conjurapi

package
v0.0.0-...-1290ed6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoginPairFromEnv 

func LoginPairFromEnv() (*authn.LoginPair, error)

func LoginPairFromNetRC 

func LoginPairFromNetRC(config Config) (*authn.LoginPair, error)

func ReadResponseBody 

func ReadResponseBody(response io.ReadCloser) ([]byte, error)

ReadResponseBody fully reads a response and closes it.

Types

type Authenticator 

type Authenticator interface {
	RefreshToken() ([]byte, error)
	NeedsTokenRefresh() bool
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClientFromEnvironment 

func NewClientFromEnvironment(config Config) (*Client, error)

func NewClientFromKey 

func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)

func NewClientFromToken 

func NewClientFromToken(config Config, token string) (*Client, error)

func NewClientFromTokenFile 

func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)

func (*Client) AddSecret 

func (c *Client) AddSecret(variableID string, secretValue string) error

AddSecret adds a secret value to a variable.

The authenticated user must have update privilege on the variable.

func (*Client) Authenticate 

func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)

Authenticate obtains a new access token.

func (*Client) AuthenticateReader 

func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)

AuthenticateReader obtains a new access token and returns it as a data stream.

func (*Client) CheckPermission 

func (c *Client) CheckPermission(resourceID, privilege string) (bool, error)

CheckPermission determines whether the authenticated user has a specified privilege on a resource.

func (*Client) GetConfig 

func (c *Client) GetConfig() Config

func (*Client) GetHttpClient 

func (c *Client) GetHttpClient() *http.Client

func (*Client) LoadPolicy 

func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)

LoadPolicy submits new policy data or polciy changes to the server.

The required permission depends on the mode.

func (*Client) NeedsTokenRefresh 

func (c *Client) NeedsTokenRefresh() bool

func (*Client) RefreshToken 

func (c *Client) RefreshToken() (err error)

func (*Client) Resource 

func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)

Resource fetches a single user-visible resource by id.

func (*Client) Resources 

func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)

Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.

func (*Client) RetrieveBatchSecrets 

func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecrets fetches values for all variables in a slice using a single API call

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveBatchSecretsSafe 

func (c *Client) RetrieveBatchSecretsSafe(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecretsSafe fetches values for all variables in a slice using a single API call. This version of the method will automatically base64-encode the secrets on the server side allowing the retrieval of binary values in batch requests. Secrets are NOT base64 encoded in the returned map.

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveSecret 

func (c *Client) RetrieveSecret(variableID string) ([]byte, error)

RetrieveSecret fetches a secret from a variable.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretReader 

func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)

RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.

The authenticated user must have execute privilege on the variable.

func (*Client) RotateAPIKey 

func (c *Client) RotateAPIKey(roleID string) ([]byte, error)

RotateAPIKey replaces the API key of a role on the server with a new random secret.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyReader 

func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)

RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.

The authenticated user must have update privilege on the role.

func (*Client) SetHttpClient 

func (c *Client) SetHttpClient(httpClient *http.Client)

func (*Client) SubmitRequest 

func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)

type Config 

type Config struct {
	Account      string `yaml:"account,omitempty"`
	ApplianceURL string `yaml:"appliance_url,omitempty"`
	NetRCPath    string `yaml:"netrc_path,omitempty"`
	SSLCert      string `yaml:"-"`
	SSLCertPath  string `yaml:"cert_file,omitempty"`
	V4           bool   `yaml:"v4"`
}

func LoadConfig 

func LoadConfig() (Config, error)

func (*Config) BaseURL 

func (c *Config) BaseURL() string

func (*Config) IsHttps 

func (c *Config) IsHttps() bool

func (*Config) ReadSSLCert 

func (c *Config) ReadSSLCert() ([]byte, error)

type CreatedRole 

type CreatedRole struct {
	ID     string `json:"id"`
	APIKey string `json:"api_key"`
}

CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.

type PolicyMode 

type PolicyMode uint

PolicyMode defines the server-sized behavior when loading a policy. 

const (
	// PolicyModePost appends new data to the policy.
	PolicyModePost PolicyMode = 1
	// PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy.
	PolicyModePut PolicyMode = 2
	// PolicyModePatch adds policy data and explicitly deletes policy data.
	PolicyModePatch PolicyMode = 3
)

type PolicyResponse 

type PolicyResponse struct {
	// Newly created roles.
	CreatedRoles map[string]CreatedRole `json:"created_roles"`
	// The version number of the policy.
	Version uint32 `json:"version"`
}

PolicyResponse contains information about the policy update.

type ResourceFilter 

type ResourceFilter struct {
	Kind   string
	Search string
	Limit  int
	Offset int
}

type Router 

type Router interface {
	AddSecretRequest(variableID, secretValue string) (*http.Request, error)
	AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)
	CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)
	LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)
	ResourceRequest(resourceID string) (*http.Request, error)
	ResourcesRequest(filter *ResourceFilter) (*http.Request, error)
	RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)
	RetrieveSecretRequest(variableID string) (*http.Request, error)
	RotateAPIKeyRequest(roleID string) (*http.Request, error)
}

type RouterV4 

type RouterV4 struct {
	Config *Config
}

func (RouterV4) AddSecretRequest 

func (r RouterV4) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (RouterV4) AuthenticateRequest 

func (r RouterV4) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (RouterV4) CheckPermissionRequest 

func (r RouterV4) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)

func (RouterV4) LoadPolicyRequest 

func (r RouterV4) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)

func (RouterV4) ResourceRequest 

func (r RouterV4) ResourceRequest(resourceID string) (*http.Request, error)

func (RouterV4) ResourcesRequest 

func (r RouterV4) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (RouterV4) RetrieveBatchSecretsRequest 

func (r RouterV4) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)

func (RouterV4) RetrieveSecretRequest 

func (r RouterV4) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (RouterV4) RotateAPIKeyRequest 

func (r RouterV4) RotateAPIKeyRequest(roleID string) (*http.Request, error)

type RouterV5 

type RouterV5 struct {
	Config *Config
}

func (RouterV5) AddSecretRequest 

func (r RouterV5) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (RouterV5) AuthenticateRequest 

func (r RouterV5) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (RouterV5) CheckPermissionRequest 

func (r RouterV5) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)

func (RouterV5) LoadPolicyRequest 

func (r RouterV5) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader) (*http.Request, error)

func (RouterV5) ResourceRequest 

func (r RouterV5) ResourceRequest(resourceID string) (*http.Request, error)

func (RouterV5) ResourcesRequest 

func (r RouterV5) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (RouterV5) RetrieveBatchSecretsRequest 

func (r RouterV5) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)

func (RouterV5) RetrieveSecretRequest 

func (r RouterV5) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (RouterV5) RotateAPIKeyRequest 

func (r RouterV5) RotateAPIKeyRequest(roleID string) (*http.Request, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.