ticket

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 7, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ControlAll = [...]Control{ControlPagerDutyId, ControlRationale, ControlTicketId}

ControlAll holds all labels for Control.

View Source 
var ListServiceDesc rpc.InterfaceDesc = descListService

ListServiceDesc describes the ListService interface.

View Source 
var TicketServiceDesc rpc.InterfaceDesc = descTicketService

TicketServiceDesc describes the TicketService interface.

Functions

func VDLReadTicket 

func VDLReadTicket(dec vdl.Decoder, x *Ticket) error

Types

type AwsAssumeRoleBuilder 

type AwsAssumeRoleBuilder struct {
	Region string
	Role   string
	TtlSec int32
}

AwsAssumeRoleBuilder describes the information required to obtain a temporary set of AWS credentials (which can be described using AwsCredentials) using the AssumeRole call from Security Token Service (STS).

func (AwsAssumeRoleBuilder) VDLIsZero 

func (x AwsAssumeRoleBuilder) VDLIsZero() bool

func (*AwsAssumeRoleBuilder) VDLRead 

func (x *AwsAssumeRoleBuilder) VDLRead(dec vdl.Decoder) error

func (AwsAssumeRoleBuilder) VDLReflect 

func (AwsAssumeRoleBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsAssumeRoleBuilder"`
})

func (AwsAssumeRoleBuilder) VDLWrite 

func (x AwsAssumeRoleBuilder) VDLWrite(enc vdl.Encoder) error

type AwsComputeInstancesBuilder added in v0.0.10 

type AwsComputeInstancesBuilder struct {
	// Instance Filters that will produce a list of instance IDs and related information
	// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
	InstanceFilters []Parameter
	// AWS ARN for a role that should be used to perform the instance lookups
	AwsAccountLookupRole string
	// AWS region to use for the lookup
	Region string
}

func (AwsComputeInstancesBuilder) VDLIsZero added in v0.0.10 

func (x AwsComputeInstancesBuilder) VDLIsZero() bool

func (*AwsComputeInstancesBuilder) VDLRead added in v0.0.10 

func (x *AwsComputeInstancesBuilder) VDLRead(dec vdl.Decoder) error

func (AwsComputeInstancesBuilder) VDLReflect added in v0.0.10 

func (AwsComputeInstancesBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsComputeInstancesBuilder"`
})

func (AwsComputeInstancesBuilder) VDLWrite added in v0.0.10 

func (x AwsComputeInstancesBuilder) VDLWrite(enc vdl.Encoder) error

type AwsCredentials 

type AwsCredentials struct {
	Region          string
	AccessKeyId     string
	SecretAccessKey string
	SessionToken    string
	// Expiration indicates the date on which the credentials expire.
	Expiration string
}

AwsCredentials describes a set of (potentially temporary) AWS credentials.

func (AwsCredentials) VDLIsZero 

func (x AwsCredentials) VDLIsZero() bool

func (*AwsCredentials) VDLRead 

func (x *AwsCredentials) VDLRead(dec vdl.Decoder) error

func (AwsCredentials) VDLReflect 

func (AwsCredentials) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsCredentials"`
})

func (AwsCredentials) VDLWrite 

func (x AwsCredentials) VDLWrite(enc vdl.Encoder) error

type AwsSessionBuilder 

type AwsSessionBuilder struct {
	AwsCredentials AwsCredentials
	// TTL in seconds for the generated AWS credential from 900-129600.
	TtlSec int32
}

AwsSessionBuilder describes the information required to obtain a temporary set of AWS credentials (described using AwsCredentials) then using the GetSessionToken call from Security Token Service (STS).

func (AwsSessionBuilder) VDLIsZero 

func (x AwsSessionBuilder) VDLIsZero() bool

func (*AwsSessionBuilder) VDLRead 

func (x *AwsSessionBuilder) VDLRead(dec vdl.Decoder) error

func (AwsSessionBuilder) VDLReflect 

func (AwsSessionBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsSessionBuilder"`
})

func (AwsSessionBuilder) VDLWrite 

func (x AwsSessionBuilder) VDLWrite(enc vdl.Encoder) error

type AwsTicket 

type AwsTicket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	AwsSessionBuilder    *AwsSessionBuilder
	AwsCredentials       AwsCredentials
}

AwsTicket is a ticket that contains a set of (potentially temporary) AWS credentials.

func (AwsTicket) VDLIsZero 

func (x AwsTicket) VDLIsZero() bool

func (*AwsTicket) VDLRead 

func (x *AwsTicket) VDLRead(dec vdl.Decoder) error

func (AwsTicket) VDLReflect 

func (AwsTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsTicket"`
})

func (AwsTicket) VDLWrite 

func (x AwsTicket) VDLWrite(enc vdl.Encoder) error

type B2AccountAuthorizationBuilder 

type B2AccountAuthorizationBuilder struct {
	AccountId      string
	ApplicationKey string
}

B2AccountAuthorizationBuilder describes the information required to obtain a B2 account authorization.

func (B2AccountAuthorizationBuilder) VDLIsZero 

func (x B2AccountAuthorizationBuilder) VDLIsZero() bool

func (*B2AccountAuthorizationBuilder) VDLRead 

func (x *B2AccountAuthorizationBuilder) VDLRead(dec vdl.Decoder) error

func (B2AccountAuthorizationBuilder) VDLReflect 

func (B2AccountAuthorizationBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.B2AccountAuthorizationBuilder"`
})

func (B2AccountAuthorizationBuilder) VDLWrite 

func (x B2AccountAuthorizationBuilder) VDLWrite(enc vdl.Encoder) error

type B2Ticket 

type B2Ticket struct {
	B2AccountAuthorizationBuilder *B2AccountAuthorizationBuilder
	AccountId                     string
	AuthorizationToken            string
	ApiUrl                        string
	DownloadUrl                   string
	RecommendedPartSize           int64
	AbsoluteMinimumPartSize       int64
}

B2Ticket instance contains a B2 account level authorization token plus URLs and configuration values for the account.

func (B2Ticket) VDLIsZero 

func (x B2Ticket) VDLIsZero() bool

func (*B2Ticket) VDLRead 

func (x *B2Ticket) VDLRead(dec vdl.Decoder) error

func (B2Ticket) VDLReflect 

func (B2Ticket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.B2Ticket"`
})

func (B2Ticket) VDLWrite 

func (x B2Ticket) VDLWrite(enc vdl.Encoder) error

type Builder 

type Builder interface {
	Build(ctx *TicketContext, parameters []Parameter) (Ticket, error)
}

Builder is the interface for building a Ticket.

type ComputeInstance added in v0.0.10 

type ComputeInstance struct {
	PublicIp   string
	PrivateIp  string
	InstanceId string
	Tags       []Parameter
}

Simplification of describeInstance data to provide to ticket-server users

func AwsEc2InstanceLookup added in v0.0.10 

func AwsEc2InstanceLookup(ctx *TicketContext, builder *AwsComputeInstancesBuilder) ([]ComputeInstance, error)

Returns a list of Compute Instances that match the filter

func (ComputeInstance) VDLIsZero added in v0.0.10 

func (x ComputeInstance) VDLIsZero() bool

func (*ComputeInstance) VDLRead added in v0.0.10 

func (x *ComputeInstance) VDLRead(dec vdl.Decoder) error

func (ComputeInstance) VDLReflect added in v0.0.10 

func (ComputeInstance) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.ComputeInstance"`
})

func (ComputeInstance) VDLWrite added in v0.0.10 

func (x ComputeInstance) VDLWrite(enc vdl.Encoder) error

type Config 

type Config struct {
	Tickets     map[string]TicketConfig
	Permissions access.Permissions
}

func (Config) VDLIsZero 

func (x Config) VDLIsZero() bool

func (*Config) VDLRead 

func (x *Config) VDLRead(dec vdl.Decoder) error

func (Config) VDLReflect 

func (Config) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Config"`
})

func (Config) VDLWrite 

func (x Config) VDLWrite(enc vdl.Encoder) error

type Control added in v0.0.11 

type Control int

TicketConfig Controls fields 

const (
	ControlPagerDutyId Control = iota
	ControlRationale
	ControlTicketId
)

func ControlFromString added in v0.0.11 

func ControlFromString(label string) (x Control, err error)

ControlFromString creates a Control from a string label.

func (*Control) Set added in v0.0.11 

func (x *Control) Set(label string) error

Set assigns label to x.

func (Control) String added in v0.0.11 

func (x Control) String() string

String returns the string label of x.

func (Control) VDLIsZero added in v0.0.11 

func (x Control) VDLIsZero() bool

func (*Control) VDLRead added in v0.0.11 

func (x *Control) VDLRead(dec vdl.Decoder) error

func (Control) VDLReflect added in v0.0.11 

func (Control) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Control"`
	Enum struct{ PagerDutyId, Rationale, TicketId string }
})

func (Control) VDLWrite added in v0.0.11 

func (x Control) VDLWrite(enc vdl.Encoder) error

type DockerClientTicket 

type DockerClientTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	// Url indicates the Docker host the client can connect to.
	Url string
}

DockerClientTicket instance represents the TLS certificate material required for clients to authenticate against a specific DockerServer.

func (DockerClientTicket) VDLIsZero 

func (x DockerClientTicket) VDLIsZero() bool

func (*DockerClientTicket) VDLRead 

func (x *DockerClientTicket) VDLRead(dec vdl.Decoder) error

func (DockerClientTicket) VDLReflect 

func (DockerClientTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerClientTicket"`
})

func (DockerClientTicket) VDLWrite 

func (x DockerClientTicket) VDLWrite(enc vdl.Encoder) error

type DockerServerTicket 

type DockerServerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
}

DockerServerTicket instance represents a Docker Server and the TLS certificate material required for clients to verify and authenticate it.

func (DockerServerTicket) VDLIsZero 

func (x DockerServerTicket) VDLIsZero() bool

func (*DockerServerTicket) VDLRead 

func (x *DockerServerTicket) VDLRead(dec vdl.Decoder) error

func (DockerServerTicket) VDLReflect 

func (DockerServerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerServerTicket"`
})

func (DockerServerTicket) VDLWrite 

func (x DockerServerTicket) VDLWrite(enc vdl.Encoder) error

type DockerTicket 

type DockerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	Url                     string
}

DockerTicket instance represents a Docker repository and the TLS certificate material required to verify and authenticate to it. TODO(razvanm): Remove DockerTicket and replace with DockerServerTicket 

and DockerClientTicket

func (DockerTicket) VDLIsZero 

func (x DockerTicket) VDLIsZero() bool

func (*DockerTicket) VDLRead 

func (x *DockerTicket) VDLRead(dec vdl.Decoder) error

func (DockerTicket) VDLReflect 

func (DockerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerTicket"`
})

func (DockerTicket) VDLWrite 

func (x DockerTicket) VDLWrite(enc vdl.Encoder) error

type EcrTicket 

type EcrTicket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	// The base64-encoded authorization token which can be presented directly to
	// the Docker registry.
	// Reference: https://docs.docker.com/registry/spec/auth/token/
	AuthorizationToken string
	// Expiration indicates the date on which the authorization token expire.
	Expiration string
	// The register URL ("https://${ACCOUNTID}.dkr.ecr.region.amazonaws.com").
	Endpoint string
}

EcrTicket describes an AWS EC2 Container Registry.

func (EcrTicket) VDLIsZero 

func (x EcrTicket) VDLIsZero() bool

func (*EcrTicket) VDLRead 

func (x *EcrTicket) VDLRead(dec vdl.Decoder) error

func (EcrTicket) VDLReflect 

func (EcrTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.EcrTicket"`
})

func (EcrTicket) VDLWrite 

func (x EcrTicket) VDLWrite(enc vdl.Encoder) error

type GenericTicket 

type GenericTicket struct {
	Data []byte
}

GenericTicket describes a generic unstructured piece of data. This can be used to store arbitrary secrets for example.

func (GenericTicket) VDLIsZero 

func (x GenericTicket) VDLIsZero() bool

func (*GenericTicket) VDLRead 

func (x *GenericTicket) VDLRead(dec vdl.Decoder) error

func (GenericTicket) VDLReflect 

func (GenericTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.GenericTicket"`
})

func (GenericTicket) VDLWrite 

func (x GenericTicket) VDLWrite(enc vdl.Encoder) error

type Getter added in v0.0.11 

type Getter func(ctx *context.T, key string) (Ticket, error)

A Getter retrieves a ticket value for the key.

Users of this package should use the default Client. This type exists primarily for unit tests which do not rely on the ticket-server. 

var Client Getter = func(ctx *context.T, key string) (Ticket, error) {
	return TicketServiceClient(key).Get(ctx)
}

Client is the default Getter which uses Vanadium to interact with the ticket-server.

For example, to get a string value: 

myValue, err := ticket.Client.GetString(ctx, "ticket/path")

func (Getter) GetAws added in v0.0.11 

func (g Getter) GetAws(ctx *context.T, path ...string) (aws AwsTicket, err error)

GetAws credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetB2 added in v0.0.11 

func (g Getter) GetB2(ctx *context.T, path ...string) (B2 B2Ticket, err error)

GetB2 credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetData added in v0.0.11 

func (g Getter) GetData(ctx *context.T, path ...string) (data []byte, err error)

GetData for key from the ticket-server. It must be stored in a GenericTicket. Path components will be joined with a `/`.

func (Getter) GetDocker added in v0.0.11 

func (g Getter) GetDocker(ctx *context.T, path ...string) (Docker DockerTicket, err error)

GetDocker credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetDockerClient added in v0.0.11 

func (g Getter) GetDockerClient(ctx *context.T, path ...string) (DockerClient DockerClientTicket, err error)

GetDockerClient credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetDockerServer added in v0.0.11 

func (g Getter) GetDockerServer(ctx *context.T, path ...string) (DockerServer DockerServerTicket, err error)

GetDockerServer credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetEcr added in v0.0.11 

func (g Getter) GetEcr(ctx *context.T, path ...string) (Ecr EcrTicket, err error)

GetEcr endpoint and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetS3 added in v0.0.11 

func (g Getter) GetS3(ctx *context.T, path ...string) (S3 S3Ticket, err error)

GetS3 credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetSshCertificate added in v0.0.11 

func (g Getter) GetSshCertificate(ctx *context.T, path ...string) (SshCertificate SshCertificateTicket, err error)

GetSshCertificate for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetString added in v0.0.11 

func (g Getter) GetString(ctx *context.T, path ...string) (value string, err error)

GetString for key from the ticket-server. It must be stored in a GenericTicket. Path components will be joined with a `/`.

func (Getter) GetTlsClient added in v0.0.11 

func (g Getter) GetTlsClient(ctx *context.T, path ...string) (TlsClient TlsClientTicket, err error)

GetTlsClient credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetTlsServer added in v0.0.11 

func (g Getter) GetTlsServer(ctx *context.T, path ...string) (TlsServer TlsServerTicket, err error)

GetTlsServer credentials and helpers for key from the ticket-server. Path components will be joined with a `/`.

func (Getter) GetVanadium added in v0.0.11 

func (g Getter) GetVanadium(ctx *context.T, path ...string) (Vanadium VanadiumTicket, err error)

GetVanadium blessing and helpers for key from the ticket-server. Path components will be joined with a `/`.

type ListServiceClientMethods added in v0.0.11 

type ListServiceClientMethods interface {
	List(*context.T, ...rpc.CallOpt) ([]string, error)
}

ListServiceClientMethods is the client interface containing ListService methods.

type ListServiceClientStub added in v0.0.11 

type ListServiceClientStub interface {
	ListServiceClientMethods
}

ListServiceClientStub embeds ListServiceClientMethods and is a placeholder for additional management operations.

func ListServiceClient added in v0.0.11 

func ListServiceClient(name string) ListServiceClientStub

ListServiceClient returns a client stub for ListService.

type ListServiceServerMethods added in v0.0.11 

type ListServiceServerMethods interface {
	List(*context.T, rpc.ServerCall) ([]string, error)
}

ListServiceServerMethods is the interface a server writer implements for ListService.

type ListServiceServerStub added in v0.0.11 

type ListServiceServerStub interface {
	ListServiceServerStubMethods
	// DescribeInterfaces the ListService interfaces.
	Describe__() []rpc.InterfaceDesc
}

ListServiceServerStub adds universal methods to ListServiceServerStubMethods.

func ListServiceServer added in v0.0.11 

func ListServiceServer(impl ListServiceServerMethods) ListServiceServerStub

ListServiceServer returns a server stub for ListService. It converts an implementation of ListServiceServerMethods into an object that may be used by rpc.Server.

type ListServiceServerStubMethods added in v0.0.11 

type ListServiceServerStubMethods ListServiceServerMethods

ListServiceServerStubMethods is the server interface containing ListService methods, as expected by rpc.Server. There is no difference between this interface and ListServiceServerMethods since there are no streaming methods.

type Parameter added in v0.0.10 

type Parameter struct {
	Key   string
	Value string
}

Key/Value pair that can be passed into the GET request.

func (Parameter) VDLIsZero added in v0.0.10 

func (x Parameter) VDLIsZero() bool

func (*Parameter) VDLRead added in v0.0.10 

func (x *Parameter) VDLRead(dec vdl.Decoder) error

func (Parameter) VDLReflect added in v0.0.10 

func (Parameter) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Parameter"`
})

func (Parameter) VDLWrite added in v0.0.10 

func (x Parameter) VDLWrite(enc vdl.Encoder) error

type S3Ticket 

type S3Ticket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	AwsSessionBuilder    *AwsSessionBuilder
	AwsCredentials       AwsCredentials
	Endpoint             string
	Bucket               string
	Prefix               string
}

S3Ticket describes an AWS S3 object or prefix.

func (S3Ticket) VDLIsZero 

func (x S3Ticket) VDLIsZero() bool

func (*S3Ticket) VDLRead 

func (x *S3Ticket) VDLRead(dec vdl.Decoder) error

func (S3Ticket) VDLReflect 

func (S3Ticket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.S3Ticket"`
})

func (S3Ticket) VDLWrite 

func (x S3Ticket) VDLWrite(enc vdl.Encoder) error

type SshCert added in v0.0.10 

type SshCert struct {
	// ssh-encoded certificate (host or user).
	Cert string
}

SshCert describes a ssh public Certifcate

func (SshCert) VDLIsZero added in v0.0.10 

func (x SshCert) VDLIsZero() bool

func (*SshCert) VDLRead added in v0.0.10 

func (x *SshCert) VDLRead(dec vdl.Decoder) error

func (SshCert) VDLReflect added in v0.0.10 

func (SshCert) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCert"`
})

func (SshCert) VDLWrite added in v0.0.10 

func (x SshCert) VDLWrite(enc vdl.Encoder) error

type SshCertAuthorityBuilder added in v0.0.10 

type SshCertAuthorityBuilder struct {
	// ssh-encoded private key of the Certificate Authority.
	CaPrivateKey string
	// ssh-encoded Certificate
	CaCertificate string
	// ssh-encoded Public key that will be signed to create the certificate.
	PublicKey string
	// Additional SSH Cert options like
	//    permit-X11-forwarding
	//    permit-agent-forwarding
	//    permit-port-forwarding
	//    permit-pty
	//    permit-user-rc
	ExtensionsOptions []string
	// Additional SSH Options that are required to be valid/accepted
	CriticalOptions []string
	// The Usernames that this key can connect as - defaults as
	//   ubuntu
	//   core
	//   ec2-user
	Principals []string
	// TTL for the generated cert - user cert < 60 ; host cert < 2628000 (5 years)
	TtlMin int32
}

func (SshCertAuthorityBuilder) VDLIsZero added in v0.0.10 

func (x SshCertAuthorityBuilder) VDLIsZero() bool

func (*SshCertAuthorityBuilder) VDLRead added in v0.0.10 

func (x *SshCertAuthorityBuilder) VDLRead(dec vdl.Decoder) error

func (SshCertAuthorityBuilder) VDLReflect added in v0.0.10 

func (SshCertAuthorityBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCertAuthorityBuilder"`
})

func (SshCertAuthorityBuilder) VDLWrite added in v0.0.10 

func (x SshCertAuthorityBuilder) VDLWrite(enc vdl.Encoder) error

type SshCertificateTicket added in v0.0.10 

type SshCertificateTicket struct {
	SshCertAuthorityBuilder    *SshCertAuthorityBuilder
	AwsComputeInstancesBuilder *AwsComputeInstancesBuilder
	ComputeInstances           []ComputeInstance
	Credentials                SshCert
	// Recommended username to use
	Username string
}

SshCertificateTicket describes a SSH Signed Certificate. SSH Certificates are essentially a version of TLS certs but they have additional optional parameters and can take a public key as part of their signing request.

func (SshCertificateTicket) VDLIsZero added in v0.0.10 

func (x SshCertificateTicket) VDLIsZero() bool

func (*SshCertificateTicket) VDLRead added in v0.0.10 

func (x *SshCertificateTicket) VDLRead(dec vdl.Decoder) error

func (SshCertificateTicket) VDLReflect added in v0.0.10 

func (SshCertificateTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCertificateTicket"`
})

func (SshCertificateTicket) VDLWrite added in v0.0.10 

func (x SshCertificateTicket) VDLWrite(enc vdl.Encoder) error

type Ticket 

type Ticket interface {
	// Index returns the field index.
	Index() int
	// Interface returns the field value as an interface.
	Interface() interface{}
	// Name returns the field name.
	Name() string
	// VDLReflect describes the Ticket union type.
	VDLReflect(vdlTicketReflect)
	VDLIsZero() bool
	VDLWrite(vdl.Encoder) error
}

Ticket represents any single field of the Ticket union type.

Ticket is a union of all our tickets.

type TicketAwsTicket 

type TicketAwsTicket struct{ Value AwsTicket }

TicketAwsTicket represents field AwsTicket of the Ticket union type.

func (TicketAwsTicket) Build 

func (t TicketAwsTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketAwsTicket) Index 

func (x TicketAwsTicket) Index() int

func (TicketAwsTicket) Interface 

func (x TicketAwsTicket) Interface() interface{}

func (TicketAwsTicket) Name 

func (x TicketAwsTicket) Name() string

func (TicketAwsTicket) VDLIsZero 

func (x TicketAwsTicket) VDLIsZero() bool

func (TicketAwsTicket) VDLReflect 

func (x TicketAwsTicket) VDLReflect(vdlTicketReflect)

func (TicketAwsTicket) VDLWrite 

func (x TicketAwsTicket) VDLWrite(enc vdl.Encoder) error

type TicketB2Ticket 

type TicketB2Ticket struct{ Value B2Ticket }

TicketB2Ticket represents field B2Ticket of the Ticket union type.

func (TicketB2Ticket) Build 

func (t TicketB2Ticket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketB2Ticket) Index 

func (x TicketB2Ticket) Index() int

func (TicketB2Ticket) Interface 

func (x TicketB2Ticket) Interface() interface{}

func (TicketB2Ticket) Name 

func (x TicketB2Ticket) Name() string

func (TicketB2Ticket) VDLIsZero 

func (x TicketB2Ticket) VDLIsZero() bool

func (TicketB2Ticket) VDLReflect 

func (x TicketB2Ticket) VDLReflect(vdlTicketReflect)

func (TicketB2Ticket) VDLWrite 

func (x TicketB2Ticket) VDLWrite(enc vdl.Encoder) error

type TicketConfig 

type TicketConfig struct {
	Ticket      Ticket
	Permissions access.Permissions
	Controls    map[Control]bool
}

TicketConfig describes a ticket and its associated permissions.

func (TicketConfig) VDLIsZero 

func (x TicketConfig) VDLIsZero() bool

func (*TicketConfig) VDLRead 

func (x *TicketConfig) VDLRead(dec vdl.Decoder) error

func (TicketConfig) VDLReflect 

func (TicketConfig) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TicketConfig"`
})

func (TicketConfig) VDLWrite 

func (x TicketConfig) VDLWrite(enc vdl.Encoder) error

type TicketContext 

type TicketContext struct {
	// contains filtered or unexported fields
}

TicketContext wraps the informations that needs to carry around between varius ticket functions.

func NewTicketContext 

func NewTicketContext(ctx *context.T, session *session.Session, remoteBlessings security.Blessings) *TicketContext

NewTicketContext allows creating a TicketContext without unncessary exporting its fields.

type TicketDockerClientTicket 

type TicketDockerClientTicket struct{ Value DockerClientTicket }

TicketDockerClientTicket represents field DockerClientTicket of the Ticket union type.

func (TicketDockerClientTicket) Build 

func (t TicketDockerClientTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketDockerClientTicket) Index 

func (x TicketDockerClientTicket) Index() int

func (TicketDockerClientTicket) Interface 

func (x TicketDockerClientTicket) Interface() interface{}

func (TicketDockerClientTicket) Name 

func (x TicketDockerClientTicket) Name() string

func (TicketDockerClientTicket) VDLIsZero 

func (x TicketDockerClientTicket) VDLIsZero() bool

func (TicketDockerClientTicket) VDLReflect 

func (x TicketDockerClientTicket) VDLReflect(vdlTicketReflect)

func (TicketDockerClientTicket) VDLWrite 

func (x TicketDockerClientTicket) VDLWrite(enc vdl.Encoder) error

type TicketDockerServerTicket 

type TicketDockerServerTicket struct{ Value DockerServerTicket }

TicketDockerServerTicket represents field DockerServerTicket of the Ticket union type.

func (TicketDockerServerTicket) Build 

func (t TicketDockerServerTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketDockerServerTicket) Index 

func (x TicketDockerServerTicket) Index() int

func (TicketDockerServerTicket) Interface 

func (x TicketDockerServerTicket) Interface() interface{}

func (TicketDockerServerTicket) Name 

func (x TicketDockerServerTicket) Name() string

func (TicketDockerServerTicket) VDLIsZero 

func (x TicketDockerServerTicket) VDLIsZero() bool

func (TicketDockerServerTicket) VDLReflect 

func (x TicketDockerServerTicket) VDLReflect(vdlTicketReflect)

func (TicketDockerServerTicket) VDLWrite 

func (x TicketDockerServerTicket) VDLWrite(enc vdl.Encoder) error

type TicketDockerTicket 

type TicketDockerTicket struct{ Value DockerTicket }

TicketDockerTicket represents field DockerTicket of the Ticket union type.

func (TicketDockerTicket) Build 

func (t TicketDockerTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketDockerTicket) Index 

func (x TicketDockerTicket) Index() int

func (TicketDockerTicket) Interface 

func (x TicketDockerTicket) Interface() interface{}

func (TicketDockerTicket) Name 

func (x TicketDockerTicket) Name() string

func (TicketDockerTicket) VDLIsZero 

func (x TicketDockerTicket) VDLIsZero() bool

func (TicketDockerTicket) VDLReflect 

func (x TicketDockerTicket) VDLReflect(vdlTicketReflect)

func (TicketDockerTicket) VDLWrite 

func (x TicketDockerTicket) VDLWrite(enc vdl.Encoder) error

type TicketEcrTicket 

type TicketEcrTicket struct{ Value EcrTicket }

TicketEcrTicket represents field EcrTicket of the Ticket union type.

func (TicketEcrTicket) Build 

func (t TicketEcrTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketEcrTicket) Index 

func (x TicketEcrTicket) Index() int

func (TicketEcrTicket) Interface 

func (x TicketEcrTicket) Interface() interface{}

func (TicketEcrTicket) Name 

func (x TicketEcrTicket) Name() string

func (TicketEcrTicket) VDLIsZero 

func (x TicketEcrTicket) VDLIsZero() bool

func (TicketEcrTicket) VDLReflect 

func (x TicketEcrTicket) VDLReflect(vdlTicketReflect)

func (TicketEcrTicket) VDLWrite 

func (x TicketEcrTicket) VDLWrite(enc vdl.Encoder) error

type TicketGenericTicket 

type TicketGenericTicket struct{ Value GenericTicket }

TicketGenericTicket represents field GenericTicket of the Ticket union type.

func (TicketGenericTicket) Build 

func (t TicketGenericTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket.

func (TicketGenericTicket) Index 

func (x TicketGenericTicket) Index() int

func (TicketGenericTicket) Interface 

func (x TicketGenericTicket) Interface() interface{}

func (TicketGenericTicket) Name 

func (x TicketGenericTicket) Name() string

func (TicketGenericTicket) VDLIsZero 

func (x TicketGenericTicket) VDLIsZero() bool

func (TicketGenericTicket) VDLReflect 

func (x TicketGenericTicket) VDLReflect(vdlTicketReflect)

func (TicketGenericTicket) VDLWrite 

func (x TicketGenericTicket) VDLWrite(enc vdl.Encoder) error

type TicketS3Ticket 

type TicketS3Ticket struct{ Value S3Ticket }

TicketS3Ticket represents field S3Ticket of the Ticket union type.

func (TicketS3Ticket) Build 

func (t TicketS3Ticket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketS3Ticket) Index 

func (x TicketS3Ticket) Index() int

func (TicketS3Ticket) Interface 

func (x TicketS3Ticket) Interface() interface{}

func (TicketS3Ticket) Name 

func (x TicketS3Ticket) Name() string

func (TicketS3Ticket) VDLIsZero 

func (x TicketS3Ticket) VDLIsZero() bool

func (TicketS3Ticket) VDLReflect 

func (x TicketS3Ticket) VDLReflect(vdlTicketReflect)

func (TicketS3Ticket) VDLWrite 

func (x TicketS3Ticket) VDLWrite(enc vdl.Encoder) error

type TicketServiceClientMethods 

type TicketServiceClientMethods interface {
	GetPermissions(*context.T, ...rpc.CallOpt) (perms access.Permissions, version string, _ error)
	SetPermissions(_ *context.T, perms access.Permissions, version string, _ ...rpc.CallOpt) error
	Get(*context.T, ...rpc.CallOpt) (Ticket, error)
	GetWithParameters(_ *context.T, parameters []Parameter, _ ...rpc.CallOpt) (Ticket, error)
	GetWithArgs(_ *context.T, args map[string]string, _ ...rpc.CallOpt) (Ticket, error)
}

TicketServiceClientMethods is the client interface containing TicketService methods.

TicketService provides a way to obtain a ticket. The access can be restricted by setting the permissions appropriately.

type TicketServiceClientStub 

type TicketServiceClientStub interface {
	TicketServiceClientMethods
}

TicketServiceClientStub embeds TicketServiceClientMethods and is a placeholder for additional management operations.

func TicketServiceClient 

func TicketServiceClient(name string) TicketServiceClientStub

TicketServiceClient returns a client stub for TicketService.

type TicketServiceServerMethods 

type TicketServiceServerMethods interface {
	GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, _ error)
	SetPermissions(_ *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error
	Get(*context.T, rpc.ServerCall) (Ticket, error)
	GetWithParameters(_ *context.T, _ rpc.ServerCall, parameters []Parameter) (Ticket, error)
	GetWithArgs(_ *context.T, _ rpc.ServerCall, args map[string]string) (Ticket, error)
}

TicketServiceServerMethods is the interface a server writer implements for TicketService.

TicketService provides a way to obtain a ticket. The access can be restricted by setting the permissions appropriately.

type TicketServiceServerStub 

type TicketServiceServerStub interface {
	TicketServiceServerStubMethods
	// DescribeInterfaces the TicketService interfaces.
	Describe__() []rpc.InterfaceDesc
}

TicketServiceServerStub adds universal methods to TicketServiceServerStubMethods.

func TicketServiceServer 

func TicketServiceServer(impl TicketServiceServerMethods) TicketServiceServerStub

TicketServiceServer returns a server stub for TicketService. It converts an implementation of TicketServiceServerMethods into an object that may be used by rpc.Server.

type TicketServiceServerStubMethods 

type TicketServiceServerStubMethods TicketServiceServerMethods

TicketServiceServerStubMethods is the server interface containing TicketService methods, as expected by rpc.Server. There is no difference between this interface and TicketServiceServerMethods since there are no streaming methods.

type TicketSshCertificateTicket added in v0.0.10 

type TicketSshCertificateTicket struct{ Value SshCertificateTicket }

TicketSshCertificateTicket represents field SshCertificateTicket of the Ticket union type.

func (TicketSshCertificateTicket) Build added in v0.0.10 

func (t TicketSshCertificateTicket) Build(ctx *TicketContext, parameters []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketSshCertificateTicket) Index added in v0.0.10 

func (x TicketSshCertificateTicket) Index() int

func (TicketSshCertificateTicket) Interface added in v0.0.10 

func (x TicketSshCertificateTicket) Interface() interface{}

func (TicketSshCertificateTicket) Name added in v0.0.10 

func (x TicketSshCertificateTicket) Name() string

func (TicketSshCertificateTicket) VDLIsZero added in v0.0.10 

func (x TicketSshCertificateTicket) VDLIsZero() bool

func (TicketSshCertificateTicket) VDLReflect added in v0.0.10 

func (x TicketSshCertificateTicket) VDLReflect(vdlTicketReflect)

func (TicketSshCertificateTicket) VDLWrite added in v0.0.10 

func (x TicketSshCertificateTicket) VDLWrite(enc vdl.Encoder) error

type TicketTlsClientTicket 

type TicketTlsClientTicket struct{ Value TlsClientTicket }

TicketTlsClientTicket represents field TlsClientTicket of the Ticket union type.

func (TicketTlsClientTicket) Build 

func (t TicketTlsClientTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketTlsClientTicket) Index 

func (x TicketTlsClientTicket) Index() int

func (TicketTlsClientTicket) Interface 

func (x TicketTlsClientTicket) Interface() interface{}

func (TicketTlsClientTicket) Name 

func (x TicketTlsClientTicket) Name() string

func (TicketTlsClientTicket) VDLIsZero 

func (x TicketTlsClientTicket) VDLIsZero() bool

func (TicketTlsClientTicket) VDLReflect 

func (x TicketTlsClientTicket) VDLReflect(vdlTicketReflect)

func (TicketTlsClientTicket) VDLWrite 

func (x TicketTlsClientTicket) VDLWrite(enc vdl.Encoder) error

type TicketTlsServerTicket 

type TicketTlsServerTicket struct{ Value TlsServerTicket }

TicketTlsServerTicket represents field TlsServerTicket of the Ticket union type.

func (TicketTlsServerTicket) Build 

func (t TicketTlsServerTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketTlsServerTicket) Index 

func (x TicketTlsServerTicket) Index() int

func (TicketTlsServerTicket) Interface 

func (x TicketTlsServerTicket) Interface() interface{}

func (TicketTlsServerTicket) Name 

func (x TicketTlsServerTicket) Name() string

func (TicketTlsServerTicket) VDLIsZero 

func (x TicketTlsServerTicket) VDLIsZero() bool

func (TicketTlsServerTicket) VDLReflect 

func (x TicketTlsServerTicket) VDLReflect(vdlTicketReflect)

func (TicketTlsServerTicket) VDLWrite 

func (x TicketTlsServerTicket) VDLWrite(enc vdl.Encoder) error

type TicketVanadiumTicket 

type TicketVanadiumTicket struct{ Value VanadiumTicket }

TicketVanadiumTicket represents field VanadiumTicket of the Ticket union type.

func (TicketVanadiumTicket) Build 

func (t TicketVanadiumTicket) Build(ctx *TicketContext, _ []Parameter) (Ticket, error)

Build builds a Ticket by running all the builders.

func (TicketVanadiumTicket) Index 

func (x TicketVanadiumTicket) Index() int

func (TicketVanadiumTicket) Interface 

func (x TicketVanadiumTicket) Interface() interface{}

func (TicketVanadiumTicket) Name 

func (x TicketVanadiumTicket) Name() string

func (TicketVanadiumTicket) VDLIsZero 

func (x TicketVanadiumTicket) VDLIsZero() bool

func (TicketVanadiumTicket) VDLReflect 

func (x TicketVanadiumTicket) VDLReflect(vdlTicketReflect)

func (TicketVanadiumTicket) VDLWrite 

func (x TicketVanadiumTicket) VDLWrite(enc vdl.Encoder) error

type TlsCertAuthorityBuilder 

type TlsCertAuthorityBuilder struct {
	// PEM-encoded certificate and private key of the Certificate Authority.
	Authority string
	// TTL for the generated cert.
	TtlSec int32
	// Common Name of the generated cert.
	CommonName string
	// Subject Alternate Name list.
	// Note: x509 spec says if SAN is set, CN is usually ignored.
	//       Include CN in SAN list if you want the CN to be verified.
	San []string
}

TlsCertAuthorityBuilder describes a Certification Authority capable to generate a particular cert.

func (TlsCertAuthorityBuilder) VDLIsZero 

func (x TlsCertAuthorityBuilder) VDLIsZero() bool

func (*TlsCertAuthorityBuilder) VDLRead 

func (x *TlsCertAuthorityBuilder) VDLRead(dec vdl.Decoder) error

func (TlsCertAuthorityBuilder) VDLReflect 

func (TlsCertAuthorityBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsCertAuthorityBuilder"`
})

func (TlsCertAuthorityBuilder) VDLWrite 

func (x TlsCertAuthorityBuilder) VDLWrite(enc vdl.Encoder) error

type TlsClientTicket 

type TlsClientTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	// Endpoints indicate the servers the client can connect to.
	Endpoints []string
}

TlsClientTicket describes a TLS client.

func (TlsClientTicket) VDLIsZero 

func (x TlsClientTicket) VDLIsZero() bool

func (*TlsClientTicket) VDLRead 

func (x *TlsClientTicket) VDLRead(dec vdl.Decoder) error

func (TlsClientTicket) VDLReflect 

func (TlsClientTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsClientTicket"`
})

func (TlsClientTicket) VDLWrite 

func (x TlsClientTicket) VDLWrite(enc vdl.Encoder) error

type TlsCredentials 

type TlsCredentials struct {
	// PEM-encoded public certificate of the Certificate Authority.
	AuthorityCert string
	// PEM-encoded client certificate.
	Cert string
	// PEM-encoded client private key.
	Key string
}

TlsCredentials describes a generic set of Tls credentials that include: the CA that accepted by the client (only peers that present a certificate sign by this CA are accepted), the client certificate and the client private key.

func (TlsCredentials) VDLIsZero 

func (x TlsCredentials) VDLIsZero() bool

func (*TlsCredentials) VDLRead 

func (x *TlsCredentials) VDLRead(dec vdl.Decoder) error

func (TlsCredentials) VDLReflect 

func (TlsCredentials) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsCredentials"`
})

func (TlsCredentials) VDLWrite 

func (x TlsCredentials) VDLWrite(enc vdl.Encoder) error

type TlsServerTicket 

type TlsServerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
}

TlsServerTicket describes a TLS server.

func (TlsServerTicket) VDLIsZero 

func (x TlsServerTicket) VDLIsZero() bool

func (*TlsServerTicket) VDLRead 

func (x *TlsServerTicket) VDLRead(dec vdl.Decoder) error

func (TlsServerTicket) VDLReflect 

func (TlsServerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsServerTicket"`
})

func (TlsServerTicket) VDLWrite 

func (x TlsServerTicket) VDLWrite(enc vdl.Encoder) error

type UnexpectedTicketType added in v0.0.11 

type UnexpectedTicketType struct {
	Expected string
	Actual   string
}

An UnexpectedTicketType error is produced when a ticket cannot be cast to the expected type.

func (UnexpectedTicketType) Error added in v0.0.11 

func (err UnexpectedTicketType) Error() string

type VanadiumBuilder 

type VanadiumBuilder struct {
	BlessingName string
}

VanadiumBuilder describes the information required to build Vanadium blessings.

func (VanadiumBuilder) VDLIsZero 

func (x VanadiumBuilder) VDLIsZero() bool

func (*VanadiumBuilder) VDLRead 

func (x *VanadiumBuilder) VDLRead(dec vdl.Decoder) error

func (VanadiumBuilder) VDLReflect 

func (VanadiumBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.VanadiumBuilder"`
})

func (VanadiumBuilder) VDLWrite 

func (x VanadiumBuilder) VDLWrite(enc vdl.Encoder) error

type VanadiumTicket 

type VanadiumTicket struct {
	VanadiumBuilder *VanadiumBuilder
	// v.io/v23/security.WireBlessings in VOM + Base64 format.
	Blessing string
}

VanadiumTicket describes a set of Vanadium blessings. This allows obtaining a completely new blessings (role blessings) by the owners of certain blessings.

func (VanadiumTicket) VDLIsZero 

func (x VanadiumTicket) VDLIsZero() bool

func (*VanadiumTicket) VDLRead 

func (x *VanadiumTicket) VDLRead(dec vdl.Decoder) error

func (VanadiumTicket) VDLReflect 

func (VanadiumTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.VanadiumTicket"`
})

func (VanadiumTicket) VDLWrite 

func (x VanadiumTicket) VDLWrite(enc vdl.Encoder) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.