Documentation ¶
Overview ¶
Package client provides API client methods that interact with our API to manage Border0 resources.
Example to create a new client:
api := client.New( client.WithAuthToken(os.Getenv("BORDER0_AUTH_TOKEN")), // optional, if not provided, Border0 SDK will use BORDER0_AUTH_TOKEN env var client.WithRetryMax(2), // 1 initial + 2 retries = 3 attempts )
See Option for more configurable options.
Index ¶
- func ExponentialBackoff(min, max time.Duration, attempt int) time.Duration
- func NotFound(err error) bool
- type APIClient
- func (api *APIClient) AttachPoliciesToSocket(ctx context.Context, policyIDs []string, socketID string) (err error)
- func (api *APIClient) AttachPolicyToSocket(ctx context.Context, policyID string, socketID string) (err error)
- func (api *APIClient) Connector(ctx context.Context, id string) (out *Connector, err error)
- func (api *APIClient) ConnectorTokens(ctx context.Context, connectorID string) (out *ConnectorTokens, err error)
- func (api *APIClient) Connectors(ctx context.Context) (out []Connector, err error)
- func (api *APIClient) CreateConnector(ctx context.Context, in *Connector) (out *Connector, err error)
- func (api *APIClient) CreateConnectorToken(ctx context.Context, in *ConnectorToken) (out *ConnectorToken, err error)
- func (api *APIClient) CreatePolicy(ctx context.Context, in *Policy) (out *Policy, err error)
- func (api *APIClient) CreateSocket(ctx context.Context, in *Socket) (out *Socket, err error)
- func (api *APIClient) DeleteConnector(ctx context.Context, id string) (err error)
- func (api *APIClient) DeleteConnectorToken(ctx context.Context, connectorID, tokenID string) (err error)
- func (api *APIClient) DeletePolicy(ctx context.Context, id string) (err error)
- func (api *APIClient) DeleteSocket(ctx context.Context, idOrName string) (err error)
- func (api *APIClient) Policies(ctx context.Context) (out []Policy, err error)
- func (api *APIClient) PoliciesByNames(ctx context.Context, names ...string) (out []Policy, err error)
- func (api *APIClient) Policy(ctx context.Context, id string) (out *Policy, err error)
- func (api *APIClient) RemovePoliciesFromSocket(ctx context.Context, policyIDs []string, socketID string) (err error)
- func (api *APIClient) RemovePolicyFromSocket(ctx context.Context, policyID string, socketID string) (err error)
- func (api *APIClient) SignSocketKey(ctx context.Context, idOrName string, in *SocketKeyToSign) (out *SignedSocketKey, err error)
- func (api *APIClient) Socket(ctx context.Context, idOrName string) (out *Socket, err error)
- func (api *APIClient) SocketConnectors(ctx context.Context, idOrName string) (out *SocketConnectors, err error)
- func (api *APIClient) SocketUpstreamConfigs(ctx context.Context, idOrName string) (out *SocketUpstreamConfigs, err error)
- func (api *APIClient) Sockets(ctx context.Context) (out []Socket, err error)
- func (api *APIClient) TokenClaims() (jwt.MapClaims, error)
- func (api *APIClient) UpdateConnector(ctx context.Context, in *Connector) (out *Connector, err error)
- func (api *APIClient) UpdatePolicy(ctx context.Context, id string, in *Policy) (out *Policy, err error)
- func (api *APIClient) UpdateSocket(ctx context.Context, idOrName string, in *Socket) (out *Socket, err error)
- type Backoff
- type Connector
- type ConnectorService
- type ConnectorToken
- type ConnectorTokens
- type Error
- type FlexibleTime
- type HTTPClient
- type HTTPRequester
- type Option
- type Policy
- type PolicyCondition
- type PolicyData
- type PolicyService
- type PolicySocketAttachment
- type PolicySocketAttachments
- type PolicyWhen
- type PolicyWhere
- type PolicyWho
- type Requester
- type SignedSocketKey
- type Socket
- type SocketConnector
- type SocketConnectors
- type SocketKeyToSign
- type SocketService
- type SocketUpstreamConfig
- type SocketUpstreamConfigs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExponentialBackoff ¶
ExponentialBackoff is a Backoff function which will backoff exponentially between the given minimum and maximum durations. The attempt number is used as the exponent base, so the first attempt will backoff by the minimum duration, the second attempt will backoff by twice the minimum duration, the third attempt will backoff by four times the minimum duration, and so on. The maximum duration is used as a cap, so the backoff will never exceed the maximum duration.
Types ¶
type APIClient ¶
type APIClient struct {
// contains filtered or unexported fields
}
APIClient is the client for the Border0 API.
func (*APIClient) AttachPoliciesToSocket ¶ added in v1.3.0
func (api *APIClient) AttachPoliciesToSocket(ctx context.Context, policyIDs []string, socketID string) (err error)
AttachPoliciesToSocket attaches multiple policies to a socket by policy IDs and socket ID.
func (*APIClient) AttachPolicyToSocket ¶ added in v1.1.0
func (api *APIClient) AttachPolicyToSocket(ctx context.Context, policyID string, socketID string) (err error)
AttachPolicyToSocket attaches a policy to a socket by policy ID and socket ID.
func (*APIClient) Connector ¶ added in v1.0.0
Connector fetches a connector from your Border0 organization by UUID. Connector UUID is globally unique and immutable.
func (*APIClient) ConnectorTokens ¶ added in v1.0.0
func (api *APIClient) ConnectorTokens(ctx context.Context, connectorID string) (out *ConnectorTokens, err error)
ConnectorTokens fetches all tokens for a connector by connector's UUID.
func (*APIClient) Connectors ¶ added in v1.0.0
Connectors fetches all connectors in your Border0 organization.
func (*APIClient) CreateConnector ¶ added in v1.0.0
func (api *APIClient) CreateConnector(ctx context.Context, in *Connector) (out *Connector, err error)
CreateConnector creates a new connector in your Border0 organization. Connector name must be unique within your organization, otherwise API will return an error. Connector name must contain only lowercase letters, numbers and dashes.
func (*APIClient) CreateConnectorToken ¶ added in v1.0.0
func (api *APIClient) CreateConnectorToken(ctx context.Context, in *ConnectorToken) (out *ConnectorToken, err error)
CreateConnectorToken creates a new token for a connector. Token is used to authenticate connector with Border0 API. Token can be created with or without a expiration date. If ExpiresAt field is not set, token will not expire.
func (*APIClient) CreatePolicy ¶ added in v1.1.0
CreatePolicy creates a new policy in your Border0 organization. Policy name must be unique within your organization, otherwise API will return an error. Policy name must contain only lowercase letters, numbers and dashes.
func (*APIClient) CreateSocket ¶
CreateSocket creates a new socket in your Border0 organization. Socket name must be unique within your organization, otherwise, an error will be returned. Socket type is required and must be one of the following: "http", "ssh", "tls" or "database". Socket name name must contain only lowercase letters, numbers and dashes.
func (*APIClient) DeleteConnector ¶ added in v1.0.0
DeleteConnector deletes a connector from your Border0 organization by connector's UUID.
func (*APIClient) DeleteConnectorToken ¶ added in v1.0.0
func (api *APIClient) DeleteConnectorToken(ctx context.Context, connectorID, tokenID string) (err error)
DeleteConnectorToken deletes a token for a connector by connector's UUID and token's UUID.
func (*APIClient) DeletePolicy ¶ added in v1.1.0
DeletePolicy deletes a policy from your Border0 organization by policy ID.
func (*APIClient) DeleteSocket ¶ added in v0.1.22
DeleteSocket deletes a socket in your Border0 organization. If the socket does not exist, no error will be returned.
func (*APIClient) Policies ¶ added in v1.1.0
Policies fetches all policies in your Border0 organization.
func (*APIClient) PoliciesByNames ¶ added in v1.3.0
func (api *APIClient) PoliciesByNames(ctx context.Context, names ...string) (out []Policy, err error)
PoliciesByNames finds policies in your Border0 organization by policy names. If any of the policies does not exist, an error will be returned. When only one policy name is provided, this method will use the /policies/find endpoint, otherwise it will fetch all policies and filter them by name.
func (*APIClient) Policy ¶ added in v1.1.0
Policy fetches a policy from your Border0 organization by policy ID.
func (*APIClient) RemovePoliciesFromSocket ¶ added in v1.3.0
func (api *APIClient) RemovePoliciesFromSocket(ctx context.Context, policyIDs []string, socketID string) (err error)
RemovePoliciesFromSocket detaches multiple policies from a socket by policy IDs and socket ID.
func (*APIClient) RemovePolicyFromSocket ¶ added in v1.1.0
func (api *APIClient) RemovePolicyFromSocket(ctx context.Context, policyID string, socketID string) (err error)
RemovePolicyFromSocket detaches a policy from a socket with policy ID and socket ID.
func (*APIClient) SignSocketKey ¶
func (api *APIClient) SignSocketKey(ctx context.Context, idOrName string, in *SocketKeyToSign) (out *SignedSocketKey, err error)
SignSocketKey generates a signed SSH certificate for a socket. The SSH public key must be in OpenSSH format. The SSH certificate will be valid for 5 minutes. The host key is the public key Border0 server. It can be used to verify the SSH certificate.
func (*APIClient) Socket ¶
Socket fetches a socket by socket UUID or name. Socket UUID is globally unique and socket name is unique within a Border0 organization.
func (*APIClient) SocketConnectors ¶ added in v1.0.0
func (api *APIClient) SocketConnectors(ctx context.Context, idOrName string) (out *SocketConnectors, err error)
SocketConnectors fetches all connectors that are linked to a socket.
func (*APIClient) SocketUpstreamConfigs ¶ added in v1.0.0
func (api *APIClient) SocketUpstreamConfigs(ctx context.Context, idOrName string) (out *SocketUpstreamConfigs, err error)
SocketUpstreamConfigs fetches all upstream configurations for a socket.
func (*APIClient) Sockets ¶ added in v0.1.22
Sockets fetches all sockets in your Border0 organization.
func (*APIClient) TokenClaims ¶
TokenClaims returns the claims of the JWT token.
func (*APIClient) UpdateConnector ¶ added in v1.0.0
func (api *APIClient) UpdateConnector(ctx context.Context, in *Connector) (out *Connector, err error)
UpdateConnector updates an existing connector in your Border0 organization.
type Backoff ¶
Backoff is a callback function which will be called by APIClient when performing retries. It is passed the minimum and maximum durations to backoff between, as well as the attempt number (starting at zero)
type Connector ¶ added in v1.0.0
type Connector struct { // input and output fields Name string `json:"name"` Description string `json:"description,omitempty"` // output field ConnectorID string `json:"connector_id"` // built-in SSH service BuiltInSshServiceEnabled bool `json:"built_in_ssh_service_enabled,omitempty"` BuiltInSshService *Socket `json:"built_in_ssh_service,omitempty"` // optional, nil if built-in SSH service is disabled }
Connector represents a connector in your Border0 organization.
type ConnectorService ¶ added in v1.0.0
type ConnectorService interface { Connector(ctx context.Context, id string) (out *Connector, err error) Connectors(ctx context.Context) (out []Connector, err error) CreateConnector(ctx context.Context, in *Connector) (out *Connector, err error) UpdateConnector(ctx context.Context, in *Connector) (out *Connector, err error) DeleteConnector(ctx context.Context, id string) (err error) ConnectorTokens(ctx context.Context, connectorID string) (out *ConnectorTokens, err error) CreateConnectorToken(ctx context.Context, in *ConnectorToken) (out *ConnectorToken, err error) DeleteConnectorToken(ctx context.Context, connectorID, tokenID string) (err error) }
ConnectorService is an interface for API client methods that interact with Border0 API to manage connectors and connector tokens.
type ConnectorToken ¶ added in v1.0.0
type ConnectorToken struct { // input and output fields ConnectorID string `json:"connector_id"` Name string `json:"name"` ExpiresAt FlexibleTime `json:"expires_at,omitempty"` // additional output fields ID string `json:"id"` Token string `json:"token"` CreatedBy string `json:"created_by"` CreatedAt FlexibleTime `json:"created_at"` }
ConnectorToken represents a token for a connector.
type ConnectorTokens ¶ added in v1.0.0
type ConnectorTokens struct { List []ConnectorToken `json:"list"` Connector Connector `json:"connector"` }
ConnectorTokens represents a list of tokens for a connector.
type Error ¶
type Error struct { Code int `json:"status_code"` Message string `json:"error_message"` Fallback string `json:"message"` }
Error is an error returned by the API server.
func APIErrorFrom ¶
APIErrorFrom creates an Error from an HTTP response.
type FlexibleTime ¶ added in v1.0.0
FlexibleTime is a time.Time that can be unmarshalled from either a string (RFC3339) or a number (unix timestamp). On marshalling, it is always marshalled as a number (unix timestamp). FlexibleTime is used for Border0 API connector token's `expires_at` and `created_at` fields.
func FlexibleTimeFrom ¶ added in v1.0.0
func FlexibleTimeFrom(s string) (FlexibleTime, error)
FlexibleTimeFrom returns a new FlexibleTime set to the given time from a string in RFC3339 format. It's a helper function for FlexibleTime.
func (FlexibleTime) MarshalJSON ¶ added in v1.0.0
func (f FlexibleTime) MarshalJSON() ([]byte, error)
MarshalJSON marshals the FlexibleTime as a unix timestamp.
func (FlexibleTime) String ¶ added in v1.0.0
func (f FlexibleTime) String() string
String returns the FlexibleTime as a string in RFC3339 format. If the FlexibleTime is zero, it returns an empty string.
func (*FlexibleTime) UnmarshalJSON ¶ added in v1.0.0
func (f *FlexibleTime) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals the FlexibleTime from either a string (RFC3339) or a number (unix timestamp).
type HTTPClient ¶
type HTTPClient struct {
// contains filtered or unexported fields
}
HTTPClient is a wrapper around http.Client that handles authentication, request/response encoding/decoding, and error handling.
func (*HTTPClient) Close ¶
func (h *HTTPClient) Close()
Close closes idle connections in the underlying HTTP client.
type HTTPRequester ¶
type HTTPRequester interface { Request(ctx context.Context, method, path string, input, output any) (int, error) Close() }
HTTPRequester is an interface for HTTPClient.
type Option ¶
type Option func(*APIClient)
Option is a function that can be passed to NewAPIClient to configure it.
func WithAuthToken ¶
WithAuthToken sets the auth token for Border0 api calls.
func WithBackoff ¶
WithBackoff sets the backoff function that's used to calculate the wait time between retries of failed api calls.
func WithBaseURL ¶
WithBaseURL sets the base url for Border0 api calls.
func WithRetryMax ¶
WithRetryMax sets the maximum number of retries of failed api calls.
func WithRetryWaitMax ¶
WithRetryWaitMax sets the maximum wait time between retries of failed api calls.
func WithRetryWaitMin ¶
WithRetryWaitMin sets the minimum wait time between retries of failed api calls.
func WithTimeout ¶
WithTimeout sets the timeout for the underlying http client.
type Policy ¶ added in v1.1.0
type Policy struct { ID string `json:"id"` Name string `json:"name"` Description string `json:"description"` OrgID string `json:"org_id"` OrgWide bool `json:"org_wide"` PolicyData PolicyData `json:"policy_data"` CreatedAt time.Time `json:"created_at"` SocketIDs []string `json:"socket_ids"` Deleted bool `json:"deleted"` }
Policy represents a Border0 policy in your organization. See PolicyData for more details about the policy data schema. A policy can be set to be organization-wide, in which case it will be applied to all sockets in your organization. If a policy is not organization-wide, it can be attached to individual sockets. See [AttachPolicyToSocket] and [RemovePolicyFromSocket] for more details.
type PolicyCondition ¶ added in v1.1.0
type PolicyCondition struct { Who PolicyWho `json:"who,omitempty"` Where PolicyWhere `json:"where,omitempty"` When PolicyWhen `json:"when,omitempty"` }
PolicyCondition represents the policy condition schema. A policy condition can define "who", "where" and "when" conditions. See PolicyWho, PolicyWhere and PolicyWhen for more details about the policy condition schema.
type PolicyData ¶ added in v1.1.0
type PolicyData struct { Version string `json:"version"` Action []string `json:"action"` Condition PolicyCondition `json:"condition"` }
PolicyData represents the policy data schema. A policy can have multiple actions, and its condition determines when the actions are applied. See PolicyCondition for more details about the policy condition schema.
type PolicyService ¶ added in v1.1.0
type PolicyService interface { Policy(ctx context.Context, id string) (out *Policy, err error) Policies(ctx context.Context) (out []Policy, err error) PoliciesByNames(ctx context.Context, names ...string) (out []Policy, err error) CreatePolicy(ctx context.Context, in *Policy) (out *Policy, err error) UpdatePolicy(ctx context.Context, id string, in *Policy) (out *Policy, err error) DeletePolicy(ctx context.Context, id string) (err error) AttachPolicyToSocket(ctx context.Context, policyID string, socketID string) (err error) RemovePolicyFromSocket(ctx context.Context, policyID string, socketID string) (err error) AttachPoliciesToSocket(ctx context.Context, policyIDs []string, socketID string) (err error) RemovePoliciesFromSocket(ctx context.Context, policyIDs []string, socketID string) (err error) }
PolicyService is an interface for API client methods that interact with Border0 API to manage policies and policy socket attachments.
type PolicySocketAttachment ¶ added in v1.1.0
type PolicySocketAttachment struct { Action string `json:"action" binding:"required"` ID string `json:"id" binding:"required"` }
PolicySocketAttachment represents a single policy socket attachment. The action can be "add" or "remove", and the ID is the socket ID.
type PolicySocketAttachments ¶ added in v1.1.0
type PolicySocketAttachments struct {
Actions []PolicySocketAttachment `json:"actions"`
}
PolicySocketAttachments represents a list of policy socket attachments. Border0 API client uses this schema to attach or detach a policy to/from a socket.
type PolicyWhen ¶ added in v1.1.0
type PolicyWhen struct { After string `json:"after,omitempty"` Before string `json:"before,omitempty"` TimeOfDayAfter string `json:"time_of_day_after,omitempty"` TimeOfDayBefore string `json:"time_of_day_before,omitempty"` }
PolicyWhen represents the policy condition "when" schema. It specifies when the policy applies to, based on allowed dates and allowed times of day.
type PolicyWhere ¶ added in v1.1.0
type PolicyWhere struct { AllowedIP []string `json:"allowed_ip,omitempty"` Country []string `json:"country,omitempty"` CountryNot []string `json:"country_not,omitempty"` }
PolicyWhere represents the policy condition "where" schema. It specifies where the policy applies to, based on allowed IP addresses, allowed countries and countries not allowed.
type PolicyWho ¶ added in v1.1.0
type PolicyWho struct { Email []string `json:"email,omitempty"` Domain []string `json:"domain,omitempty"` Group []string `json:"group,omitempty"` }
PolicyWho represents the policy condition "who" schema. It specifies who the policy applies to, based on allowed email addresses and allowed email domains.
type Requester ¶
type Requester interface { TokenClaims() (jwt.MapClaims, error) SocketService ConnectorService PolicyService }
Requester is the interface for the Border0 API client.
type SignedSocketKey ¶
type SignedSocketKey struct { SignedSSHCert string `json:"signed_ssh_cert"` HostKey string `json:"host_key"` }
SignedSocketKey represents a signed SSH certificate and the host key.
type Socket ¶
type Socket struct { Name string `json:"name"` SocketID string `json:"socket_id"` SocketType string `json:"socket_type"` Description string `json:"description,omitempty"` UpstreamType string `json:"upstream_type,omitempty"` UpstreamHTTPHostname string `json:"upstream_http_hostname,omitempty"` RecordingEnabled bool `json:"recording_enabled"` Tags map[string]string `json:"tags,omitempty"` // link to a connector with upstream config ConnectorID string `json:"connector_id,omitempty"` UpstreamConfig *service.Configuration `json:"upstream_configuration,omitempty"` // associated policies Policies []Policy `json:"policies,omitempty"` }
Socket represents a socket in Border0 API. A socket can be linked to a connector with upstream configuration. Use `ConnectorID` to link a socket to a connector, and use `UpstreamConfig` to configure upstream for a socket.
type SocketConnector ¶ added in v1.0.0
type SocketConnector struct { ID uint64 `json:"id"` ConnectorID string `json:"connector_id"` ConnectorName string `json:"connector_name"` SocketID string `json:"socket_id"` CreatedAt string `json:"created_at"` UpdatedAt string `json:"updated_at"` }
SocketConnector represents a connector that is linked to a socket.
type SocketConnectors ¶ added in v1.0.0
type SocketConnectors struct {
List []SocketConnector `json:"list"`
}
SocketConnectors represents a list of connectors that are linked to a socket.
type SocketKeyToSign ¶
type SocketKeyToSign struct {
SSHPublicKey string `json:"ssh_public_key"`
}
SocketKeyToSign represents a SSH public key to sign.
type SocketService ¶
type SocketService interface { Socket(ctx context.Context, idOrName string) (out *Socket, err error) Sockets(ctx context.Context) (out []Socket, err error) CreateSocket(ctx context.Context, in *Socket) (out *Socket, err error) UpdateSocket(ctx context.Context, idOrName string, in *Socket) (out *Socket, err error) DeleteSocket(ctx context.Context, idOrName string) (err error) SocketConnectors(ctx context.Context, idOrName string) (out *SocketConnectors, err error) SocketUpstreamConfigs(ctx context.Context, idOrName string) (out *SocketUpstreamConfigs, err error) SignSocketKey(ctx context.Context, idOrName string, in *SocketKeyToSign) (out *SignedSocketKey, err error) }
SocketService is an interface for API client methods that interact with Border0 API to manage sockets.
type SocketUpstreamConfig ¶ added in v1.0.0
type SocketUpstreamConfig struct { Config service.Configuration `json:"config"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` }
SocketUpstreamConfig represents an upstream configuration for a socket.
type SocketUpstreamConfigs ¶ added in v1.0.0
type SocketUpstreamConfigs struct {
List []SocketUpstreamConfig `json:"list"`
}
SocketUpstreamConfigs represents a list of upstream configurations for a socket.