

func (ZMSClient) PostSubDomain

func (client ZMSClient) PostSubDomain(parent DomainName, auditRef string, detail *SubDomain) (*Domain, error)

func (ZMSClient) PostTopLevelDomain

func (client ZMSClient) PostTopLevelDomain(auditRef string, detail *TopLevelDomain) (*Domain, error)

func (ZMSClient) PostUserDomain

func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, detail *UserDomain) (*Domain, error)

func (ZMSClient) PutAssertion

func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, assertion *Assertion) (*Assertion, error)

func (ZMSClient) PutDefaultAdmins

func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error

func (ZMSClient) PutDomainMeta

func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, detail *DomainMeta) error

func (ZMSClient) PutDomainSystemMeta added in v1.9.32

func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error

func (ZMSClient) PutDomainTemplate

func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error

func (ZMSClient) PutDomainTemplateExt added in v1.7.32

func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, domainTemplate *DomainTemplate) error

func (ZMSClient) PutEntity

func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error

func (ZMSClient) PutGroup added in v1.9.32

func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, group *Group) error

func (ZMSClient) PutGroupMembership added in v1.9.32

func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error

func (ZMSClient) PutGroupMembershipDecision added in v1.9.32

func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error

func (ZMSClient) PutGroupMeta added in v1.9.32

func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, detail *GroupMeta) error

func (ZMSClient) PutGroupReview added in v1.9.32

func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, group *Group) error

func (ZMSClient) PutGroupSystemMeta added in v1.9.32

func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, auditRef string, detail *GroupSystemMeta) error

func (ZMSClient) PutMembership

func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error

func (ZMSClient) PutMembershipDecision added in v1.9.32

func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error

func (ZMSClient) PutPolicy

func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, policy *Policy) error

func (ZMSClient) PutProviderResourceGroupRoles

func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string, detail *ProviderResourceGroupRoles) (*ProviderResourceGroupRoles, error)

func (ZMSClient) PutPublicKeyEntry

func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, publicKeyEntry *PublicKeyEntry) error

func (ZMSClient) PutQuota added in v1.7.19

func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error

func (ZMSClient) PutRole

func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, role *Role) error

func (ZMSClient) PutRoleMeta added in v1.9.32

func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, detail *RoleMeta) error

func (ZMSClient) PutRoleReview added in v1.9.32

func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, role *Role) error

func (ZMSClient) PutRoleSystemMeta added in v1.9.32

func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, auditRef string, detail *RoleSystemMeta) error

func (ZMSClient) PutServiceIdentity

func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, detail *ServiceIdentity) error

func (ZMSClient) PutServiceIdentitySystemMeta added in v1.9.32

func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, detail *ServiceIdentitySystemMeta) error

func (ZMSClient) PutTenancy

func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error

func (ZMSClient) PutTenant added in v1.9.32

func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string, detail *Tenancy) error

func (ZMSClient) PutTenantResourceGroupRoles

func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string, detail *TenantResourceGroupRoles) (*TenantResourceGroupRoles, error)

Directories

Path Synopsis
examples
get-access
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL