Documentation ¶
Overview ¶
Package zms contains a client library to talk to Athenz ZMS.
Index ¶
- func Authenticator(url string) rdl.Authenticator
- func Authorizer(domain string, url string) rdl.Authorizer
- func ZMSSchema() *rdl.Schema
- type Access
- type ActionName
- type Assertion
- type AssertionCondition
- type AssertionConditionData
- type AssertionConditionKey
- type AssertionConditionKeyPattern
- type AssertionConditionOperator
- type AssertionConditionValue
- type AssertionConditionValuePattern
- type AssertionConditions
- type AssertionEffect
- type AuthHistory
- type AuthHistoryDependencies
- type AuthorityKeyword
- type AuthorityKeywords
- type AuthorityName
- type CompoundName
- type DanglingPolicy
- type DefaultAdmins
- type DependentService
- type DependentServiceResourceGroup
- type DependentServiceResourceGroupList
- type Domain
- type DomainAttributes
- type DomainData
- type DomainDataCheck
- type DomainGroupMember
- type DomainGroupMembers
- type DomainGroupMembership
- type DomainList
- type DomainMeta
- type DomainMetaList
- type DomainMetaStoreValidValuesList
- type DomainName
- type DomainOptions
- type DomainPolicies
- type DomainRoleMember
- type DomainRoleMembers
- type DomainRoleMembership
- type DomainTemplate
- type DomainTemplateDetailsList
- type DomainTemplateList
- type Entity
- type EntityList
- type EntityName
- type ExpiredMembers
- type ExpiryMember
- type Group
- type GroupAuditLog
- type GroupMember
- type GroupMemberName
- type GroupMembership
- type GroupMeta
- type GroupName
- type GroupSystemMeta
- type Groups
- type Info
- type JWSDomain
- type LocationName
- type MemberName
- type MemberRole
- type Membership
- type Policies
- type Policy
- type PolicyList
- type PolicyOptions
- type PrincipalMember
- type PrincipalState
- type ProviderResourceGroupRoles
- type PublicKeyEntry
- type Quota
- type ResourceAccess
- type ResourceAccessList
- type ResourceDomainOwnership
- type ResourceGroupOwnership
- type ResourceName
- type ResourceNames
- type ResourcePolicyOwnership
- type ResourceRoleOwnership
- type ResourceServiceIdentityOwnership
- type ReviewObject
- type ReviewObjects
- type Role
- type RoleAuditLog
- type RoleList
- type RoleMember
- type RoleMeta
- type RoleSystemMeta
- type Roles
- type ServerTemplateList
- type ServiceIdentities
- type ServiceIdentity
- type ServiceIdentityList
- type ServiceIdentitySystemMeta
- type ServiceName
- type ServicePrincipal
- type SignedDomain
- type SignedDomains
- type SignedPolicies
- type SignedToken
- type SimpleName
- type Stats
- type Status
- type SubDomain
- type TagCompoundValue
- type TagKey
- type TagValue
- type TagValueList
- type Template
- type TemplateList
- type TemplateMetaData
- type TemplateParam
- type Tenancy
- type TenantResourceGroupRoles
- type TenantRoleAction
- type TopLevelDomain
- type User
- type UserAuthorityAttributeMap
- type UserAuthorityAttributes
- type UserDomain
- type UserList
- type UserToken
- type YBase64
- type YEncoded
- type ZMSClient
- func (client *ZMSClient) AddCredentials(header string, token string)
- func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, ...) error
- func (client ZMSClient) DeleteAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, ...) error
- func (client ZMSClient) DeleteAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, ...) error
- func (client ZMSClient) DeleteAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, ...) error
- func (client ZMSClient) DeleteDomainDependency(domainName DomainName, service ServiceName, auditRef string) error
- func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error
- func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error
- func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error
- func (client ZMSClient) DeleteExpiredMembers(purgeResources *int32, auditRef string, returnObj *bool) (*ExpiredMembers, error)
- func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string, ...) error
- func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string, ...) error
- func (client ZMSClient) DeletePolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, ...) error
- func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) error
- func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, ...) error
- func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error
- func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string, ...) error
- func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string, resourceOwner string) error
- func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string, resourceOwner string) error
- func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error
- func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string, resourceOwner string) error
- func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error
- func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string, resourceOwner string) error
- func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, ...) (*Access, error)
- func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, ...) (*Access, error)
- func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)
- func (client ZMSClient) GetAuthHistoryDependencies(domainName DomainName) (*AuthHistoryDependencies, error)
- func (client ZMSClient) GetDependentDomainList(service ServiceName) (*DomainList, error)
- func (client ZMSClient) GetDependentServiceList(domainName DomainName) (*ServiceIdentityList, error)
- func (client ZMSClient) GetDependentServiceResourceGroupList(domainName DomainName) (*DependentServiceResourceGroupList, error)
- func (client ZMSClient) GetDomain(domain DomainName) (*Domain, error)
- func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)
- func (client ZMSClient) GetDomainGroupMembers(domainName DomainName) (*DomainGroupMembers, error)
- func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, ...) (*DomainList, error)
- func (client ZMSClient) GetDomainMetaStoreValidValuesList(attributeName string, userName string) (*DomainMetaStoreValidValuesList, error)
- func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)
- func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)
- func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)
- func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)
- func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)
- func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)
- func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) (*GroupMembership, error)
- func (client ZMSClient) GetGroups(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Groups, error)
- func (client ZMSClient) GetGroupsForReview(principal ResourceName) (*ReviewObjects, error)
- func (client ZMSClient) GetInfo() (*Info, error)
- func (client ZMSClient) GetJWSDomain(name DomainName, signatureP1363Format *bool, matchingTag string) (*JWSDomain, string, error)
- func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) (*Membership, error)
- func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)
- func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName, domainName string) (*DomainGroupMembership, error)
- func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName, domainName string) (*DomainRoleMembership, error)
- func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool, includeNonActive *bool, tagKey TagKey, ...) (*Policies, error)
- func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)
- func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)
- func (client ZMSClient) GetPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName) (*Policy, error)
- func (client ZMSClient) GetPolicyVersionList(domainName DomainName, policyName EntityName) (*PolicyList, error)
- func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)
- func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName, expand *bool) (*DomainRoleMember, error)
- func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) (*ProviderResourceGroupRoles, error)
- func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)
- func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)
- func (client ZMSClient) GetRdlSchema() (*rdl.Schema, error)
- func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)
- func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, ...) (*Role, error)
- func (client ZMSClient) GetRoleList(domainName DomainName, limit *int32, skip string) (*RoleList, error)
- func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Roles, error)
- func (client ZMSClient) GetRolesForReview(principal ResourceName) (*ReviewObjects, error)
- func (client ZMSClient) GetServerTemplateDetailsList() (*DomainTemplateDetailsList, error)
- func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)
- func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool, tagKey TagKey, ...) (*ServiceIdentities, error)
- func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)
- func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)
- func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)
- func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, ...) (*SignedDomains, string, error)
- func (client ZMSClient) GetStats(name DomainName) (*Stats, error)
- func (client ZMSClient) GetStatus() (*Status, error)
- func (client ZMSClient) GetSystemStats() (*Stats, error)
- func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)
- func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) (*TenantResourceGroupRoles, error)
- func (client ZMSClient) GetUserAuthorityAttributeMap() (*UserAuthorityAttributeMap, error)
- func (client ZMSClient) GetUserList(domainName DomainName) (*UserList, error)
- func (client ZMSClient) GetUserToken(userName SimpleName, serviceNames string, header *bool) (*UserToken, error)
- func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)
- func (client ZMSClient) PostSubDomain(parent DomainName, auditRef string, resourceOwner string, detail *SubDomain) (*Domain, error)
- func (client ZMSClient) PostTopLevelDomain(auditRef string, resourceOwner string, detail *TopLevelDomain) (*Domain, error)
- func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, resourceOwner string, detail *UserDomain) (*Domain, error)
- func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, ...) (*Assertion, error)
- func (client ZMSClient) PutAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, ...) (*AssertionCondition, error)
- func (client ZMSClient) PutAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, ...) (*AssertionConditions, error)
- func (client ZMSClient) PutAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, ...) (*Assertion, error)
- func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error
- func (client ZMSClient) PutDomainDependency(domainName DomainName, auditRef string, service *DependentService) error
- func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, resourceOwner string, detail *DomainMeta) error
- func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error
- func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error
- func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error
- func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, ...) (*Group, error)
- func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) (*GroupMembership, error)
- func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, ...) error
- func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, ...) (*Group, error)
- func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, ...) error
- func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, ...) (*Membership, error)
- func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, ...) error
- func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, returnObj *bool, ...) (*Policy, error)
- func (client ZMSClient) PutPolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, ...) (*Policy, error)
- func (client ZMSClient) PutPrincipalState(principalName MemberName, auditRef string, principalState *PrincipalState) error
- func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, ...) (*ProviderResourceGroupRoles, error)
- func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, ...) error
- func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error
- func (client ZMSClient) PutResourceDomainOwnership(domainName DomainName, auditRef string, ...) error
- func (client ZMSClient) PutResourceGroupOwnership(domainName DomainName, groupName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutResourcePolicyOwnership(domainName DomainName, policyName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutResourceRoleOwnership(domainName DomainName, roleName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutResourceServiceIdentityOwnership(domainName DomainName, service SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, ...) (*Role, error)
- func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, ...) error
- func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, ...) (*Role, error)
- func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, ...) error
- func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, returnObj *bool, ...) (*ServiceIdentity, error)
- func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, ...) error
- func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error
- func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, ...) error
- func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, ...) (*TenantResourceGroupRoles, error)
- func (client ZMSClient) SearchServiceIdentities(serviceName SimpleName, substringMatch *bool, domainFilter DomainName) (*ServiceIdentities, error)
- func (client ZMSClient) SetActivePolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authenticator ¶
func Authenticator(url string) rdl.Authenticator
Authenticator is an unoptimized authenticator that delegates to ZMS. The advantage is that there is no local state or config other than the url of ZMS (we don't need ZMS's public key to be local).
func Authorizer ¶
func Authorizer(domain string, url string) rdl.Authorizer
Authorizer returns an authorizer that calls zms. If the url is set to "", then the access is logged, but always succeeds (for debug purposes).
Types ¶
type Access ¶
type Access struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
Access - Access can be checked and returned as this resource.
func (*Access) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Access
type Assertion ¶
type Assertion struct { // // the subject of the assertion - a role // Role string `json:"role"` // // the object of the assertion. Must be in the local namespace. Can contain // wildcards // Resource string `json:"resource"` // // the predicate of the assertion. Can contain wildcards // Action string `json:"action"` // // the effect of the assertion in the policy language // Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional" yaml:",omitempty"` // // assertion id - auto generated by server. Not required during put // operations. // Id *int64 `json:"id,omitempty" rdl:"optional" yaml:",omitempty"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional" yaml:",omitempty"` // // optional list of assertion conditions associated with given assertion // Conditions *AssertionConditions `json:"conditions,omitempty" rdl:"optional" yaml:",omitempty"` }
Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.
func NewAssertion ¶
NewAssertion - creates an initialized Assertion instance, returns a pointer to it
func (*Assertion) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Assertion
type AssertionCondition ¶ added in v1.10.22
type AssertionCondition struct { // // condition id - auto generated by server. Not required during put // operations. // Id *int32 `json:"id,omitempty" rdl:"optional" yaml:",omitempty"` // // each key in the map represents a unique condition. All the keys present in // the map form a logical condition with AND operation. // ConditionsMap map[AssertionConditionKey]*AssertionConditionData `json:"conditionsMap"` }
AssertionCondition - A representation of condition associated with an assertion
func NewAssertionCondition ¶ added in v1.10.22
func NewAssertionCondition(init ...*AssertionCondition) *AssertionCondition
NewAssertionCondition - creates an initialized AssertionCondition instance, returns a pointer to it
func (*AssertionCondition) Init ¶ added in v1.10.22
func (self *AssertionCondition) Init() *AssertionCondition
Init - sets up the instance according to its default field values, if any
func (*AssertionCondition) UnmarshalJSON ¶ added in v1.10.22
func (self *AssertionCondition) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionCondition
func (*AssertionCondition) Validate ¶ added in v1.10.22
func (self *AssertionCondition) Validate() error
Validate - checks for missing required fields, etc
type AssertionConditionData ¶ added in v1.10.22
type AssertionConditionData struct { // // Operator for the assertion condition // Operator AssertionConditionOperator `json:"operator"` // // Value of the assertion condition // Value AssertionConditionValue `json:"value"` }
AssertionConditionData - A representation of details associated with an assertion condition key
func NewAssertionConditionData ¶ added in v1.10.22
func NewAssertionConditionData(init ...*AssertionConditionData) *AssertionConditionData
NewAssertionConditionData - creates an initialized AssertionConditionData instance, returns a pointer to it
func (*AssertionConditionData) UnmarshalJSON ¶ added in v1.10.22
func (self *AssertionConditionData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionConditionData
func (*AssertionConditionData) Validate ¶ added in v1.10.22
func (self *AssertionConditionData) Validate() error
Validate - checks for missing required fields, etc
type AssertionConditionKey ¶ added in v1.10.22
type AssertionConditionKey string
AssertionConditionKey -
type AssertionConditionKeyPattern ¶ added in v1.10.22
type AssertionConditionKeyPattern string
AssertionConditionKeyPattern -
type AssertionConditionOperator ¶ added in v1.10.22
type AssertionConditionOperator int
AssertionConditionOperator - Allowed operators for assertion conditions
const (
EQUALS AssertionConditionOperator
)
AssertionConditionOperator constants
func NewAssertionConditionOperator ¶ added in v1.10.22
func NewAssertionConditionOperator(init ...interface{}) AssertionConditionOperator
NewAssertionConditionOperator - return a string representation of the enum
func (AssertionConditionOperator) MarshalJSON ¶ added in v1.10.22
func (e AssertionConditionOperator) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a AssertionConditionOperator
func (AssertionConditionOperator) String ¶ added in v1.10.22
func (e AssertionConditionOperator) String() string
String - return a string representation of the enum
func (AssertionConditionOperator) SymbolSet ¶ added in v1.10.22
func (e AssertionConditionOperator) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*AssertionConditionOperator) UnmarshalJSON ¶ added in v1.10.22
func (e *AssertionConditionOperator) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionConditionOperator
type AssertionConditionValue ¶ added in v1.10.22
type AssertionConditionValue string
AssertionConditionValue -
type AssertionConditionValuePattern ¶ added in v1.10.22
type AssertionConditionValuePattern string
AssertionConditionValuePattern -
type AssertionConditions ¶ added in v1.10.22
type AssertionConditions struct { // // list of assertion conditions. // ConditionsList []*AssertionCondition `json:"conditionsList"` }
AssertionConditions - The representation of list of assertion conditions
func NewAssertionConditions ¶ added in v1.10.22
func NewAssertionConditions(init ...*AssertionConditions) *AssertionConditions
NewAssertionConditions - creates an initialized AssertionConditions instance, returns a pointer to it
func (*AssertionConditions) Init ¶ added in v1.10.22
func (self *AssertionConditions) Init() *AssertionConditions
Init - sets up the instance according to its default field values, if any
func (*AssertionConditions) UnmarshalJSON ¶ added in v1.10.22
func (self *AssertionConditions) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionConditions
func (*AssertionConditions) Validate ¶ added in v1.10.22
func (self *AssertionConditions) Validate() error
Validate - checks for missing required fields, etc
type AssertionEffect ¶
type AssertionEffect int
AssertionEffect - Every assertion can have the effect of ALLOW or DENY.
const ( ALLOW AssertionEffect DENY )
AssertionEffect constants
func NewAssertionEffect ¶
func NewAssertionEffect(init ...interface{}) AssertionEffect
NewAssertionEffect - return a string representation of the enum
func (AssertionEffect) MarshalJSON ¶
func (e AssertionEffect) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a AssertionEffect
func (AssertionEffect) String ¶
func (e AssertionEffect) String() string
String - return a string representation of the enum
func (AssertionEffect) SymbolSet ¶
func (e AssertionEffect) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*AssertionEffect) UnmarshalJSON ¶
func (e *AssertionEffect) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect
type AuthHistory ¶ added in v1.11.1
type AuthHistory struct { // // Name of the domain from URI // UriDomain DomainName `json:"uriDomain"` // // Principal domain // PrincipalDomain DomainName `json:"principalDomain"` // // Principal name // PrincipalName SimpleName `json:"principalName"` // // Last authorization event timestamp // Timestamp rdl.Timestamp `json:"timestamp"` // // Last authorization endpoint used // Endpoint string `json:"endpoint"` // // Time until the record will expire // Ttl int64 `json:"ttl"` }
AuthHistory -
func NewAuthHistory ¶ added in v1.11.1
func NewAuthHistory(init ...*AuthHistory) *AuthHistory
NewAuthHistory - creates an initialized AuthHistory instance, returns a pointer to it
func (*AuthHistory) UnmarshalJSON ¶ added in v1.11.1
func (self *AuthHistory) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AuthHistory
func (*AuthHistory) Validate ¶ added in v1.11.1
func (self *AuthHistory) Validate() error
Validate - checks for missing required fields, etc
type AuthHistoryDependencies ¶ added in v1.11.2
type AuthHistoryDependencies struct { // // list of incoming auth dependencies for domain // IncomingDependencies []*AuthHistory `json:"incomingDependencies"` // // list of incoming auth dependencies for domain // OutgoingDependencies []*AuthHistory `json:"outgoingDependencies"` }
AuthHistoryDependencies -
func NewAuthHistoryDependencies ¶ added in v1.11.2
func NewAuthHistoryDependencies(init ...*AuthHistoryDependencies) *AuthHistoryDependencies
NewAuthHistoryDependencies - creates an initialized AuthHistoryDependencies instance, returns a pointer to it
func (*AuthHistoryDependencies) Init ¶ added in v1.11.2
func (self *AuthHistoryDependencies) Init() *AuthHistoryDependencies
Init - sets up the instance according to its default field values, if any
func (*AuthHistoryDependencies) UnmarshalJSON ¶ added in v1.11.2
func (self *AuthHistoryDependencies) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AuthHistoryDependencies
func (*AuthHistoryDependencies) Validate ¶ added in v1.11.2
func (self *AuthHistoryDependencies) Validate() error
Validate - checks for missing required fields, etc
type AuthorityKeyword ¶ added in v1.9.32
type AuthorityKeyword string
AuthorityKeyword - A comma separated list of authority keywords
type AuthorityName ¶
type AuthorityName string
AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.
type CompoundName ¶
type CompoundName string
CompoundName - A compound name. Most names in this API are compound names.
type DanglingPolicy ¶
type DanglingPolicy struct { PolicyName EntityName `json:"policyName"` RoleName EntityName `json:"roleName"` }
DanglingPolicy - A dangling policy where the assertion is referencing a role name that doesn't exist in the domain
func NewDanglingPolicy ¶
func NewDanglingPolicy(init ...*DanglingPolicy) *DanglingPolicy
NewDanglingPolicy - creates an initialized DanglingPolicy instance, returns a pointer to it
func (*DanglingPolicy) UnmarshalJSON ¶
func (self *DanglingPolicy) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DanglingPolicy
func (*DanglingPolicy) Validate ¶
func (self *DanglingPolicy) Validate() error
Validate - checks for missing required fields, etc
type DefaultAdmins ¶
type DefaultAdmins struct { // // list of domain administrators // Admins []ResourceName `json:"admins"` }
DefaultAdmins - The list of domain administrators.
func NewDefaultAdmins ¶
func NewDefaultAdmins(init ...*DefaultAdmins) *DefaultAdmins
NewDefaultAdmins - creates an initialized DefaultAdmins instance, returns a pointer to it
func (*DefaultAdmins) Init ¶
func (self *DefaultAdmins) Init() *DefaultAdmins
Init - sets up the instance according to its default field values, if any
func (*DefaultAdmins) UnmarshalJSON ¶
func (self *DefaultAdmins) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DefaultAdmins
func (*DefaultAdmins) Validate ¶
func (self *DefaultAdmins) Validate() error
Validate - checks for missing required fields, etc
type DependentService ¶ added in v1.10.46
type DependentService struct { // // name of the service // Service ServiceName `json:"service"` }
DependentService - Dependent service provider details
func NewDependentService ¶ added in v1.10.46
func NewDependentService(init ...*DependentService) *DependentService
NewDependentService - creates an initialized DependentService instance, returns a pointer to it
func (*DependentService) UnmarshalJSON ¶ added in v1.10.46
func (self *DependentService) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DependentService
func (*DependentService) Validate ¶ added in v1.10.46
func (self *DependentService) Validate() error
Validate - checks for missing required fields, etc
type DependentServiceResourceGroup ¶ added in v1.10.51
type DependentServiceResourceGroup struct { // // name of the service // Service ServiceName `json:"service"` // // name of the dependent domain // Domain DomainName `json:"domain"` // // registered resource groups for this service and domain // ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional" yaml:",omitempty"` }
DependentServiceResourceGroup -
func NewDependentServiceResourceGroup ¶ added in v1.10.51
func NewDependentServiceResourceGroup(init ...*DependentServiceResourceGroup) *DependentServiceResourceGroup
NewDependentServiceResourceGroup - creates an initialized DependentServiceResourceGroup instance, returns a pointer to it
func (*DependentServiceResourceGroup) UnmarshalJSON ¶ added in v1.10.51
func (self *DependentServiceResourceGroup) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DependentServiceResourceGroup
func (*DependentServiceResourceGroup) Validate ¶ added in v1.10.51
func (self *DependentServiceResourceGroup) Validate() error
Validate - checks for missing required fields, etc
type DependentServiceResourceGroupList ¶ added in v1.10.51
type DependentServiceResourceGroupList struct { // // collection of dependent services and resource groups for tenant domain // ServiceAndResourceGroups []*DependentServiceResourceGroup `json:"serviceAndResourceGroups"` }
DependentServiceResourceGroupList -
func NewDependentServiceResourceGroupList ¶ added in v1.10.51
func NewDependentServiceResourceGroupList(init ...*DependentServiceResourceGroupList) *DependentServiceResourceGroupList
NewDependentServiceResourceGroupList - creates an initialized DependentServiceResourceGroupList instance, returns a pointer to it
func (*DependentServiceResourceGroupList) Init ¶ added in v1.10.51
func (self *DependentServiceResourceGroupList) Init() *DependentServiceResourceGroupList
Init - sets up the instance according to its default field values, if any
func (*DependentServiceResourceGroupList) UnmarshalJSON ¶ added in v1.10.51
func (self *DependentServiceResourceGroupList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DependentServiceResourceGroupList
func (*DependentServiceResourceGroupList) Validate ¶ added in v1.10.51
func (self *DependentServiceResourceGroupList) Validate() error
Validate - checks for missing required fields, etc
type Domain ¶
type Domain struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` // // the common name to be referred to, the symbolic id. It is immutable // Name DomainName `json:"name"` // // the last modification timestamp of any object or attribute in this domain // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` // // unique identifier of the domain. generated on create, never reused // Id *rdl.UUID `json:"id,omitempty" rdl:"optional" yaml:",omitempty"` }
Domain - A domain is an independent partition of users, roles, and resources. Its name represents the definition of a namespace; the only way a new namespace can be created, from the top, is by creating Domains. Administration of a domain is governed by the parent domain (using reverse-DNS namespaces). The top level domains are governed by the special "sys.auth" domain.
func (*Domain) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Domain
type DomainAttributes ¶ added in v1.11.30
type DomainAttributes struct { // // timestamp when the domain object was fetched from ZMS // FetchTime int64 `json:"fetchTime"` }
DomainAttributes - A domain attributes for the changelog support
func NewDomainAttributes ¶ added in v1.11.30
func NewDomainAttributes(init ...*DomainAttributes) *DomainAttributes
NewDomainAttributes - creates an initialized DomainAttributes instance, returns a pointer to it
func (*DomainAttributes) UnmarshalJSON ¶ added in v1.11.30
func (self *DomainAttributes) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainAttributes
func (*DomainAttributes) Validate ¶ added in v1.11.30
func (self *DomainAttributes) Validate() error
Validate - checks for missing required fields, etc
type DomainData ¶
type DomainData struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` // // name of the domain // Name DomainName `json:"name"` // // list of roles in the domain // Roles []*Role `json:"roles"` // // list of policies in the domain signed with ZMS private key // Policies *SignedPolicies `json:"policies"` // // list of services in the domain // Services []*ServiceIdentity `json:"services"` // // list of entities in the domain // Entities []*Entity `json:"entities"` // // list of groups in the domain // Groups []*Group `json:"groups"` // // last modification timestamp // Modified rdl.Timestamp `json:"modified"` }
DomainData - A domain object that includes its roles, policies and services.
func NewDomainData ¶
func NewDomainData(init ...*DomainData) *DomainData
NewDomainData - creates an initialized DomainData instance, returns a pointer to it
func (*DomainData) Init ¶
func (self *DomainData) Init() *DomainData
Init - sets up the instance according to its default field values, if any
func (*DomainData) UnmarshalJSON ¶
func (self *DomainData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainData
func (*DomainData) Validate ¶
func (self *DomainData) Validate() error
Validate - checks for missing required fields, etc
type DomainDataCheck ¶
type DomainDataCheck struct { // // Names of roles not specified in any assertion. Might be empty or null if no // dangling roles. // DanglingRoles []EntityName `json:"danglingRoles,omitempty" rdl:"optional" yaml:",omitempty"` // // Policy+role tuples where role doesnt exist. Might be empty or null if no // dangling policies. // DanglingPolicies []*DanglingPolicy `json:"danglingPolicies,omitempty" rdl:"optional" yaml:",omitempty"` // // total number of policies // PolicyCount int32 `json:"policyCount"` // // total number of assertions // AssertionCount int32 `json:"assertionCount"` // // total number of assertions containing roles as wildcards // RoleWildCardCount int32 `json:"roleWildCardCount"` // // Service names (domain.service) that dont contain trust role if this is a // tenant domain. Might be empty or null, if not a tenant or if all providers // support this tenant. // ProvidersWithoutTrust []ServiceName `json:"providersWithoutTrust,omitempty" rdl:"optional" yaml:",omitempty"` // // Names of Tenant domains that dont contain assume role assertions if this is // a provider domain. Might be empty or null, if not a provider or if all // tenants support use this provider. // TenantsWithoutAssumeRole []DomainName `json:"tenantsWithoutAssumeRole,omitempty" rdl:"optional" yaml:",omitempty"` }
DomainDataCheck - Domain data object representing the results of a check operation looking for dangling roles, policies and trust relationships that are set either on tenant or provider side only
func NewDomainDataCheck ¶
func NewDomainDataCheck(init ...*DomainDataCheck) *DomainDataCheck
NewDomainDataCheck - creates an initialized DomainDataCheck instance, returns a pointer to it
func (*DomainDataCheck) UnmarshalJSON ¶
func (self *DomainDataCheck) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainDataCheck
func (*DomainDataCheck) Validate ¶
func (self *DomainDataCheck) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMember ¶ added in v1.9.32
type DomainGroupMember struct { // // name of the member // MemberName GroupMemberName `json:"memberName"` // // groups for this member // MemberGroups []*GroupMember `json:"memberGroups"` }
DomainGroupMember -
func NewDomainGroupMember ¶ added in v1.9.32
func NewDomainGroupMember(init ...*DomainGroupMember) *DomainGroupMember
NewDomainGroupMember - creates an initialized DomainGroupMember instance, returns a pointer to it
func (*DomainGroupMember) Init ¶ added in v1.9.32
func (self *DomainGroupMember) Init() *DomainGroupMember
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMember) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMember
func (*DomainGroupMember) Validate ¶ added in v1.9.32
func (self *DomainGroupMember) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMembers ¶ added in v1.9.32
type DomainGroupMembers struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // group members // Members []*DomainGroupMember `json:"members"` }
DomainGroupMembers -
func NewDomainGroupMembers ¶ added in v1.9.32
func NewDomainGroupMembers(init ...*DomainGroupMembers) *DomainGroupMembers
NewDomainGroupMembers - creates an initialized DomainGroupMembers instance, returns a pointer to it
func (*DomainGroupMembers) Init ¶ added in v1.9.32
func (self *DomainGroupMembers) Init() *DomainGroupMembers
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMembers) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMembers) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembers
func (*DomainGroupMembers) Validate ¶ added in v1.9.32
func (self *DomainGroupMembers) Validate() error
Validate - checks for missing required fields, etc
type DomainGroupMembership ¶ added in v1.9.32
type DomainGroupMembership struct {
DomainGroupMembersList []*DomainGroupMembers `json:"domainGroupMembersList"`
}
DomainGroupMembership -
func NewDomainGroupMembership ¶ added in v1.9.32
func NewDomainGroupMembership(init ...*DomainGroupMembership) *DomainGroupMembership
NewDomainGroupMembership - creates an initialized DomainGroupMembership instance, returns a pointer to it
func (*DomainGroupMembership) Init ¶ added in v1.9.32
func (self *DomainGroupMembership) Init() *DomainGroupMembership
Init - sets up the instance according to its default field values, if any
func (*DomainGroupMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainGroupMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainGroupMembership
func (*DomainGroupMembership) Validate ¶ added in v1.9.32
func (self *DomainGroupMembership) Validate() error
Validate - checks for missing required fields, etc
type DomainList ¶
type DomainList struct { // // list of domain names // Names []DomainName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next domain list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional" yaml:",omitempty"` }
DomainList - A paginated list of domains.
func NewDomainList ¶
func NewDomainList(init ...*DomainList) *DomainList
NewDomainList - creates an initialized DomainList instance, returns a pointer to it
func (*DomainList) Init ¶
func (self *DomainList) Init() *DomainList
Init - sets up the instance according to its default field values, if any
func (*DomainList) UnmarshalJSON ¶
func (self *DomainList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainList
func (*DomainList) Validate ¶
func (self *DomainList) Validate() error
Validate - checks for missing required fields, etc
type DomainMeta ¶
type DomainMeta struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` }
DomainMeta - Set of metadata attributes that all domains may have and can be changed.
func NewDomainMeta ¶
func NewDomainMeta(init ...*DomainMeta) *DomainMeta
NewDomainMeta - creates an initialized DomainMeta instance, returns a pointer to it
func (*DomainMeta) Init ¶
func (self *DomainMeta) Init() *DomainMeta
Init - sets up the instance according to its default field values, if any
func (*DomainMeta) UnmarshalJSON ¶
func (self *DomainMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMeta
func (*DomainMeta) Validate ¶
func (self *DomainMeta) Validate() error
Validate - checks for missing required fields, etc
type DomainMetaList ¶ added in v1.9.32
type DomainMetaList struct { // // list of domain objects // Domains []*Domain `json:"domains"` }
DomainMetaList - A list of domain objects with their meta attributes.
func NewDomainMetaList ¶ added in v1.9.32
func NewDomainMetaList(init ...*DomainMetaList) *DomainMetaList
NewDomainMetaList - creates an initialized DomainMetaList instance, returns a pointer to it
func (*DomainMetaList) Init ¶ added in v1.9.32
func (self *DomainMetaList) Init() *DomainMetaList
Init - sets up the instance according to its default field values, if any
func (*DomainMetaList) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainMetaList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetaList
func (*DomainMetaList) Validate ¶ added in v1.9.32
func (self *DomainMetaList) Validate() error
Validate - checks for missing required fields, etc
type DomainMetaStoreValidValuesList ¶ added in v1.10.13
type DomainMetaStoreValidValuesList struct { // // list of valid values for attribute // ValidValues []string `json:"validValues"` }
DomainMetaStoreValidValuesList - List of valid domain meta attribute values
func NewDomainMetaStoreValidValuesList ¶ added in v1.10.13
func NewDomainMetaStoreValidValuesList(init ...*DomainMetaStoreValidValuesList) *DomainMetaStoreValidValuesList
NewDomainMetaStoreValidValuesList - creates an initialized DomainMetaStoreValidValuesList instance, returns a pointer to it
func (*DomainMetaStoreValidValuesList) Init ¶ added in v1.10.13
func (self *DomainMetaStoreValidValuesList) Init() *DomainMetaStoreValidValuesList
Init - sets up the instance according to its default field values, if any
func (*DomainMetaStoreValidValuesList) UnmarshalJSON ¶ added in v1.10.13
func (self *DomainMetaStoreValidValuesList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetaStoreValidValuesList
func (*DomainMetaStoreValidValuesList) Validate ¶ added in v1.10.13
func (self *DomainMetaStoreValidValuesList) Validate() error
Validate - checks for missing required fields, etc
type DomainName ¶
type DomainName string
DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.
type DomainOptions ¶ added in v1.11.31
type DomainOptions struct { // // enforce domains are associated with unique product ids // EnforceUniqueProductIds bool `json:"enforceUniqueProductIds"` // // enforce domains are associated with unique aws accounts // EnforceUniqueAWSAccounts bool `json:"enforceUniqueAWSAccounts"` // // enforce domains are associated with unique azure subscriptions // EnforceUniqueAzureSubscriptions bool `json:"enforceUniqueAzureSubscriptions"` // // enforce domains are associated with unique gcp projects // EnforceUniqueGCPProjects bool `json:"enforceUniqueGCPProjects"` }
DomainOptions - A domain options for enforcing uniqueness checks
func NewDomainOptions ¶ added in v1.11.31
func NewDomainOptions(init ...*DomainOptions) *DomainOptions
NewDomainOptions - creates an initialized DomainOptions instance, returns a pointer to it
func (*DomainOptions) UnmarshalJSON ¶ added in v1.11.31
func (self *DomainOptions) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainOptions
func (*DomainOptions) Validate ¶ added in v1.11.31
func (self *DomainOptions) Validate() error
Validate - checks for missing required fields, etc
type DomainPolicies ¶
type DomainPolicies struct { // // name of the domain // Domain DomainName `json:"domain"` // // list of policies defined in this server // Policies []*Policy `json:"policies"` }
DomainPolicies - We need to include the name of the domain in this struct since this data will be passed back to ZPU through ZTS so we need to sign not only the list of policies but also the corresponding domain name that the policies belong to.
func NewDomainPolicies ¶
func NewDomainPolicies(init ...*DomainPolicies) *DomainPolicies
NewDomainPolicies - creates an initialized DomainPolicies instance, returns a pointer to it
func (*DomainPolicies) Init ¶
func (self *DomainPolicies) Init() *DomainPolicies
Init - sets up the instance according to its default field values, if any
func (*DomainPolicies) UnmarshalJSON ¶
func (self *DomainPolicies) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainPolicies
func (*DomainPolicies) Validate ¶
func (self *DomainPolicies) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMember ¶ added in v1.9.32
type DomainRoleMember struct { // // name of the member // MemberName MemberName `json:"memberName"` // // roles for this member // MemberRoles []*MemberRole `json:"memberRoles"` }
DomainRoleMember -
func NewDomainRoleMember ¶ added in v1.9.32
func NewDomainRoleMember(init ...*DomainRoleMember) *DomainRoleMember
NewDomainRoleMember - creates an initialized DomainRoleMember instance, returns a pointer to it
func (*DomainRoleMember) Init ¶ added in v1.9.32
func (self *DomainRoleMember) Init() *DomainRoleMember
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMember) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMember
func (*DomainRoleMember) Validate ¶ added in v1.9.32
func (self *DomainRoleMember) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMembers ¶ added in v1.9.32
type DomainRoleMembers struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // role members // Members []*DomainRoleMember `json:"members"` }
DomainRoleMembers -
func NewDomainRoleMembers ¶ added in v1.9.32
func NewDomainRoleMembers(init ...*DomainRoleMembers) *DomainRoleMembers
NewDomainRoleMembers - creates an initialized DomainRoleMembers instance, returns a pointer to it
func (*DomainRoleMembers) Init ¶ added in v1.9.32
func (self *DomainRoleMembers) Init() *DomainRoleMembers
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMembers) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMembers) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembers
func (*DomainRoleMembers) Validate ¶ added in v1.9.32
func (self *DomainRoleMembers) Validate() error
Validate - checks for missing required fields, etc
type DomainRoleMembership ¶ added in v1.9.32
type DomainRoleMembership struct {
DomainRoleMembersList []*DomainRoleMembers `json:"domainRoleMembersList"`
}
DomainRoleMembership -
func NewDomainRoleMembership ¶ added in v1.9.32
func NewDomainRoleMembership(init ...*DomainRoleMembership) *DomainRoleMembership
NewDomainRoleMembership - creates an initialized DomainRoleMembership instance, returns a pointer to it
func (*DomainRoleMembership) Init ¶ added in v1.9.32
func (self *DomainRoleMembership) Init() *DomainRoleMembership
Init - sets up the instance according to its default field values, if any
func (*DomainRoleMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainRoleMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainRoleMembership
func (*DomainRoleMembership) Validate ¶ added in v1.9.32
func (self *DomainRoleMembership) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplate ¶
type DomainTemplate struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` // // optional template parameters // Params []*TemplateParam `json:"params,omitempty" rdl:"optional" yaml:",omitempty"` }
DomainTemplate - solution template(s) to be applied to a domain
func NewDomainTemplate ¶
func NewDomainTemplate(init ...*DomainTemplate) *DomainTemplate
NewDomainTemplate - creates an initialized DomainTemplate instance, returns a pointer to it
func (*DomainTemplate) Init ¶
func (self *DomainTemplate) Init() *DomainTemplate
Init - sets up the instance according to its default field values, if any
func (*DomainTemplate) UnmarshalJSON ¶
func (self *DomainTemplate) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplate
func (*DomainTemplate) Validate ¶
func (self *DomainTemplate) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplateDetailsList ¶ added in v1.9.32
type DomainTemplateDetailsList struct { // // list of template metadata // MetaData []*TemplateMetaData `json:"metaData"` }
DomainTemplateDetailsList - List of templates with metadata details given a domain
func NewDomainTemplateDetailsList ¶ added in v1.9.32
func NewDomainTemplateDetailsList(init ...*DomainTemplateDetailsList) *DomainTemplateDetailsList
NewDomainTemplateDetailsList - creates an initialized DomainTemplateDetailsList instance, returns a pointer to it
func (*DomainTemplateDetailsList) Init ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) Init() *DomainTemplateDetailsList
Init - sets up the instance according to its default field values, if any
func (*DomainTemplateDetailsList) UnmarshalJSON ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateDetailsList
func (*DomainTemplateDetailsList) Validate ¶ added in v1.9.32
func (self *DomainTemplateDetailsList) Validate() error
Validate - checks for missing required fields, etc
type DomainTemplateList ¶
type DomainTemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
DomainTemplateList - List of solution templates to be applied to a domain
func NewDomainTemplateList ¶
func NewDomainTemplateList(init ...*DomainTemplateList) *DomainTemplateList
NewDomainTemplateList - creates an initialized DomainTemplateList instance, returns a pointer to it
func (*DomainTemplateList) Init ¶
func (self *DomainTemplateList) Init() *DomainTemplateList
Init - sets up the instance according to its default field values, if any
func (*DomainTemplateList) UnmarshalJSON ¶
func (self *DomainTemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainTemplateList
func (*DomainTemplateList) Validate ¶
func (self *DomainTemplateList) Validate() error
Validate - checks for missing required fields, etc
type Entity ¶
type Entity struct { // // name of the entity object // Name ResourceName `json:"name"` // // value of the entity // Value rdl.Struct `json:"value"` }
Entity - An entity is a name and a structured value. some entity names/prefixes are reserved (i.e. "role", "policy", "meta", "domain", "service")
func (*Entity) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Entity
type EntityList ¶
type EntityList struct { // // list of entity names // Names []EntityName `json:"names"` }
EntityList - The representation for an enumeration of entities in the namespace
func NewEntityList ¶
func NewEntityList(init ...*EntityList) *EntityList
NewEntityList - creates an initialized EntityList instance, returns a pointer to it
func (*EntityList) Init ¶
func (self *EntityList) Init() *EntityList
Init - sets up the instance according to its default field values, if any
func (*EntityList) UnmarshalJSON ¶
func (self *EntityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a EntityList
func (*EntityList) Validate ¶
func (self *EntityList) Validate() error
Validate - checks for missing required fields, etc
type EntityName ¶
type EntityName string
EntityName - An entity name is a short form of a resource name, including only the domain and entity.
type ExpiredMembers ¶ added in v1.11.8
type ExpiredMembers struct { // // list of deleted expired role members // ExpiredRoleMembers []*ExpiryMember `json:"expiredRoleMembers"` // // list of deleted expired groups members // ExpiredGroupMembers []*ExpiryMember `json:"expiredGroupMembers"` }
ExpiredMembers -
func NewExpiredMembers ¶ added in v1.11.8
func NewExpiredMembers(init ...*ExpiredMembers) *ExpiredMembers
NewExpiredMembers - creates an initialized ExpiredMembers instance, returns a pointer to it
func (*ExpiredMembers) Init ¶ added in v1.11.8
func (self *ExpiredMembers) Init() *ExpiredMembers
Init - sets up the instance according to its default field values, if any
func (*ExpiredMembers) UnmarshalJSON ¶ added in v1.11.8
func (self *ExpiredMembers) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ExpiredMembers
func (*ExpiredMembers) Validate ¶ added in v1.11.8
func (self *ExpiredMembers) Validate() error
Validate - checks for missing required fields, etc
type ExpiryMember ¶ added in v1.11.8
type ExpiryMember struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // name of the collection // CollectionName EntityName `json:"collectionName"` // // name of the principal // PrincipalName ResourceName `json:"principalName"` // // the expiration timestamp // Expiration rdl.Timestamp `json:"expiration"` }
ExpiryMember -
func NewExpiryMember ¶ added in v1.11.8
func NewExpiryMember(init ...*ExpiryMember) *ExpiryMember
NewExpiryMember - creates an initialized ExpiryMember instance, returns a pointer to it
func (*ExpiryMember) UnmarshalJSON ¶ added in v1.11.8
func (self *ExpiryMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ExpiryMember
func (*ExpiryMember) Validate ¶ added in v1.11.8
func (self *ExpiryMember) Validate() error
Validate - checks for missing required fields, etc
type Group ¶ added in v1.9.32
type Group struct { // // Flag indicates whether or not group allows self service. Users can add // themselves in the group, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not group updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"` // // all user members in the group will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all services in the group will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not group updates should require GRC approval. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // If true, ask for delete confirmation in audit and review enabled groups. // DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"` // // last review timestamp of the group // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether to allow expired members to renew their membership // SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"` // // Number of minutes members can renew their membership if self review option // is enabled // SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"` // // Maximum number of members allowed in the group // MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the group (read-only attribute) // ResourceOwnership *ResourceGroupOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on configured principal domains // PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` // // name of the group // Name ResourceName `json:"name"` // // last modification timestamp of the group // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` // // members with expiration // GroupMembers []*GroupMember `json:"groupMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // an audit log for group membership changes // AuditLog []*GroupAuditLog `json:"auditLog,omitempty" rdl:"optional" yaml:",omitempty"` }
Group - The representation for a Group with set of members.
func NewGroup ¶ added in v1.9.32
NewGroup - creates an initialized Group instance, returns a pointer to it
func (*Group) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a Group
type GroupAuditLog ¶ added in v1.9.32
type GroupAuditLog struct { // // name of the group member // Member GroupMemberName `json:"member"` // // name of the principal executing the change // Admin ResourceName `json:"admin"` // // timestamp of the entry // Created rdl.Timestamp `json:"created"` // // log action - e.g. add, delete, approve, etc // Action string `json:"action"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` }
GroupAuditLog - An audit log entry for group membership change.
func NewGroupAuditLog ¶ added in v1.9.32
func NewGroupAuditLog(init ...*GroupAuditLog) *GroupAuditLog
NewGroupAuditLog - creates an initialized GroupAuditLog instance, returns a pointer to it
func (*GroupAuditLog) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupAuditLog) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupAuditLog
func (*GroupAuditLog) Validate ¶ added in v1.9.32
func (self *GroupAuditLog) Validate() error
Validate - checks for missing required fields, etc
type GroupMember ¶ added in v1.9.32
type GroupMember struct { // // name of the member // MemberName GroupMemberName `json:"memberName,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the group // GroupName ResourceName `json:"groupName,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the domain // DomainName DomainName `json:"domainName,omitempty" rdl:"optional" yaml:",omitempty"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled groups ) or by domain admins ( in case of selfserve // groups ) // Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, time when last notification was sent // LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, time when last notification was sent (for // file store) // ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"` // // user disabled by system based on configured group setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"` // // server use only - principal type: unknown(0), user(1) or service(2) // PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request state - e.g. add, delete // PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member // review/approval/expiry // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` }
GroupMember -
func NewGroupMember ¶ added in v1.9.32
func NewGroupMember(init ...*GroupMember) *GroupMember
NewGroupMember - creates an initialized GroupMember instance, returns a pointer to it
func (*GroupMember) Init ¶ added in v1.9.32
func (self *GroupMember) Init() *GroupMember
Init - sets up the instance according to its default field values, if any
func (*GroupMember) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupMember
func (*GroupMember) Validate ¶ added in v1.9.32
func (self *GroupMember) Validate() error
Validate - checks for missing required fields, etc
type GroupMemberName ¶ added in v1.9.32
type GroupMemberName string
GroupMemberName - A group member name
type GroupMembership ¶ added in v1.9.32
type GroupMembership struct { // // name of the member // MemberName GroupMemberName `json:"memberName"` // // flag to indicate whether or the user is a member or not // IsMember *bool `json:"isMember,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the group // GroupName ResourceName `json:"groupName,omitempty" rdl:"optional" yaml:",omitempty"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled groups ) or by domain admins ( in case of selfserve // groups ) // Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"` // // user disabled by system based on configured group setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request state - e.g. add, delete // PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"` }
GroupMembership - The representation for a group membership.
func NewGroupMembership ¶ added in v1.9.32
func NewGroupMembership(init ...*GroupMembership) *GroupMembership
NewGroupMembership - creates an initialized GroupMembership instance, returns a pointer to it
func (*GroupMembership) Init ¶ added in v1.9.32
func (self *GroupMembership) Init() *GroupMembership
Init - sets up the instance according to its default field values, if any
func (*GroupMembership) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupMembership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupMembership
func (*GroupMembership) Validate ¶ added in v1.9.32
func (self *GroupMembership) Validate() error
Validate - checks for missing required fields, etc
type GroupMeta ¶ added in v1.9.32
type GroupMeta struct { // // Flag indicates whether or not group allows self service. Users can add // themselves in the group, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not group updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"` // // all user members in the group will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all services in the group will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not group updates should require GRC approval. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // If true, ask for delete confirmation in audit and review enabled groups. // DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"` // // last review timestamp of the group // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether to allow expired members to renew their membership // SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"` // // Number of minutes members can renew their membership if self review option // is enabled // SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"` // // Maximum number of members allowed in the group // MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the group (read-only attribute) // ResourceOwnership *ResourceGroupOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on configured principal domains // PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` }
GroupMeta - Set of metadata attributes that all groups may have and can be changed by domain admins.
func NewGroupMeta ¶ added in v1.9.32
NewGroupMeta - creates an initialized GroupMeta instance, returns a pointer to it
func (*GroupMeta) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a GroupMeta
type GroupSystemMeta ¶ added in v1.9.32
type GroupSystemMeta struct { // // Flag indicates whether or not group updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` }
GroupSystemMeta - Set of system metadata attributes that all groups may have and can be changed by system admins.
func NewGroupSystemMeta ¶ added in v1.9.32
func NewGroupSystemMeta(init ...*GroupSystemMeta) *GroupSystemMeta
NewGroupSystemMeta - creates an initialized GroupSystemMeta instance, returns a pointer to it
func (*GroupSystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *GroupSystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a GroupSystemMeta
func (*GroupSystemMeta) Validate ¶ added in v1.9.32
func (self *GroupSystemMeta) Validate() error
Validate - checks for missing required fields, etc
type Groups ¶ added in v1.9.32
type Groups struct { // // list of group objects // List []*Group `json:"list"` }
Groups - The representation for a list of groups with full details
func NewGroups ¶ added in v1.9.32
NewGroups - creates an initialized Groups instance, returns a pointer to it
func (*Groups) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*Groups) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a Groups
type Info ¶ added in v1.11.1
type Info struct { // // jdk build version // BuildJdkSpec string `json:"buildJdkSpec" rdl:"optional" yaml:",omitempty"` // // implementation title - e.g. athenz-zms-server // ImplementationTitle string `json:"implementationTitle" rdl:"optional" yaml:",omitempty"` // // implementation version - e.g. 1.11.1 // ImplementationVersion string `json:"implementationVersion" rdl:"optional" yaml:",omitempty"` // // implementation vendor - Athenz // ImplementationVendor string `json:"implementationVendor" rdl:"optional" yaml:",omitempty"` }
Info - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The representation for an info object
func NewInfo ¶ added in v1.11.1
NewInfo - creates an initialized Info instance, returns a pointer to it
func (*Info) UnmarshalJSON ¶ added in v1.11.1
UnmarshalJSON is defined for proper JSON decoding of a Info
type JWSDomain ¶ added in v1.9.32
type JWSDomain struct { Payload string `json:"payload"` Protected string `json:"protected"` Header map[string]string `json:"header"` Signature string `json:"signature"` }
JWSDomain - SignedDomain using flattened JWS JSON Serialization syntax. https://tools.ietf.org/html/rfc7515#section-7.2.2
func NewJWSDomain ¶ added in v1.9.32
NewJWSDomain - creates an initialized JWSDomain instance, returns a pointer to it
func (*JWSDomain) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*JWSDomain) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a JWSDomain
type LocationName ¶
type LocationName string
LocationName - A location name is not yet defined, but will be a dotted name like everything else.
type MemberName ¶ added in v1.7.3
type MemberName string
MemberName - Role Member name - could be one of four values: *, DomainName.* or ServiceName[*], or GroupNames
type MemberRole ¶ added in v1.9.32
type MemberRole struct { // // name of the role // RoleName ResourceName `json:"roleName"` // // name of the domain // DomainName DomainName `json:"domainName,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the member // MemberName MemberName `json:"memberName,omitempty" rdl:"optional" yaml:",omitempty"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` // // pending members only - name of the principal requesting the change // RequestPrincipal EntityName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request state - e.g. add, delete // PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"` // // name of the role that handles the membership delegation for the role // specified in roleName // TrustRoleName ResourceName `json:"trustRoleName,omitempty" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member // review/approval/expiry // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` }
MemberRole -
func NewMemberRole ¶ added in v1.9.32
func NewMemberRole(init ...*MemberRole) *MemberRole
NewMemberRole - creates an initialized MemberRole instance, returns a pointer to it
func (*MemberRole) Init ¶ added in v1.9.32
func (self *MemberRole) Init() *MemberRole
Init - sets up the instance according to its default field values, if any
func (*MemberRole) UnmarshalJSON ¶ added in v1.9.32
func (self *MemberRole) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a MemberRole
func (*MemberRole) Validate ¶ added in v1.9.32
func (self *MemberRole) Validate() error
Validate - checks for missing required fields, etc
type Membership ¶
type Membership struct { // // name of the member // MemberName MemberName `json:"memberName"` // // flag to indicate whether or the user is a member or not // IsMember *bool `json:"isMember,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the role // RoleName ResourceName `json:"roleName,omitempty" rdl:"optional" yaml:",omitempty"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled roles ) or by domain admins ( in case of selfserve roles // ) // Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request state - e.g. add, delete // PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"` }
Membership - The representation for a role membership.
func NewMembership ¶
func NewMembership(init ...*Membership) *Membership
NewMembership - creates an initialized Membership instance, returns a pointer to it
func (*Membership) Init ¶
func (self *Membership) Init() *Membership
Init - sets up the instance according to its default field values, if any
func (*Membership) UnmarshalJSON ¶
func (self *Membership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a Membership
func (*Membership) Validate ¶
func (self *Membership) Validate() error
Validate - checks for missing required fields, etc
type Policies ¶
type Policies struct { // // list of policy objects // List []*Policy `json:"list"` }
Policies - The representation of list of policy objects
func NewPolicies ¶
NewPolicies - creates an initialized Policies instance, returns a pointer to it
func (*Policies) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policies
type Policy ¶
type Policy struct { // // name of the policy // Name ResourceName `json:"name"` // // last modification timestamp of this policy // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` // // list of defined assertions for this policy // Assertions []*Assertion `json:"assertions"` // // If true, we should store action and resource in their original case // CaseSensitive *bool `json:"caseSensitive,omitempty" rdl:"optional" yaml:",omitempty"` // // optional version string, defaults to 0 // Version SimpleName `json:"version,omitempty" rdl:"optional" yaml:",omitempty"` // // if multi-version policy then indicates active version // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // a description of the policy // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the policy (read-only attribute) // ResourceOwnership *ResourcePolicyOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` }
Policy - The representation for a Policy with set of assertions.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policy
type PolicyList ¶
type PolicyList struct { // // list of policy names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next policy list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional" yaml:",omitempty"` }
PolicyList - The representation for an enumeration of policies in the namespace, with pagination.
func NewPolicyList ¶
func NewPolicyList(init ...*PolicyList) *PolicyList
NewPolicyList - creates an initialized PolicyList instance, returns a pointer to it
func (*PolicyList) Init ¶
func (self *PolicyList) Init() *PolicyList
Init - sets up the instance according to its default field values, if any
func (*PolicyList) UnmarshalJSON ¶
func (self *PolicyList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PolicyList
func (*PolicyList) Validate ¶
func (self *PolicyList) Validate() error
Validate - checks for missing required fields, etc
type PolicyOptions ¶ added in v1.10.33
type PolicyOptions struct { // // policy version // Version SimpleName `json:"version"` // // optional source version used when creating a new version, defaults to 0 // FromVersion SimpleName `json:"fromVersion,omitempty" rdl:"optional" yaml:",omitempty"` }
PolicyOptions - Options for Policy Management Requests
func NewPolicyOptions ¶ added in v1.10.33
func NewPolicyOptions(init ...*PolicyOptions) *PolicyOptions
NewPolicyOptions - creates an initialized PolicyOptions instance, returns a pointer to it
func (*PolicyOptions) UnmarshalJSON ¶ added in v1.10.33
func (self *PolicyOptions) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PolicyOptions
func (*PolicyOptions) Validate ¶ added in v1.10.33
func (self *PolicyOptions) Validate() error
Validate - checks for missing required fields, etc
type PrincipalMember ¶ added in v1.11.59
type PrincipalMember struct { // // name of the principal // PrincipalName MemberName `json:"principalName"` // // current system suspended state of the principal // SuspendedState int32 `json:"suspendedState"` }
PrincipalMember -
func NewPrincipalMember ¶ added in v1.11.59
func NewPrincipalMember(init ...*PrincipalMember) *PrincipalMember
NewPrincipalMember - creates an initialized PrincipalMember instance, returns a pointer to it
func (*PrincipalMember) UnmarshalJSON ¶ added in v1.11.59
func (self *PrincipalMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PrincipalMember
func (*PrincipalMember) Validate ¶ added in v1.11.59
func (self *PrincipalMember) Validate() error
Validate - checks for missing required fields, etc
type PrincipalState ¶ added in v1.11.59
type PrincipalState struct { // // athenz suspended state for the principal // Suspended bool `json:"suspended"` }
PrincipalState - A principal state entry
func NewPrincipalState ¶ added in v1.11.59
func NewPrincipalState(init ...*PrincipalState) *PrincipalState
NewPrincipalState - creates an initialized PrincipalState instance, returns a pointer to it
func (*PrincipalState) UnmarshalJSON ¶ added in v1.11.59
func (self *PrincipalState) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PrincipalState
func (*PrincipalState) Validate ¶ added in v1.11.59
func (self *PrincipalState) Validate() error
Validate - checks for missing required fields, etc
type ProviderResourceGroupRoles ¶
type ProviderResourceGroupRoles struct { // // name of the provider domain // Domain DomainName `json:"domain"` // // name of the provider service // Service SimpleName `json:"service"` // // name of the tenant domain // Tenant DomainName `json:"tenant"` // // the role/action pairs to provision // Roles []*TenantRoleAction `json:"roles"` // // tenant resource group // ResourceGroup EntityName `json:"resourceGroup"` // // optional flag indicating whether to create a default tenancy admin role // CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional" yaml:",omitempty"` // // optional flag indicating to skip adding the caller principal into the // resource role // SkipPrincipalMember *bool `json:"skipPrincipalMember,omitempty" rdl:"optional" yaml:",omitempty"` }
ProviderResourceGroupRoles - A representation of provider roles to be provisioned.
func NewProviderResourceGroupRoles ¶
func NewProviderResourceGroupRoles(init ...*ProviderResourceGroupRoles) *ProviderResourceGroupRoles
NewProviderResourceGroupRoles - creates an initialized ProviderResourceGroupRoles instance, returns a pointer to it
func (*ProviderResourceGroupRoles) Init ¶
func (self *ProviderResourceGroupRoles) Init() *ProviderResourceGroupRoles
Init - sets up the instance according to its default field values, if any
func (*ProviderResourceGroupRoles) UnmarshalJSON ¶
func (self *ProviderResourceGroupRoles) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ProviderResourceGroupRoles
func (*ProviderResourceGroupRoles) Validate ¶
func (self *ProviderResourceGroupRoles) Validate() error
Validate - checks for missing required fields, etc
type PublicKeyEntry ¶
type PublicKeyEntry struct { // // the public key for the service // Key string `json:"key"` // // the key identifier (version or zone name) // Id string `json:"id"` }
PublicKeyEntry - The representation of the public key in a service identity object.
func NewPublicKeyEntry ¶
func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry
NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it
func (*PublicKeyEntry) UnmarshalJSON ¶
func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry
func (*PublicKeyEntry) Validate ¶
func (self *PublicKeyEntry) Validate() error
Validate - checks for missing required fields, etc
type Quota ¶ added in v1.7.19
type Quota struct { // // name of the domain object // Name DomainName `json:"name"` // // number of subdomains allowed (applied at top level domain level) // Subdomain int32 `json:"subdomain"` // // number of roles allowed // Role int32 `json:"role"` // // number of members a role may have // RoleMember int32 `json:"roleMember"` // // number of policies allowed // Policy int32 `json:"policy"` // // total number of assertions a policy may have // Assertion int32 `json:"assertion"` // // total number of entity objects // Entity int32 `json:"entity"` // // number of services allowed // Service int32 `json:"service"` // // number of hosts allowed per service // ServiceHost int32 `json:"serviceHost"` // // number of public keys per service // PublicKey int32 `json:"publicKey"` // // number of groups per domain // Group int32 `json:"group"` // // number of members a group may have // GroupMember int32 `json:"groupMember"` // // the last modification timestamp of the quota object // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` }
Quota - The representation for a quota object
func NewQuota ¶ added in v1.7.19
NewQuota - creates an initialized Quota instance, returns a pointer to it
func (*Quota) UnmarshalJSON ¶ added in v1.7.19
UnmarshalJSON is defined for proper JSON decoding of a Quota
type ResourceAccess ¶
type ResourceAccess struct { Principal ResourceName `json:"principal"` Assertions []*Assertion `json:"assertions"` }
ResourceAccess -
func NewResourceAccess ¶
func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess
NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it
func (*ResourceAccess) Init ¶
func (self *ResourceAccess) Init() *ResourceAccess
Init - sets up the instance according to its default field values, if any
func (*ResourceAccess) UnmarshalJSON ¶
func (self *ResourceAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess
func (*ResourceAccess) Validate ¶
func (self *ResourceAccess) Validate() error
Validate - checks for missing required fields, etc
type ResourceAccessList ¶
type ResourceAccessList struct {
Resources []*ResourceAccess `json:"resources"`
}
ResourceAccessList -
func NewResourceAccessList ¶
func NewResourceAccessList(init ...*ResourceAccessList) *ResourceAccessList
NewResourceAccessList - creates an initialized ResourceAccessList instance, returns a pointer to it
func (*ResourceAccessList) Init ¶
func (self *ResourceAccessList) Init() *ResourceAccessList
Init - sets up the instance according to its default field values, if any
func (*ResourceAccessList) UnmarshalJSON ¶
func (self *ResourceAccessList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccessList
func (*ResourceAccessList) Validate ¶
func (self *ResourceAccessList) Validate() error
Validate - checks for missing required fields, etc
type ResourceDomainOwnership ¶ added in v1.11.55
type ResourceDomainOwnership struct { // // owner of the object's meta attribute // MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object itself - checked for object deletion // ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"` }
ResourceDomainOwnership - The representation of the domain ownership object
func NewResourceDomainOwnership ¶ added in v1.11.55
func NewResourceDomainOwnership(init ...*ResourceDomainOwnership) *ResourceDomainOwnership
NewResourceDomainOwnership - creates an initialized ResourceDomainOwnership instance, returns a pointer to it
func (*ResourceDomainOwnership) UnmarshalJSON ¶ added in v1.11.55
func (self *ResourceDomainOwnership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceDomainOwnership
func (*ResourceDomainOwnership) Validate ¶ added in v1.11.55
func (self *ResourceDomainOwnership) Validate() error
Validate - checks for missing required fields, etc
type ResourceGroupOwnership ¶ added in v1.11.55
type ResourceGroupOwnership struct { // // owner of the object's meta attribute // MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object's members attribute // MembersOwner SimpleName `json:"membersOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object itself - checked for object deletion // ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"` }
ResourceGroupOwnership - The representation of the group ownership object
func NewResourceGroupOwnership ¶ added in v1.11.55
func NewResourceGroupOwnership(init ...*ResourceGroupOwnership) *ResourceGroupOwnership
NewResourceGroupOwnership - creates an initialized ResourceGroupOwnership instance, returns a pointer to it
func (*ResourceGroupOwnership) UnmarshalJSON ¶ added in v1.11.55
func (self *ResourceGroupOwnership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceGroupOwnership
func (*ResourceGroupOwnership) Validate ¶ added in v1.11.55
func (self *ResourceGroupOwnership) Validate() error
Validate - checks for missing required fields, etc
type ResourceName ¶
type ResourceName string
ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.
type ResourceNames ¶ added in v1.9.32
type ResourceNames string
ResourceNames - A comma separated list of resource names
type ResourcePolicyOwnership ¶ added in v1.11.55
type ResourcePolicyOwnership struct { // // owner of the object's assertions attribute // AssertionsOwner SimpleName `json:"assertionsOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object itself - checked for object deletion // ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"` }
ResourcePolicyOwnership - The representation of the policy ownership object
func NewResourcePolicyOwnership ¶ added in v1.11.55
func NewResourcePolicyOwnership(init ...*ResourcePolicyOwnership) *ResourcePolicyOwnership
NewResourcePolicyOwnership - creates an initialized ResourcePolicyOwnership instance, returns a pointer to it
func (*ResourcePolicyOwnership) UnmarshalJSON ¶ added in v1.11.55
func (self *ResourcePolicyOwnership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourcePolicyOwnership
func (*ResourcePolicyOwnership) Validate ¶ added in v1.11.55
func (self *ResourcePolicyOwnership) Validate() error
Validate - checks for missing required fields, etc
type ResourceRoleOwnership ¶ added in v1.11.55
type ResourceRoleOwnership struct { // // owner of the object's meta attribute // MetaOwner SimpleName `json:"metaOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object's members attribute // MembersOwner SimpleName `json:"membersOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object itself - checked for object deletion // ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"` }
ResourceRoleOwnership - The representation of the role ownership object
func NewResourceRoleOwnership ¶ added in v1.11.55
func NewResourceRoleOwnership(init ...*ResourceRoleOwnership) *ResourceRoleOwnership
NewResourceRoleOwnership - creates an initialized ResourceRoleOwnership instance, returns a pointer to it
func (*ResourceRoleOwnership) UnmarshalJSON ¶ added in v1.11.55
func (self *ResourceRoleOwnership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceRoleOwnership
func (*ResourceRoleOwnership) Validate ¶ added in v1.11.55
func (self *ResourceRoleOwnership) Validate() error
Validate - checks for missing required fields, etc
type ResourceServiceIdentityOwnership ¶ added in v1.11.55
type ResourceServiceIdentityOwnership struct { // // owner of the object's public keys attribute // PublicKeysOwner SimpleName `json:"publicKeysOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object's host list attribute // HostsOwner SimpleName `json:"hostsOwner,omitempty" rdl:"optional" yaml:",omitempty"` // // owner of the object itself - checked for object deletion // ObjectOwner SimpleName `json:"objectOwner,omitempty" rdl:"optional" yaml:",omitempty"` }
ResourceServiceIdentityOwnership - The representation of the service identity ownership object
func NewResourceServiceIdentityOwnership ¶ added in v1.11.55
func NewResourceServiceIdentityOwnership(init ...*ResourceServiceIdentityOwnership) *ResourceServiceIdentityOwnership
NewResourceServiceIdentityOwnership - creates an initialized ResourceServiceIdentityOwnership instance, returns a pointer to it
func (*ResourceServiceIdentityOwnership) UnmarshalJSON ¶ added in v1.11.55
func (self *ResourceServiceIdentityOwnership) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceServiceIdentityOwnership
func (*ResourceServiceIdentityOwnership) Validate ¶ added in v1.11.55
func (self *ResourceServiceIdentityOwnership) Validate() error
Validate - checks for missing required fields, etc
type ReviewObject ¶ added in v1.11.44
type ReviewObject struct { // // name of the domain // DomainName DomainName `json:"domainName"` // // name of the role and/or group // Name EntityName `json:"name"` // // all user members in the object have specified max expiry days // MemberExpiryDays int32 `json:"memberExpiryDays"` // // all user members in the object have specified max review days // MemberReviewDays int32 `json:"memberReviewDays"` // // all services in the object have specified max expiry days // ServiceExpiryDays int32 `json:"serviceExpiryDays"` // // all services in the object have specified max review days // ServiceReviewDays int32 `json:"serviceReviewDays"` // // all groups in the object have specified max expiry days // GroupExpiryDays int32 `json:"groupExpiryDays"` // // all groups in the object have specified max review days // GroupReviewDays int32 `json:"groupReviewDays"` // // last review timestamp of the object // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"` // // creation time of the object // Created rdl.Timestamp `json:"created"` }
ReviewObject - Details for the roles and/or groups that need to be reviewed
func NewReviewObject ¶ added in v1.11.44
func NewReviewObject(init ...*ReviewObject) *ReviewObject
NewReviewObject - creates an initialized ReviewObject instance, returns a pointer to it
func (*ReviewObject) UnmarshalJSON ¶ added in v1.11.44
func (self *ReviewObject) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ReviewObject
func (*ReviewObject) Validate ¶ added in v1.11.44
func (self *ReviewObject) Validate() error
Validate - checks for missing required fields, etc
type ReviewObjects ¶ added in v1.11.44
type ReviewObjects struct { // // list of review objects // List []*ReviewObject `json:"list"` }
ReviewObjects - The representation for a list of objects with full details
func NewReviewObjects ¶ added in v1.11.44
func NewReviewObjects(init ...*ReviewObjects) *ReviewObjects
NewReviewObjects - creates an initialized ReviewObjects instance, returns a pointer to it
func (*ReviewObjects) Init ¶ added in v1.11.44
func (self *ReviewObjects) Init() *ReviewObjects
Init - sets up the instance according to its default field values, if any
func (*ReviewObjects) UnmarshalJSON ¶ added in v1.11.44
func (self *ReviewObjects) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ReviewObjects
func (*ReviewObjects) Validate ¶ added in v1.11.44
func (self *ReviewObjects) Validate() error
Validate - checks for missing required fields, etc
type Role ¶
type Role struct { // // Flag indicates whether or not role allows self service. Users can add // themselves in the role, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"` // // all user members in the role will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this role will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // certs issued for this role will have specified max timeout in mins // CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the role will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all user members in the role will have specified max review days // MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all services in the role will have specified max review days // ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not role updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max review days // GroupReviewDays *int32 `json:"groupReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // a description of the role // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not role updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // If true, ask for delete confirmation in audit and review enabled roles. // DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"` // // last review timestamp of the role // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether to allow expired members to renew their membership // SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"` // // Number of minutes members can renew their membership if self review option // is enabled // SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"` // // Maximum number of members allowed in the group // MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the role (read-only attribute) // ResourceOwnership *ResourceRoleOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on configured principal domains // PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` // // name of the role // Name ResourceName `json:"name"` // // last modification timestamp of the role // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` // // deprecated and not used // Members []MemberName `json:"members,omitempty" rdl:"optional" yaml:",omitempty"` // // members with expiration and other member attributes. might be empty or // null, if trust is set // RoleMembers []*RoleMember `json:"roleMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // a trusted domain to delegate membership decisions to // Trust DomainName `json:"trust,omitempty" rdl:"optional" yaml:",omitempty"` // // an audit log for role membership changes // AuditLog []*RoleAuditLog `json:"auditLog,omitempty" rdl:"optional" yaml:",omitempty"` }
Role - The representation for a Role with set of members. The members (Array<MemberName>) field is deprecated and not used in role objects since it incorrectly lists all the members in the role without taking into account if the member is expired or possibly disabled. Thus, using this attribute will result in incorrect authorization checks by the client and, thus, it's no longer being populated. All applications must use the roleMembers field and take into account all the attributes of the member.
func (*Role) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Role
type RoleAuditLog ¶
type RoleAuditLog struct { // // name of the role member // Member MemberName `json:"member"` // // name of the principal executing the change // Admin ResourceName `json:"admin"` // // timestamp of the entry // Created rdl.Timestamp `json:"created"` // // log action - e.g. add, delete, approve, etc // Action string `json:"action"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` }
RoleAuditLog - An audit log entry for role membership change.
func NewRoleAuditLog ¶
func NewRoleAuditLog(init ...*RoleAuditLog) *RoleAuditLog
NewRoleAuditLog - creates an initialized RoleAuditLog instance, returns a pointer to it
func (*RoleAuditLog) UnmarshalJSON ¶
func (self *RoleAuditLog) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleAuditLog
func (*RoleAuditLog) Validate ¶
func (self *RoleAuditLog) Validate() error
Validate - checks for missing required fields, etc
type RoleList ¶
type RoleList struct { // // list of role names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next role list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional" yaml:",omitempty"` }
RoleList - The representation for an enumeration of roles in the namespace, with pagination.
func NewRoleList ¶
NewRoleList - creates an initialized RoleList instance, returns a pointer to it
func (*RoleList) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a RoleList
type RoleMember ¶ added in v1.1.5
type RoleMember struct { // // name of the member // MemberName MemberName `json:"memberName"` // // the expiration timestamp // Expiration *rdl.Timestamp `json:"expiration,omitempty" rdl:"optional" yaml:",omitempty"` // // the review reminder timestamp // ReviewReminder *rdl.Timestamp `json:"reviewReminder,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is active // Active *bool `json:"active,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag to indicate whether membership is approved either by delegates ( in // case of auditEnabled roles ) or by domain admins ( in case of selfserve roles // ) // Approved *bool `json:"approved,omitempty" rdl:"optional" yaml:",omitempty"` // // audit reference string for the change as supplied by admin // AuditRef string `json:"auditRef" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request time // RequestTime *rdl.Timestamp `json:"requestTime,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, time when last notification was sent // LastNotifiedTime *rdl.Timestamp `json:"lastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"` // // pending members only - name of the principal requesting the change // RequestPrincipal ResourceName `json:"requestPrincipal,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, time when last notification was sent (for // file store) // ReviewLastNotifiedTime *rdl.Timestamp `json:"reviewLastNotifiedTime,omitempty" rdl:"optional" yaml:",omitempty"` // // user disabled by system based on configured role setting // SystemDisabled *int32 `json:"systemDisabled,omitempty" rdl:"optional" yaml:",omitempty"` // // server use only - principal type: unknown(0), user(1), service(2), or // group(3) // PrincipalType *int32 `json:"principalType,omitempty" rdl:"optional" yaml:",omitempty"` // // for pending membership requests, the request state - e.g. add, delete // PendingState string `json:"pendingState" rdl:"optional" yaml:",omitempty"` }
RoleMember -
func NewRoleMember ¶ added in v1.1.5
func NewRoleMember(init ...*RoleMember) *RoleMember
NewRoleMember - creates an initialized RoleMember instance, returns a pointer to it
func (*RoleMember) Init ¶ added in v1.9.32
func (self *RoleMember) Init() *RoleMember
Init - sets up the instance according to its default field values, if any
func (*RoleMember) UnmarshalJSON ¶ added in v1.1.5
func (self *RoleMember) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleMember
func (*RoleMember) Validate ¶ added in v1.1.5
func (self *RoleMember) Validate() error
Validate - checks for missing required fields, etc
type RoleMeta ¶ added in v1.9.32
type RoleMeta struct { // // Flag indicates whether or not role allows self service. Users can add // themselves in the role, but it has to be approved by domain admins to be // effective. // SelfServe *bool `json:"selfServe,omitempty" rdl:"optional" yaml:",omitempty"` // // all user members in the role will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this role will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // certs issued for this role will have specified max timeout in mins // CertExpiryMins *int32 `json:"certExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the role will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all user members in the role will have specified max review days // MemberReviewDays *int32 `json:"memberReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all services in the role will have specified max review days // ServiceReviewDays *int32 `json:"serviceReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not role updates require another review and // approval // ReviewEnabled *bool `json:"reviewEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // list of roles whose members should be notified for member review/approval // NotifyRoles string `json:"notifyRoles" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // expiration enforced by a user authority configured attribute // UserAuthorityExpiration string `json:"userAuthorityExpiration" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max review days // GroupReviewDays *int32 `json:"groupReviewDays,omitempty" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // a description of the role // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not role updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // If true, ask for delete confirmation in audit and review enabled roles. // DeleteProtection *bool `json:"deleteProtection,omitempty" rdl:"optional" yaml:",omitempty"` // // last review timestamp of the role // LastReviewedDate *rdl.Timestamp `json:"lastReviewedDate,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether to allow expired members to renew their membership // SelfRenew *bool `json:"selfRenew,omitempty" rdl:"optional" yaml:",omitempty"` // // Number of minutes members can renew their membership if self review option // is enabled // SelfRenewMins *int32 `json:"selfRenewMins,omitempty" rdl:"optional" yaml:",omitempty"` // // Maximum number of members allowed in the group // MaxMembers *int32 `json:"maxMembers,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the role (read-only attribute) // ResourceOwnership *ResourceRoleOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on configured principal domains // PrincipalDomainFilter string `json:"principalDomainFilter" rdl:"optional" yaml:",omitempty"` // // additional details included in the notifications // NotifyDetails string `json:"notifyDetails" rdl:"optional" yaml:",omitempty"` }
RoleMeta - Set of metadata attributes that all roles may have and can be changed by domain admins.
func NewRoleMeta ¶ added in v1.9.32
NewRoleMeta - creates an initialized RoleMeta instance, returns a pointer to it
func (*RoleMeta) UnmarshalJSON ¶ added in v1.9.32
UnmarshalJSON is defined for proper JSON decoding of a RoleMeta
type RoleSystemMeta ¶ added in v1.9.32
type RoleSystemMeta struct { // // Flag indicates whether or not role updates should be approved by GRC. If // true, the auditRef parameter must be supplied(not empty) for any API defining // it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` }
RoleSystemMeta - Set of system metadata attributes that all roles may have and can be changed by system admins.
func NewRoleSystemMeta ¶ added in v1.9.32
func NewRoleSystemMeta(init ...*RoleSystemMeta) *RoleSystemMeta
NewRoleSystemMeta - creates an initialized RoleSystemMeta instance, returns a pointer to it
func (*RoleSystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *RoleSystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleSystemMeta
func (*RoleSystemMeta) Validate ¶ added in v1.9.32
func (self *RoleSystemMeta) Validate() error
Validate - checks for missing required fields, etc
type Roles ¶
type Roles struct { // // list of role objects // List []*Role `json:"list"` }
Roles - The representation for a list of roles with full details
func (*Roles) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Roles
type ServerTemplateList ¶
type ServerTemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
ServerTemplateList - List of solution templates available in the server
func NewServerTemplateList ¶
func NewServerTemplateList(init ...*ServerTemplateList) *ServerTemplateList
NewServerTemplateList - creates an initialized ServerTemplateList instance, returns a pointer to it
func (*ServerTemplateList) Init ¶
func (self *ServerTemplateList) Init() *ServerTemplateList
Init - sets up the instance according to its default field values, if any
func (*ServerTemplateList) UnmarshalJSON ¶
func (self *ServerTemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServerTemplateList
func (*ServerTemplateList) Validate ¶
func (self *ServerTemplateList) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentities ¶
type ServiceIdentities struct { // // list of services // List []*ServiceIdentity `json:"list"` // // if set, the value indicates the total number of services in the system that // match the query criteria but not returned due to limit constraints; thus, the // result in the list is a partial set. // ServiceMatchCount int64 `json:"serviceMatchCount"` }
ServiceIdentities - The representation of list of services
func NewServiceIdentities ¶
func NewServiceIdentities(init ...*ServiceIdentities) *ServiceIdentities
NewServiceIdentities - creates an initialized ServiceIdentities instance, returns a pointer to it
func (*ServiceIdentities) Init ¶
func (self *ServiceIdentities) Init() *ServiceIdentities
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentities) UnmarshalJSON ¶
func (self *ServiceIdentities) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentities
func (*ServiceIdentities) Validate ¶
func (self *ServiceIdentities) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentity ¶
type ServiceIdentity struct { // // the full name of the service, i.e. "sports.storage" // Name ServiceName `json:"name"` // // description of the service // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // array of public keys for key rotation // PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional" yaml:",omitempty"` // // if present, then this service can provision tenants via this endpoint. // ProviderEndpoint string `json:"providerEndpoint" rdl:"optional" yaml:",omitempty"` // // the timestamp when this entry was last modified // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional" yaml:",omitempty"` // // the path of the executable that runs the service // Executable string `json:"executable" rdl:"optional" yaml:",omitempty"` // // list of host names that this service can run on // Hosts []string `json:"hosts,omitempty" rdl:"optional" yaml:",omitempty"` // // local (unix) user name this service can run as // User string `json:"user" rdl:"optional" yaml:",omitempty"` // // local (unix) group name this service can run as // Group string `json:"group" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // ownership information for the service (read-only attribute) // ResourceOwnership *ResourceServiceIdentityOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` }
ServiceIdentity - The representation of the service identity object.
func NewServiceIdentity ¶
func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity
NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it
func (*ServiceIdentity) UnmarshalJSON ¶
func (self *ServiceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity
func (*ServiceIdentity) Validate ¶
func (self *ServiceIdentity) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentityList ¶
type ServiceIdentityList struct { // // list of service names // Names []EntityName `json:"names"` // // if the response is a paginated list, this attribute specifies the value to // be used in the next service list request as the value for the skip query // parameter. // Next string `json:"next" rdl:"optional" yaml:",omitempty"` }
ServiceIdentityList - The representation for an enumeration of services in the namespace, with pagination.
func NewServiceIdentityList ¶
func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList
NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it
func (*ServiceIdentityList) Init ¶
func (self *ServiceIdentityList) Init() *ServiceIdentityList
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentityList) UnmarshalJSON ¶
func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList
func (*ServiceIdentityList) Validate ¶
func (self *ServiceIdentityList) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentitySystemMeta ¶ added in v1.9.32
type ServiceIdentitySystemMeta struct { // // provider callback endpoint // ProviderEndpoint string `json:"providerEndpoint" rdl:"optional" yaml:",omitempty"` }
ServiceIdentitySystemMeta - Set of system metadata attributes that all services may have and can be changed by system admins.
func NewServiceIdentitySystemMeta ¶ added in v1.9.32
func NewServiceIdentitySystemMeta(init ...*ServiceIdentitySystemMeta) *ServiceIdentitySystemMeta
NewServiceIdentitySystemMeta - creates an initialized ServiceIdentitySystemMeta instance, returns a pointer to it
func (*ServiceIdentitySystemMeta) UnmarshalJSON ¶ added in v1.9.32
func (self *ServiceIdentitySystemMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentitySystemMeta
func (*ServiceIdentitySystemMeta) Validate ¶ added in v1.9.32
func (self *ServiceIdentitySystemMeta) Validate() error
Validate - checks for missing required fields, etc
type ServiceName ¶
type ServiceName string
ServiceName - A service name will generally be a unique subdomain.
type ServicePrincipal ¶
type ServicePrincipal struct { // // name of the domain // Domain DomainName `json:"domain"` // // name of the service // Service EntityName `json:"service"` // // service's signed token // Token SignedToken `json:"token"` }
ServicePrincipal - A service principal object identifying a given service.
func NewServicePrincipal ¶
func NewServicePrincipal(init ...*ServicePrincipal) *ServicePrincipal
NewServicePrincipal - creates an initialized ServicePrincipal instance, returns a pointer to it
func (*ServicePrincipal) UnmarshalJSON ¶
func (self *ServicePrincipal) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServicePrincipal
func (*ServicePrincipal) Validate ¶
func (self *ServicePrincipal) Validate() error
Validate - checks for missing required fields, etc
type SignedDomain ¶
type SignedDomain struct { // // domain object with its roles, policies and services // Domain *DomainData `json:"domain"` // // signature generated based on the domain object // Signature string `json:"signature" rdl:"optional" yaml:",omitempty"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId" rdl:"optional" yaml:",omitempty"` }
SignedDomain - A domain object signed with server's private key. The signature and keyid are optional if the metaonly flag is set to true in the getSignedDomains api call
func NewSignedDomain ¶
func NewSignedDomain(init ...*SignedDomain) *SignedDomain
NewSignedDomain - creates an initialized SignedDomain instance, returns a pointer to it
func (*SignedDomain) Init ¶
func (self *SignedDomain) Init() *SignedDomain
Init - sets up the instance according to its default field values, if any
func (*SignedDomain) UnmarshalJSON ¶
func (self *SignedDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedDomain
func (*SignedDomain) Validate ¶
func (self *SignedDomain) Validate() error
Validate - checks for missing required fields, etc
type SignedDomains ¶
type SignedDomains struct {
Domains []*SignedDomain `json:"domains"`
}
SignedDomains - A list of signed domain objects
func NewSignedDomains ¶
func NewSignedDomains(init ...*SignedDomains) *SignedDomains
NewSignedDomains - creates an initialized SignedDomains instance, returns a pointer to it
func (*SignedDomains) Init ¶
func (self *SignedDomains) Init() *SignedDomains
Init - sets up the instance according to its default field values, if any
func (*SignedDomains) UnmarshalJSON ¶
func (self *SignedDomains) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedDomains
func (*SignedDomains) Validate ¶
func (self *SignedDomains) Validate() error
Validate - checks for missing required fields, etc
type SignedPolicies ¶
type SignedPolicies struct { // // list of policies defined in a domain // Contents *DomainPolicies `json:"contents"` // // signature generated based on the domain active policies object // Signature string `json:"signature"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId"` }
SignedPolicies - A signed bulk transfer of policies. The data is signed with server's private key.
func NewSignedPolicies ¶
func NewSignedPolicies(init ...*SignedPolicies) *SignedPolicies
NewSignedPolicies - creates an initialized SignedPolicies instance, returns a pointer to it
func (*SignedPolicies) Init ¶
func (self *SignedPolicies) Init() *SignedPolicies
Init - sets up the instance according to its default field values, if any
func (*SignedPolicies) UnmarshalJSON ¶
func (self *SignedPolicies) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedPolicies
func (*SignedPolicies) Validate ¶
func (self *SignedPolicies) Validate() error
Validate - checks for missing required fields, etc
type SignedToken ¶
type SignedToken string
SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles and : for IPv6 addresses
type SimpleName ¶
type SimpleName string
SimpleName - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.
type Stats ¶ added in v1.10.46
type Stats struct { // // name of the domain object, null for system stats // Name DomainName `json:"name,omitempty" rdl:"optional" yaml:",omitempty"` // // number of subdomains in this domain (all levels) // Subdomain int32 `json:"subdomain"` // // number of roles // Role int32 `json:"role"` // // number of members in all the roles // RoleMember int32 `json:"roleMember"` // // number of policies // Policy int32 `json:"policy"` // // total number of assertions in all policies // Assertion int32 `json:"assertion"` // // total number of entity objects // Entity int32 `json:"entity"` // // number of services // Service int32 `json:"service"` // // number of hosts defined in all services // ServiceHost int32 `json:"serviceHost"` // // number of public keys in all services // PublicKey int32 `json:"publicKey"` // // number of groups // Group int32 `json:"group"` // // number of members in all the groups // GroupMember int32 `json:"groupMember"` }
Stats - The representation for a stats object
func NewStats ¶ added in v1.10.46
NewStats - creates an initialized Stats instance, returns a pointer to it
func (*Stats) UnmarshalJSON ¶ added in v1.10.46
UnmarshalJSON is defined for proper JSON decoding of a Stats
type Status ¶ added in v1.7.30
type Status struct { // // status message code // Code int32 `json:"code"` // // status message of the server // Message string `json:"message"` }
Status - The representation for a status object
func NewStatus ¶ added in v1.7.30
NewStatus - creates an initialized Status instance, returns a pointer to it
func (*Status) UnmarshalJSON ¶ added in v1.7.30
UnmarshalJSON is defined for proper JSON decoding of a Status
type SubDomain ¶
type SubDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` // // name of the domain // Name SimpleName `json:"name"` // // list of domain administrators // AdminUsers []ResourceName `json:"adminUsers"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"` // // name of the parent domain // Parent DomainName `json:"parent"` }
SubDomain - A Subdomain is a TopLevelDomain, except it has a parent.
func NewSubDomain ¶
NewSubDomain - creates an initialized SubDomain instance, returns a pointer to it
func (*SubDomain) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a SubDomain
type TagCompoundValue ¶ added in v1.10.21
type TagCompoundValue string
TagCompoundValue - A compound value of TagValue
type TagValue ¶ added in v1.10.21
type TagValue string
TagValue - TagValue to contain generic string patterns
type TagValueList ¶ added in v1.10.21
type TagValueList struct { // // list of tag values // List []TagCompoundValue `json:"list"` }
TagValueList -
func NewTagValueList ¶ added in v1.10.21
func NewTagValueList(init ...*TagValueList) *TagValueList
NewTagValueList - creates an initialized TagValueList instance, returns a pointer to it
func (*TagValueList) Init ¶ added in v1.10.21
func (self *TagValueList) Init() *TagValueList
Init - sets up the instance according to its default field values, if any
func (*TagValueList) UnmarshalJSON ¶ added in v1.10.21
func (self *TagValueList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TagValueList
func (*TagValueList) Validate ¶ added in v1.10.21
func (self *TagValueList) Validate() error
Validate - checks for missing required fields, etc
type Template ¶
type Template struct { // // list of roles in the template // Roles []*Role `json:"roles"` // // list of policies defined in this template // Policies []*Policy `json:"policies"` // // list of services defined in this template // Services []*ServiceIdentity `json:"services,omitempty" rdl:"optional" yaml:",omitempty"` // // list of services defined in this template // Metadata *TemplateMetaData `json:"metadata,omitempty" rdl:"optional" yaml:",omitempty"` }
Template - Solution Template object defined on the server
func NewTemplate ¶
NewTemplate - creates an initialized Template instance, returns a pointer to it
func (*Template) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Template
type TemplateList ¶
type TemplateList struct { // // list of template names // TemplateNames []SimpleName `json:"templateNames"` }
TemplateList - List of template names that is the base struct for server and domain templates
func NewTemplateList ¶
func NewTemplateList(init ...*TemplateList) *TemplateList
NewTemplateList - creates an initialized TemplateList instance, returns a pointer to it
func (*TemplateList) Init ¶
func (self *TemplateList) Init() *TemplateList
Init - sets up the instance according to its default field values, if any
func (*TemplateList) UnmarshalJSON ¶
func (self *TemplateList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateList
func (*TemplateList) Validate ¶
func (self *TemplateList) Validate() error
Validate - checks for missing required fields, etc
type TemplateMetaData ¶ added in v1.9.32
type TemplateMetaData struct { // // name of the template // TemplateName string `json:"templateName" rdl:"optional" yaml:",omitempty"` // // description of the template // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // Version from DB(zms_store->domain_template->version) // CurrentVersion *int32 `json:"currentVersion,omitempty" rdl:"optional" yaml:",omitempty"` // // Bumped up version from solutions-template.json when there is a change // LatestVersion *int32 `json:"latestVersion,omitempty" rdl:"optional" yaml:",omitempty"` // // placeholders in the template roles/policies to replace (ex:_service_) // KeywordsToReplace string `json:"keywordsToReplace" rdl:"optional" yaml:",omitempty"` // // the updated timestamp of the template(solution_templates.json) // Timestamp *rdl.Timestamp `json:"timestamp,omitempty" rdl:"optional" yaml:",omitempty"` // // flag to automatically update the roles/policies that belongs to the // template // AutoUpdate *bool `json:"autoUpdate,omitempty" rdl:"optional" yaml:",omitempty"` }
TemplateMetaData - MetaData for template.
func NewTemplateMetaData ¶ added in v1.9.32
func NewTemplateMetaData(init ...*TemplateMetaData) *TemplateMetaData
NewTemplateMetaData - creates an initialized TemplateMetaData instance, returns a pointer to it
func (*TemplateMetaData) UnmarshalJSON ¶ added in v1.9.32
func (self *TemplateMetaData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateMetaData
func (*TemplateMetaData) Validate ¶ added in v1.9.32
func (self *TemplateMetaData) Validate() error
Validate - checks for missing required fields, etc
type TemplateParam ¶ added in v1.7.20
type TemplateParam struct { // // name of the parameter // Name SimpleName `json:"name"` // // value of the parameter // Value string `json:"value"` }
TemplateParam -
func NewTemplateParam ¶ added in v1.7.20
func NewTemplateParam(init ...*TemplateParam) *TemplateParam
NewTemplateParam - creates an initialized TemplateParam instance, returns a pointer to it
func (*TemplateParam) UnmarshalJSON ¶ added in v1.7.20
func (self *TemplateParam) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TemplateParam
func (*TemplateParam) Validate ¶ added in v1.7.20
func (self *TemplateParam) Validate() error
Validate - checks for missing required fields, etc
type Tenancy ¶
type Tenancy struct { // // the domain that is to get a tenancy // Domain DomainName `json:"domain"` // // the provider service on which the tenancy is to reside // Service ServiceName `json:"service"` // // registered resource groups for this tenant // ResourceGroups []EntityName `json:"resourceGroups,omitempty" rdl:"optional" yaml:",omitempty"` // // optional flag indicating whether to create a default tenancy admin role // CreateAdminRole *bool `json:"createAdminRole,omitempty" rdl:"optional" yaml:",omitempty"` }
Tenancy - A representation of tenant.
func NewTenancy ¶
NewTenancy - creates an initialized Tenancy instance, returns a pointer to it
func (*Tenancy) Init ¶ added in v1.9.32
Init - sets up the instance according to its default field values, if any
func (*Tenancy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Tenancy
type TenantResourceGroupRoles ¶
type TenantResourceGroupRoles struct { // // name of the provider domain // Domain DomainName `json:"domain"` // // name of the provider service // Service SimpleName `json:"service"` // // name of the tenant domain // Tenant DomainName `json:"tenant"` // // the role/action pairs to provision // Roles []*TenantRoleAction `json:"roles"` // // tenant resource group // ResourceGroup EntityName `json:"resourceGroup"` }
TenantResourceGroupRoles - A representation of tenant roles for resource groups to be provisioned.
func NewTenantResourceGroupRoles ¶
func NewTenantResourceGroupRoles(init ...*TenantResourceGroupRoles) *TenantResourceGroupRoles
NewTenantResourceGroupRoles - creates an initialized TenantResourceGroupRoles instance, returns a pointer to it
func (*TenantResourceGroupRoles) Init ¶
func (self *TenantResourceGroupRoles) Init() *TenantResourceGroupRoles
Init - sets up the instance according to its default field values, if any
func (*TenantResourceGroupRoles) UnmarshalJSON ¶
func (self *TenantResourceGroupRoles) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantResourceGroupRoles
func (*TenantResourceGroupRoles) Validate ¶
func (self *TenantResourceGroupRoles) Validate() error
Validate - checks for missing required fields, etc
type TenantRoleAction ¶
type TenantRoleAction struct { // // name of the role // Role SimpleName `json:"role"` // // action value for the generated policy assertion // Action string `json:"action"` }
TenantRoleAction - A representation of tenant role action.
func NewTenantRoleAction ¶
func NewTenantRoleAction(init ...*TenantRoleAction) *TenantRoleAction
NewTenantRoleAction - creates an initialized TenantRoleAction instance, returns a pointer to it
func (*TenantRoleAction) UnmarshalJSON ¶
func (self *TenantRoleAction) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantRoleAction
func (*TenantRoleAction) Validate ¶
func (self *TenantRoleAction) Validate() error
Validate - checks for missing required fields, etc
type TopLevelDomain ¶
type TopLevelDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` // // name of the domain // Name SimpleName `json:"name"` // // list of domain administrators // AdminUsers []ResourceName `json:"adminUsers"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"` }
TopLevelDomain - Top Level Domain object. The required attributes include the name of the domain and list of domain administrators.
func NewTopLevelDomain ¶
func NewTopLevelDomain(init ...*TopLevelDomain) *TopLevelDomain
NewTopLevelDomain - creates an initialized TopLevelDomain instance, returns a pointer to it
func (*TopLevelDomain) Init ¶
func (self *TopLevelDomain) Init() *TopLevelDomain
Init - sets up the instance according to its default field values, if any
func (*TopLevelDomain) UnmarshalJSON ¶
func (self *TopLevelDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TopLevelDomain
func (*TopLevelDomain) Validate ¶
func (self *TopLevelDomain) Validate() error
Validate - checks for missing required fields, etc
type User ¶ added in v1.7.11
type User struct { // // name of the user // Name SimpleName `json:"name"` }
User - The representation for a user
func NewUser ¶ added in v1.7.11
NewUser - creates an initialized User instance, returns a pointer to it
func (*User) UnmarshalJSON ¶ added in v1.7.11
UnmarshalJSON is defined for proper JSON decoding of a User
type UserAuthorityAttributeMap ¶ added in v1.10.22
type UserAuthorityAttributeMap struct { // // map of type to attribute values // Attributes map[SimpleName]*UserAuthorityAttributes `json:"attributes"` }
UserAuthorityAttributeMap - Map of user authority attributes
func NewUserAuthorityAttributeMap ¶ added in v1.10.22
func NewUserAuthorityAttributeMap(init ...*UserAuthorityAttributeMap) *UserAuthorityAttributeMap
NewUserAuthorityAttributeMap - creates an initialized UserAuthorityAttributeMap instance, returns a pointer to it
func (*UserAuthorityAttributeMap) Init ¶ added in v1.10.22
func (self *UserAuthorityAttributeMap) Init() *UserAuthorityAttributeMap
Init - sets up the instance according to its default field values, if any
func (*UserAuthorityAttributeMap) UnmarshalJSON ¶ added in v1.10.22
func (self *UserAuthorityAttributeMap) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a UserAuthorityAttributeMap
func (*UserAuthorityAttributeMap) Validate ¶ added in v1.10.22
func (self *UserAuthorityAttributeMap) Validate() error
Validate - checks for missing required fields, etc
type UserAuthorityAttributes ¶ added in v1.10.22
type UserAuthorityAttributes struct {
Values []string `json:"values"`
}
UserAuthorityAttributes - Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms.
func NewUserAuthorityAttributes ¶ added in v1.10.22
func NewUserAuthorityAttributes(init ...*UserAuthorityAttributes) *UserAuthorityAttributes
NewUserAuthorityAttributes - creates an initialized UserAuthorityAttributes instance, returns a pointer to it
func (*UserAuthorityAttributes) Init ¶ added in v1.10.22
func (self *UserAuthorityAttributes) Init() *UserAuthorityAttributes
Init - sets up the instance according to its default field values, if any
func (*UserAuthorityAttributes) UnmarshalJSON ¶ added in v1.10.22
func (self *UserAuthorityAttributes) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a UserAuthorityAttributes
func (*UserAuthorityAttributes) Validate ¶ added in v1.10.22
func (self *UserAuthorityAttributes) Validate() error
Validate - checks for missing required fields, etc
type UserDomain ¶
type UserDomain struct { // // a description of the domain // Description string `json:"description" rdl:"optional" yaml:",omitempty"` // // a reference to an audit organization defined in athenz // Org ResourceName `json:"org,omitempty" rdl:"optional" yaml:",omitempty"` // // Future use only, currently not used // Enabled *bool `json:"enabled,omitempty" rdl:"optional" yaml:",omitempty"` // // Flag indicates whether or not domain modifications should be logged for // SOX+Auditing. If true, the auditRef parameter must be supplied(not empty) for // any API defining it. // AuditEnabled *bool `json:"auditEnabled,omitempty" rdl:"optional" yaml:",omitempty"` // // associated aws account id (system attribute - uniqueness check - if // enabled) // Account string `json:"account" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // YpmId *int32 `json:"ypmId,omitempty" rdl:"optional" yaml:",omitempty"` // // associated application id // ApplicationId string `json:"applicationId" rdl:"optional" yaml:",omitempty"` // // domain certificate dns domain (system attribute) // CertDnsDomain string `json:"certDnsDomain" rdl:"optional" yaml:",omitempty"` // // all user members in the domain will have specified max expiry days // MemberExpiryDays *int32 `json:"memberExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // tokens issued for this domain will have specified max timeout in mins // TokenExpiryMins *int32 `json:"tokenExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // service identity certs issued for this domain will have specified max // timeout in mins // ServiceCertExpiryMins *int32 `json:"serviceCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // role certs issued for this domain will have specified max timeout in mins // RoleCertExpiryMins *int32 `json:"roleCertExpiryMins,omitempty" rdl:"optional" yaml:",omitempty"` // // rsa or ec signing algorithm to be used for tokens // SignAlgorithm string `json:"signAlgorithm" rdl:"optional" yaml:",omitempty"` // // all services in the domain roles will have specified max expiry days // ServiceExpiryDays *int32 `json:"serviceExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // all groups in the domain roles will have specified max expiry days // GroupExpiryDays *int32 `json:"groupExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // membership filtered based on user authority configured attributes // UserAuthorityFilter string `json:"userAuthorityFilter" rdl:"optional" yaml:",omitempty"` // // associated azure subscription id (system attribute - uniqueness check - if // enabled) // AzureSubscription string `json:"azureSubscription" rdl:"optional" yaml:",omitempty"` // // associated azure tenant id (system attribute) // AzureTenant string `json:"azureTenant" rdl:"optional" yaml:",omitempty"` // // associated azure client id (system attribute) // AzureClient string `json:"azureClient" rdl:"optional" yaml:",omitempty"` // // associated gcp project id (system attribute - uniqueness check - if // enabled) // GcpProject string `json:"gcpProject" rdl:"optional" yaml:",omitempty"` // // associated gcp project number (system attribute) // GcpProjectNumber string `json:"gcpProjectNumber" rdl:"optional" yaml:",omitempty"` // // key-value pair tags, tag might contain multiple values // Tags map[TagKey]*TagValueList `json:"tags,omitempty" rdl:"optional" yaml:",omitempty"` // // associated business service with domain // BusinessService string `json:"businessService" rdl:"optional" yaml:",omitempty"` // // purge role/group members with expiry date configured days in the past // MemberPurgeExpiryDays *int32 `json:"memberPurgeExpiryDays,omitempty" rdl:"optional" yaml:",omitempty"` // // associated product id (system attribute - uniqueness check - if enabled) // ProductId string `json:"productId" rdl:"optional" yaml:",omitempty"` // // features enabled per domain (system attribute) // FeatureFlags *int32 `json:"featureFlags,omitempty" rdl:"optional" yaml:",omitempty"` // // list of domain contacts (PE-Owner, Product-Owner, etc), each type can have // a single value // Contacts map[SimpleName]string `json:"contacts,omitempty" rdl:"optional" yaml:",omitempty"` // // domain environment e.g. production, staging, etc // Environment string `json:"environment" rdl:"optional" yaml:",omitempty"` // // ownership information for the domain (read-only attribute) // ResourceOwnership *ResourceDomainOwnership `json:"resourceOwnership,omitempty" rdl:"optional" yaml:",omitempty"` // // requested x509 cert signer key id (system attribute) // X509CertSignerKeyId string `json:"x509CertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // requested ssh cert signer key id (system attribute) // SshCertSignerKeyId string `json:"sshCertSignerKeyId" rdl:"optional" yaml:",omitempty"` // // slack channel for any notifications in this domain // SlackChannel string `json:"slackChannel" rdl:"optional" yaml:",omitempty"` // // user id which will be the domain name // Name SimpleName `json:"name"` // // list of solution template names // Templates *DomainTemplateList `json:"templates,omitempty" rdl:"optional" yaml:",omitempty"` }
UserDomain - A UserDomain is the user's own top level domain in user - e.g. user.hga
func NewUserDomain ¶
func NewUserDomain(init ...*UserDomain) *UserDomain
NewUserDomain - creates an initialized UserDomain instance, returns a pointer to it
func (*UserDomain) Init ¶
func (self *UserDomain) Init() *UserDomain
Init - sets up the instance according to its default field values, if any
func (*UserDomain) UnmarshalJSON ¶
func (self *UserDomain) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a UserDomain
func (*UserDomain) Validate ¶
func (self *UserDomain) Validate() error
Validate - checks for missing required fields, etc
type UserList ¶ added in v1.7.11
type UserList struct { // // list of user names // Names []SimpleName `json:"names"` }
UserList -
func NewUserList ¶ added in v1.7.11
NewUserList - creates an initialized UserList instance, returns a pointer to it
func (*UserList) Init ¶ added in v1.7.11
Init - sets up the instance according to its default field values, if any
func (*UserList) UnmarshalJSON ¶ added in v1.7.11
UnmarshalJSON is defined for proper JSON decoding of a UserList
type UserToken ¶
type UserToken struct { // // Signed user token identifying a specific authenticated user // Token SignedToken `json:"token"` // // Authorization header name for the token // Header string `json:"header" rdl:"optional" yaml:",omitempty"` }
UserToken - A user token generated based on user's credentials
func NewUserToken ¶
NewUserToken - creates an initialized UserToken instance, returns a pointer to it
func (*UserToken) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a UserToken
type YEncoded ¶
type YEncoded string
YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.
type ZMSClient ¶
type ZMSClient struct { URL string Transport http.RoundTripper CredsHeaders map[string]string Timeout time.Duration DisableRedirect bool }
func NewClient ¶
func NewClient(url string, transport http.RoundTripper) ZMSClient
NewClient creates and returns a new HTTP client object for the ZMS service
func (*ZMSClient) AddCredentials ¶
AddCredentials adds the credentials to the client for subsequent requests.
func (ZMSClient) DeleteAssertion ¶
func (client ZMSClient) DeleteAssertion(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteAssertionCondition ¶ added in v1.10.22
func (client ZMSClient) DeleteAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, conditionId int32, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteAssertionConditions ¶ added in v1.10.22
func (client ZMSClient) DeleteAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteAssertionPolicyVersion ¶ added in v1.10.33
func (client ZMSClient) DeleteAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, assertionId int64, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteDomainDependency ¶ added in v1.10.46
func (client ZMSClient) DeleteDomainDependency(domainName DomainName, service ServiceName, auditRef string) error
func (ZMSClient) DeleteDomainRoleMember ¶ added in v1.9.32
func (client ZMSClient) DeleteDomainRoleMember(domainName DomainName, memberName MemberName, auditRef string) error
func (ZMSClient) DeleteDomainTemplate ¶
func (client ZMSClient) DeleteDomainTemplate(name DomainName, template SimpleName, auditRef string) error
func (ZMSClient) DeleteEntity ¶
func (client ZMSClient) DeleteEntity(domainName DomainName, entityName EntityName, auditRef string) error
func (ZMSClient) DeleteExpiredMembers ¶ added in v1.11.8
func (ZMSClient) DeleteGroup ¶ added in v1.9.32
func (client ZMSClient) DeleteGroup(domainName DomainName, groupName EntityName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteGroupMembership ¶ added in v1.9.32
func (client ZMSClient) DeleteGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteMembership ¶
func (client ZMSClient) DeleteMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, resourceOwner string) error
func (ZMSClient) DeletePendingGroupMembership ¶ added in v1.9.32
func (client ZMSClient) DeletePendingGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string) error
func (ZMSClient) DeletePendingMembership ¶ added in v1.9.32
func (client ZMSClient) DeletePendingMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string) error
func (ZMSClient) DeletePolicy ¶
func (client ZMSClient) DeletePolicy(domainName DomainName, policyName EntityName, auditRef string, resourceOwner string) error
func (ZMSClient) DeletePolicyVersion ¶ added in v1.10.33
func (client ZMSClient) DeletePolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteProviderResourceGroupRoles ¶
func (client ZMSClient) DeleteProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string) error
func (ZMSClient) DeletePublicKeyEntry ¶
func (client ZMSClient) DeletePublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteQuota ¶ added in v1.7.19
func (client ZMSClient) DeleteQuota(name DomainName, auditRef string) error
func (ZMSClient) DeleteRole ¶
func (client ZMSClient) DeleteRole(domainName DomainName, roleName EntityName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteServiceIdentity ¶
func (client ZMSClient) DeleteServiceIdentity(domain DomainName, service SimpleName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteSubDomain ¶
func (client ZMSClient) DeleteSubDomain(parent DomainName, name SimpleName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteTenancy ¶
func (client ZMSClient) DeleteTenancy(domain DomainName, service ServiceName, auditRef string) error
func (ZMSClient) DeleteTenant ¶ added in v1.9.32
func (client ZMSClient) DeleteTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string) error
func (ZMSClient) DeleteTenantResourceGroupRoles ¶
func (client ZMSClient) DeleteTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string) error
func (ZMSClient) DeleteTopLevelDomain ¶
func (client ZMSClient) DeleteTopLevelDomain(name SimpleName, auditRef string, resourceOwner string) error
func (ZMSClient) DeleteUser ¶ added in v1.7.11
func (client ZMSClient) DeleteUser(name SimpleName, auditRef string) error
func (ZMSClient) DeleteUserDomain ¶
func (client ZMSClient) DeleteUserDomain(name SimpleName, auditRef string, resourceOwner string) error
func (ZMSClient) GetAccess ¶
func (client ZMSClient) GetAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*Access, error)
func (ZMSClient) GetAccessExt ¶
func (client ZMSClient) GetAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*Access, error)
func (ZMSClient) GetAssertion ¶
func (client ZMSClient) GetAssertion(domainName DomainName, policyName EntityName, assertionId int64) (*Assertion, error)
func (ZMSClient) GetAuthHistoryDependencies ¶ added in v1.11.2
func (client ZMSClient) GetAuthHistoryDependencies(domainName DomainName) (*AuthHistoryDependencies, error)
func (ZMSClient) GetDependentDomainList ¶ added in v1.10.46
func (client ZMSClient) GetDependentDomainList(service ServiceName) (*DomainList, error)
func (ZMSClient) GetDependentServiceList ¶ added in v1.10.46
func (client ZMSClient) GetDependentServiceList(domainName DomainName) (*ServiceIdentityList, error)
func (ZMSClient) GetDependentServiceResourceGroupList ¶ added in v1.10.51
func (client ZMSClient) GetDependentServiceResourceGroupList(domainName DomainName) (*DependentServiceResourceGroupList, error)
func (ZMSClient) GetDomainDataCheck ¶
func (client ZMSClient) GetDomainDataCheck(domainName DomainName) (*DomainDataCheck, error)
func (ZMSClient) GetDomainGroupMembers ¶ added in v1.11.61
func (client ZMSClient) GetDomainGroupMembers(domainName DomainName) (*DomainGroupMembers, error)
func (ZMSClient) GetDomainList ¶
func (client ZMSClient) GetDomainList(limit *int32, skip string, prefix string, depth *int32, account string, productNumber *int32, roleMember ResourceName, roleName ResourceName, subscription string, project string, tagKey TagKey, tagValue TagCompoundValue, businessService string, productId string, modifiedSince string) (*DomainList, error)
func (ZMSClient) GetDomainMetaStoreValidValuesList ¶ added in v1.10.13
func (client ZMSClient) GetDomainMetaStoreValidValuesList(attributeName string, userName string) (*DomainMetaStoreValidValuesList, error)
func (ZMSClient) GetDomainRoleMembers ¶ added in v1.9.32
func (client ZMSClient) GetDomainRoleMembers(domainName DomainName) (*DomainRoleMembers, error)
func (ZMSClient) GetDomainTemplateDetailsList ¶ added in v1.9.32
func (client ZMSClient) GetDomainTemplateDetailsList(name DomainName) (*DomainTemplateDetailsList, error)
func (ZMSClient) GetDomainTemplateList ¶
func (client ZMSClient) GetDomainTemplateList(name DomainName) (*DomainTemplateList, error)
func (ZMSClient) GetEntity ¶
func (client ZMSClient) GetEntity(domainName DomainName, entityName EntityName) (*Entity, error)
func (ZMSClient) GetEntityList ¶
func (client ZMSClient) GetEntityList(domainName DomainName) (*EntityList, error)
func (ZMSClient) GetGroup ¶ added in v1.9.32
func (client ZMSClient) GetGroup(domainName DomainName, groupName EntityName, auditLog *bool, pending *bool) (*Group, error)
func (ZMSClient) GetGroupMembership ¶ added in v1.9.32
func (client ZMSClient) GetGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, expiration string) (*GroupMembership, error)
func (ZMSClient) GetGroups ¶ added in v1.9.32
func (client ZMSClient) GetGroups(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Groups, error)
func (ZMSClient) GetGroupsForReview ¶ added in v1.11.44
func (client ZMSClient) GetGroupsForReview(principal ResourceName) (*ReviewObjects, error)
func (ZMSClient) GetJWSDomain ¶ added in v1.9.32
func (ZMSClient) GetMembership ¶
func (client ZMSClient) GetMembership(domainName DomainName, roleName EntityName, memberName MemberName, expiration string) (*Membership, error)
func (ZMSClient) GetOverdueReview ¶ added in v1.9.32
func (client ZMSClient) GetOverdueReview(domainName DomainName) (*DomainRoleMembers, error)
func (ZMSClient) GetPendingDomainGroupMembersList ¶ added in v1.9.32
func (client ZMSClient) GetPendingDomainGroupMembersList(principal EntityName, domainName string) (*DomainGroupMembership, error)
func (ZMSClient) GetPendingDomainRoleMembersList ¶ added in v1.9.32
func (client ZMSClient) GetPendingDomainRoleMembersList(principal EntityName, domainName string) (*DomainRoleMembership, error)
func (ZMSClient) GetPolicies ¶
func (client ZMSClient) GetPolicies(domainName DomainName, assertions *bool, includeNonActive *bool, tagKey TagKey, tagValue TagCompoundValue) (*Policies, error)
func (ZMSClient) GetPolicy ¶
func (client ZMSClient) GetPolicy(domainName DomainName, policyName EntityName) (*Policy, error)
func (ZMSClient) GetPolicyList ¶
func (client ZMSClient) GetPolicyList(domainName DomainName, limit *int32, skip string) (*PolicyList, error)
func (ZMSClient) GetPolicyVersion ¶ added in v1.10.33
func (client ZMSClient) GetPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName) (*Policy, error)
func (ZMSClient) GetPolicyVersionList ¶ added in v1.10.33
func (client ZMSClient) GetPolicyVersionList(domainName DomainName, policyName EntityName) (*PolicyList, error)
func (ZMSClient) GetPrincipalGroups ¶ added in v1.9.32
func (client ZMSClient) GetPrincipalGroups(principal EntityName, domainName DomainName) (*DomainGroupMember, error)
func (ZMSClient) GetPrincipalRoles ¶ added in v1.9.32
func (client ZMSClient) GetPrincipalRoles(principal ResourceName, domainName DomainName, expand *bool) (*DomainRoleMember, error)
func (ZMSClient) GetProviderResourceGroupRoles ¶
func (client ZMSClient) GetProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName) (*ProviderResourceGroupRoles, error)
func (ZMSClient) GetPublicKeyEntry ¶
func (client ZMSClient) GetPublicKeyEntry(domain DomainName, service SimpleName, id string) (*PublicKeyEntry, error)
func (ZMSClient) GetQuota ¶ added in v1.7.19
func (client ZMSClient) GetQuota(name DomainName) (*Quota, error)
func (ZMSClient) GetRdlSchema ¶ added in v1.11.12
func (ZMSClient) GetResourceAccessList ¶
func (client ZMSClient) GetResourceAccessList(principal ResourceName, action ActionName) (*ResourceAccessList, error)
func (ZMSClient) GetRole ¶
func (client ZMSClient) GetRole(domainName DomainName, roleName EntityName, auditLog *bool, expand *bool, pending *bool) (*Role, error)
func (ZMSClient) GetRoleList ¶
func (ZMSClient) GetRoles ¶
func (client ZMSClient) GetRoles(domainName DomainName, members *bool, tagKey TagKey, tagValue TagCompoundValue) (*Roles, error)
func (ZMSClient) GetRolesForReview ¶ added in v1.11.44
func (client ZMSClient) GetRolesForReview(principal ResourceName) (*ReviewObjects, error)
func (ZMSClient) GetServerTemplateDetailsList ¶ added in v1.10.19
func (client ZMSClient) GetServerTemplateDetailsList() (*DomainTemplateDetailsList, error)
func (ZMSClient) GetServerTemplateList ¶
func (client ZMSClient) GetServerTemplateList() (*ServerTemplateList, error)
func (ZMSClient) GetServiceIdentities ¶
func (client ZMSClient) GetServiceIdentities(domainName DomainName, publickeys *bool, hosts *bool, tagKey TagKey, tagValue TagCompoundValue) (*ServiceIdentities, error)
func (ZMSClient) GetServiceIdentity ¶
func (client ZMSClient) GetServiceIdentity(domain DomainName, service SimpleName) (*ServiceIdentity, error)
func (ZMSClient) GetServiceIdentityList ¶
func (client ZMSClient) GetServiceIdentityList(domainName DomainName, limit *int32, skip string) (*ServiceIdentityList, error)
func (ZMSClient) GetServicePrincipal ¶
func (client ZMSClient) GetServicePrincipal() (*ServicePrincipal, error)
func (ZMSClient) GetSignedDomains ¶
func (client ZMSClient) GetSignedDomains(domain DomainName, metaOnly string, metaAttr SimpleName, master *bool, conditions *bool, matchingTag string) (*SignedDomains, string, error)
func (ZMSClient) GetStats ¶ added in v1.10.46
func (client ZMSClient) GetStats(name DomainName) (*Stats, error)
func (ZMSClient) GetSystemStats ¶ added in v1.10.46
func (ZMSClient) GetTemplate ¶
func (client ZMSClient) GetTemplate(template SimpleName) (*Template, error)
func (ZMSClient) GetTenantResourceGroupRoles ¶
func (client ZMSClient) GetTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName) (*TenantResourceGroupRoles, error)
func (ZMSClient) GetUserAuthorityAttributeMap ¶ added in v1.10.22
func (client ZMSClient) GetUserAuthorityAttributeMap() (*UserAuthorityAttributeMap, error)
func (ZMSClient) GetUserList ¶ added in v1.7.11
func (client ZMSClient) GetUserList(domainName DomainName) (*UserList, error)
func (ZMSClient) GetUserToken ¶
func (ZMSClient) OptionsUserToken ¶
func (client ZMSClient) OptionsUserToken(userName SimpleName, serviceNames string) (*UserToken, error)
func (ZMSClient) PostSubDomain ¶
func (ZMSClient) PostTopLevelDomain ¶
func (ZMSClient) PostUserDomain ¶
func (client ZMSClient) PostUserDomain(name SimpleName, auditRef string, resourceOwner string, detail *UserDomain) (*Domain, error)
func (ZMSClient) PutAssertion ¶
func (client ZMSClient) PutAssertion(domainName DomainName, policyName EntityName, auditRef string, resourceOwner string, assertion *Assertion) (*Assertion, error)
func (ZMSClient) PutAssertionCondition ¶ added in v1.10.22
func (client ZMSClient) PutAssertionCondition(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string, assertionCondition *AssertionCondition) (*AssertionCondition, error)
func (ZMSClient) PutAssertionConditions ¶ added in v1.10.22
func (client ZMSClient) PutAssertionConditions(domainName DomainName, policyName EntityName, assertionId int64, auditRef string, resourceOwner string, assertionConditions *AssertionConditions) (*AssertionConditions, error)
func (ZMSClient) PutAssertionPolicyVersion ¶ added in v1.10.33
func (client ZMSClient) PutAssertionPolicyVersion(domainName DomainName, policyName EntityName, version SimpleName, auditRef string, resourceOwner string, assertion *Assertion) (*Assertion, error)
func (ZMSClient) PutDefaultAdmins ¶
func (client ZMSClient) PutDefaultAdmins(domainName DomainName, auditRef string, defaultAdmins *DefaultAdmins) error
func (ZMSClient) PutDomainDependency ¶ added in v1.10.46
func (client ZMSClient) PutDomainDependency(domainName DomainName, auditRef string, service *DependentService) error
func (ZMSClient) PutDomainMeta ¶
func (client ZMSClient) PutDomainMeta(name DomainName, auditRef string, resourceOwner string, detail *DomainMeta) error
func (ZMSClient) PutDomainSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutDomainSystemMeta(name DomainName, attribute SimpleName, auditRef string, detail *DomainMeta) error
func (ZMSClient) PutDomainTemplate ¶
func (client ZMSClient) PutDomainTemplate(name DomainName, auditRef string, domainTemplate *DomainTemplate) error
func (ZMSClient) PutDomainTemplateExt ¶ added in v1.7.32
func (client ZMSClient) PutDomainTemplateExt(name DomainName, template SimpleName, auditRef string, domainTemplate *DomainTemplate) error
func (ZMSClient) PutEntity ¶
func (client ZMSClient) PutEntity(domainName DomainName, entityName EntityName, auditRef string, entity *Entity) error
func (ZMSClient) PutGroup ¶ added in v1.9.32
func (client ZMSClient) PutGroup(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, resourceOwner string, group *Group) (*Group, error)
func (ZMSClient) PutGroupMembership ¶ added in v1.9.32
func (client ZMSClient) PutGroupMembership(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, returnObj *bool, resourceOwner string, membership *GroupMembership) (*GroupMembership, error)
func (ZMSClient) PutGroupMembershipDecision ¶ added in v1.9.32
func (client ZMSClient) PutGroupMembershipDecision(domainName DomainName, groupName EntityName, memberName GroupMemberName, auditRef string, membership *GroupMembership) error
func (ZMSClient) PutGroupMeta ¶ added in v1.9.32
func (client ZMSClient) PutGroupMeta(domainName DomainName, groupName EntityName, auditRef string, resourceOwner string, detail *GroupMeta) error
func (ZMSClient) PutGroupReview ¶ added in v1.9.32
func (client ZMSClient) PutGroupReview(domainName DomainName, groupName EntityName, auditRef string, returnObj *bool, resourceOwner string, group *Group) (*Group, error)
func (ZMSClient) PutGroupSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutGroupSystemMeta(domainName DomainName, groupName EntityName, attribute SimpleName, auditRef string, detail *GroupSystemMeta) error
func (ZMSClient) PutMembership ¶
func (client ZMSClient) PutMembership(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, returnObj *bool, resourceOwner string, membership *Membership) (*Membership, error)
func (ZMSClient) PutMembershipDecision ¶ added in v1.9.32
func (client ZMSClient) PutMembershipDecision(domainName DomainName, roleName EntityName, memberName MemberName, auditRef string, membership *Membership) error
func (ZMSClient) PutPolicy ¶
func (client ZMSClient) PutPolicy(domainName DomainName, policyName EntityName, auditRef string, returnObj *bool, resourceOwner string, policy *Policy) (*Policy, error)
func (ZMSClient) PutPolicyVersion ¶ added in v1.10.33
func (client ZMSClient) PutPolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, auditRef string, returnObj *bool, resourceOwner string) (*Policy, error)
func (ZMSClient) PutPrincipalState ¶ added in v1.11.59
func (client ZMSClient) PutPrincipalState(principalName MemberName, auditRef string, principalState *PrincipalState) error
func (ZMSClient) PutProviderResourceGroupRoles ¶
func (client ZMSClient) PutProviderResourceGroupRoles(tenantDomain DomainName, provDomain DomainName, provService SimpleName, resourceGroup EntityName, auditRef string, detail *ProviderResourceGroupRoles) (*ProviderResourceGroupRoles, error)
func (ZMSClient) PutPublicKeyEntry ¶
func (client ZMSClient) PutPublicKeyEntry(domain DomainName, service SimpleName, id string, auditRef string, resourceOwner string, publicKeyEntry *PublicKeyEntry) error
func (ZMSClient) PutQuota ¶ added in v1.7.19
func (client ZMSClient) PutQuota(name DomainName, auditRef string, quota *Quota) error
func (ZMSClient) PutResourceDomainOwnership ¶ added in v1.11.55
func (client ZMSClient) PutResourceDomainOwnership(domainName DomainName, auditRef string, resourceOwnership *ResourceDomainOwnership) error
func (ZMSClient) PutResourceGroupOwnership ¶ added in v1.11.55
func (client ZMSClient) PutResourceGroupOwnership(domainName DomainName, groupName EntityName, auditRef string, resourceOwnership *ResourceGroupOwnership) error
func (ZMSClient) PutResourcePolicyOwnership ¶ added in v1.11.55
func (client ZMSClient) PutResourcePolicyOwnership(domainName DomainName, policyName EntityName, auditRef string, resourceOwnership *ResourcePolicyOwnership) error
func (ZMSClient) PutResourceRoleOwnership ¶ added in v1.11.55
func (client ZMSClient) PutResourceRoleOwnership(domainName DomainName, roleName EntityName, auditRef string, resourceOwnership *ResourceRoleOwnership) error
func (ZMSClient) PutResourceServiceIdentityOwnership ¶ added in v1.11.55
func (client ZMSClient) PutResourceServiceIdentityOwnership(domainName DomainName, service SimpleName, auditRef string, resourceOwnership *ResourceServiceIdentityOwnership) error
func (ZMSClient) PutRole ¶
func (client ZMSClient) PutRole(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, resourceOwner string, role *Role) (*Role, error)
func (ZMSClient) PutRoleMeta ¶ added in v1.9.32
func (client ZMSClient) PutRoleMeta(domainName DomainName, roleName EntityName, auditRef string, resourceOwner string, detail *RoleMeta) error
func (ZMSClient) PutRoleReview ¶ added in v1.9.32
func (client ZMSClient) PutRoleReview(domainName DomainName, roleName EntityName, auditRef string, returnObj *bool, resourceOwner string, role *Role) (*Role, error)
func (ZMSClient) PutRoleSystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutRoleSystemMeta(domainName DomainName, roleName EntityName, attribute SimpleName, auditRef string, detail *RoleSystemMeta) error
func (ZMSClient) PutServiceIdentity ¶
func (client ZMSClient) PutServiceIdentity(domain DomainName, service SimpleName, auditRef string, returnObj *bool, resourceOwner string, detail *ServiceIdentity) (*ServiceIdentity, error)
func (ZMSClient) PutServiceIdentitySystemMeta ¶ added in v1.9.32
func (client ZMSClient) PutServiceIdentitySystemMeta(domain DomainName, service SimpleName, attribute SimpleName, auditRef string, detail *ServiceIdentitySystemMeta) error
func (ZMSClient) PutTenancy ¶
func (client ZMSClient) PutTenancy(domain DomainName, service ServiceName, auditRef string, detail *Tenancy) error
func (ZMSClient) PutTenant ¶ added in v1.9.32
func (client ZMSClient) PutTenant(domain DomainName, service SimpleName, tenantDomain DomainName, auditRef string, detail *Tenancy) error
func (ZMSClient) PutTenantResourceGroupRoles ¶
func (client ZMSClient) PutTenantResourceGroupRoles(domain DomainName, service SimpleName, tenantDomain DomainName, resourceGroup EntityName, auditRef string, detail *TenantResourceGroupRoles) (*TenantResourceGroupRoles, error)
func (ZMSClient) SearchServiceIdentities ¶ added in v1.12.5
func (client ZMSClient) SearchServiceIdentities(serviceName SimpleName, substringMatch *bool, domainFilter DomainName) (*ServiceIdentities, error)
func (ZMSClient) SetActivePolicyVersion ¶ added in v1.10.33
func (client ZMSClient) SetActivePolicyVersion(domainName DomainName, policyName EntityName, policyOptions *PolicyOptions, auditRef string, resourceOwner string) error
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
get-access
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain.
|
Get-access is a demo program to query if the current principal has "Access" to a specified resource, in a given domain. |