identity

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 28, 2018 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrUnbalancedTemplatingCharacter = errors.New("unbalanced templating characters")
	ErrNoEntityAttachedToToken       = errors.New("string contains entity template directives but no entity was provided")
	ErrNoGroupsAttachedToToken       = errors.New("string contains groups template directives but no groups were provided")
	ErrTemplateValueNotFound         = errors.New("no value could be found for one of the template directives")
)

Functions

func PopulateString added in v0.11.0

func PopulateString(p *PopulateStringInput) (bool, string, error)

Types

type Alias

type Alias struct {
	// ID is the unique identifier that represents this alias
	ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// CanonicalID is the entity identifier to which this alias belongs to
	CanonicalID string `sentinel:"" protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty"`
	// MountType is the backend mount's type to which this alias belongs to.
	// This enables categorically querying aliases of specific backend types.
	MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
	// MountAccessor is the backend mount's accessor to which this alias
	// belongs to.
	MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
	// MountPath is the backend mount's path to which the Maccessor belongs to. This
	// field is not used for any operational purposes. This is only returned when
	// alias is read, only as a nicety.
	MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
	// Metadata is the explicit metadata that clients set against an entity
	// which enables virtual grouping of aliases. Aliases will be indexed
	// against their metadata.
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// Name is the identifier of this alias in its authentication source.
	// This does not uniquely identify an alias in Vault. This in conjunction
	// with MountAccessor form to be the factors that represent an alias in a
	// unique way. Aliases will be indexed based on this combined uniqueness
	// factor.
	Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
	// CreationTime is the time at which this alias was first created
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the most recent time at which the properties of this
	// alias got modified. This is helpful in filtering out aliases based
	// on its age and to take action on them, if desired.
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// MergedFromCanonicalIDs is the FIFO history of merging activity
	MergedFromCanonicalIDs []string `` /* 144-byte string literal not displayed */
	XXX_NoUnkeyedLiteral   struct{} `json:"-"`
	XXX_unrecognized       []byte   `json:"-"`
	XXX_sizecache          int32    `json:"-"`
}

Alias represents the alias that gets stored inside of the entity object in storage and also represents in an in-memory index of an alias object.

func (*Alias) Clone

func (p *Alias) Clone() (*Alias, error)

func (*Alias) Descriptor

func (*Alias) Descriptor() ([]byte, []int)

func (*Alias) GetCanonicalID

func (m *Alias) GetCanonicalID() string

func (*Alias) GetCreationTime

func (m *Alias) GetCreationTime() *timestamp.Timestamp

func (*Alias) GetID

func (m *Alias) GetID() string

func (*Alias) GetLastUpdateTime

func (m *Alias) GetLastUpdateTime() *timestamp.Timestamp

func (*Alias) GetMergedFromCanonicalIDs

func (m *Alias) GetMergedFromCanonicalIDs() []string

func (*Alias) GetMetadata

func (m *Alias) GetMetadata() map[string]string

func (*Alias) GetMountAccessor

func (m *Alias) GetMountAccessor() string

func (*Alias) GetMountPath

func (m *Alias) GetMountPath() string

func (*Alias) GetMountType

func (m *Alias) GetMountType() string

func (*Alias) GetName

func (m *Alias) GetName() string

func (*Alias) ProtoMessage

func (*Alias) ProtoMessage()

func (*Alias) Reset

func (m *Alias) Reset()

func (*Alias) SentinelGet

func (p *Alias) SentinelGet(key string) (interface{}, error)

func (*Alias) SentinelKeys

func (a *Alias) SentinelKeys() []string

func (*Alias) String

func (m *Alias) String() string

func (*Alias) XXX_DiscardUnknown added in v0.10.2

func (m *Alias) XXX_DiscardUnknown()

func (*Alias) XXX_Marshal added in v0.10.2

func (m *Alias) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Alias) XXX_Merge added in v0.10.2

func (dst *Alias) XXX_Merge(src proto.Message)

func (*Alias) XXX_Size added in v0.10.2

func (m *Alias) XXX_Size() int

func (*Alias) XXX_Unmarshal added in v0.10.2

func (m *Alias) XXX_Unmarshal(b []byte) error

type Entity

type Entity struct {
	// Aliases are the identities that this entity is made of. This can be
	// empty as well to favor being able to create the entity first and then
	// incrementally adding aliases.
	Aliases []*Alias `sentinel:"" protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty"`
	// ID is the unique identifier of the entity which always be a UUID. This
	// should never be allowed to be updated.
	ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Name is a unique identifier of the entity which is intended to be
	// human-friendly. The default name might not be human friendly since it
	// gets suffixed by a UUID, but it can optionally be updated, unlike the ID
	// field.
	Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
	// Metadata represents the explicit metadata which is set by the
	// clients.  This is useful to tie any information pertaining to the
	// aliases. This is a non-unique field of entity, meaning multiple
	// entities can have the same metadata set. Entities will be indexed based
	// on this explicit metadata. This enables virtual groupings of entities
	// based on its metadata.
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// CreationTime is the time at which this entity is first created.
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the most recent time at which the properties of this
	// entity got modified. This is helpful in filtering out entities based on
	// its age and to take action on them, if desired.
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// MergedEntityIDs are the entities which got merged to this one. Entities
	// will be indexed based on all the entities that got merged into it. This
	// helps to apply the actions on this entity on the tokens that are merged
	// to the merged entities. Merged entities will be deleted entirely and
	// this is the only trackable trail of its earlier presence.
	MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"`
	// Policies the entity is entitled to
	Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"`
	// BucketKeyHash is the MD5 hash of the storage bucket key into which this
	// entity is stored in the underlying storage. This is useful to find all
	// the entities belonging to a particular bucket during invalidation of the
	// storage key.
	BucketKeyHash string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"`
	// Disabled indicates whether tokens associated with the account should not
	// be able to be used
	Disabled             bool     `sentinel:"" protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Entity represents an entity that gets persisted and indexed. Entity is fundamentally composed of zero or many aliases.

func (*Entity) Clone

func (e *Entity) Clone() (*Entity, error)

func (*Entity) Descriptor

func (*Entity) Descriptor() ([]byte, []int)

func (*Entity) GetAliases

func (m *Entity) GetAliases() []*Alias

func (*Entity) GetBucketKeyHash

func (m *Entity) GetBucketKeyHash() string

func (*Entity) GetCreationTime

func (m *Entity) GetCreationTime() *timestamp.Timestamp

func (*Entity) GetDisabled added in v0.10.1

func (m *Entity) GetDisabled() bool

func (*Entity) GetID

func (m *Entity) GetID() string

func (*Entity) GetLastUpdateTime

func (m *Entity) GetLastUpdateTime() *timestamp.Timestamp

func (*Entity) GetMergedEntityIDs

func (m *Entity) GetMergedEntityIDs() []string

func (*Entity) GetMetadata

func (m *Entity) GetMetadata() map[string]string

func (*Entity) GetName

func (m *Entity) GetName() string

func (*Entity) GetPolicies

func (m *Entity) GetPolicies() []string

func (*Entity) ProtoMessage

func (*Entity) ProtoMessage()

func (*Entity) Reset

func (m *Entity) Reset()

func (*Entity) SentinelGet

func (e *Entity) SentinelGet(key string) (interface{}, error)

func (*Entity) SentinelKeys

func (e *Entity) SentinelKeys() []string

func (*Entity) String

func (m *Entity) String() string

func (*Entity) XXX_DiscardUnknown added in v0.10.2

func (m *Entity) XXX_DiscardUnknown()

func (*Entity) XXX_Marshal added in v0.10.2

func (m *Entity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Entity) XXX_Merge added in v0.10.2

func (dst *Entity) XXX_Merge(src proto.Message)

func (*Entity) XXX_Size added in v0.10.2

func (m *Entity) XXX_Size() int

func (*Entity) XXX_Unmarshal added in v0.10.2

func (m *Entity) XXX_Unmarshal(b []byte) error

type Group

type Group struct {
	// ID is the unique identifier for this group
	ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Name is the unique name for this group
	Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// Policies are the vault policies to be granted to members of this group
	Policies []string `sentinel:"" protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"`
	// ParentGroupIDs are the identifiers of those groups to which this group is a
	// member of. These will serve as references to the parent group in the
	// hierarchy.
	ParentGroupIDs []string `sentinel:"" protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty"`
	// MemberEntityIDs are the identifiers of entities which are members of this
	// group
	MemberEntityIDs []string `sentinel:"" protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty"`
	// Metadata represents the custom data tied with this group
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// CreationTime is the time at which this group was created
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the time at which this group was last modified
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// ModifyIndex tracks the number of updates to the group. It is useful to detect
	// updates to the groups.
	ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"`
	// BucketKeyHash is the MD5 hash of the storage bucket key into which this
	// group is stored in the underlying storage. This is useful to find all
	// the groups belonging to a particular bucket during invalidation of the
	// storage key.
	BucketKeyHash string `sentinel:"" protobuf:"bytes,10,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"`
	// Alias is used to mark this group as an internal mapping of a group that
	// is external to the identity store. Alias can only be set if the 'type'
	// is set to 'external'.
	Alias *Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"`
	// Type indicates if this group is an internal group or an external group.
	// Memberships of the internal groups can be managed over the API whereas
	// the memberships on the external group --for which a corresponding alias
	// will be set-- will be managed automatically.
	Type                 string   `sentinel:"" protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Group represents an identity group.

func (*Group) Clone

func (g *Group) Clone() (*Group, error)

func (*Group) Descriptor

func (*Group) Descriptor() ([]byte, []int)

func (*Group) GetAlias

func (m *Group) GetAlias() *Alias

func (*Group) GetBucketKeyHash

func (m *Group) GetBucketKeyHash() string

func (*Group) GetCreationTime

func (m *Group) GetCreationTime() *timestamp.Timestamp

func (*Group) GetID

func (m *Group) GetID() string

func (*Group) GetLastUpdateTime

func (m *Group) GetLastUpdateTime() *timestamp.Timestamp

func (*Group) GetMemberEntityIDs

func (m *Group) GetMemberEntityIDs() []string

func (*Group) GetMetadata

func (m *Group) GetMetadata() map[string]string

func (*Group) GetModifyIndex

func (m *Group) GetModifyIndex() uint64

func (*Group) GetName

func (m *Group) GetName() string

func (*Group) GetParentGroupIDs

func (m *Group) GetParentGroupIDs() []string

func (*Group) GetPolicies

func (m *Group) GetPolicies() []string

func (*Group) GetType

func (m *Group) GetType() string

func (*Group) ProtoMessage

func (*Group) ProtoMessage()

func (*Group) Reset

func (m *Group) Reset()

func (*Group) SentinelGet

func (g *Group) SentinelGet(key string) (interface{}, error)

func (*Group) SentinelKeys

func (g *Group) SentinelKeys() []string

func (*Group) String

func (m *Group) String() string

func (*Group) XXX_DiscardUnknown added in v0.10.2

func (m *Group) XXX_DiscardUnknown()

func (*Group) XXX_Marshal added in v0.10.2

func (m *Group) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Group) XXX_Merge added in v0.10.2

func (dst *Group) XXX_Merge(src proto.Message)

func (*Group) XXX_Size added in v0.10.2

func (m *Group) XXX_Size() int

func (*Group) XXX_Unmarshal added in v0.10.2

func (m *Group) XXX_Unmarshal(b []byte) error

type PopulateStringInput added in v0.11.0

type PopulateStringInput struct {
	ValidityCheckOnly bool
	String            string
	Entity            *Entity
	Groups            []*Group
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL