conjurapi

package
v0.12.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 27, 2024 License: Apache-2.0 Imports: 24 Imported by: 39

Documentation

Index

Constants

View Source 
const (
	// HTTPTimeoutDefaultValue is the default value for the HTTP client timeout
	HTTPTimeoutDefaultValue = 60
	// HTTPTimeoutMaxValue is the maximum value allowed for the HTTP client timeout
	HTTPTimeoutMaxValue = 600
	// HTTPDailTimeout is the default value for the DialTimeout in the HTTP client
	HTTPDailTimeout = 10
)
View Source 
const (
	CredentialStorageFile    = "file"
	CredentialStorageKeyring = "keyring"
	CredentialStorageNone    = "none"
)

Variables

View Source 
var ConjurCloudSuffixes = []string{
	".secretsmgr.cyberark.cloud",
	".secretsmgr.integration-cyberark.cloud",
}

Functions

func LoginPairFromEnv 

func LoginPairFromEnv() (*authn.LoginPair, error)

func PurgeCredentials added in v0.11.0 

func PurgeCredentials(config Config) error

PurgeCredentials purges credentials from the credential storage indicated by the configuration.

func ReadResponseBody added in v0.3.0 

func ReadResponseBody(response io.ReadCloser) ([]byte, error)

ReadResponseBody fully reads a response and closes it.

Types

type Authenticator 

type Authenticator interface {
	RefreshToken() ([]byte, error)
	NeedsTokenRefresh() bool
}

type AuthenticatorStatusResponse added in v0.12.5 

type AuthenticatorStatusResponse struct {
	// Status of the policy validation.
	Status string `json:"status"`
	Error  string `json:"error"`
}

AuthenticatorStatusResponse contains information about the status of an authenticator.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient added in v0.11.0 

func NewClient(config Config) (*Client, error)

func NewClientFromEnvironment 

func NewClientFromEnvironment(config Config) (*Client, error)

TODO: Create a version of this function for creating an authenticator from environment

func NewClientFromJwt added in v0.11.0 

func NewClientFromJwt(config Config) (*Client, error)

func NewClientFromKey 

func NewClientFromKey(config Config, loginPair authn.LoginPair) (*Client, error)

func NewClientFromOidcCode added in v0.11.0 

func NewClientFromOidcCode(config Config, code, nonce, code_verifier string) (*Client, error)

func NewClientFromOidcToken added in v0.12.5 

func NewClientFromOidcToken(config Config, token string) (*Client, error)

func NewClientFromToken 

func NewClientFromToken(config Config, token string) (*Client, error)

func NewClientFromTokenFile 

func NewClientFromTokenFile(config Config, tokenFile string) (*Client, error)

func (*Client) AddSecret 

func (c *Client) AddSecret(variableID string, secretValue string) error

AddSecret adds a secret value to a variable.

The authenticated user must have update privilege on the variable.

func (*Client) AddSecretRequest added in v0.11.0 

func (c *Client) AddSecretRequest(variableID, secretValue string) (*http.Request, error)

func (*Client) Authenticate 

func (c *Client) Authenticate(loginPair authn.LoginPair) ([]byte, error)

Authenticate obtains a new access token.

func (*Client) AuthenticateReader added in v0.3.0 

func (c *Client) AuthenticateReader(loginPair authn.LoginPair) (io.ReadCloser, error)

AuthenticateReader obtains a new access token and returns it as a data stream.

func (*Client) AuthenticateRequest added in v0.11.0 

func (c *Client) AuthenticateRequest(loginPair authn.LoginPair) (*http.Request, error)

func (*Client) AuthenticatorStatus added in v0.12.5 

func (c *Client) AuthenticatorStatus(authenticatorType string, serviceID string) (*AuthenticatorStatusResponse, error)

func (*Client) AuthenticatorStatusRequest added in v0.12.5 

func (c *Client) AuthenticatorStatusRequest(authenticatorType string, serviceID string) (*http.Request, error)

func (*Client) ChangeCurrentUserPassword added in v0.11.0 

func (c *Client) ChangeCurrentUserPassword(newPassword string) ([]byte, error)

func (*Client) ChangeUserPassword added in v0.11.0 

func (c *Client) ChangeUserPassword(username string, password string, newPassword string) ([]byte, error)

func (*Client) ChangeUserPasswordRequest added in v0.11.0 

func (c *Client) ChangeUserPasswordRequest(username string, password string, newPassword string) (*http.Request, error)

func (*Client) CheckPermission added in v0.3.0 

func (c *Client) CheckPermission(resourceID string, privilege string) (bool, error)

CheckPermission determines whether the authenticated user has a specified privilege on a resource.

func (*Client) CheckPermissionForRole added in v0.11.0 

func (c *Client) CheckPermissionForRole(resourceID string, roleID string, privilege string) (bool, error)

CheckPermissionForRole determines whether the provided role has a specific privilege on a resource.

func (*Client) CheckPermissionForRoleRequest added in v0.11.0 

func (c *Client) CheckPermissionForRoleRequest(resourceID, roleID, privilege string) (*http.Request, error)

CheckPermissionForRoleRequest crafts an HTTP request to Conjur's /resource endpoint to check if a given role has the given privilege on the given resourceID.

func (*Client) CheckPermissionRequest added in v0.11.0 

func (c *Client) CheckPermissionRequest(resourceID, privilege string) (*http.Request, error)

CheckPermissionRequest crafts an HTTP request to Conjur's /resource endpoint to check if the authenticated user has the given privilege on the given resourceID.

func (*Client) CreateHost added in v0.11.0 

func (c *Client) CreateHost(id string, token string) (HostFactoryHostResponse, error)

func (*Client) CreateHostRequest added in v0.11.0 

func (c *Client) CreateHostRequest(body string, token string) (*http.Request, error)

func (*Client) CreateHostWithAnnotations added in v0.12.4 

func (c *Client) CreateHostWithAnnotations(id string, token string, annotations map[string]string) (HostFactoryHostResponse, error)

CreateHostWithAnnotations creates a new host given a Host ID, HostFactory token, and a map of annotations

func (*Client) CreateToken added in v0.11.0 

func (c *Client) CreateToken(durationStr string, hostFactory string, cidrs []string, count int) ([]HostFactoryTokenResponse, error)

func (*Client) CreateTokenRequest added in v0.11.0 

func (c *Client) CreateTokenRequest(body string) (*http.Request, error)

func (*Client) DeleteToken added in v0.11.0 

func (c *Client) DeleteToken(token string) error

func (*Client) DeleteTokenRequest added in v0.11.0 

func (c *Client) DeleteTokenRequest(token string) (*http.Request, error)

func (*Client) DryRunPolicy added in v0.12.3 

func (c *Client) DryRunPolicy(mode PolicyMode, policyID string, policy io.Reader) (*DryRunPolicyResponse, error)

func (*Client) EnableAuthenticator added in v0.12.4 

func (c *Client) EnableAuthenticator(authenticatorType string, serviceID string, enabled bool) error

EnableAuthenticator enables or disables an authenticator instance

The authenticated user must be admin

func (*Client) EnableAuthenticatorRequest added in v0.12.4 

func (c *Client) EnableAuthenticatorRequest(authenticatorType string, serviceID string, enabled bool) (*http.Request, error)

func (*Client) EnterpriseServerInfo added in v0.12.10 

func (c *Client) EnterpriseServerInfo() (*EnterpriseInfoResponse, error)

EnterpriseServerInfo retrieves the server information from the '/info' endpoint. This is only available in Conjur Enterprise and will fail with a 404 error in Conjur OSS.

func (*Client) FetchPolicy added in v0.12.4 

func (c *Client) FetchPolicy(policyID string, returnJSON bool, policyTreeDepth uint, sizeLimit uint) ([]byte, error)

FetchPolicy creates a request to fetch policy from the system

func (*Client) ForceRefreshToken added in v0.11.0 

func (c *Client) ForceRefreshToken() error

func (*Client) GetAuthenticator added in v0.11.0 

func (c *Client) GetAuthenticator() Authenticator

func (*Client) GetConfig added in v0.5.0 

func (c *Client) GetConfig() Config

func (*Client) GetHttpClient added in v0.5.1 

func (c *Client) GetHttpClient() *http.Client

func (*Client) InternalAuthenticate added in v0.11.0 

func (c *Client) InternalAuthenticate() ([]byte, error)

Authenticate obtains a new access token using the internal authenticator.

func (*Client) JWTAuthenticate added in v0.12.0 

func (c *Client) JWTAuthenticate(jwt, hostID string) ([]byte, error)

func (*Client) JWTAuthenticateRequest added in v0.12.0 

func (c *Client) JWTAuthenticateRequest(token, hostID string) (*http.Request, error)

func (*Client) ListOidcProviders added in v0.11.0 

func (c *Client) ListOidcProviders() ([]OidcProvider, error)

func (*Client) ListOidcProvidersRequest added in v0.11.0 

func (c *Client) ListOidcProvidersRequest() (*http.Request, error)

func (*Client) LoadPolicy 

func (c *Client) LoadPolicy(mode PolicyMode, policyID string, policy io.Reader) (*PolicyResponse, error)

LoadPolicy submits new policy data or policy changes to the server.

The required permission depends on the mode.

func (*Client) LoadPolicyRequest added in v0.11.0 

func (c *Client) LoadPolicyRequest(mode PolicyMode, policyID string, policy io.Reader, validate bool) (*http.Request, error)

func (*Client) Login added in v0.11.0 

func (c *Client) Login(login string, password string) ([]byte, error)

Login exchanges a user's password for an API key.

func (*Client) LoginRequest added in v0.11.0 

func (c *Client) LoginRequest(login string, password string) (*http.Request, error)

func (*Client) NeedsTokenRefresh 

func (c *Client) NeedsTokenRefresh() bool

func (*Client) OidcAuthenticate added in v0.11.0 

func (c *Client) OidcAuthenticate(code, nonce, code_verifier string) ([]byte, error)

func (*Client) OidcAuthenticateRequest added in v0.11.0 

func (c *Client) OidcAuthenticateRequest(code, nonce, code_verifier string) (*http.Request, error)

func (*Client) OidcTokenAuthenticate added in v0.12.5 

func (c *Client) OidcTokenAuthenticate(token string) ([]byte, error)

func (*Client) OidcTokenAuthenticateRequest added in v0.12.5 

func (c *Client) OidcTokenAuthenticateRequest(token string) (*http.Request, error)

func (*Client) PermittedRoles added in v0.11.0 

func (c *Client) PermittedRoles(resourceID, privilege string) ([]string, error)

PermittedRoles lists the roles which have the named permission on a resource

func (*Client) PermittedRolesRequest added in v0.11.0 

func (c *Client) PermittedRolesRequest(resourceID string, privilege string) (*http.Request, error)

func (*Client) PublicKeys added in v0.11.0 

func (c *Client) PublicKeys(kind string, identifier string) ([]byte, error)

func (*Client) PublicKeysRequest added in v0.11.0 

func (c *Client) PublicKeysRequest(kind string, identifier string) (*http.Request, error)

func (*Client) PurgeCredentials added in v0.11.0 

func (c *Client) PurgeCredentials() error

PurgeCredentials purges credentials from the client's credential storage.

func (*Client) RefreshToken 

func (c *Client) RefreshToken() (err error)

func (*Client) Resource added in v0.4.0 

func (c *Client) Resource(resourceID string) (resource map[string]interface{}, err error)

Resource fetches a single user-visible resource by id.

func (*Client) ResourceExists added in v0.11.0 

func (c *Client) ResourceExists(resourceID string) (bool, error)

ResourceExists checks whether or not a resource exists

func (*Client) ResourceIDs added in v0.11.0 

func (c *Client) ResourceIDs(filter *ResourceFilter) ([]string, error)

func (*Client) ResourceRequest added in v0.11.0 

func (c *Client) ResourceRequest(resourceID string) (*http.Request, error)

func (*Client) Resources added in v0.4.0 

func (c *Client) Resources(filter *ResourceFilter) (resources []map[string]interface{}, err error)

Resources fetches user-visible resources. The set of resources can be limited by the given ResourceFilter. If filter is non-nil, only non-zero-valued members of the filter will be applied.

func (*Client) ResourcesRequest added in v0.11.0 

func (c *Client) ResourcesRequest(filter *ResourceFilter) (*http.Request, error)

func (*Client) RetrieveBatchSecrets added in v0.3.3 

func (c *Client) RetrieveBatchSecrets(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecrets fetches values for all variables in a slice using a single API call

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveBatchSecretsRequest added in v0.11.0 

func (c *Client) RetrieveBatchSecretsRequest(variableIDs []string, base64Flag bool) (*http.Request, error)

func (*Client) RetrieveBatchSecretsSafe added in v0.7.0 

func (c *Client) RetrieveBatchSecretsSafe(variableIDs []string) (map[string][]byte, error)

RetrieveBatchSecretsSafe fetches values for all variables in a slice using a single API call. This version of the method will automatically base64-encode the secrets on the server side allowing the retrieval of binary values in batch requests. Secrets are NOT base64 encoded in the returned map.

The authenticated user must have execute privilege on all variables.

func (*Client) RetrieveSecret 

func (c *Client) RetrieveSecret(variableID string) ([]byte, error)

RetrieveSecret fetches a secret from a variable.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretReader added in v0.3.0 

func (c *Client) RetrieveSecretReader(variableID string) (io.ReadCloser, error)

RetrieveSecretReader fetches a secret from a variable and returns it as a data stream.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretRequest added in v0.11.0 

func (c *Client) RetrieveSecretRequest(variableID string) (*http.Request, error)

func (*Client) RetrieveSecretWithVersion added in v0.11.0 

func (c *Client) RetrieveSecretWithVersion(variableID string, version int) ([]byte, error)

RetrieveSecretWithVersion fetches a specific version of a secret from a variable.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretWithVersionReader added in v0.11.0 

func (c *Client) RetrieveSecretWithVersionReader(variableID string, version int) (io.ReadCloser, error)

RetrieveSecretWithVersionReader fetches a specific version of a secret from a variable and returns it as a data stream.

The authenticated user must have execute privilege on the variable.

func (*Client) RetrieveSecretWithVersionRequest added in v0.11.0 

func (c *Client) RetrieveSecretWithVersionRequest(variableID string, version int) (*http.Request, error)

func (*Client) Role added in v0.11.0 

func (c *Client) Role(roleID string) (role map[string]interface{}, err error)

Role fetches detailed information about a specific role, including the role members

func (*Client) RoleExists added in v0.11.0 

func (c *Client) RoleExists(roleID string) (bool, error)

RoleExists checks whether or not a role exists

func (*Client) RoleMembers added in v0.11.0 

func (c *Client) RoleMembers(roleID string) (members []map[string]interface{}, err error)

RoleMembers fetches members within a role

func (*Client) RoleMembersRequest added in v0.11.0 

func (c *Client) RoleMembersRequest(roleID string) (*http.Request, error)

func (*Client) RoleMemberships added in v0.11.0 

func (c *Client) RoleMemberships(roleID string) (memberships []map[string]interface{}, err error)

RoleMemberships fetches memberships of a role, including only roles for which the given ID is a direct member

func (*Client) RoleMembershipsAll added in v0.12.5 

func (c *Client) RoleMembershipsAll(roleID string) (memberships []string, err error)

RoleMembershipsAll fetches all memberships of a role, including inherited memberships, returning a list of member IDs

func (*Client) RoleMembershipsRequest added in v0.11.0 

func (c *Client) RoleMembershipsRequest(roleID string) (*http.Request, error)

func (*Client) RoleMembershipsRequestWithOptions added in v0.12.5 

func (c *Client) RoleMembershipsRequestWithOptions(roleID string, includeAll bool) (*http.Request, error)

RoleMembershipsRequestWithOptions crafts an HTTP request to Conjur's /role endpoint allowing for either direct or all memberships to be returned.

func (*Client) RoleRequest added in v0.11.0 

func (c *Client) RoleRequest(roleID string) (*http.Request, error)

func (*Client) RootRequest added in v0.12.10 

func (c *Client) RootRequest() (*http.Request, error)

RootRequest crafts an HTTP request to Conjur's root endpoint. In older versions of Conjur this will return an HTML page which will include some information about the server. In newer versions of Conjur this will return a JSON object with information about the server.

func (*Client) RotateAPIKey added in v0.3.0 

func (c *Client) RotateAPIKey(roleID string) ([]byte, error)

RotateAPIKey replaces the API key of a role on the server with a new random secret. Given that a fully-qualified resource id resembles '<account>:<kind>:<identifier>', argument roleID must be at least partially-qualified.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyReader added in v0.3.0 

func (c *Client) RotateAPIKeyReader(roleID string) (io.ReadCloser, error)

RotateAPIKeyReader replaces the API key of a role on the server with a new random secret and returns it as a data stream.

The authenticated user must have update privilege on the role.

func (*Client) RotateAPIKeyRequest added in v0.11.0 

func (c *Client) RotateAPIKeyRequest(roleID string) (*http.Request, error)

RotateAPIKeyRequest requires roleID argument to be at least partially-qualified ID of from [<account>:]<kind>:<identifier>.

func (*Client) RotateCurrentRoleAPIKey added in v0.12.5 

func (c *Client) RotateCurrentRoleAPIKey() ([]byte, error)

RotateCurrentRoleAPIKey replaces the API key of the currently authenticated role with a new random secret.

func (*Client) RotateCurrentRoleAPIKeyRequest added in v0.12.5 

func (c *Client) RotateCurrentRoleAPIKeyRequest(login string, password string) (*http.Request, error)

func (*Client) RotateCurrentUserAPIKey added in v0.11.0 

func (c *Client) RotateCurrentUserAPIKey() ([]byte, error)

RotateCurrentUserAPIKey replaces the API key of the currently authenticated role with a new random secret. It is a wrapper for RotateCurrentRoleAPIKey for backwards-compatiblity.

func (*Client) RotateCurrentUserAPIKeyRequest added in v0.11.0 

func (c *Client) RotateCurrentUserAPIKeyRequest(login string, password string) (*http.Request, error)

func (*Client) RotateHostAPIKey added in v0.11.0 

func (c *Client) RotateHostAPIKey(hostID string) ([]byte, error)

RotateHostAPIKey constructs a role ID from a given host ID then replaces the API key of the role with a new random secret. Given that a fully-qualified resource ID resembles '<account>:<kind>:<identifier>', argument hostID will be accepted as either fully- or partially-qualified, but the provided role must be a host.

The authenticated user must have update privilege on the role.

func (*Client) RotateUserAPIKey added in v0.11.0 

func (c *Client) RotateUserAPIKey(userID string) ([]byte, error)

RotateUserAPIKey constructs a role ID from a given user ID then replaces the API key of the role with a new random secret. Given that a fully-qualified resource ID resembles '<account>:<kind>:<identifier>', argument userID will be accepted as either fully- or partially-qualified, but the provided role must be a user.

The authenticated user must have update privilege on the role.

func (*Client) ServerInfoRequest added in v0.12.10 

func (c *Client) ServerInfoRequest() (*http.Request, error)

ServerInfoRequest crafts an HTTP request to Conjur's /info endpoint to retrieve This is only available in Conjur Enterprise and will fail with a 404 error in Conjur OSS.

func (*Client) ServerVersion added in v0.12.10 

func (c *Client) ServerVersion() (string, error)

ServerVersion retrieves the Conjur server version, either from the '/info' endpoint in Conjur Enterprise, or from the root endpoint in Conjur OSS. The version returned corresponds to the Conjur OSS version, which in Conjur Enterprise is the version of the 'possum' service.

func (*Client) ServerVersionFromRoot added in v0.12.10 

func (c *Client) ServerVersionFromRoot() (string, error)

ServerVersionFromRoot retrieves the server version from the root endpoint. This is a fallback method in case the '/info' endpoint is not available (such as in Conjur OSS). In older versions of Conjur, the version was only available in an HTML response, and this method will parse it from there. In newer Conjur versions, the version is available in a JSON response.

func (*Client) SetAuthenticator added in v0.11.0 

func (c *Client) SetAuthenticator(authenticator Authenticator)

func (*Client) SetHttpClient added in v0.5.1 

func (c *Client) SetHttpClient(httpClient *http.Client)

func (*Client) SubmitRequest 

func (c *Client) SubmitRequest(req *http.Request) (resp *http.Response, err error)

func (*Client) VerifyMinServerVersion added in v0.12.10 

func (c *Client) VerifyMinServerVersion(minVersion string) error

VerifyMinServerVersion checks if the server version is at least a certain version, using semantic versioning.

func (*Client) WhoAmI added in v0.11.0 

func (c *Client) WhoAmI() ([]byte, error)

WhoAmI obtains information on the current user.

func (*Client) WhoAmIRequest added in v0.11.0 

func (c *Client) WhoAmIRequest() (*http.Request, error)

type Config 

type Config struct {
	Account           string `yaml:"account,omitempty"`
	ApplianceURL      string `yaml:"appliance_url,omitempty"`
	NetRCPath         string `yaml:"netrc_path,omitempty"`
	SSLCert           string `yaml:"-"`
	SSLCertPath       string `yaml:"cert_file,omitempty"`
	AuthnType         string `yaml:"authn_type,omitempty"`
	ServiceID         string `yaml:"service_id,omitempty"`
	CredentialStorage string `yaml:"credential_storage,omitempty"`
	JWTHostID         string `yaml:"jwt_host_id,omitempty"`
	JWTContent        string `yaml:"-"`
	JWTFilePath       string `yaml:"jwt_file,omitempty"`
	HTTPTimeout       int    `yaml:"http_timeout,omitempty"`
}

func LoadConfig 

func LoadConfig() (Config, error)

func (*Config) BaseURL 

func (c *Config) BaseURL() string

func (*Config) Conjurrc added in v0.11.0 

func (c *Config) Conjurrc() []byte

func (*Config) GetHttpTimeout added in v0.11.2 

func (c *Config) GetHttpTimeout() int

The GetHttpTimeout function retrieves the Timeout value from the config struc. If config.HTTPTimeout is - less than 0, GetHttpTimeout returns the default value (constant HTTPTimeoutDefaultValue) - equal to 0, GetHttpTimeout assumes no value passed and returns the default value (constant HTTPTimeoutDefaultValue) - grater than HTTPTimeoutMaxValue, GetHttpTimeout returns the default value (constant HTTPTimeoutDefaultValue) Otherwise, GetHttpTimeout returns the value of config.HTTPTimeout

func (*Config) IsHttps added in v0.5.0 

func (c *Config) IsHttps() bool

func (*Config) ReadSSLCert 

func (c *Config) ReadSSLCert() ([]byte, error)

func (*Config) Validate added in v0.11.0 

func (c *Config) Validate() error

type CreatedRole added in v0.3.0 

type CreatedRole struct {
	ID     string `json:"id"`
	APIKey string `json:"api_key,omitempty"`
}

CreatedRole contains the full role ID and API key of a role which was created by the server when loading a policy.

type CredentialStorageProvider added in v0.11.0 

type CredentialStorageProvider interface {
	StoreCredentials(login string, password string) error
	ReadCredentials() (login string, password string, err error)
	ReadAuthnToken() ([]byte, error)
	StoreAuthnToken(token []byte) error
	PurgeCredentials() error
}

type DryRunError added in v0.12.9 

type DryRunError struct {
	Line    int    `json:"line"`
	Column  int    `json:"column"`
	Message string `json:"message"`
}

DryRunError contains information about any errors that occurred during policy validation.

type DryRunPolicyResponse added in v0.12.3 

type DryRunPolicyResponse struct {
	// Status of the policy validation.
	Status  string                    `json:"status"`
	Created DryRunPolicyResponseItems `json:"created"`
	Updated DryRunPolicyUpdates       `json:"updated"`
	Deleted DryRunPolicyResponseItems `json:"deleted"`
	Errors  []DryRunError             `json:"errors"`
}

DryRunPolicyResponse contains information about the policy validation and whether it was successful.

type DryRunPolicyResponseItems added in v0.12.9 

type DryRunPolicyResponseItems struct {
	Items []Resource `json:"items"`
}

DryRunPolicyResponseItems contains Conjur Resources.

type DryRunPolicyUpdates added in v0.12.9 

type DryRunPolicyUpdates struct {
	Before DryRunPolicyResponseItems `json:"before"`
	After  DryRunPolicyResponseItems `json:"after"`
}

DryRunPolicyUpdates defines the specific policy dry run response details on which policy updates are modified by a policy load.

type EnterpriseInfoResponse added in v0.12.10 

type EnterpriseInfoResponse struct {
	Release        string                           `json:"release"`
	Version        string                           `json:"version"`
	Services       map[string]EnterpriseInfoService `json:"services"`
	Container      string                           `json:"container"`
	Role           string                           `json:"role"`
	Configuration  interface{}                      `json:"configuration"`
	Authenticators interface{}                      `json:"authenticators"`
	FipsMode       string                           `json:"fips_mode"`
	FeatureFlags   interface{}                      `json:"feature_flags"`
}

type EnterpriseInfoService added in v0.12.10 

type EnterpriseInfoService struct {
	Desired     string `json:"desired"`
	Status      string `json:"status"`
	Err         string `json:"err"`
	Description string `json:"description"`
	Name        string `json:"name"`
	Version     string `json:"version"`
	Arch        string `json:"arch"`
}

type HostFactoryHostResponse added in v0.11.0 

type HostFactoryHostResponse struct {
	CreatedAt    string       `json:"created_at"`
	Id           string       `json:"id"`
	Owner        string       `json:"owner"`
	Permissions  []string     `json:"permissions"`
	Annotations  []annotation `json:"annotations"`
	RestrictedTo []string     `json:"restricted_to"`
	ApiKey       string       `json:"api_key"`
}

type HostFactoryTokenResponse added in v0.11.0 

type HostFactoryTokenResponse struct {
	Expiration string   `json:"expiration"`
	Cidr       []string `json:"cidr"`
	Token      string   `json:"token"`
}

type OidcProvider added in v0.11.0 

type OidcProvider struct {
	ServiceID    string `json:"service_id"`
	Type         string `json:"type"`
	Name         string `json:"name"`
	Nonce        string `json:"nonce"`
	CodeVerifier string `json:"code_verifier"`
	RedirectURI  string `json:"redirect_uri"`
}

OidcProvider contains information about an OIDC provider.

type PolicyMode added in v0.3.0 

type PolicyMode uint

PolicyMode defines the server-sized behavior when loading a policy. 

const (
	// PolicyModePost appends new data to the policy.
	PolicyModePost PolicyMode = 1
	// PolicyModePut completely replaces the policy, implicitly deleting data which is not present in the new policy.
	PolicyModePut PolicyMode = 2
	// PolicyModePatch adds policy data and explicitly deletes policy data.
	PolicyModePatch PolicyMode = 3
)

type PolicyResponse added in v0.3.0 

type PolicyResponse struct {
	// Newly created roles.
	CreatedRoles map[string]CreatedRole `json:"created_roles"`
	// The version number of the policy.
	Version uint32 `json:"version"`
}

PolicyResponse contains information about the policy update.

type Resource added in v0.12.9 

type Resource struct {

	//* Fields for all resources
	Identifier  string            `json:"identifier"`
	Id          string            `json:"id"`
	Type        string            `json:"type"`
	Owner       string            `json:"owner"`
	Policy      string            `json:"policy"`
	Annotations map[string]string `json:"annotations"`

	//* Field exlusively for roles
	Permitted *map[string][]string `json:"permitted,omitempty"`

	//* Fields that we do not put into json for Roles
	Permissions  *map[string][]string `json:"permissions,omitempty"`
	Members      *[]string            `json:"members,omitempty"`
	Memberships  *[]string            `json:"memberships,omitempty"`
	RestrictedTo *[]string            `json:"restricted_to,omitempty"`
}

Resource contains information about the Conjur Resource

type ResourceFilter added in v0.4.0 

type ResourceFilter struct {
	Kind   string
	Search string
	Limit  int
	Offset int
	Role   string
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.