credential

package
v0.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2022 License: MPL-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package credential defines interfaces shared by other packages that manage credentials for Boundary sessions.

Index

Constants

This section is empty.

Variables

View Source 
var ValidPurposes = []Purpose{
	ApplicationPurpose,
	IngressPurpose,
	EgressPurpose,
}

ValidPurposes are the set of all credential Purposes.

Functions

func Register 

func Register(subtype subtypes.Subtype, prefixes ...string) error

Register registers all the prefixes for a provided Subtype. Register returns an error if the subtype has already been registered or if any of the prefixes are associated with another subtype.

func SubtypeFromId 

func SubtypeFromId(id string) subtypes.Subtype

SubtypeFromId returns the Subtype from the provided id if the id's prefix was registered with a Subtype. Otherwise Unknown is returned.

func SubtypeFromType 

func SubtypeFromType(t string) subtypes.Subtype

SubtypeFromType returns the Subtype from the provided string or if no Subtype was registered with that string Unknown is returned.

Types

type Certificate added in v0.6.1 

type Certificate interface {
	Credential
	Certificate() []byte
	Private() PrivateKey
}

Certificate is a credential containing a certificate and the private key for the certificate.

type Credential 

type Credential interface {
	boundary.Entity
	Secret() SecretData
}

Credential is an entity containing secret data.

type Dynamic 

type Dynamic interface {
	Credential
	GetSessionId() string
	Library() Library
	Purpose() Purpose
}

Dynamic is a credential generated by a library for a specific session.

type Issuer 

type Issuer interface {
	// Issue issues dynamic credentials for a session from the requested
	// libraries and for the requested purposes. The sessionId must be a
	// valid sessionId. The SourceId in each request must be the public id
	// of a library the Issuer can issue credentials from.
	//
	// If Issue encounters an error, it returns no credentials and revokes
	// any credentials issued before encountering the error.
	Issue(ctx context.Context, sessionId string, requests []Request) ([]Dynamic, error)
}

Issuer issues dynamic credentials.

type KeyPair added in v0.6.1 

type KeyPair interface {
	Credential
	Username() string
	Private() PrivateKey
}

KeyPair is a credential containing a username and a private key.

type Library 

type Library interface {
	boundary.Resource
	GetStoreId() string
	CredentialType() Type
}

A Library is a resource that provides credentials that are of the same type and access level from a single store.

type Password added in v0.6.1 

type Password string

Password represents a secret password.

func (Password) GoString added in v0.6.1 

func (s Password) GoString() string

GoString returns a string with the password redacted.

func (Password) MarshalJSON added in v0.6.1 

func (s Password) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON-encoded string with the password redacted.

func (Password) String added in v0.6.1 

func (s Password) String() string

String returns a string with the password redacted.

type PrivateKey added in v0.6.1 

type PrivateKey []byte

PrivateKey represents a secret private key.

func (PrivateKey) GoString added in v0.6.1 

func (s PrivateKey) GoString() string

GoString returns a string with the private key redacted.

func (PrivateKey) MarshalJSON added in v0.6.1 

func (s PrivateKey) MarshalJSON() ([]byte, error)

MarshalJSON returns a JSON-encoded byte slice with the private key redacted.

func (PrivateKey) String added in v0.6.1 

func (s PrivateKey) String() string

String returns a string with the private key redacted.

type Purpose 

type Purpose string

Purpose is the purpose of the credential. 

const (
	// ApplicationPurpose is a credential used for application specific
	// purposes. Application credentials are returned to the user.
	ApplicationPurpose Purpose = "application"

	// IngressPurpose is a credential used by a boundary worker to secure
	// the connection between the user and the worker. Ingress credentials
	// are never returned to the user.
	IngressPurpose Purpose = "ingress"

	// EgressPurpose is a credential used by a boundary worker to secure
	// the connection between the worker and the endpoint. Egress
	// credentials are never returned to the user.
	EgressPurpose Purpose = "egress"
)

Credential purpose values.

func (Purpose) String added in v0.7.0 

func (p Purpose) String() string

type Request 

type Request struct {
	SourceId string
	Purpose  Purpose
}

A Request represents a request for a credential from the SourceId for the given purpose. For dynamic credentials, the SourceId is the PublicId of a credential library.

type Revoker 

type Revoker interface {
	// Revoke revokes the dynamic credentials issued for sessionid.
	Revoke(ctx context.Context, sessionId string) error
}

Revoker revokes dynamic credentials.

type SecretData 

type SecretData interface{}

SecretData represents secret data.

type Store 

type Store interface {
	boundary.Resource
	GetScopeId() string
}

A Store is a resource that can store, retrieve, and potentially generate credentials of differing types and access levels. It belongs to a scope and must support the principle of least privilege by providing mechanisms to limit the credentials it can access to the minimum necessary for the scope it is in.

type Type added in v0.7.4 

type Type string

Type is the type of credential provided by a library. 

const (
	UnspecifiedType  Type = "unspecified"
	UserPasswordType Type = "user_password"
)

Credential type values.

type UserPassword added in v0.6.1 

type UserPassword interface {
	Credential
	Username() string
	Password() Password
}

UserPassword is a credential containing a username and a password.

Source Files

View all Source files

Directories

Path Synopsis
Package vault provides access to credentials retrieved from a Vault server.
 Package vault provides access to credentials retrieved from a Vault server.
internal/userpassword
Package userpassword provides access to the username and password stored in a Vault secret.
 Package userpassword provides access to the username and password stored in a Vault secret.
store

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.