Documentation ¶
Index ¶
- Variables
- func PopulateString(p *PopulateStringInput) (bool, string, error)
- type Alias
- func (p *Alias) Clone() (*Alias, error)
- func (*Alias) Descriptor() ([]byte, []int)
- func (m *Alias) GetCanonicalID() string
- func (m *Alias) GetCreationTime() *timestamp.Timestamp
- func (m *Alias) GetID() string
- func (m *Alias) GetLastUpdateTime() *timestamp.Timestamp
- func (m *Alias) GetMergedFromCanonicalIDs() []string
- func (m *Alias) GetMetadata() map[string]string
- func (m *Alias) GetMountAccessor() string
- func (m *Alias) GetMountPath() string
- func (m *Alias) GetMountType() string
- func (m *Alias) GetName() string
- func (*Alias) ProtoMessage()
- func (m *Alias) Reset()
- func (p *Alias) SentinelGet(key string) (interface{}, error)
- func (a *Alias) SentinelKeys() []string
- func (m *Alias) String() string
- func (m *Alias) XXX_DiscardUnknown()
- func (m *Alias) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Alias) XXX_Merge(src proto.Message)
- func (m *Alias) XXX_Size() int
- func (m *Alias) XXX_Unmarshal(b []byte) error
- type Entity
- func (e *Entity) Clone() (*Entity, error)
- func (*Entity) Descriptor() ([]byte, []int)
- func (m *Entity) GetAliases() []*Alias
- func (m *Entity) GetBucketKeyHash() string
- func (m *Entity) GetCreationTime() *timestamp.Timestamp
- func (m *Entity) GetDisabled() bool
- func (m *Entity) GetID() string
- func (m *Entity) GetLastUpdateTime() *timestamp.Timestamp
- func (m *Entity) GetMergedEntityIDs() []string
- func (m *Entity) GetMetadata() map[string]string
- func (m *Entity) GetName() string
- func (m *Entity) GetPolicies() []string
- func (*Entity) ProtoMessage()
- func (m *Entity) Reset()
- func (e *Entity) SentinelGet(key string) (interface{}, error)
- func (e *Entity) SentinelKeys() []string
- func (m *Entity) String() string
- func (m *Entity) XXX_DiscardUnknown()
- func (m *Entity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Entity) XXX_Merge(src proto.Message)
- func (m *Entity) XXX_Size() int
- func (m *Entity) XXX_Unmarshal(b []byte) error
- type Group
- func (g *Group) Clone() (*Group, error)
- func (*Group) Descriptor() ([]byte, []int)
- func (m *Group) GetAlias() *Alias
- func (m *Group) GetBucketKeyHash() string
- func (m *Group) GetCreationTime() *timestamp.Timestamp
- func (m *Group) GetID() string
- func (m *Group) GetLastUpdateTime() *timestamp.Timestamp
- func (m *Group) GetMemberEntityIDs() []string
- func (m *Group) GetMetadata() map[string]string
- func (m *Group) GetModifyIndex() uint64
- func (m *Group) GetName() string
- func (m *Group) GetParentGroupIDs() []string
- func (m *Group) GetPolicies() []string
- func (m *Group) GetType() string
- func (*Group) ProtoMessage()
- func (m *Group) Reset()
- func (g *Group) SentinelGet(key string) (interface{}, error)
- func (g *Group) SentinelKeys() []string
- func (m *Group) String() string
- func (m *Group) XXX_DiscardUnknown()
- func (m *Group) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (dst *Group) XXX_Merge(src proto.Message)
- func (m *Group) XXX_Size() int
- func (m *Group) XXX_Unmarshal(b []byte) error
- type PopulateStringInput
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrUnbalancedTemplatingCharacter = errors.New("unbalanced templating characters") ErrNoEntityAttachedToToken = errors.New("string contains entity template directives but no entity was provided") ErrNoGroupsAttachedToToken = errors.New("string contains groups template directives but no groups were provided") ErrTemplateValueNotFound = errors.New("no value could be found for one of the template directives") )
Functions ¶
func PopulateString ¶ added in v0.11.0
func PopulateString(p *PopulateStringInput) (bool, string, error)
Types ¶
type Alias ¶
type Alias struct { // ID is the unique identifier that represents this alias ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // CanonicalID is the entity identifier to which this alias belongs to CanonicalID string `sentinel:"" protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty"` // MountType is the backend mount's type to which this alias belongs to. // This enables categorically querying aliases of specific backend types. MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"` // MountAccessor is the backend mount's accessor to which this alias // belongs to. MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"` // MountPath is the backend mount's path to which the Maccessor belongs to. This // field is not used for any operational purposes. This is only returned when // alias is read, only as a nicety. MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` // Metadata is the explicit metadata that clients set against an entity // which enables virtual grouping of aliases. Aliases will be indexed // against their metadata. Metadata map[string]string `` /* 169-byte string literal not displayed */ // Name is the identifier of this alias in its authentication source. // This does not uniquely identify an alias in Vault. This in conjunction // with MountAccessor form to be the factors that represent an alias in a // unique way. Aliases will be indexed based on this combined uniqueness // factor. Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"` // CreationTime is the time at which this alias was first created CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` // LastUpdateTime is the most recent time at which the properties of this // alias got modified. This is helpful in filtering out aliases based // on its age and to take action on them, if desired. LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` // MergedFromCanonicalIDs is the FIFO history of merging activity MergedFromCanonicalIDs []string `` /* 144-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Alias represents the alias that gets stored inside of the entity object in storage and also represents in an in-memory index of an alias object.
func (*Alias) Descriptor ¶
func (*Alias) GetCanonicalID ¶
func (*Alias) GetCreationTime ¶
func (*Alias) GetLastUpdateTime ¶
func (*Alias) GetMergedFromCanonicalIDs ¶
func (*Alias) GetMetadata ¶
func (*Alias) GetMountAccessor ¶
func (*Alias) GetMountPath ¶
func (*Alias) GetMountType ¶
func (*Alias) ProtoMessage ¶
func (*Alias) ProtoMessage()
func (*Alias) SentinelGet ¶
func (*Alias) SentinelKeys ¶
func (*Alias) XXX_DiscardUnknown ¶ added in v0.10.2
func (m *Alias) XXX_DiscardUnknown()
func (*Alias) XXX_Marshal ¶ added in v0.10.2
func (*Alias) XXX_Unmarshal ¶ added in v0.10.2
type Entity ¶
type Entity struct { // Aliases are the identities that this entity is made of. This can be // empty as well to favor being able to create the entity first and then // incrementally adding aliases. Aliases []*Alias `sentinel:"" protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty"` // ID is the unique identifier of the entity which always be a UUID. This // should never be allowed to be updated. ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Name is a unique identifier of the entity which is intended to be // human-friendly. The default name might not be human friendly since it // gets suffixed by a UUID, but it can optionally be updated, unlike the ID // field. Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` // Metadata represents the explicit metadata which is set by the // clients. This is useful to tie any information pertaining to the // aliases. This is a non-unique field of entity, meaning multiple // entities can have the same metadata set. Entities will be indexed based // on this explicit metadata. This enables virtual groupings of entities // based on its metadata. Metadata map[string]string `` /* 169-byte string literal not displayed */ // CreationTime is the time at which this entity is first created. CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` // LastUpdateTime is the most recent time at which the properties of this // entity got modified. This is helpful in filtering out entities based on // its age and to take action on them, if desired. LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` // MergedEntityIDs are the entities which got merged to this one. Entities // will be indexed based on all the entities that got merged into it. This // helps to apply the actions on this entity on the tokens that are merged // to the merged entities. Merged entities will be deleted entirely and // this is the only trackable trail of its earlier presence. MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"` // Policies the entity is entitled to Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"` // BucketKeyHash is the MD5 hash of the storage bucket key into which this // entity is stored in the underlying storage. This is useful to find all // the entities belonging to a particular bucket during invalidation of the // storage key. BucketKeyHash string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"` // Disabled indicates whether tokens associated with the account should not // be able to be used Disabled bool `sentinel:"" protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Entity represents an entity that gets persisted and indexed. Entity is fundamentally composed of zero or many aliases.
func (*Entity) Descriptor ¶
func (*Entity) GetAliases ¶
func (*Entity) GetBucketKeyHash ¶
func (*Entity) GetCreationTime ¶
func (*Entity) GetDisabled ¶ added in v0.10.1
func (*Entity) GetLastUpdateTime ¶
func (*Entity) GetMergedEntityIDs ¶
func (*Entity) GetMetadata ¶
func (*Entity) GetPolicies ¶
func (*Entity) ProtoMessage ¶
func (*Entity) ProtoMessage()
func (*Entity) SentinelGet ¶
func (*Entity) SentinelKeys ¶
func (*Entity) XXX_DiscardUnknown ¶ added in v0.10.2
func (m *Entity) XXX_DiscardUnknown()
func (*Entity) XXX_Marshal ¶ added in v0.10.2
func (*Entity) XXX_Unmarshal ¶ added in v0.10.2
type Group ¶
type Group struct { // ID is the unique identifier for this group ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Name is the unique name for this group Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Policies are the vault policies to be granted to members of this group Policies []string `sentinel:"" protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"` // ParentGroupIDs are the identifiers of those groups to which this group is a // member of. These will serve as references to the parent group in the // hierarchy. ParentGroupIDs []string `sentinel:"" protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty"` // MemberEntityIDs are the identifiers of entities which are members of this // group MemberEntityIDs []string `sentinel:"" protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty"` // Metadata represents the custom data tied with this group Metadata map[string]string `` /* 169-byte string literal not displayed */ // CreationTime is the time at which this group was created CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"` // LastUpdateTime is the time at which this group was last modified LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"` // ModifyIndex tracks the number of updates to the group. It is useful to detect // updates to the groups. ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"` // BucketKeyHash is the MD5 hash of the storage bucket key into which this // group is stored in the underlying storage. This is useful to find all // the groups belonging to a particular bucket during invalidation of the // storage key. BucketKeyHash string `sentinel:"" protobuf:"bytes,10,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"` // Alias is used to mark this group as an internal mapping of a group that // is external to the identity store. Alias can only be set if the 'type' // is set to 'external'. Alias *Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"` // Type indicates if this group is an internal group or an external group. // Memberships of the internal groups can be managed over the API whereas // the memberships on the external group --for which a corresponding alias // will be set-- will be managed automatically. Type string `sentinel:"" protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
Group represents an identity group.
func (*Group) Descriptor ¶
func (*Group) GetBucketKeyHash ¶
func (*Group) GetCreationTime ¶
func (*Group) GetLastUpdateTime ¶
func (*Group) GetMemberEntityIDs ¶
func (*Group) GetMetadata ¶
func (*Group) GetModifyIndex ¶
func (*Group) GetParentGroupIDs ¶
func (*Group) GetPolicies ¶
func (*Group) ProtoMessage ¶
func (*Group) ProtoMessage()
func (*Group) SentinelGet ¶
func (*Group) SentinelKeys ¶
func (*Group) XXX_DiscardUnknown ¶ added in v0.10.2
func (m *Group) XXX_DiscardUnknown()
func (*Group) XXX_Marshal ¶ added in v0.10.2
func (*Group) XXX_Unmarshal ¶ added in v0.10.2
Click to show internal directories.
Click to hide internal directories.