zms

package
v1.11.65 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 9, 2024 License: Apache-2.0 Imports: 12 Imported by: 2

README

zms-go-client

A Go client library to talk to Athenz ZMS.

The model.go and client.go files are generated from zms_core, and checked in so users of this library need not know that.

Additionally, an implementation of rdl.Authorizer and rdl.Authenticator are provided that use this library to delegate that functionality to Athenz ZMS:

Release Notes:

Version 1.0 (2016-09-06)
 - Initial opensource release

## Usage

To get it into your workspace:

    go get github.com/AthenZ/athenz/clients/go/zms

Then in your Go code:

    import (
        zms "github.com/AthenZ/athenz/clients/go/zms"
    )
    func main() {
         var principal rdl.Principal /* init this from an actual user credential */
         ...
         client := zms.NewClient()
         client.AddCredentials(principal.GetHTTPHeaderName(), principal.GetCredentials())
         dmn, err := client.GetDomain("athenz") //
         ...
    }

To use the ZMSAuthorizer from your RDL-generated server:

    import (
        zms "github.com/AthenZ/athenz/clients/go/zms"
    )
    ...
    endpoint := "localhost:4080"
    domain := "your.server.domain"

    zmsURL := "http://localhost:10080/zms/v1" //set this to "" for debug mode
    authn := zms.Authenticator(zmsURL)
    authz := zms.Authorizer(domain, zmsURL)

    handler := contacts.Init(impl, url, authz, authn)
    http.ListenAndServe(endpoint, handler)

## License

Copyright The Athenz Authors

Licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

Documentation

Overview

Package zms contains a client library to talk to Athenz ZMS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Authenticator

func Authenticator(url string) rdl.Authenticator

Authenticator is an unoptimized authenticator that delegates to ZMS. The advantage is that there is no local state or config other than the url of ZMS (we don't need ZMS's public key to be local).

func Authorizer

func Authorizer(domain string, url string) rdl.Authorizer

Authorizer returns an authorizer that calls zms. If the url is set to "", then the access is logged, but always succeeds (for debug purposes).

func ZMSSchema

func ZMSSchema() *rdl.Schema

Types

type Access

type Access struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

Access - Access can be checked and returned as this resource.

func NewAccess

func NewAccess(init ...*Access) *Access

NewAccess - creates an initialized Access instance, returns a pointer to it

func (*Access) UnmarshalJSON

func (self *Access) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Access

func (*Access) Validate

func (self *Access) Validate() error

Validate - checks for missing required fields, etc

type ActionName

type ActionName string

ActionName - An action (operation) name.

type Assertion

type Assertion struct {

	//
	// the subject of the assertion - a role
	//
	Role string `json:"role"`

	//
	// the object of the assertion. Must be in the local namespace. Can contain
	// wildcards
	//
	Resource string `json:"resource"`

	//
	// the predicate of the assertion. Can contain wildcards
	//
	Action string `json:"action"`

	//
	// the effect of the assertion in the policy language
	//
	Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// assertion id - auto generated by server. Not required during put
	// operations.
	//
	Id *int64 `json:"id,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// optional list of assertion conditions associated with given assertion
	//
	Conditions *AssertionConditions `json:"conditions,omitempty" rdl:"optional" yaml:",omitempty"`
}

Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.

func NewAssertion

func NewAssertion(init ...*Assertion) *Assertion

NewAssertion - creates an initialized Assertion instance, returns a pointer to it

func (*Assertion) UnmarshalJSON

func (self *Assertion) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Assertion

func (*Assertion) Validate

func (self *Assertion) Validate() error

Validate - checks for missing required fields, etc

type AssertionCondition added in v1.10.22

type AssertionCondition struct {

	//
	// condition id - auto generated by server. Not required during put
	// operations.
	//
	Id *int32 `json:"id,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// each key in the map represents a unique condition. All the keys present in
	// the map form a logical condition with AND operation.
	//
	ConditionsMap map[AssertionConditionKey]*AssertionConditionData `json:"conditionsMap"`
}

AssertionCondition - A representation of condition associated with an assertion

func NewAssertionCondition added in v1.10.22

func NewAssertionCondition(init ...*AssertionCondition) *AssertionCondition

NewAssertionCondition - creates an initialized AssertionCondition instance, returns a pointer to it

func (*AssertionCondition) Init added in v1.10.22

func (self *AssertionCondition) Init() *AssertionCondition

Init - sets up the instance according to its default field values, if any

func (*AssertionCondition) UnmarshalJSON added in v1.10.22

func (self *AssertionCondition) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionCondition

func (*AssertionCondition) Validate added in v1.10.22

func (self *AssertionCondition) Validate() error

Validate - checks for missing required fields, etc

type AssertionConditionData added in v1.10.22

type AssertionConditionData struct {

	//
	// Operator for the assertion condition
	//
	Operator AssertionConditionOperator `json:"operator"`

	//
	// Value of the assertion condition
	//
	Value AssertionConditionValue `json:"value"`
}

AssertionConditionData - A representation of details associated with an assertion condition key

func NewAssertionConditionData added in v1.10.22

func NewAssertionConditionData(init ...*AssertionConditionData) *AssertionConditionData

NewAssertionConditionData - creates an initialized AssertionConditionData instance, returns a pointer to it

func (*AssertionConditionData) UnmarshalJSON added in v1.10.22

func (self *AssertionConditionData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionConditionData

func (*AssertionConditionData) Validate added in v1.10.22

func (self *AssertionConditionData) Validate() error

Validate - checks for missing required fields, etc

type AssertionConditionKey added in v1.10.22

type AssertionConditionKey string

AssertionConditionKey -

type AssertionConditionKeyPattern added in v1.10.22

type AssertionConditionKeyPattern string

AssertionConditionKeyPattern -

type AssertionConditionOperator added in v1.10.22

type AssertionConditionOperator int

AssertionConditionOperator - Allowed operators for assertion conditions

const (
	EQUALS AssertionConditionOperator
)

AssertionConditionOperator constants

func NewAssertionConditionOperator added in v1.10.22

func NewAssertionConditionOperator(init ...interface{}) AssertionConditionOperator

NewAssertionConditionOperator - return a string representation of the enum

func (AssertionConditionOperator) MarshalJSON added in v1.10.22

func (e AssertionConditionOperator) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionConditionOperator

func (AssertionConditionOperator) String added in v1.10.22

String - return a string representation of the enum

func (AssertionConditionOperator) SymbolSet added in v1.10.22

func (e AssertionConditionOperator) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionConditionOperator) UnmarshalJSON added in v1.10.22

func (e *AssertionConditionOperator) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionConditionOperator

type AssertionConditionValue added in v1.10.22

type AssertionConditionValue string

AssertionConditionValue -

type AssertionConditionValuePattern added in v1.10.22

type AssertionConditionValuePattern string

AssertionConditionValuePattern -

type AssertionConditions added in v1.10.22

type AssertionConditions struct {

	//
	// list of assertion conditions.
	//
	ConditionsList []*AssertionCondition `json:"conditionsList"`
}

AssertionConditions - The representation of list of assertion conditions

func NewAssertionConditions added in v1.10.22

func NewAssertionConditions(init ...*AssertionConditions) *AssertionConditions

NewAssertionConditions - creates an initialized AssertionConditions instance, returns a pointer to it

func (*AssertionConditions) Init added in v1.10.22

Init - sets up the instance according to its default field values, if any

func (*AssertionConditions) UnmarshalJSON added in v1.10.22

func (self *AssertionConditions) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionConditions

func (*AssertionConditions) Validate added in v1.10.22

func (self *AssertionConditions) Validate() error

Validate - checks for missing required fields, etc

type AssertionEffect

type AssertionEffect int

AssertionEffect - Every assertion can have the effect of ALLOW or DENY.

const (
	ALLOW AssertionEffect
	DENY
)

AssertionEffect constants

func NewAssertionEffect

func NewAssertionEffect(init ...interface{}) AssertionEffect

NewAssertionEffect - return a string representation of the enum

func (AssertionEffect) MarshalJSON

func (e AssertionEffect) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionEffect

func (AssertionEffect) String

func (e AssertionEffect) String() string

String - return a string representation of the enum

func (AssertionEffect) SymbolSet

func (e AssertionEffect) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionEffect) UnmarshalJSON

func (e *AssertionEffect) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect

type AuthHistory added in v1.11.1

type AuthHistory struct {

	//
	// Name of the domain from URI
	//
	UriDomain DomainName `json:"uriDomain"`

	//
	// Principal domain
	//
	PrincipalDomain DomainName `json:"principalDomain"`

	//
	// Principal name
	//
	PrincipalName SimpleName `json:"principalName"`

	//
	// Last authorization event timestamp
	//
	Timestamp rdl.Timestamp `json:"timestamp"`

	//
	// Last authorization endpoint used
	//
	Endpoint string `json:"endpoint"`

	//
	// Time until the record will expire
	//
	Ttl int64 `json:"ttl"`
}

AuthHistory -

func NewAuthHistory added in v1.11.1

func NewAuthHistory(init ...*AuthHistory) *AuthHistory

NewAuthHistory - creates an initialized AuthHistory instance, returns a pointer to it

func (*AuthHistory) UnmarshalJSON added in v1.11.1

func (self *AuthHistory) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AuthHistory

func (*AuthHistory) Validate added in v1.11.1

func (self *AuthHistory) Validate() error

Validate - checks for missing required fields, etc

type AuthHistoryDependencies added in v1.11.2

type AuthHistoryDependencies struct {

	//
	// list of incoming auth dependencies for domain
	//
	IncomingDependencies []*AuthHistory `json:"incomingDependencies"`

	//
	// list of incoming auth dependencies for domain
	//
	OutgoingDependencies []*AuthHistory `json:"outgoingDependencies"`
}

AuthHistoryDependencies -

func NewAuthHistoryDependencies added in v1.11.2

func NewAuthHistoryDependencies(init ...*AuthHistoryDependencies) *AuthHistoryDependencies

NewAuthHistoryDependencies - creates an initialized AuthHistoryDependencies instance, returns a pointer to it

func (*AuthHistoryDependencies) Init added in v1.11.2

Init - sets up the instance according to its default field values, if any

func (*AuthHistoryDependencies) UnmarshalJSON added in v1.11.2

func (self *AuthHistoryDependencies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AuthHistoryDependencies

func (*AuthHistoryDependencies) Validate added in v1.11.2

func (self *AuthHistoryDependencies) Validate() error

Validate - checks for missing required fields, etc

type AuthorityKeyword added in v1.9.32

type AuthorityKeyword string

AuthorityKeyword - A comma separated list of authority keywords

type AuthorityKeywords added in v1.9.32

type AuthorityKeywords string

AuthorityKeywords -

type AuthorityName

type AuthorityName string

AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.

type CompoundName

type CompoundName string

CompoundName - A compound name. Most names in this API are compound names.

type DanglingPolicy

type DanglingPolicy struct {
	PolicyName EntityName `json:"policyName"`
	RoleName   EntityName `json:"roleName"`
}

DanglingPolicy - A dangling policy where the assertion is referencing a role name that doesn't exist in the domain

func NewDanglingPolicy

func NewDanglingPolicy(init ...*DanglingPolicy) *DanglingPolicy

NewDanglingPolicy - creates an initialized DanglingPolicy instance, returns a pointer to it

func (*DanglingPolicy) UnmarshalJSON

func (self *DanglingPolicy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DanglingPolicy

func (*DanglingPolicy) Validate

func (self *DanglingPolicy) Validate() error

Validate - checks for missing required fields, etc

type DefaultAdmins

type DefaultAdmins struct {

	//
	// list of domain administrators
	//
	Admins []ResourceName `json:"admins"`
}

DefaultAdmins - The list of domain administrators.

func NewDefaultAdmins

func NewDefaultAdmins(init ...*DefaultAdmins) *DefaultAdmins

NewDefaultAdmins - creates an initialized DefaultAdmins instance, returns a pointer to it

func (*DefaultAdmins) Init

func (self *DefaultAdmins) Init() *DefaultAdmins

Init - sets up the instance according to its default field values, if any

func (*DefaultAdmins) UnmarshalJSON

func (self *DefaultAdmins) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DefaultAdmins

func (*DefaultAdmins) Validate

func (self *DefaultAdmins) Validate() error

Validate - checks for missing required fields, etc

type DependentService added in v1.10.46

type DependentService struct {

	//
	// name of the service
	//
	Service ServiceName `json:"service"`
}

DependentService - Dependent service provider details

func NewDependentService added in v1.10.46

func NewDependentService(init ...*DependentService) *DependentService

NewDependentService - creates an initialized DependentService instance, returns a pointer to it

func (*DependentService) UnmarshalJSON added in v1.10.46

func (self *DependentService) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DependentService

func (*DependentService) Validate added in v1.10.46

func (self *DependentService) Validate() error

Validate - checks for missing required fields, etc

type DependentServiceResourceGroup added in v1.10.51

type DependentServiceResourceGroup struct {

	//
	// name of the service
	//
	Service ServiceName `json:"service"`

	//
	// name of the dependent domain
	//
	Domain DomainName `json:"domain"`

	//
	// registered resource groups for this service and domain
	//
	ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional" yaml:",omitempty"`
}

DependentServiceResourceGroup -

func NewDependentServiceResourceGroup added in v1.10.51

func NewDependentServiceResourceGroup(init ...*DependentServiceResourceGroup) *DependentServiceResourceGroup

NewDependentServiceResourceGroup - creates an initialized DependentServiceResourceGroup instance, returns a pointer to it

func (*DependentServiceResourceGroup) UnmarshalJSON added in v1.10.51

func (self *DependentServiceResourceGroup) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DependentServiceResourceGroup

func (*DependentServiceResourceGroup) Validate added in v1.10.51

func (self *DependentServiceResourceGroup) Validate() error

Validate - checks for missing required fields, etc

type DependentServiceResourceGroupList added in v1.10.51

type DependentServiceResourceGroupList struct {

	//
	// collection of dependent services and resource groups for tenant domain
	//
	ServiceAndResourceGroups []*DependentServiceResourceGroup `json:"serviceAndResourceGroups"`
}

DependentServiceResourceGroupList -

func NewDependentServiceResourceGroupList added in v1.10.51

func NewDependentServiceResourceGroupList(init ...*DependentServiceResourceGroupList) *DependentServiceResourceGroupList

NewDependentServiceResourceGroupList - creates an initialized DependentServiceResourceGroupList instance, returns a pointer to it

func (*DependentServiceResourceGroupList) Init added in v1.10.51

Init - sets up the instance according to its default field values, if any

func (*DependentServiceResourceGroupList) UnmarshalJSON added in v1.10.51

func (self *DependentServiceResourceGroupList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DependentServiceResourceGroupList

func (*DependentServiceResourceGroupList) Validate added in v1.10.51

func (self *DependentServiceResourceGroupList) Validate() error

Validate - checks for missing required fields, etc

type Domain

type Domain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// the common name to be referred to, the symbolic id. It is immutable
	//
	Name DomainName `json:"name"`

	//
	// the last modification timestamp of any object or attribute in this domain
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// unique identifier of the domain. generated on create, never reused
	//
	Id *rdl.UUID `json:"id,omitempty" rdl:"optional" yaml:",omitempty"`
}

Domain - A domain is an independent partition of users, roles, and resources. Its name represents the definition of a namespace; the only way a new namespace can be created, from the top, is by creating Domains. Administration of a domain is governed by the parent domain (using reverse-DNS namespaces). The top level domains are governed by the special "sys.auth" domain.

func NewDomain

func NewDomain(init ...*Domain) *Domain

NewDomain - creates an initialized Domain instance, returns a pointer to it

func (*Domain) Init

func (self *Domain) Init() *Domain

Init - sets up the instance according to its default field values, if any

func (*Domain) UnmarshalJSON

func (self *Domain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Domain

func (*Domain) Validate

func (self *Domain) Validate() error

Validate - checks for missing required fields, etc

type DomainAttributes added in v1.11.30

type DomainAttributes struct {

	//
	// timestamp when the domain object was fetched from ZMS
	//
	FetchTime int64 `json:"fetchTime"`
}

DomainAttributes - A domain attributes for the changelog support

func NewDomainAttributes added in v1.11.30

func NewDomainAttributes(init ...*DomainAttributes) *DomainAttributes

NewDomainAttributes - creates an initialized DomainAttributes instance, returns a pointer to it

func (*DomainAttributes) UnmarshalJSON added in v1.11.30

func (self *DomainAttributes) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainAttributes

func (*DomainAttributes) Validate added in v1.11.30

func (self *DomainAttributes) Validate() error

Validate - checks for missing required fields, etc

type DomainData

type DomainData struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// name of the domain
	//
	Name DomainName `json:"name"`

	//
	// list of roles in the domain
	//
	Roles []*Role `json:"roles"`

	//
	// list of policies in the domain signed with ZMS private key
	//
	Policies *SignedPolicies `json:"policies"`

	//
	// list of services in the domain
	//
	Services []*ServiceIdentity `json:"services"`

	//
	// list of entities in the domain
	//
	Entities []*Entity `json:"entities"`

	//
	// list of groups in the domain
	//
	Groups []*Group `json:"groups"`

	//
	// last modification timestamp
	//
	Modified rdl.Timestamp `json:"modified"`
}

DomainData - A domain object that includes its roles, policies and services.

func NewDomainData

func NewDomainData(init ...*DomainData) *DomainData

NewDomainData - creates an initialized DomainData instance, returns a pointer to it

func (*DomainData) Init

func (self *DomainData) Init() *DomainData

Init - sets up the instance according to its default field values, if any

func (*DomainData) UnmarshalJSON

func (self *DomainData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainData

func (*DomainData) Validate

func (self *DomainData) Validate() error

Validate - checks for missing required fields, etc

type DomainDataCheck

type DomainDataCheck struct {

	//
	// Names of roles not specified in any assertion. Might be empty or null if no
	// dangling roles.
	//
	DanglingRoles []EntityName `json:"danglingRoles,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Policy+role tuples where role doesnt exist. Might be empty or null if no
	// dangling policies.
	//
	DanglingPolicies []*DanglingPolicy `json:"danglingPolicies,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// total number of policies
	//
	PolicyCount int32 `json:"policyCount"`

	//
	// total number of assertions
	//
	AssertionCount int32 `json:"assertionCount"`

	//
	// total number of assertions containing roles as wildcards
	//
	RoleWildCardCount int32 `json:"roleWildCardCount"`

	//
	// Service names (domain.service) that dont contain trust role if this is a
	// tenant domain. Might be empty or null, if not a tenant or if all providers
	// support this tenant.
	//
	ProvidersWithoutTrust []ServiceName `json:"providersWithoutTrust,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Names of Tenant domains that dont contain assume role assertions if this is
	// a provider domain. Might be empty or null, if not a provider or if all
	// tenants support use this provider.
	//
	TenantsWithoutAssumeRole []DomainName `json:"tenantsWithoutAssumeRole,omitempty" rdl:"optional" yaml:",omitempty"`
}

DomainDataCheck - Domain data object representing the results of a check operation looking for dangling roles, policies and trust relationships that are set either on tenant or provider side only

func NewDomainDataCheck

func NewDomainDataCheck(init ...*DomainDataCheck) *DomainDataCheck

NewDomainDataCheck - creates an initialized DomainDataCheck instance, returns a pointer to it

func (*DomainDataCheck) UnmarshalJSON

func (self *DomainDataCheck) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainDataCheck

func (*DomainDataCheck) Validate

func (self *DomainDataCheck) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMember added in v1.9.32

type DomainGroupMember struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName"`

	//
	// groups for this member
	//
	MemberGroups []*GroupMember `json:"memberGroups"`
}

DomainGroupMember -

func NewDomainGroupMember added in v1.9.32

func NewDomainGroupMember(init ...*DomainGroupMember) *DomainGroupMember

NewDomainGroupMember - creates an initialized DomainGroupMember instance, returns a pointer to it

func (*DomainGroupMember) Init added in v1.9.32

func (self *DomainGroupMember) Init() *DomainGroupMember

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMember) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMember

func (*DomainGroupMember) Validate added in v1.9.32

func (self *DomainGroupMember) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMembers added in v1.9.32

type DomainGroupMembers struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// group members
	//
	Members []*DomainGroupMember `json:"members"`
}

DomainGroupMembers -

func NewDomainGroupMembers added in v1.9.32

func NewDomainGroupMembers(init ...*DomainGroupMembers) *DomainGroupMembers

NewDomainGroupMembers - creates an initialized DomainGroupMembers instance, returns a pointer to it

func (*DomainGroupMembers) Init added in v1.9.32

func (self *DomainGroupMembers) Init() *DomainGroupMembers

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMembers) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMembers) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembers

func (*DomainGroupMembers) Validate added in v1.9.32

func (self *DomainGroupMembers) Validate() error

Validate - checks for missing required fields, etc

type DomainGroupMembership added in v1.9.32

type DomainGroupMembership struct {
	DomainGroupMembersList []*DomainGroupMembers `json:"domainGroupMembersList"`
}

DomainGroupMembership -

func NewDomainGroupMembership added in v1.9.32

func NewDomainGroupMembership(init ...*DomainGroupMembership) *DomainGroupMembership

NewDomainGroupMembership - creates an initialized DomainGroupMembership instance, returns a pointer to it

func (*DomainGroupMembership) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainGroupMembership) UnmarshalJSON added in v1.9.32

func (self *DomainGroupMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembership

func (*DomainGroupMembership) Validate added in v1.9.32

func (self *DomainGroupMembership) Validate() error

Validate - checks for missing required fields, etc

type DomainList

type DomainList struct {

	//
	// list of domain names
	//
	Names []DomainName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next domain list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional" yaml:",omitempty"`
}

DomainList - A paginated list of domains.

func NewDomainList

func NewDomainList(init ...*DomainList) *DomainList

NewDomainList - creates an initialized DomainList instance, returns a pointer to it

func (*DomainList) Init

func (self *DomainList) Init() *DomainList

Init - sets up the instance according to its default field values, if any

func (*DomainList) UnmarshalJSON

func (self *DomainList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainList

func (*DomainList) Validate

func (self *DomainList) Validate() error

Validate - checks for missing required fields, etc

type DomainMeta

type DomainMeta struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`
}

DomainMeta - Set of metadata attributes that all domains may have and can be changed.

func NewDomainMeta

func NewDomainMeta(init ...*DomainMeta) *DomainMeta

NewDomainMeta - creates an initialized DomainMeta instance, returns a pointer to it

func (*DomainMeta) Init

func (self *DomainMeta) Init() *DomainMeta

Init - sets up the instance according to its default field values, if any

func (*DomainMeta) UnmarshalJSON

func (self *DomainMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMeta

func (*DomainMeta) Validate

func (self *DomainMeta) Validate() error

Validate - checks for missing required fields, etc

type DomainMetaList added in v1.9.32

type DomainMetaList struct {

	//
	// list of domain objects
	//
	Domains []*Domain `json:"domains"`
}

DomainMetaList - A list of domain objects with their meta attributes.

func NewDomainMetaList added in v1.9.32

func NewDomainMetaList(init ...*DomainMetaList) *DomainMetaList

NewDomainMetaList - creates an initialized DomainMetaList instance, returns a pointer to it

func (*DomainMetaList) Init added in v1.9.32

func (self *DomainMetaList) Init() *DomainMetaList

Init - sets up the instance according to its default field values, if any

func (*DomainMetaList) UnmarshalJSON added in v1.9.32

func (self *DomainMetaList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetaList

func (*DomainMetaList) Validate added in v1.9.32

func (self *DomainMetaList) Validate() error

Validate - checks for missing required fields, etc

type DomainMetaStoreValidValuesList added in v1.10.13

type DomainMetaStoreValidValuesList struct {

	//
	// list of valid values for attribute
	//
	ValidValues []string `json:"validValues"`
}

DomainMetaStoreValidValuesList - List of valid domain meta attribute values

func NewDomainMetaStoreValidValuesList added in v1.10.13

func NewDomainMetaStoreValidValuesList(init ...*DomainMetaStoreValidValuesList) *DomainMetaStoreValidValuesList

NewDomainMetaStoreValidValuesList - creates an initialized DomainMetaStoreValidValuesList instance, returns a pointer to it

func (*DomainMetaStoreValidValuesList) Init added in v1.10.13

Init - sets up the instance according to its default field values, if any

func (*DomainMetaStoreValidValuesList) UnmarshalJSON added in v1.10.13

func (self *DomainMetaStoreValidValuesList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetaStoreValidValuesList

func (*DomainMetaStoreValidValuesList) Validate added in v1.10.13

func (self *DomainMetaStoreValidValuesList) Validate() error

Validate - checks for missing required fields, etc

type DomainName

type DomainName string

DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.

type DomainOptions added in v1.11.31

type DomainOptions struct {

	//
	// enforce domains are associated with unique product ids
	//
	EnforceUniqueProductIds bool `json:"enforceUniqueProductIds"`

	//
	// enforce domains are associated with unique aws accounts
	//
	EnforceUniqueAWSAccounts bool `json:"enforceUniqueAWSAccounts"`

	//
	// enforce domains are associated with unique azure subscriptions
	//
	EnforceUniqueAzureSubscriptions bool `json:"enforceUniqueAzureSubscriptions"`

	//
	// enforce domains are associated with unique gcp projects
	//
	EnforceUniqueGCPProjects bool `json:"enforceUniqueGCPProjects"`
}

DomainOptions - A domain options for enforcing uniqueness checks

func NewDomainOptions added in v1.11.31

func NewDomainOptions(init ...*DomainOptions) *DomainOptions

NewDomainOptions - creates an initialized DomainOptions instance, returns a pointer to it

func (*DomainOptions) UnmarshalJSON added in v1.11.31

func (self *DomainOptions) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainOptions

func (*DomainOptions) Validate added in v1.11.31

func (self *DomainOptions) Validate() error

Validate - checks for missing required fields, etc

type DomainPolicies

type DomainPolicies struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// list of policies defined in this server
	//
	Policies []*Policy `json:"policies"`
}

DomainPolicies - We need to include the name of the domain in this struct since this data will be passed back to ZPU through ZTS so we need to sign not only the list of policies but also the corresponding domain name that the policies belong to.

func NewDomainPolicies

func NewDomainPolicies(init ...*DomainPolicies) *DomainPolicies

NewDomainPolicies - creates an initialized DomainPolicies instance, returns a pointer to it

func (*DomainPolicies) Init

func (self *DomainPolicies) Init() *DomainPolicies

Init - sets up the instance according to its default field values, if any

func (*DomainPolicies) UnmarshalJSON

func (self *DomainPolicies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainPolicies

func (*DomainPolicies) Validate

func (self *DomainPolicies) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMember added in v1.9.32

type DomainRoleMember struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// roles for this member
	//
	MemberRoles []*MemberRole `json:"memberRoles"`
}

DomainRoleMember -

func NewDomainRoleMember added in v1.9.32

func NewDomainRoleMember(init ...*DomainRoleMember) *DomainRoleMember

NewDomainRoleMember - creates an initialized DomainRoleMember instance, returns a pointer to it

func (*DomainRoleMember) Init added in v1.9.32

func (self *DomainRoleMember) Init() *DomainRoleMember

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMember) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMember

func (*DomainRoleMember) Validate added in v1.9.32

func (self *DomainRoleMember) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMembers added in v1.9.32

type DomainRoleMembers struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// role members
	//
	Members []*DomainRoleMember `json:"members"`
}

DomainRoleMembers -

func NewDomainRoleMembers added in v1.9.32

func NewDomainRoleMembers(init ...*DomainRoleMembers) *DomainRoleMembers

NewDomainRoleMembers - creates an initialized DomainRoleMembers instance, returns a pointer to it

func (*DomainRoleMembers) Init added in v1.9.32

func (self *DomainRoleMembers) Init() *DomainRoleMembers

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMembers) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMembers) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembers

func (*DomainRoleMembers) Validate added in v1.9.32

func (self *DomainRoleMembers) Validate() error

Validate - checks for missing required fields, etc

type DomainRoleMembership added in v1.9.32

type DomainRoleMembership struct {
	DomainRoleMembersList []*DomainRoleMembers `json:"domainRoleMembersList"`
}

DomainRoleMembership -

func NewDomainRoleMembership added in v1.9.32

func NewDomainRoleMembership(init ...*DomainRoleMembership) *DomainRoleMembership

NewDomainRoleMembership - creates an initialized DomainRoleMembership instance, returns a pointer to it

func (*DomainRoleMembership) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainRoleMembership) UnmarshalJSON added in v1.9.32

func (self *DomainRoleMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembership

func (*DomainRoleMembership) Validate added in v1.9.32

func (self *DomainRoleMembership) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplate

type DomainTemplate struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`

	//
	// optional template parameters
	//
	Params []*TemplateParam `json:"params,omitempty" rdl:"optional" yaml:",omitempty"`
}

DomainTemplate - solution template(s) to be applied to a domain

func NewDomainTemplate

func NewDomainTemplate(init ...*DomainTemplate) *DomainTemplate

NewDomainTemplate - creates an initialized DomainTemplate instance, returns a pointer to it

func (*DomainTemplate) Init

func (self *DomainTemplate) Init() *DomainTemplate

Init - sets up the instance according to its default field values, if any

func (*DomainTemplate) UnmarshalJSON

func (self *DomainTemplate) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplate

func (*DomainTemplate) Validate

func (self *DomainTemplate) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplateDetailsList added in v1.9.32

type DomainTemplateDetailsList struct {

	//
	// list of template metadata
	//
	MetaData []*TemplateMetaData `json:"metaData"`
}

DomainTemplateDetailsList - List of templates with metadata details given a domain

func NewDomainTemplateDetailsList added in v1.9.32

func NewDomainTemplateDetailsList(init ...*DomainTemplateDetailsList) *DomainTemplateDetailsList

NewDomainTemplateDetailsList - creates an initialized DomainTemplateDetailsList instance, returns a pointer to it

func (*DomainTemplateDetailsList) Init added in v1.9.32

Init - sets up the instance according to its default field values, if any

func (*DomainTemplateDetailsList) UnmarshalJSON added in v1.9.32

func (self *DomainTemplateDetailsList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateDetailsList

func (*DomainTemplateDetailsList) Validate added in v1.9.32

func (self *DomainTemplateDetailsList) Validate() error

Validate - checks for missing required fields, etc

type DomainTemplateList

type DomainTemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

DomainTemplateList - List of solution templates to be applied to a domain

func NewDomainTemplateList

func NewDomainTemplateList(init ...*DomainTemplateList) *DomainTemplateList

NewDomainTemplateList - creates an initialized DomainTemplateList instance, returns a pointer to it

func (*DomainTemplateList) Init

func (self *DomainTemplateList) Init() *DomainTemplateList

Init - sets up the instance according to its default field values, if any

func (*DomainTemplateList) UnmarshalJSON

func (self *DomainTemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateList

func (*DomainTemplateList) Validate

func (self *DomainTemplateList) Validate() error

Validate - checks for missing required fields, etc

type Entity

type Entity struct {

	//
	// name of the entity object
	//
	Name ResourceName `json:"name"`

	//
	// value of the entity
	//
	Value rdl.Struct `json:"value"`
}

Entity - An entity is a name and a structured value. some entity names/prefixes are reserved (i.e. "role", "policy", "meta", "domain", "service")

func NewEntity

func NewEntity(init ...*Entity) *Entity

NewEntity - creates an initialized Entity instance, returns a pointer to it

func (*Entity) Init

func (self *Entity) Init() *Entity

Init - sets up the instance according to its default field values, if any

func (*Entity) UnmarshalJSON

func (self *Entity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Entity

func (*Entity) Validate

func (self *Entity) Validate() error

Validate - checks for missing required fields, etc

type EntityList

type EntityList struct {

	//
	// list of entity names
	//
	Names []EntityName `json:"names"`
}

EntityList - The representation for an enumeration of entities in the namespace

func NewEntityList

func NewEntityList(init ...*EntityList) *EntityList

NewEntityList - creates an initialized EntityList instance, returns a pointer to it

func (*EntityList) Init

func (self *EntityList) Init() *EntityList

Init - sets up the instance according to its default field values, if any

func (*EntityList) UnmarshalJSON

func (self *EntityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a EntityList

func (*EntityList) Validate

func (self *EntityList) Validate() error

Validate - checks for missing required fields, etc

type EntityName

type EntityName string

EntityName - An entity name is a short form of a resource name, including only the domain and entity.

type ExpiredMembers added in v1.11.8

type ExpiredMembers struct {

	//
	// list of deleted expired role members
	//
	ExpiredRoleMembers []*ExpiryMember `json:"expiredRoleMembers"`

	//
	// list of deleted expired groups members
	//
	ExpiredGroupMembers []*ExpiryMember `json:"expiredGroupMembers"`
}

ExpiredMembers -

func NewExpiredMembers added in v1.11.8

func NewExpiredMembers(init ...*ExpiredMembers) *ExpiredMembers

NewExpiredMembers - creates an initialized ExpiredMembers instance, returns a pointer to it

func (*ExpiredMembers) Init added in v1.11.8

func (self *ExpiredMembers) Init() *ExpiredMembers

Init - sets up the instance according to its default field values, if any

func (*ExpiredMembers) UnmarshalJSON added in v1.11.8

func (self *ExpiredMembers) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ExpiredMembers

func (*ExpiredMembers) Validate added in v1.11.8

func (self *ExpiredMembers) Validate() error

Validate - checks for missing required fields, etc

type ExpiryMember added in v1.11.8

type ExpiryMember struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// name of the collection
	//
	CollectionName EntityName `json:"collectionName"`

	//
	// name of the principal
	//
	PrincipalName ResourceName `json:"principalName"`

	//
	// the expiration timestamp
	//
	Expiration rdl.Timestamp `json:"expiration"`
}

ExpiryMember -

func NewExpiryMember added in v1.11.8

func NewExpiryMember(init ...*ExpiryMember) *ExpiryMember

NewExpiryMember - creates an initialized ExpiryMember instance, returns a pointer to it

func (*ExpiryMember) UnmarshalJSON added in v1.11.8

func (self *ExpiryMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ExpiryMember

func (*ExpiryMember) Validate added in v1.11.8

func (self *ExpiryMember) Validate() error

Validate - checks for missing required fields, etc

type Group added in v1.9.32

type Group struct {

	//
	// Flag indicates whether or not group allows self service. Users can add
	// themselves in the group, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not group updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the group will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the group will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not group updates should require GRC approval. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// If true, ask for delete confirmation in audit and review enabled groups.
	//
	DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// last review timestamp of the group
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether to allow expired members to renew their membership
	//
	SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Number of minutes members can renew their membership if self review option
	// is enabled
	//
	SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Maximum number of members allowed in the group
	//
	MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the group (read-only attribute)
	//
	ResourceOwnership *ResourceGroupOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on configured principal domains
	//
	PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"`

	//
	// name of the group
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of the group
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// members with expiration
	//
	GroupMembers []*GroupMember `json:"groupMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// an audit log for group membership changes
	//
	AuditLog []*GroupAuditLog `json:"auditLog,omitempty" rdl:"optional" yaml:",omitempty"`
}

Group - The representation for a Group with set of members.

func NewGroup added in v1.9.32

func NewGroup(init ...*Group) *Group

NewGroup - creates an initialized Group instance, returns a pointer to it

func (*Group) UnmarshalJSON added in v1.9.32

func (self *Group) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Group

func (*Group) Validate added in v1.9.32

func (self *Group) Validate() error

Validate - checks for missing required fields, etc

type GroupAuditLog added in v1.9.32

type GroupAuditLog struct {

	//
	// name of the group member
	//
	Member GroupMemberName `json:"member"`

	//
	// name of the principal executing the change
	//
	Admin ResourceName `json:"admin"`

	//
	// timestamp of the entry
	//
	Created rdl.Timestamp `json:"created"`

	//
	// log action - e.g. add, delete, approve, etc
	//
	Action string `json:"action"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`
}

GroupAuditLog - An audit log entry for group membership change.

func NewGroupAuditLog added in v1.9.32

func NewGroupAuditLog(init ...*GroupAuditLog) *GroupAuditLog

NewGroupAuditLog - creates an initialized GroupAuditLog instance, returns a pointer to it

func (*GroupAuditLog) UnmarshalJSON added in v1.9.32

func (self *GroupAuditLog) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupAuditLog

func (*GroupAuditLog) Validate added in v1.9.32

func (self *GroupAuditLog) Validate() error

Validate - checks for missing required fields, etc

type GroupMember added in v1.9.32

type GroupMember struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the group
	//
	GroupName ResourceName `json:"groupName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled groups ) or by domain admins ( in case of selfserve
	// groups )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, time when last notification was sent
	//
	LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, time when last notification was sent (for
	// file store)
	//
	ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// user disabled by system based on configured group setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// server use only - principal type: unknown(0), user(1) or service(2)
	//
	PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request state - e.g. add, delete
	//
	PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member
	// review/approval/expiry
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`
}

GroupMember -

func NewGroupMember added in v1.9.32

func NewGroupMember(init ...*GroupMember) *GroupMember

NewGroupMember - creates an initialized GroupMember instance, returns a pointer to it

func (*GroupMember) Init added in v1.9.32

func (self *GroupMember) Init() *GroupMember

Init - sets up the instance according to its default field values, if any

func (*GroupMember) UnmarshalJSON added in v1.9.32

func (self *GroupMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMember

func (*GroupMember) Validate added in v1.9.32

func (self *GroupMember) Validate() error

Validate - checks for missing required fields, etc

type GroupMemberName added in v1.9.32

type GroupMemberName string

GroupMemberName - A group member name

type GroupMembership added in v1.9.32

type GroupMembership struct {

	//
	// name of the member
	//
	MemberName GroupMemberName `json:"memberName"`

	//
	// flag to indicate whether or the user is a member or not
	//
	IsMember *bool `json:"isMember,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the group
	//
	GroupName ResourceName `json:"groupName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled groups ) or by domain admins ( in case of selfserve
	// groups )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// user disabled by system based on configured group setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request state - e.g. add, delete
	//
	PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"`
}

GroupMembership - The representation for a group membership.

func NewGroupMembership added in v1.9.32

func NewGroupMembership(init ...*GroupMembership) *GroupMembership

NewGroupMembership - creates an initialized GroupMembership instance, returns a pointer to it

func (*GroupMembership) Init added in v1.9.32

func (self *GroupMembership) Init() *GroupMembership

Init - sets up the instance according to its default field values, if any

func (*GroupMembership) UnmarshalJSON added in v1.9.32

func (self *GroupMembership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMembership

func (*GroupMembership) Validate added in v1.9.32

func (self *GroupMembership) Validate() error

Validate - checks for missing required fields, etc

type GroupMeta added in v1.9.32

type GroupMeta struct {

	//
	// Flag indicates whether or not group allows self service. Users can add
	// themselves in the group, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not group updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the group will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the group will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not group updates should require GRC approval. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// If true, ask for delete confirmation in audit and review enabled groups.
	//
	DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// last review timestamp of the group
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether to allow expired members to renew their membership
	//
	SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Number of minutes members can renew their membership if self review option
	// is enabled
	//
	SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Maximum number of members allowed in the group
	//
	MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the group (read-only attribute)
	//
	ResourceOwnership *ResourceGroupOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on configured principal domains
	//
	PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"`
}

GroupMeta - Set of metadata attributes that all groups may have and can be changed by domain admins.

func NewGroupMeta added in v1.9.32

func NewGroupMeta(init ...*GroupMeta) *GroupMeta

NewGroupMeta - creates an initialized GroupMeta instance, returns a pointer to it

func (*GroupMeta) UnmarshalJSON added in v1.9.32

func (self *GroupMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupMeta

func (*GroupMeta) Validate added in v1.9.32

func (self *GroupMeta) Validate() error

Validate - checks for missing required fields, etc

type GroupName added in v1.9.32

type GroupName string

GroupName - A group name

type GroupSystemMeta added in v1.9.32

type GroupSystemMeta struct {

	//
	// Flag indicates whether or not group updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`
}

GroupSystemMeta - Set of system metadata attributes that all groups may have and can be changed by system admins.

func NewGroupSystemMeta added in v1.9.32

func NewGroupSystemMeta(init ...*GroupSystemMeta) *GroupSystemMeta

NewGroupSystemMeta - creates an initialized GroupSystemMeta instance, returns a pointer to it

func (*GroupSystemMeta) UnmarshalJSON added in v1.9.32

func (self *GroupSystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a GroupSystemMeta

func (*GroupSystemMeta) Validate added in v1.9.32

func (self *GroupSystemMeta) Validate() error

Validate - checks for missing required fields, etc

type Groups added in v1.9.32

type Groups struct {

	//
	// list of group objects
	//
	List []*Group `json:"list"`
}

Groups - The representation for a list of groups with full details

func NewGroups added in v1.9.32

func NewGroups(init ...*Groups) *Groups

NewGroups - creates an initialized Groups instance, returns a pointer to it

func (*Groups) Init added in v1.9.32

func (self *Groups) Init() *Groups

Init - sets up the instance according to its default field values, if any

func (*Groups) UnmarshalJSON added in v1.9.32

func (self *Groups) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Groups

func (*Groups) Validate added in v1.9.32

func (self *Groups) Validate() error

Validate - checks for missing required fields, etc

type Info added in v1.11.1

type Info struct {

	//
	// jdk build version
	//
	BuildJdkSpec string `json:"buildJdkSpec" rdl:"optional" yaml:",omitempty"`

	//
	// implementation title - e.g. athenz-zms-server
	//
	ImplementationTitle string `json:"implementationTitle" rdl:"optional" yaml:",omitempty"`

	//
	// implementation version - e.g. 1.11.1
	//
	ImplementationVersion string `json:"implementationVersion" rdl:"optional" yaml:",omitempty"`

	//
	// implementation vendor - Athenz
	//
	ImplementationVendor string `json:"implementationVendor" rdl:"optional" yaml:",omitempty"`
}

Info - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The representation for an info object

func NewInfo added in v1.11.1

func NewInfo(init ...*Info) *Info

NewInfo - creates an initialized Info instance, returns a pointer to it

func (*Info) UnmarshalJSON added in v1.11.1

func (self *Info) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Info

func (*Info) Validate added in v1.11.1

func (self *Info) Validate() error

Validate - checks for missing required fields, etc

type JWSDomain added in v1.9.32

type JWSDomain struct {
	Payload   string            `json:"payload"`
	Protected string            `json:"protected"`
	Header    map[string]string `json:"header"`
	Signature string            `json:"signature"`
}

JWSDomain - SignedDomain using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2

func NewJWSDomain added in v1.9.32

func NewJWSDomain(init ...*JWSDomain) *JWSDomain

NewJWSDomain - creates an initialized JWSDomain instance, returns a pointer to it

func (*JWSDomain) Init added in v1.9.32

func (self *JWSDomain) Init() *JWSDomain

Init - sets up the instance according to its default field values, if any

func (*JWSDomain) UnmarshalJSON added in v1.9.32

func (self *JWSDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWSDomain

func (*JWSDomain) Validate added in v1.9.32

func (self *JWSDomain) Validate() error

Validate - checks for missing required fields, etc

type LocationName

type LocationName string

LocationName - A location name is not yet defined, but will be a dotted name like everything else.

type MemberName added in v1.7.3

type MemberName string

MemberName - Role Member name - could be one of four values: *, DomainName.* or ServiceName[*], or GroupNames

type MemberRole added in v1.9.32

type MemberRole struct {

	//
	// name of the role
	//
	RoleName ResourceName `json:"roleName"`

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal EntityName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request state - e.g. add, delete
	//
	PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"`

	//
	// name of the role that handles the membership delegation for the role
	// specified in roleName
	//
	TrustRoleName ResourceName `json:"trustRoleName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member
	// review/approval/expiry
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`
}

MemberRole -

func NewMemberRole added in v1.9.32

func NewMemberRole(init ...*MemberRole) *MemberRole

NewMemberRole - creates an initialized MemberRole instance, returns a pointer to it

func (*MemberRole) Init added in v1.9.32

func (self *MemberRole) Init() *MemberRole

Init - sets up the instance according to its default field values, if any

func (*MemberRole) UnmarshalJSON added in v1.9.32

func (self *MemberRole) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a MemberRole

func (*MemberRole) Validate added in v1.9.32

func (self *MemberRole) Validate() error

Validate - checks for missing required fields, etc

type Membership

type Membership struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// flag to indicate whether or the user is a member or not
	//
	IsMember *bool `json:"isMember,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the role
	//
	RoleName ResourceName `json:"roleName,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled roles ) or by domain admins ( in case of selfserve roles
	// )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request state - e.g. add, delete
	//
	PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"`
}

Membership - The representation for a role membership.

func NewMembership

func NewMembership(init ...*Membership) *Membership

NewMembership - creates an initialized Membership instance, returns a pointer to it

func (*Membership) Init

func (self *Membership) Init() *Membership

Init - sets up the instance according to its default field values, if any

func (*Membership) UnmarshalJSON

func (self *Membership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Membership

func (*Membership) Validate

func (self *Membership) Validate() error

Validate - checks for missing required fields, etc

type Policies

type Policies struct {

	//
	// list of policy objects
	//
	List []*Policy `json:"list"`
}

Policies - The representation of list of policy objects

func NewPolicies

func NewPolicies(init ...*Policies) *Policies

NewPolicies - creates an initialized Policies instance, returns a pointer to it

func (*Policies) Init

func (self *Policies) Init() *Policies

Init - sets up the instance according to its default field values, if any

func (*Policies) UnmarshalJSON

func (self *Policies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policies

func (*Policies) Validate

func (self *Policies) Validate() error

Validate - checks for missing required fields, etc

type Policy

type Policy struct {

	//
	// name of the policy
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of this policy
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of defined assertions for this policy
	//
	Assertions []*Assertion `json:"assertions"`

	//
	// If true, we should store action and resource in their original case
	//
	CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// optional version string, defaults to 0
	//
	Version SimpleName `json:"version,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// if multi-version policy then indicates active version
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// a description of the policy
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the policy (read-only attribute)
	//
	ResourceOwnership *ResourcePolicyOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`
}

Policy - The representation for a Policy with set of assertions.

func NewPolicy

func NewPolicy(init ...*Policy) *Policy

NewPolicy - creates an initialized Policy instance, returns a pointer to it

func (*Policy) Init

func (self *Policy) Init() *Policy

Init - sets up the instance according to its default field values, if any

func (*Policy) UnmarshalJSON

func (self *Policy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policy

func (*Policy) Validate

func (self *Policy) Validate() error

Validate - checks for missing required fields, etc

type PolicyList

type PolicyList struct {

	//
	// list of policy names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next policy list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional" yaml:",omitempty"`
}

PolicyList - The representation for an enumeration of policies in the namespace, with pagination.

func NewPolicyList

func NewPolicyList(init ...*PolicyList) *PolicyList

NewPolicyList - creates an initialized PolicyList instance, returns a pointer to it

func (*PolicyList) Init

func (self *PolicyList) Init() *PolicyList

Init - sets up the instance according to its default field values, if any

func (*PolicyList) UnmarshalJSON

func (self *PolicyList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyList

func (*PolicyList) Validate

func (self *PolicyList) Validate() error

Validate - checks for missing required fields, etc

type PolicyOptions added in v1.10.33

type PolicyOptions struct {

	//
	// policy version
	//
	Version SimpleName `json:"version"`

	//
	// optional source version used when creating a new version, defaults to 0
	//
	FromVersion SimpleName `json:"fromVersion,omitempty" rdl:"optional" yaml:",omitempty"`
}

PolicyOptions - Options for Policy Management Requests

func NewPolicyOptions added in v1.10.33

func NewPolicyOptions(init ...*PolicyOptions) *PolicyOptions

NewPolicyOptions - creates an initialized PolicyOptions instance, returns a pointer to it

func (*PolicyOptions) UnmarshalJSON added in v1.10.33

func (self *PolicyOptions) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyOptions

func (*PolicyOptions) Validate added in v1.10.33

func (self *PolicyOptions) Validate() error

Validate - checks for missing required fields, etc

type PrincipalMember added in v1.11.59

type PrincipalMember struct {

	//
	// name of the principal
	//
	PrincipalName MemberName `json:"principalName"`

	//
	// current system suspended state of the principal
	//
	SuspendedState int32 `json:"suspendedState"`
}

PrincipalMember -

func NewPrincipalMember added in v1.11.59

func NewPrincipalMember(init ...*PrincipalMember) *PrincipalMember

NewPrincipalMember - creates an initialized PrincipalMember instance, returns a pointer to it

func (*PrincipalMember) UnmarshalJSON added in v1.11.59

func (self *PrincipalMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PrincipalMember

func (*PrincipalMember) Validate added in v1.11.59

func (self *PrincipalMember) Validate() error

Validate - checks for missing required fields, etc

type PrincipalState added in v1.11.59

type PrincipalState struct {

	//
	// athenz suspended state for the principal
	//
	Suspended bool `json:"suspended"`
}

PrincipalState - A principal state entry

func NewPrincipalState added in v1.11.59

func NewPrincipalState(init ...*PrincipalState) *PrincipalState

NewPrincipalState - creates an initialized PrincipalState instance, returns a pointer to it

func (*PrincipalState) UnmarshalJSON added in v1.11.59

func (self *PrincipalState) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PrincipalState

func (*PrincipalState) Validate added in v1.11.59

func (self *PrincipalState) Validate() error

Validate - checks for missing required fields, etc

type ProviderResourceGroupRoles

type ProviderResourceGroupRoles struct {

	//
	// name of the provider domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the provider service
	//
	Service SimpleName `json:"service"`

	//
	// name of the tenant domain
	//
	Tenant DomainName `json:"tenant"`

	//
	// the role/action pairs to provision
	//
	Roles []*TenantRoleAction `json:"roles"`

	//
	// tenant resource group
	//
	ResourceGroup EntityName `json:"resourceGroup"`

	//
	// optional flag indicating whether to create a default tenancy admin role
	//
	CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// optional flag indicating to skip adding the caller principal into the
	// resource role
	//
	SkipPrincipalMember *bool `json:"skipPrincipalMember,omitempty" rdl:"optional" yaml:",omitempty"`
}

ProviderResourceGroupRoles - A representation of provider roles to be provisioned.

func NewProviderResourceGroupRoles

func NewProviderResourceGroupRoles(init ...*ProviderResourceGroupRoles) *ProviderResourceGroupRoles

NewProviderResourceGroupRoles - creates an initialized ProviderResourceGroupRoles instance, returns a pointer to it

func (*ProviderResourceGroupRoles) Init

Init - sets up the instance according to its default field values, if any

func (*ProviderResourceGroupRoles) UnmarshalJSON

func (self *ProviderResourceGroupRoles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ProviderResourceGroupRoles

func (*ProviderResourceGroupRoles) Validate

func (self *ProviderResourceGroupRoles) Validate() error

Validate - checks for missing required fields, etc

type PublicKeyEntry

type PublicKeyEntry struct {

	//
	// the public key for the service
	//
	Key string `json:"key"`

	//
	// the key identifier (version or zone name)
	//
	Id string `json:"id"`
}

PublicKeyEntry - The representation of the public key in a service identity object.

func NewPublicKeyEntry

func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry

NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it

func (*PublicKeyEntry) UnmarshalJSON

func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry

func (*PublicKeyEntry) Validate

func (self *PublicKeyEntry) Validate() error

Validate - checks for missing required fields, etc

type Quota added in v1.7.19

type Quota struct {

	//
	// name of the domain object
	//
	Name DomainName `json:"name"`

	//
	// number of subdomains allowed (applied at top level domain level)
	//
	Subdomain int32 `json:"subdomain"`

	//
	// number of roles allowed
	//
	Role int32 `json:"role"`

	//
	// number of members a role may have
	//
	RoleMember int32 `json:"roleMember"`

	//
	// number of policies allowed
	//
	Policy int32 `json:"policy"`

	//
	// total number of assertions a policy may have
	//
	Assertion int32 `json:"assertion"`

	//
	// total number of entity objects
	//
	Entity int32 `json:"entity"`

	//
	// number of services allowed
	//
	Service int32 `json:"service"`

	//
	// number of hosts allowed per service
	//
	ServiceHost int32 `json:"serviceHost"`

	//
	// number of public keys per service
	//
	PublicKey int32 `json:"publicKey"`

	//
	// number of groups per domain
	//
	Group int32 `json:"group"`

	//
	// number of members a group may have
	//
	GroupMember int32 `json:"groupMember"`

	//
	// the last modification timestamp of the quota object
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`
}

Quota - The representation for a quota object

func NewQuota added in v1.7.19

func NewQuota(init ...*Quota) *Quota

NewQuota - creates an initialized Quota instance, returns a pointer to it

func (*Quota) UnmarshalJSON added in v1.7.19

func (self *Quota) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Quota

func (*Quota) Validate added in v1.7.19

func (self *Quota) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccess

type ResourceAccess struct {
	Principal  ResourceName `json:"principal"`
	Assertions []*Assertion `json:"assertions"`
}

ResourceAccess -

func NewResourceAccess

func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess

NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it

func (*ResourceAccess) Init

func (self *ResourceAccess) Init() *ResourceAccess

Init - sets up the instance according to its default field values, if any

func (*ResourceAccess) UnmarshalJSON

func (self *ResourceAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess

func (*ResourceAccess) Validate

func (self *ResourceAccess) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccessList

type ResourceAccessList struct {
	Resources []*ResourceAccess `json:"resources"`
}

ResourceAccessList -

func NewResourceAccessList

func NewResourceAccessList(init ...*ResourceAccessList) *ResourceAccessList

NewResourceAccessList - creates an initialized ResourceAccessList instance, returns a pointer to it

func (*ResourceAccessList) Init

func (self *ResourceAccessList) Init() *ResourceAccessList

Init - sets up the instance according to its default field values, if any

func (*ResourceAccessList) UnmarshalJSON

func (self *ResourceAccessList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccessList

func (*ResourceAccessList) Validate

func (self *ResourceAccessList) Validate() error

Validate - checks for missing required fields, etc

type ResourceDomainOwnership added in v1.11.55

type ResourceDomainOwnership struct {

	//
	// owner of the object's meta attribute
	//
	MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object itself - checked for object deletion
	//
	ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"`
}

ResourceDomainOwnership - The representation of the domain ownership object

func NewResourceDomainOwnership added in v1.11.55

func NewResourceDomainOwnership(init ...*ResourceDomainOwnership) *ResourceDomainOwnership

NewResourceDomainOwnership - creates an initialized ResourceDomainOwnership instance, returns a pointer to it

func (*ResourceDomainOwnership) UnmarshalJSON added in v1.11.55

func (self *ResourceDomainOwnership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceDomainOwnership

func (*ResourceDomainOwnership) Validate added in v1.11.55

func (self *ResourceDomainOwnership) Validate() error

Validate - checks for missing required fields, etc

type ResourceGroupOwnership added in v1.11.55

type ResourceGroupOwnership struct {

	//
	// owner of the object's meta attribute
	//
	MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object's members attribute
	//
	MembersOwner SimpleName `json:"membersOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object itself - checked for object deletion
	//
	ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"`
}

ResourceGroupOwnership - The representation of the group ownership object

func NewResourceGroupOwnership added in v1.11.55

func NewResourceGroupOwnership(init ...*ResourceGroupOwnership) *ResourceGroupOwnership

NewResourceGroupOwnership - creates an initialized ResourceGroupOwnership instance, returns a pointer to it

func (*ResourceGroupOwnership) UnmarshalJSON added in v1.11.55

func (self *ResourceGroupOwnership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceGroupOwnership

func (*ResourceGroupOwnership) Validate added in v1.11.55

func (self *ResourceGroupOwnership) Validate() error

Validate - checks for missing required fields, etc

type ResourceName

type ResourceName string

ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.

type ResourceNames added in v1.9.32

type ResourceNames string

ResourceNames - A comma separated list of resource names

type ResourcePolicyOwnership added in v1.11.55

type ResourcePolicyOwnership struct {

	//
	// owner of the object's assertions attribute
	//
	AssertionsOwner SimpleName `json:"assertionsOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object itself - checked for object deletion
	//
	ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"`
}

ResourcePolicyOwnership - The representation of the policy ownership object

func NewResourcePolicyOwnership added in v1.11.55

func NewResourcePolicyOwnership(init ...*ResourcePolicyOwnership) *ResourcePolicyOwnership

NewResourcePolicyOwnership - creates an initialized ResourcePolicyOwnership instance, returns a pointer to it

func (*ResourcePolicyOwnership) UnmarshalJSON added in v1.11.55

func (self *ResourcePolicyOwnership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourcePolicyOwnership

func (*ResourcePolicyOwnership) Validate added in v1.11.55

func (self *ResourcePolicyOwnership) Validate() error

Validate - checks for missing required fields, etc

type ResourceRoleOwnership added in v1.11.55

type ResourceRoleOwnership struct {

	//
	// owner of the object's meta attribute
	//
	MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object's members attribute
	//
	MembersOwner SimpleName `json:"membersOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object itself - checked for object deletion
	//
	ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"`
}

ResourceRoleOwnership - The representation of the role ownership object

func NewResourceRoleOwnership added in v1.11.55

func NewResourceRoleOwnership(init ...*ResourceRoleOwnership) *ResourceRoleOwnership

NewResourceRoleOwnership - creates an initialized ResourceRoleOwnership instance, returns a pointer to it

func (*ResourceRoleOwnership) UnmarshalJSON added in v1.11.55

func (self *ResourceRoleOwnership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceRoleOwnership

func (*ResourceRoleOwnership) Validate added in v1.11.55

func (self *ResourceRoleOwnership) Validate() error

Validate - checks for missing required fields, etc

type ResourceServiceIdentityOwnership added in v1.11.55

type ResourceServiceIdentityOwnership struct {

	//
	// owner of the object's public keys attribute
	//
	PublicKeysOwner SimpleName `json:"publicKeysOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object's host list attribute
	//
	HostsOwner SimpleName `json:"hostsOwner,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// owner of the object itself - checked for object deletion
	//
	ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"`
}

ResourceServiceIdentityOwnership - The representation of the service identity ownership object

func NewResourceServiceIdentityOwnership added in v1.11.55

func NewResourceServiceIdentityOwnership(init ...*ResourceServiceIdentityOwnership) *ResourceServiceIdentityOwnership

NewResourceServiceIdentityOwnership - creates an initialized ResourceServiceIdentityOwnership instance, returns a pointer to it

func (*ResourceServiceIdentityOwnership) UnmarshalJSON added in v1.11.55

func (self *ResourceServiceIdentityOwnership) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceServiceIdentityOwnership

func (*ResourceServiceIdentityOwnership) Validate added in v1.11.55

func (self *ResourceServiceIdentityOwnership) Validate() error

Validate - checks for missing required fields, etc

type ReviewObject added in v1.11.44

type ReviewObject struct {

	//
	// name of the domain
	//
	DomainName DomainName `json:"domainName"`

	//
	// name of the role and/or group
	//
	Name EntityName `json:"name"`

	//
	// all user members in the object have specified max expiry days
	//
	MemberExpiryDays int32 `json:"memberExpiryDays"`

	//
	// all user members in the object have specified max review days
	//
	MemberReviewDays int32 `json:"memberReviewDays"`

	//
	// all services in the object have specified max expiry days
	//
	ServiceExpiryDays int32 `json:"serviceExpiryDays"`

	//
	// all services in the object have specified max review days
	//
	ServiceReviewDays int32 `json:"serviceReviewDays"`

	//
	// all groups in the object have specified max expiry days
	//
	GroupExpiryDays int32 `json:"groupExpiryDays"`

	//
	// all groups in the object have specified max review days
	//
	GroupReviewDays int32 `json:"groupReviewDays"`

	//
	// last review timestamp of the object
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// creation time of the object
	//
	Created rdl.Timestamp `json:"created"`
}

ReviewObject - Details for the roles and/or groups that need to be reviewed

func NewReviewObject added in v1.11.44

func NewReviewObject(init ...*ReviewObject) *ReviewObject

NewReviewObject - creates an initialized ReviewObject instance, returns a pointer to it

func (*ReviewObject) UnmarshalJSON added in v1.11.44

func (self *ReviewObject) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ReviewObject

func (*ReviewObject) Validate added in v1.11.44

func (self *ReviewObject) Validate() error

Validate - checks for missing required fields, etc

type ReviewObjects added in v1.11.44

type ReviewObjects struct {

	//
	// list of review objects
	//
	List []*ReviewObject `json:"list"`
}

ReviewObjects - The representation for a list of objects with full details

func NewReviewObjects added in v1.11.44

func NewReviewObjects(init ...*ReviewObjects) *ReviewObjects

NewReviewObjects - creates an initialized ReviewObjects instance, returns a pointer to it

func (*ReviewObjects) Init added in v1.11.44

func (self *ReviewObjects) Init() *ReviewObjects

Init - sets up the instance according to its default field values, if any

func (*ReviewObjects) UnmarshalJSON added in v1.11.44

func (self *ReviewObjects) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ReviewObjects

func (*ReviewObjects) Validate added in v1.11.44

func (self *ReviewObjects) Validate() error

Validate - checks for missing required fields, etc

type Role

type Role struct {

	//
	// Flag indicates whether or not role allows self service. Users can add
	// themselves in the role, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the role will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this role will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// certs issued for this role will have specified max timeout in mins
	//
	CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the role will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the role will have specified max review days
	//
	MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the role will have specified max review days
	//
	ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not role updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max review days
	//
	GroupReviewDays *int32 `json:"groupReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// a description of the role
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not role updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// If true, ask for delete confirmation in audit and review enabled roles.
	//
	DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// last review timestamp of the role
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether to allow expired members to renew their membership
	//
	SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Number of minutes members can renew their membership if self review option
	// is enabled
	//
	SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Maximum number of members allowed in the group
	//
	MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the role (read-only attribute)
	//
	ResourceOwnership *ResourceRoleOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on configured principal domains
	//
	PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"`

	//
	// name of the role
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of the role
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// deprecated and not used
	//
	Members []MemberName `json:"members,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// members with expiration and other member attributes. might be empty or
	// null, if trust is set
	//
	RoleMembers []*RoleMember `json:"roleMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// a trusted domain to delegate membership decisions to
	//
	Trust DomainName `json:"trust,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// an audit log for role membership changes
	//
	AuditLog []*RoleAuditLog `json:"auditLog,omitempty" rdl:"optional" yaml:",omitempty"`
}

Role - The representation for a Role with set of members. The members (Array<MemberName>) field is deprecated and not used in role objects since it incorrectly lists all the members in the role without taking into account if the member is expired or possibly disabled. Thus, using this attribute will result in incorrect authorization checks by the client and, thus, it's no longer being populated. All applications must use the roleMembers field and take into account all the attributes of the member.

func NewRole

func NewRole(init ...*Role) *Role

NewRole - creates an initialized Role instance, returns a pointer to it

func (*Role) UnmarshalJSON

func (self *Role) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Role

func (*Role) Validate

func (self *Role) Validate() error

Validate - checks for missing required fields, etc

type RoleAuditLog

type RoleAuditLog struct {

	//
	// name of the role member
	//
	Member MemberName `json:"member"`

	//
	// name of the principal executing the change
	//
	Admin ResourceName `json:"admin"`

	//
	// timestamp of the entry
	//
	Created rdl.Timestamp `json:"created"`

	//
	// log action - e.g. add, delete, approve, etc
	//
	Action string `json:"action"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`
}

RoleAuditLog - An audit log entry for role membership change.

func NewRoleAuditLog

func NewRoleAuditLog(init ...*RoleAuditLog) *RoleAuditLog

NewRoleAuditLog - creates an initialized RoleAuditLog instance, returns a pointer to it

func (*RoleAuditLog) UnmarshalJSON

func (self *RoleAuditLog) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleAuditLog

func (*RoleAuditLog) Validate

func (self *RoleAuditLog) Validate() error

Validate - checks for missing required fields, etc

type RoleList

type RoleList struct {

	//
	// list of role names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next role list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional" yaml:",omitempty"`
}

RoleList - The representation for an enumeration of roles in the namespace, with pagination.

func NewRoleList

func NewRoleList(init ...*RoleList) *RoleList

NewRoleList - creates an initialized RoleList instance, returns a pointer to it

func (*RoleList) Init

func (self *RoleList) Init() *RoleList

Init - sets up the instance according to its default field values, if any

func (*RoleList) UnmarshalJSON

func (self *RoleList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleList

func (*RoleList) Validate

func (self *RoleList) Validate() error

Validate - checks for missing required fields, etc

type RoleMember added in v1.1.5

type RoleMember struct {

	//
	// name of the member
	//
	MemberName MemberName `json:"memberName"`

	//
	// the expiration timestamp
	//
	Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the review reminder timestamp
	//
	ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is active
	//
	Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag to indicate whether membership is approved either by delegates ( in
	// case of auditEnabled roles ) or by domain admins ( in case of selfserve roles
	// )
	//
	Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// audit reference string for the change as supplied by admin
	//
	AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request time
	//
	RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, time when last notification was sent
	//
	LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// pending members only - name of the principal requesting the change
	//
	RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, time when last notification was sent (for
	// file store)
	//
	ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// user disabled by system based on configured role setting
	//
	SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// server use only - principal type: unknown(0), user(1), service(2), or
	// group(3)
	//
	PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// for pending membership requests, the request state - e.g. add, delete
	//
	PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"`
}

RoleMember -

func NewRoleMember added in v1.1.5

func NewRoleMember(init ...*RoleMember) *RoleMember

NewRoleMember - creates an initialized RoleMember instance, returns a pointer to it

func (*RoleMember) Init added in v1.9.32

func (self *RoleMember) Init() *RoleMember

Init - sets up the instance according to its default field values, if any

func (*RoleMember) UnmarshalJSON added in v1.1.5

func (self *RoleMember) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleMember

func (*RoleMember) Validate added in v1.1.5

func (self *RoleMember) Validate() error

Validate - checks for missing required fields, etc

type RoleMeta added in v1.9.32

type RoleMeta struct {

	//
	// Flag indicates whether or not role allows self service. Users can add
	// themselves in the role, but it has to be approved by domain admins to be
	// effective.
	//
	SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the role will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this role will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// certs issued for this role will have specified max timeout in mins
	//
	CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the role will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the role will have specified max review days
	//
	MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the role will have specified max review days
	//
	ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not role updates require another review and
	// approval
	//
	ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of roles whose members should be notified for member review/approval
	//
	NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// expiration enforced by a user authority configured attribute
	//
	UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max review days
	//
	GroupReviewDays *int32 `json:"groupReviewDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// a description of the role
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not role updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// If true, ask for delete confirmation in audit and review enabled roles.
	//
	DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// last review timestamp of the role
	//
	LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether to allow expired members to renew their membership
	//
	SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Number of minutes members can renew their membership if self review option
	// is enabled
	//
	SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Maximum number of members allowed in the group
	//
	MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the role (read-only attribute)
	//
	ResourceOwnership *ResourceRoleOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on configured principal domains
	//
	PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"`
}

RoleMeta - Set of metadata attributes that all roles may have and can be changed by domain admins.

func NewRoleMeta added in v1.9.32

func NewRoleMeta(init ...*RoleMeta) *RoleMeta

NewRoleMeta - creates an initialized RoleMeta instance, returns a pointer to it

func (*RoleMeta) UnmarshalJSON added in v1.9.32

func (self *RoleMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleMeta

func (*RoleMeta) Validate added in v1.9.32

func (self *RoleMeta) Validate() error

Validate - checks for missing required fields, etc

type RoleSystemMeta added in v1.9.32

type RoleSystemMeta struct {

	//
	// Flag indicates whether or not role updates should be approved by GRC. If
	// true, the auditRef parameter must be supplied(not empty) for any API defining
	// it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`
}

RoleSystemMeta - Set of system metadata attributes that all roles may have and can be changed by system admins.

func NewRoleSystemMeta added in v1.9.32

func NewRoleSystemMeta(init ...*RoleSystemMeta) *RoleSystemMeta

NewRoleSystemMeta - creates an initialized RoleSystemMeta instance, returns a pointer to it

func (*RoleSystemMeta) UnmarshalJSON added in v1.9.32

func (self *RoleSystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleSystemMeta

func (*RoleSystemMeta) Validate added in v1.9.32

func (self *RoleSystemMeta) Validate() error

Validate - checks for missing required fields, etc

type Roles

type Roles struct {

	//
	// list of role objects
	//
	List []*Role `json:"list"`
}

Roles - The representation for a list of roles with full details

func NewRoles

func NewRoles(init ...*Roles) *Roles

NewRoles - creates an initialized Roles instance, returns a pointer to it

func (*Roles) Init

func (self *Roles) Init() *Roles

Init - sets up the instance according to its default field values, if any

func (*Roles) UnmarshalJSON

func (self *Roles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Roles

func (*Roles) Validate

func (self *Roles) Validate() error

Validate - checks for missing required fields, etc

type ServerTemplateList

type ServerTemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

ServerTemplateList - List of solution templates available in the server

func NewServerTemplateList

func NewServerTemplateList(init ...*ServerTemplateList) *ServerTemplateList

NewServerTemplateList - creates an initialized ServerTemplateList instance, returns a pointer to it

func (*ServerTemplateList) Init

func (self *ServerTemplateList) Init() *ServerTemplateList

Init - sets up the instance according to its default field values, if any

func (*ServerTemplateList) UnmarshalJSON

func (self *ServerTemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServerTemplateList

func (*ServerTemplateList) Validate

func (self *ServerTemplateList) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentities

type ServiceIdentities struct {

	//
	// list of services
	//
	List []*ServiceIdentity `json:"list"`
}

ServiceIdentities - The representation of list of services

func NewServiceIdentities

func NewServiceIdentities(init ...*ServiceIdentities) *ServiceIdentities

NewServiceIdentities - creates an initialized ServiceIdentities instance, returns a pointer to it

func (*ServiceIdentities) Init

func (self *ServiceIdentities) Init() *ServiceIdentities

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentities) UnmarshalJSON

func (self *ServiceIdentities) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentities

func (*ServiceIdentities) Validate

func (self *ServiceIdentities) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentity

type ServiceIdentity struct {

	//
	// the full name of the service, i.e. "sports.storage"
	//
	Name ServiceName `json:"name"`

	//
	// description of the service
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// array of public keys for key rotation
	//
	PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// if present, then this service can provision tenants via this endpoint.
	//
	ProviderEndpoint string `json:"providerEndpoint" rdl:"optional" yaml:",omitempty"`

	//
	// the timestamp when this entry was last modified
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// the path of the executable that runs the service
	//
	Executable string `json:"executable" rdl:"optional" yaml:",omitempty"`

	//
	// list of host names that this service can run on
	//
	Hosts []string `json:"hosts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// local (unix) user name this service can run as
	//
	User string `json:"user" rdl:"optional" yaml:",omitempty"`

	//
	// local (unix) group name this service can run as
	//
	Group string `json:"group" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the service (read-only attribute)
	//
	ResourceOwnership *ResourceServiceIdentityOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`
}

ServiceIdentity - The representation of the service identity object.

func NewServiceIdentity

func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity

NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it

func (*ServiceIdentity) UnmarshalJSON

func (self *ServiceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity

func (*ServiceIdentity) Validate

func (self *ServiceIdentity) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentityList

type ServiceIdentityList struct {

	//
	// list of service names
	//
	Names []EntityName `json:"names"`

	//
	// if the response is a paginated list, this attribute specifies the value to
	// be used in the next service list request as the value for the skip query
	// parameter.
	//
	Next string `json:"next" rdl:"optional" yaml:",omitempty"`
}

ServiceIdentityList - The representation for an enumeration of services in the namespace, with pagination.

func NewServiceIdentityList

func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList

NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it

func (*ServiceIdentityList) Init

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentityList) UnmarshalJSON

func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList

func (*ServiceIdentityList) Validate

func (self *ServiceIdentityList) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentitySystemMeta added in v1.9.32

type ServiceIdentitySystemMeta struct {

	//
	// provider callback endpoint
	//
	ProviderEndpoint string `json:"providerEndpoint" rdl:"optional" yaml:",omitempty"`
}

ServiceIdentitySystemMeta - Set of system metadata attributes that all services may have and can be changed by system admins.

func NewServiceIdentitySystemMeta added in v1.9.32

func NewServiceIdentitySystemMeta(init ...*ServiceIdentitySystemMeta) *ServiceIdentitySystemMeta

NewServiceIdentitySystemMeta - creates an initialized ServiceIdentitySystemMeta instance, returns a pointer to it

func (*ServiceIdentitySystemMeta) UnmarshalJSON added in v1.9.32

func (self *ServiceIdentitySystemMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentitySystemMeta

func (*ServiceIdentitySystemMeta) Validate added in v1.9.32

func (self *ServiceIdentitySystemMeta) Validate() error

Validate - checks for missing required fields, etc

type ServiceName

type ServiceName string

ServiceName - A service name will generally be a unique subdomain.

type ServicePrincipal

type ServicePrincipal struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the service
	//
	Service EntityName `json:"service"`

	//
	// service's signed token
	//
	Token SignedToken `json:"token"`
}

ServicePrincipal - A service principal object identifying a given service.

func NewServicePrincipal

func NewServicePrincipal(init ...*ServicePrincipal) *ServicePrincipal

NewServicePrincipal - creates an initialized ServicePrincipal instance, returns a pointer to it

func (*ServicePrincipal) UnmarshalJSON

func (self *ServicePrincipal) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServicePrincipal

func (*ServicePrincipal) Validate

func (self *ServicePrincipal) Validate() error

Validate - checks for missing required fields, etc

type SignedDomain

type SignedDomain struct {

	//
	// domain object with its roles, policies and services
	//
	Domain *DomainData `json:"domain"`

	//
	// signature generated based on the domain object
	//
	Signature string `json:"signature" rdl:"optional" yaml:",omitempty"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId" rdl:"optional" yaml:",omitempty"`
}

SignedDomain - A domain object signed with server's private key. The signature and keyid are optional if the metaonly flag is set to true in the getSignedDomains api call

func NewSignedDomain

func NewSignedDomain(init ...*SignedDomain) *SignedDomain

NewSignedDomain - creates an initialized SignedDomain instance, returns a pointer to it

func (*SignedDomain) Init

func (self *SignedDomain) Init() *SignedDomain

Init - sets up the instance according to its default field values, if any

func (*SignedDomain) UnmarshalJSON

func (self *SignedDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedDomain

func (*SignedDomain) Validate

func (self *SignedDomain) Validate() error

Validate - checks for missing required fields, etc

type SignedDomains

type SignedDomains struct {
	Domains []*SignedDomain `json:"domains"`
}

SignedDomains - A list of signed domain objects

func NewSignedDomains

func NewSignedDomains(init ...*SignedDomains) *SignedDomains

NewSignedDomains - creates an initialized SignedDomains instance, returns a pointer to it

func (*SignedDomains) Init

func (self *SignedDomains) Init() *SignedDomains

Init - sets up the instance according to its default field values, if any

func (*SignedDomains) UnmarshalJSON

func (self *SignedDomains) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedDomains

func (*SignedDomains) Validate

func (self *SignedDomains) Validate() error

Validate - checks for missing required fields, etc

type SignedPolicies

type SignedPolicies struct {

	//
	// list of policies defined in a domain
	//
	Contents *DomainPolicies `json:"contents"`

	//
	// signature generated based on the domain active policies object
	//
	Signature string `json:"signature"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId"`
}

SignedPolicies - A signed bulk transfer of policies. The data is signed with server's private key.

func NewSignedPolicies

func NewSignedPolicies(init ...*SignedPolicies) *SignedPolicies

NewSignedPolicies - creates an initialized SignedPolicies instance, returns a pointer to it

func (*SignedPolicies) Init

func (self *SignedPolicies) Init() *SignedPolicies

Init - sets up the instance according to its default field values, if any

func (*SignedPolicies) UnmarshalJSON

func (self *SignedPolicies) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicies

func (*SignedPolicies) Validate

func (self *SignedPolicies) Validate() error

Validate - checks for missing required fields, etc

type SignedToken

type SignedToken string

SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles and : for IPv6 addresses

type SimpleName

type SimpleName string

SimpleName - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.

type Stats added in v1.10.46

type Stats struct {

	//
	// name of the domain object, null for system stats
	//
	Name DomainName `json:"name,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// number of subdomains in this domain (all levels)
	//
	Subdomain int32 `json:"subdomain"`

	//
	// number of roles
	//
	Role int32 `json:"role"`

	//
	// number of members in all the roles
	//
	RoleMember int32 `json:"roleMember"`

	//
	// number of policies
	//
	Policy int32 `json:"policy"`

	//
	// total number of assertions in all policies
	//
	Assertion int32 `json:"assertion"`

	//
	// total number of entity objects
	//
	Entity int32 `json:"entity"`

	//
	// number of services
	//
	Service int32 `json:"service"`

	//
	// number of hosts defined in all services
	//
	ServiceHost int32 `json:"serviceHost"`

	//
	// number of public keys in all services
	//
	PublicKey int32 `json:"publicKey"`

	//
	// number of groups
	//
	Group int32 `json:"group"`

	//
	// number of members in all the groups
	//
	GroupMember int32 `json:"groupMember"`
}

Stats - The representation for a stats object

func NewStats added in v1.10.46

func NewStats(init ...*Stats) *Stats

NewStats - creates an initialized Stats instance, returns a pointer to it

func (*Stats) UnmarshalJSON added in v1.10.46

func (self *Stats) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Stats

func (*Stats) Validate added in v1.10.46

func (self *Stats) Validate() error

Validate - checks for missing required fields, etc

type Status added in v1.7.30

type Status struct {

	//
	// status message code
	//
	Code int32 `json:"code"`

	//
	// status message of the server
	//
	Message string `json:"message"`
}

Status - The representation for a status object

func NewStatus added in v1.7.30

func NewStatus(init ...*Status) *Status

NewStatus - creates an initialized Status instance, returns a pointer to it

func (*Status) UnmarshalJSON added in v1.7.30

func (self *Status) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Status

func (*Status) Validate added in v1.7.30

func (self *Status) Validate() error

Validate - checks for missing required fields, etc

type SubDomain

type SubDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// name of the domain
	//
	Name SimpleName `json:"name"`

	//
	// list of domain administrators
	//
	AdminUsers []ResourceName `json:"adminUsers"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// name of the parent domain
	//
	Parent DomainName `json:"parent"`
}

SubDomain - A Subdomain is a TopLevelDomain, except it has a parent.

func NewSubDomain

func NewSubDomain(init ...*SubDomain) *SubDomain

NewSubDomain - creates an initialized SubDomain instance, returns a pointer to it

func (*SubDomain) Init

func (self *SubDomain) Init() *SubDomain

Init - sets up the instance according to its default field values, if any

func (*SubDomain) UnmarshalJSON

func (self *SubDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SubDomain

func (*SubDomain) Validate

func (self *SubDomain) Validate() error

Validate - checks for missing required fields, etc

type TagCompoundValue added in v1.10.21

type TagCompoundValue string

TagCompoundValue - A compound value of TagValue

type TagKey added in v1.11.48

type TagKey string

TagKey -

type TagValue added in v1.10.21

type TagValue string

TagValue - TagValue to contain generic string patterns

type TagValueList added in v1.10.21

type TagValueList struct {

	//
	// list of tag values
	//
	List []TagCompoundValue `json:"list"`
}

TagValueList -

func NewTagValueList added in v1.10.21

func NewTagValueList(init ...*TagValueList) *TagValueList

NewTagValueList - creates an initialized TagValueList instance, returns a pointer to it

func (*TagValueList) Init added in v1.10.21

func (self *TagValueList) Init() *TagValueList

Init - sets up the instance according to its default field values, if any

func (*TagValueList) UnmarshalJSON added in v1.10.21

func (self *TagValueList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TagValueList

func (*TagValueList) Validate added in v1.10.21

func (self *TagValueList) Validate() error

Validate - checks for missing required fields, etc

type Template

type Template struct {

	//
	// list of roles in the template
	//
	Roles []*Role `json:"roles"`

	//
	// list of policies defined in this template
	//
	Policies []*Policy `json:"policies"`

	//
	// list of services defined in this template
	//
	Services []*ServiceIdentity `json:"services,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of services defined in this template
	//
	Metadata *TemplateMetaData `json:"metadata,omitempty" rdl:"optional" yaml:",omitempty"`
}

Template - Solution Template object defined on the server

func NewTemplate

func NewTemplate(init ...*Template) *Template

NewTemplate - creates an initialized Template instance, returns a pointer to it

func (*Template) Init

func (self *Template) Init() *Template

Init - sets up the instance according to its default field values, if any

func (*Template) UnmarshalJSON

func (self *Template) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Template

func (*Template) Validate

func (self *Template) Validate() error

Validate - checks for missing required fields, etc

type TemplateList

type TemplateList struct {

	//
	// list of template names
	//
	TemplateNames []SimpleName `json:"templateNames"`
}

TemplateList - List of template names that is the base struct for server and domain templates

func NewTemplateList

func NewTemplateList(init ...*TemplateList) *TemplateList

NewTemplateList - creates an initialized TemplateList instance, returns a pointer to it

func (*TemplateList) Init

func (self *TemplateList) Init() *TemplateList

Init - sets up the instance according to its default field values, if any

func (*TemplateList) UnmarshalJSON

func (self *TemplateList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateList

func (*TemplateList) Validate

func (self *TemplateList) Validate() error

Validate - checks for missing required fields, etc

type TemplateMetaData added in v1.9.32

type TemplateMetaData struct {

	//
	// name of the template
	//
	TemplateName string `json:"templateName" rdl:"optional" yaml:",omitempty"`

	//
	// description of the template
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// Version from DB(zms_store->domain_template->version)
	//
	CurrentVersion *int32 `json:"currentVersion,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Bumped up version from solutions-template.json when there is a change
	//
	LatestVersion *int32 `json:"latestVersion,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// placeholders in the template roles/policies to replace (ex:_service_)
	//
	KeywordsToReplace string `json:"keywordsToReplace" rdl:"optional" yaml:",omitempty"`

	//
	// the updated timestamp of the template(solution_templates.json)
	//
	Timestamp *rdl.Timestamp `json:"timestamp,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// flag to automatically update the roles/policies that belongs to the
	// template
	//
	AutoUpdate *bool `json:"autoUpdate,omitempty" rdl:"optional" yaml:",omitempty"`
}

TemplateMetaData - MetaData for template.

func NewTemplateMetaData added in v1.9.32

func NewTemplateMetaData(init ...*TemplateMetaData) *TemplateMetaData

NewTemplateMetaData - creates an initialized TemplateMetaData instance, returns a pointer to it

func (*TemplateMetaData) UnmarshalJSON added in v1.9.32

func (self *TemplateMetaData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateMetaData

func (*TemplateMetaData) Validate added in v1.9.32

func (self *TemplateMetaData) Validate() error

Validate - checks for missing required fields, etc

type TemplateParam added in v1.7.20

type TemplateParam struct {

	//
	// name of the parameter
	//
	Name SimpleName `json:"name"`

	//
	// value of the parameter
	//
	Value string `json:"value"`
}

TemplateParam -

func NewTemplateParam added in v1.7.20

func NewTemplateParam(init ...*TemplateParam) *TemplateParam

NewTemplateParam - creates an initialized TemplateParam instance, returns a pointer to it

func (*TemplateParam) UnmarshalJSON added in v1.7.20

func (self *TemplateParam) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TemplateParam

func (*TemplateParam) Validate added in v1.7.20

func (self *TemplateParam) Validate() error

Validate - checks for missing required fields, etc

type Tenancy

type Tenancy struct {

	//
	// the domain that is to get a tenancy
	//
	Domain DomainName `json:"domain"`

	//
	// the provider service on which the tenancy is to reside
	//
	Service ServiceName `json:"service"`

	//
	// registered resource groups for this tenant
	//
	ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// optional flag indicating whether to create a default tenancy admin role
	//
	CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional" yaml:",omitempty"`
}

Tenancy - A representation of tenant.

func NewTenancy

func NewTenancy(init ...*Tenancy) *Tenancy

NewTenancy - creates an initialized Tenancy instance, returns a pointer to it

func (*Tenancy) Init added in v1.9.32

func (self *Tenancy) Init() *Tenancy

Init - sets up the instance according to its default field values, if any

func (*Tenancy) UnmarshalJSON

func (self *Tenancy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Tenancy

func (*Tenancy) Validate

func (self *Tenancy) Validate() error

Validate - checks for missing required fields, etc

type TenantResourceGroupRoles

type TenantResourceGroupRoles struct {

	//
	// name of the provider domain
	//
	Domain DomainName `json:"domain"`

	//
	// name of the provider service
	//
	Service SimpleName `json:"service"`

	//
	// name of the tenant domain
	//
	Tenant DomainName `json:"tenant"`

	//
	// the role/action pairs to provision
	//
	Roles []*TenantRoleAction `json:"roles"`

	//
	// tenant resource group
	//
	ResourceGroup EntityName `json:"resourceGroup"`
}

TenantResourceGroupRoles - A representation of tenant roles for resource groups to be provisioned.

func NewTenantResourceGroupRoles

func NewTenantResourceGroupRoles(init ...*TenantResourceGroupRoles) *TenantResourceGroupRoles

NewTenantResourceGroupRoles - creates an initialized TenantResourceGroupRoles instance, returns a pointer to it

func (*TenantResourceGroupRoles) Init

Init - sets up the instance according to its default field values, if any

func (*TenantResourceGroupRoles) UnmarshalJSON

func (self *TenantResourceGroupRoles) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantResourceGroupRoles

func (*TenantResourceGroupRoles) Validate

func (self *TenantResourceGroupRoles) Validate() error

Validate - checks for missing required fields, etc

type TenantRoleAction

type TenantRoleAction struct {

	//
	// name of the role
	//
	Role SimpleName `json:"role"`

	//
	// action value for the generated policy assertion
	//
	Action string `json:"action"`
}

TenantRoleAction - A representation of tenant role action.

func NewTenantRoleAction

func NewTenantRoleAction(init ...*TenantRoleAction) *TenantRoleAction

NewTenantRoleAction - creates an initialized TenantRoleAction instance, returns a pointer to it

func (*TenantRoleAction) UnmarshalJSON

func (self *TenantRoleAction) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantRoleAction

func (*TenantRoleAction) Validate

func (self *TenantRoleAction) Validate() error

Validate - checks for missing required fields, etc

type TopLevelDomain

type TopLevelDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// name of the domain
	//
	Name SimpleName `json:"name"`

	//
	// list of domain administrators
	//
	AdminUsers []ResourceName `json:"adminUsers"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"`
}

TopLevelDomain - Top Level Domain object. The required attributes include the name of the domain and list of domain administrators.

func NewTopLevelDomain

func NewTopLevelDomain(init ...*TopLevelDomain) *TopLevelDomain

NewTopLevelDomain - creates an initialized TopLevelDomain instance, returns a pointer to it

func (*TopLevelDomain) Init

func (self *TopLevelDomain) Init() *TopLevelDomain

Init - sets up the instance according to its default field values, if any

func (*TopLevelDomain) UnmarshalJSON

func (self *TopLevelDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TopLevelDomain

func (*TopLevelDomain) Validate

func (self *TopLevelDomain) Validate() error

Validate - checks for missing required fields, etc

type User added in v1.7.11

type User struct {

	//
	// name of the user
	//
	Name SimpleName `json:"name"`
}

User - The representation for a user

func NewUser added in v1.7.11

func NewUser(init ...*User) *User

NewUser - creates an initialized User instance, returns a pointer to it

func (*User) UnmarshalJSON added in v1.7.11

func (self *User) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a User

func (*User) Validate added in v1.7.11

func (self *User) Validate() error

Validate - checks for missing required fields, etc

type UserAuthorityAttributeMap added in v1.10.22

type UserAuthorityAttributeMap struct {

	//
	// map of type to attribute values
	//
	Attributes map[SimpleName]*UserAuthorityAttributes `json:"attributes"`
}

UserAuthorityAttributeMap - Map of user authority attributes

func NewUserAuthorityAttributeMap added in v1.10.22

func NewUserAuthorityAttributeMap(init ...*UserAuthorityAttributeMap) *UserAuthorityAttributeMap

NewUserAuthorityAttributeMap - creates an initialized UserAuthorityAttributeMap instance, returns a pointer to it

func (*UserAuthorityAttributeMap) Init added in v1.10.22

Init - sets up the instance according to its default field values, if any

func (*UserAuthorityAttributeMap) UnmarshalJSON added in v1.10.22

func (self *UserAuthorityAttributeMap) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserAuthorityAttributeMap

func (*UserAuthorityAttributeMap) Validate added in v1.10.22

func (self *UserAuthorityAttributeMap) Validate() error

Validate - checks for missing required fields, etc

type UserAuthorityAttributes added in v1.10.22

type UserAuthorityAttributes struct {
	Values []string `json:"values"`
}

UserAuthorityAttributes - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms.

func NewUserAuthorityAttributes added in v1.10.22

func NewUserAuthorityAttributes(init ...*UserAuthorityAttributes) *UserAuthorityAttributes

NewUserAuthorityAttributes - creates an initialized UserAuthorityAttributes instance, returns a pointer to it

func (*UserAuthorityAttributes) Init added in v1.10.22

Init - sets up the instance according to its default field values, if any

func (*UserAuthorityAttributes) UnmarshalJSON added in v1.10.22

func (self *UserAuthorityAttributes) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserAuthorityAttributes

func (*UserAuthorityAttributes) Validate added in v1.10.22

func (self *UserAuthorityAttributes) Validate() error

Validate - checks for missing required fields, etc

type UserDomain

type UserDomain struct {

	//
	// a description of the domain
	//
	Description string `json:"description" rdl:"optional" yaml:",omitempty"`

	//
	// a reference to an audit organization defined in athenz
	//
	Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Future use only, currently not used
	//
	Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// Flag indicates whether or not domain modifications should be logged for
	// SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for
	// any API defining it.
	//
	AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated aws account id (system attribute - uniqueness check - if
	// enabled)
	//
	Account string `json:"account" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated application id
	//
	ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"`

	//
	// domain certificate dns domain (system attribute)
	//
	CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"`

	//
	// all user members in the domain will have specified max expiry days
	//
	MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// tokens issued for this domain will have specified max timeout in mins
	//
	TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// service identity certs issued for this domain will have specified max
	// timeout in mins
	//
	ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// role certs issued for this domain will have specified max timeout in mins
	//
	RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// rsa or ec signing algorithm to be used for tokens
	//
	SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"`

	//
	// all services in the domain roles will have specified max expiry days
	//
	ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// all groups in the domain roles will have specified max expiry days
	//
	GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// membership filtered based on user authority configured attributes
	//
	UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure subscription id (system attribute - uniqueness check - if
	// enabled)
	//
	AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure tenant id (system attribute)
	//
	AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"`

	//
	// associated azure client id (system attribute)
	//
	AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project id (system attribute - uniqueness check - if
	// enabled)
	//
	GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"`

	//
	// associated gcp project number (system attribute)
	//
	GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"`

	//
	// key-value pair tags, tag might contain multiple values
	//
	Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated business service with domain
	//
	BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"`

	//
	// purge role/group members with expiry date configured days in the past
	//
	MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// associated product id (system attribute - uniqueness check - if enabled)
	//
	ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"`

	//
	// features enabled per domain (system attribute)
	//
	FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// list of domain contacts (PE-Owner, Product-Owner, etc), each type can have
	// a single value
	//
	Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// domain environment e.g. production, staging, etc
	//
	Environment string `json:"environment" rdl:"optional" yaml:",omitempty"`

	//
	// ownership information for the domain (read-only attribute)
	//
	ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"`

	//
	// requested x509 cert signer key id (system attribute)
	//
	X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// requested ssh cert signer key id (system attribute)
	//
	SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"`

	//
	// user id which will be the domain name
	//
	Name SimpleName `json:"name"`

	//
	// list of solution template names
	//
	Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"`
}

UserDomain - A UserDomain is the user's own top level domain in user - e.g. user.hga

func NewUserDomain

func NewUserDomain(init ...*UserDomain) *UserDomain

NewUserDomain - creates an initialized UserDomain instance, returns a pointer to it

func (*UserDomain) Init

func (self *UserDomain) Init() *UserDomain

Init - sets up the instance according to its default field values, if any

func (*UserDomain) UnmarshalJSON

func (self *UserDomain) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserDomain

func (*UserDomain) Validate

func (self *UserDomain) Validate() error

Validate - checks for missing required fields, etc

type UserList added in v1.7.11

type UserList struct {

	//
	// list of user names
	//
	Names []SimpleName `json:"names"`
}

UserList -

func NewUserList added in v1.7.11

func NewUserList(init ...*UserList) *UserList

NewUserList - creates an initialized UserList instance, returns a pointer to it

func (*UserList) Init added in v1.7.11

func (self *UserList) Init() *UserList

Init - sets up the instance according to its default field values, if any

func (*UserList) UnmarshalJSON added in v1.7.11

func (self *UserList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserList

func (*UserList) Validate added in v1.7.11

func (self *UserList) Validate() error

Validate - checks for missing required fields, etc

type UserToken

type UserToken struct {

	//
	// Signed user token identifying a specific authenticated user
	//
	Token SignedToken `json:"token"`

	//
	// Authorization header name for the token
	//
	Header string `json:"header" rdl:"optional" yaml:",omitempty"`
}

UserToken - A user token generated based on user's credentials

func NewUserToken

func NewUserToken(init ...*UserToken) *UserToken

NewUserToken - creates an initialized UserToken instance, returns a pointer to it

func (*UserToken) UnmarshalJSON

func (self *UserToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a UserToken

func (*UserToken) Validate

func (self *UserToken) Validate() error

Validate - checks for missing required fields, etc

type YBase64

type YBase64 string

YBase64 - The Y-specific URL-safe Base64 variant.

type YEncoded

type YEncoded string

YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.

type ZMSClient

type ZMSClient struct {
	URL             string
	Transport       http.RoundTripper
	CredsHeaders    map[string]string
	Timeout         time.Duration
	DisableRedirect bool
}

func NewClient

func NewClient(url string, transport http.RoundTripper) ZMSClient

NewClient creates and returns a new HTTP client object for the ZMS service

func (*ZMSClient) AddCredentials

func (client *ZMSClient) AddCredentials(header string, token string)

AddCredentials adds the credentials to the client for subsequent requests.

func (ZMSClient) DeleteAssertion

func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteAssertionCondition added in v1.10.22

func (client ZMSClient) DeleteAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, conditionId int32, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteAssertionConditions added in v1.10.22

func (client ZMSClient) DeleteAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteAssertionPolicyVersion added in v1.10.33

func (client ZMSClient) DeleteAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, assertionId int64, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteDomainDependency added in v1.10.46

func (client ZMSClient) DeleteDomainDependency(domainName DomainName, service ServiceName, auditRef string) error

func (ZMSClient) DeleteDomainRoleMember added in v1.9.32

func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error

func (ZMSClient) DeleteDomainTemplate

func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error

func (ZMSClient) DeleteEntity

func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error

func (ZMSClient) DeleteExpiredMembers added in v1.11.8

func (client ZMSClient) DeleteExpiredMembers(purgeResources *int32, auditRef string, returnObj *bool) (*ExpiredMembers, error)

func (ZMSClient) DeleteGroup added in v1.9.32

func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteGroupMembership added in v1.9.32

func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteMembership

func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, resourceOwner string) error

func (ZMSClient) DeletePendingGroupMembership added in v1.9.32

func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error

func (ZMSClient) DeletePendingMembership added in v1.9.32

func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error

func (ZMSClient) DeletePolicy

func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string, resourceOwner string) error

func (ZMSClient) DeletePolicyVersion added in v1.10.33

func (client ZMSClient) DeletePolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteProviderResourceGroupRoles

func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string) error

func (ZMSClient) DeletePublicKeyEntry

func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteQuota added in v1.7.19

func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error

func (ZMSClient) DeleteRole

func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteServiceIdentity

func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteSubDomain

func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteTenancy

func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error

func (ZMSClient) DeleteTenant added in v1.9.32

func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string) error

func (ZMSClient) DeleteTenantResourceGroupRoles

func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string) error

func (ZMSClient) DeleteTopLevelDomain

func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string, resourceOwner string) error

func (ZMSClient) DeleteUser added in v1.7.11

func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error

func (ZMSClient) DeleteUserDomain

func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string, resourceOwner string) error

func (ZMSClient) GetAccess

func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*Access, error)

func (ZMSClient) GetAccessExt

func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*Access, error)

func (ZMSClient) GetAssertion

func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)

func (ZMSClient) GetAuthHistoryDependencies added in v1.11.2

func (client ZMSClient) GetAuthHistoryDependencies(domainName DomainName) (*AuthHistoryDependencies, error)

func (ZMSClient) GetDependentDomainList added in v1.10.46

func (client ZMSClient) GetDependentDomainList(service ServiceName) (*DomainList, error)

func (ZMSClient) GetDependentServiceList added in v1.10.46

func (client ZMSClient) GetDependentServiceList(domainName DomainName) (*ServiceIdentityList, error)

func (ZMSClient) GetDependentServiceResourceGroupList added in v1.10.51

func (client ZMSClient) GetDependentServiceResourceGroupList(domainName DomainName) (*DependentServiceResourceGroupList, error)

func (ZMSClient) GetDomain

func (client ZMSClient) GetDomain(domain DomainName) (*Domain, error)

func (ZMSClient) GetDomainDataCheck

func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)

func (ZMSClient) GetDomainGroupMembers added in v1.11.61

func (client ZMSClient) GetDomainGroupMembers(domainName DomainName) (*DomainGroupMembers, error)

func (ZMSClient) GetDomainList

func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, productNumber *int32, roleMember ResourceName, roleName ResourceName, subscription string, project string, tagKey TagKey, tagValue TagCompoundValue, businessService string, productId string, modifiedSince string) (*DomainList, error)

func (ZMSClient) GetDomainMetaStoreValidValuesList added in v1.10.13

func (client ZMSClient) GetDomainMetaStoreValidValuesList(attributeName string, userName string) (*DomainMetaStoreValidValuesList, error)

func (ZMSClient) GetDomainRoleMembers added in v1.9.32

func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)

func (ZMSClient) GetDomainTemplateDetailsList added in v1.9.32

func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)

func (ZMSClient) GetDomainTemplateList

func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)

func (ZMSClient) GetEntity

func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)

func (ZMSClient) GetEntityList

func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)

func (ZMSClient) GetGroup added in v1.9.32

func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)

func (ZMSClient) GetGroupMembership added in v1.9.32

func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, expiration string) (*GroupMembership, error)

func (ZMSClient) GetGroups added in v1.9.32

func (client ZMSClient) GetGroups(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Groups, error)

func (ZMSClient) GetGroupsForReview added in v1.11.44

func (client ZMSClient) GetGroupsForReview(principal ResourceName) (*ReviewObjects, error)

func (ZMSClient) GetInfo added in v1.11.1

func (client ZMSClient) GetInfo() (*Info, error)

func (ZMSClient) GetJWSDomain added in v1.9.32

func (client ZMSClient) GetJWSDomain(name DomainName, signatureP1363Format *bool, matchingTag string) (*JWSDomain, string, error)

func (ZMSClient) GetMembership

func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, expiration string) (*Membership, error)

func (ZMSClient) GetOverdueReview added in v1.9.32

func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)

func (ZMSClient) GetPendingDomainGroupMembersList added in v1.9.32

func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName, domainName string) (*DomainGroupMembership, error)

func (ZMSClient) GetPendingDomainRoleMembersList added in v1.9.32

func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName, domainName string) (*DomainRoleMembership, error)

func (ZMSClient) GetPolicies

func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool, includeNonActive *bool, tagKey TagKey, tagValue TagCompoundValue) (*Policies, error)

func (ZMSClient) GetPolicy

func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)

func (ZMSClient) GetPolicyList

func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)

func (ZMSClient) GetPolicyVersion added in v1.10.33

func (client ZMSClient) GetPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName) (*Policy, error)

func (ZMSClient) GetPolicyVersionList added in v1.10.33

func (client ZMSClient) GetPolicyVersionList(domainName DomainName, policyName EntityName) (*PolicyList, error)

func (ZMSClient) GetPrincipalGroups added in v1.9.32

func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)

func (ZMSClient) GetPrincipalRoles added in v1.9.32

func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName, expand *bool) (*DomainRoleMember, error)

func (ZMSClient) GetProviderResourceGroupRoles

func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName) (*ProviderResourceGroupRoles, error)

func (ZMSClient) GetPublicKeyEntry

func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)

func (ZMSClient) GetQuota added in v1.7.19

func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)

func (ZMSClient) GetRdlSchema added in v1.11.12

func (client ZMSClient) GetRdlSchema() (*rdl.Schema, error)

func (ZMSClient) GetResourceAccessList

func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)

func (ZMSClient) GetRole

func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, pending *bool) (*Role, error)

func (ZMSClient) GetRoleList

func (client ZMSClient) GetRoleList(domainName DomainName, limit *int32, skip string) (*RoleList, error)

func (ZMSClient) GetRoles

func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Roles, error)

func (ZMSClient) GetRolesForReview added in v1.11.44

func (client ZMSClient) GetRolesForReview(principal ResourceName) (*ReviewObjects, error)

func (ZMSClient) GetServerTemplateDetailsList added in v1.10.19

func (client ZMSClient) GetServerTemplateDetailsList() (*DomainTemplateDetailsList, error)

func (ZMSClient) GetServerTemplateList

func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)

func (ZMSClient) GetServiceIdentities

func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool, tagKey TagKey, tagValue TagCompoundValue) (*ServiceIdentities, error)

func (ZMSClient) GetServiceIdentity

func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)

func (ZMSClient) GetServiceIdentityList

func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)

func (ZMSClient) GetServicePrincipal

func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)

func (ZMSClient) GetSignedDomains

func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, conditions *bool, matchingTag string) (*SignedDomains, string, error)

func (ZMSClient) GetStats added in v1.10.46

func (client ZMSClient) GetStats(name DomainName) (*Stats, error)

func (ZMSClient) GetStatus added in v1.7.30

func (client ZMSClient) GetStatus() (*Status, error)

func (ZMSClient) GetSystemStats added in v1.10.46

func (client ZMSClient) GetSystemStats() (*Stats, error)

func (ZMSClient) GetTemplate

func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)

func (ZMSClient) GetTenantResourceGroupRoles

func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName) (*TenantResourceGroupRoles, error)

func (ZMSClient) GetUserAuthorityAttributeMap added in v1.10.22

func (client ZMSClient) GetUserAuthorityAttributeMap() (*UserAuthorityAttributeMap, error)

func (ZMSClient) GetUserList added in v1.7.11

func (client ZMSClient) GetUserList(domainName DomainName) (*UserList, error)

func (ZMSClient) GetUserToken

func (client ZMSClient) GetUserToken(userName SimpleName, serviceNames string, header *bool) (*UserToken, error)

func (ZMSClient) OptionsUserToken

func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)

func (ZMSClient) PostSubDomain

func (client ZMSClient) PostSubDomain(parent DomainName, auditRef string, resourceOwner string, detail *SubDomain) (*Domain, error)

func (ZMSClient) PostTopLevelDomain

func (client ZMSClient) PostTopLevelDomain(auditRef string, resourceOwner string, detail *TopLevelDomain) (*Domain, error)

func (ZMSClient) PostUserDomain

func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, resourceOwner string, detail *UserDomain) (*Domain, error)

func (ZMSClient) PutAssertion

func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, resourceOwner string, assertion *Assertion) (*Assertion, error)

func (ZMSClient) PutAssertionCondition added in v1.10.22

func (client ZMSClient) PutAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string, assertionCondition *AssertionCondition) (*AssertionCondition, error)

func (ZMSClient) PutAssertionConditions added in v1.10.22

func (client ZMSClient) PutAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string, assertionConditions *AssertionConditions) (*AssertionConditions, error)

func (ZMSClient) PutAssertionPolicyVersion added in v1.10.33

func (client ZMSClient) PutAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, auditRef string, resourceOwner string, assertion *Assertion) (*Assertion, error)

func (ZMSClient) PutDefaultAdmins

func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error

func (ZMSClient) PutDomainDependency added in v1.10.46

func (client ZMSClient) PutDomainDependency(domainName DomainName, auditRef string, service *DependentService) error

func (ZMSClient) PutDomainMeta

func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, resourceOwner string, detail *DomainMeta) error

func (ZMSClient) PutDomainSystemMeta added in v1.9.32

func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error

func (ZMSClient) PutDomainTemplate

func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error

func (ZMSClient) PutDomainTemplateExt added in v1.7.32

func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, domainTemplate *DomainTemplate) error

func (ZMSClient) PutEntity

func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error

func (ZMSClient) PutGroup added in v1.9.32

func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, resourceOwner string, group *Group) (*Group, error)

func (ZMSClient) PutGroupMembership added in v1.9.32

func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, returnObj *bool, resourceOwner string, membership *GroupMembership) (*GroupMembership, error)

func (ZMSClient) PutGroupMembershipDecision added in v1.9.32

func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error

func (ZMSClient) PutGroupMeta added in v1.9.32

func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, resourceOwner string, detail *GroupMeta) error

func (ZMSClient) PutGroupReview added in v1.9.32

func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, resourceOwner string, group *Group) (*Group, error)

func (ZMSClient) PutGroupSystemMeta added in v1.9.32

func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, auditRef string, detail *GroupSystemMeta) error

func (ZMSClient) PutMembership

func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, returnObj *bool, resourceOwner string, membership *Membership) (*Membership, error)

func (ZMSClient) PutMembershipDecision added in v1.9.32

func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error

func (ZMSClient) PutPolicy

func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, returnObj *bool, resourceOwner string, policy *Policy) (*Policy, error)

func (ZMSClient) PutPolicyVersion added in v1.10.33

func (client ZMSClient) PutPolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, auditRef string, returnObj *bool, resourceOwner string) (*Policy, error)

func (ZMSClient) PutPrincipalState added in v1.11.59

func (client ZMSClient) PutPrincipalState(principalName MemberName, auditRef string, principalState *PrincipalState) error

func (ZMSClient) PutProviderResourceGroupRoles

func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string, detail *ProviderResourceGroupRoles) (*ProviderResourceGroupRoles, error)

func (ZMSClient) PutPublicKeyEntry

func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, resourceOwner string, publicKeyEntry *PublicKeyEntry) error

func (ZMSClient) PutQuota added in v1.7.19

func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error

func (ZMSClient) PutResourceDomainOwnership added in v1.11.55

func (client ZMSClient) PutResourceDomainOwnership(domainName DomainName, auditRef string, resourceOwnership *ResourceDomainOwnership) error

func (ZMSClient) PutResourceGroupOwnership added in v1.11.55

func (client ZMSClient) PutResourceGroupOwnership(domainName DomainName, groupName EntityName, auditRef string, resourceOwnership *ResourceGroupOwnership) error

func (ZMSClient) PutResourcePolicyOwnership added in v1.11.55

func (client ZMSClient) PutResourcePolicyOwnership(domainName DomainName, policyName EntityName, auditRef string, resourceOwnership *ResourcePolicyOwnership) error

func (ZMSClient) PutResourceRoleOwnership added in v1.11.55

func (client ZMSClient) PutResourceRoleOwnership(domainName DomainName, roleName EntityName, auditRef string, resourceOwnership *ResourceRoleOwnership) error

func (ZMSClient) PutResourceServiceIdentityOwnership added in v1.11.55

func (client ZMSClient) PutResourceServiceIdentityOwnership(domainName DomainName, service SimpleName, auditRef string, resourceOwnership *ResourceServiceIdentityOwnership) error

func (ZMSClient) PutRole

func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, resourceOwner string, role *Role) (*Role, error)

func (ZMSClient) PutRoleMeta added in v1.9.32

func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, resourceOwner string, detail *RoleMeta) error

func (ZMSClient) PutRoleReview added in v1.9.32

func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, resourceOwner string, role *Role) (*Role, error)

func (ZMSClient) PutRoleSystemMeta added in v1.9.32

func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, auditRef string, detail *RoleSystemMeta) error

func (ZMSClient) PutServiceIdentity

func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, returnObj *bool, resourceOwner string, detail *ServiceIdentity) (*ServiceIdentity, error)

func (ZMSClient) PutServiceIdentitySystemMeta added in v1.9.32

func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, detail *ServiceIdentitySystemMeta) error

func (ZMSClient) PutTenancy

func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error

func (ZMSClient) PutTenant added in v1.9.32

func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string, detail *Tenancy) error

func (ZMSClient) PutTenantResourceGroupRoles

func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string, detail *TenantResourceGroupRoles) (*TenantResourceGroupRoles, error)

func (ZMSClient) SetActivePolicyVersion added in v1.10.33

func (client ZMSClient) SetActivePolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, auditRef string, resourceOwner string) error

Directories

Path Synopsis
examples
get-access
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL