identity

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2021 License: MPL-2.0 Imports: 11 Imported by: 29

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_helper_identity_types_proto protoreflect.FileDescriptor

Functions

func ToSDKAlias added in v1.4.0

func ToSDKAlias(a *Alias) *logical.Alias

ToSDKAlias converts the provided alias to an SDK compatible alias.

func ToSDKEntity added in v1.4.0

func ToSDKEntity(e *Entity) *logical.Entity

ToSDKEntity converts the provided entity to an SDK compatible entity.

func ToSDKGroup added in v1.4.0

func ToSDKGroup(g *Group) *logical.Group

ToSDKGroup converts the provided group to an SDK compatible group.

func ToSDKGroups added in v1.4.0

func ToSDKGroups(groups []*Group) []*logical.Group

ToSDKGroups converts the provided group list to an SDK compatible group list.

Types

type Alias

type Alias struct {

	// ID is the unique identifier that represents this alias
	ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// CanonicalID is the entity identifier to which this alias belongs to
	CanonicalID string `sentinel:"" protobuf:"bytes,2,opt,name=canonical_id,json=canonicalId,proto3" json:"canonical_id,omitempty"`
	// MountType is the backend mount's type to which this alias belongs to.
	// This enables categorically querying aliases of specific backend types.
	MountType string `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
	// MountAccessor is the backend mount's accessor to which this alias
	// belongs to.
	MountAccessor string `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
	// MountPath is the backend mount's path to which the Maccessor belongs to. This
	// field is not used for any operational purposes. This is only returned when
	// alias is read, only as a nicety.
	MountPath string `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
	// Metadata is the explicit metadata that clients set against an entity
	// which enables virtual grouping of aliases. Aliases will be indexed
	// against their metadata.
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// Name is the identifier of this alias in its authentication source.
	// This does not uniquely identify an alias in Vault. This in conjunction
	// with MountAccessor form to be the factors that represent an alias in a
	// unique way. Aliases will be indexed based on this combined uniqueness
	// factor.
	Name string `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
	// CreationTime is the time at which this alias was first created
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the most recent time at which the properties of this
	// alias got modified. This is helpful in filtering out aliases based
	// on its age and to take action on them, if desired.
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// MergedFromCanonicalIDs is the FIFO history of merging activity
	MergedFromCanonicalIDs []string `` /* 144-byte string literal not displayed */
	// NamespaceID is the identifier of the namespace to which this alias
	// belongs.
	NamespaceID string `sentinel:"" protobuf:"bytes,11,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
	// contains filtered or unexported fields
}

Alias represents the alias that gets stored inside of the entity object in storage and also represents in an in-memory index of an alias object.

func (*Alias) Clone

func (p *Alias) Clone() (*Alias, error)

func (*Alias) Descriptor deprecated

func (*Alias) Descriptor() ([]byte, []int)

Deprecated: Use Alias.ProtoReflect.Descriptor instead.

func (*Alias) GetCanonicalID

func (x *Alias) GetCanonicalID() string

func (*Alias) GetCreationTime

func (x *Alias) GetCreationTime() *timestamp.Timestamp

func (*Alias) GetID

func (x *Alias) GetID() string

func (*Alias) GetLastUpdateTime

func (x *Alias) GetLastUpdateTime() *timestamp.Timestamp

func (*Alias) GetMergedFromCanonicalIDs

func (x *Alias) GetMergedFromCanonicalIDs() []string

func (*Alias) GetMetadata

func (x *Alias) GetMetadata() map[string]string

func (*Alias) GetMountAccessor

func (x *Alias) GetMountAccessor() string

func (*Alias) GetMountPath

func (x *Alias) GetMountPath() string

func (*Alias) GetMountType

func (x *Alias) GetMountType() string

func (*Alias) GetName

func (x *Alias) GetName() string

func (*Alias) GetNamespaceID added in v0.11.2

func (x *Alias) GetNamespaceID() string

func (*Alias) ProtoMessage

func (*Alias) ProtoMessage()

func (*Alias) ProtoReflect added in v1.5.0

func (x *Alias) ProtoReflect() protoreflect.Message

func (*Alias) Reset

func (x *Alias) Reset()

func (*Alias) SentinelGet

func (p *Alias) SentinelGet(key string) (interface{}, error)

func (*Alias) SentinelKeys

func (a *Alias) SentinelKeys() []string

func (*Alias) String

func (x *Alias) String() string

type Entity

type Entity struct {

	// Aliases are the identities that this entity is made of. This can be
	// empty as well to favor being able to create the entity first and then
	// incrementally adding aliases.
	Aliases []*Alias `sentinel:"" protobuf:"bytes,1,rep,name=aliases,proto3" json:"aliases,omitempty"`
	// ID is the unique identifier of the entity which always be a UUID. This
	// should never be allowed to be updated.
	ID string `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Name is a unique identifier of the entity which is intended to be
	// human-friendly. The default name might not be human friendly since it
	// gets suffixed by a UUID, but it can optionally be updated, unlike the ID
	// field.
	Name string `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
	// Metadata represents the explicit metadata which is set by the
	// clients.  This is useful to tie any information pertaining to the
	// aliases. This is a non-unique field of entity, meaning multiple
	// entities can have the same metadata set. Entities will be indexed based
	// on this explicit metadata. This enables virtual groupings of entities
	// based on its metadata.
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// CreationTime is the time at which this entity is first created.
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the most recent time at which the properties of this
	// entity got modified. This is helpful in filtering out entities based on
	// its age and to take action on them, if desired.
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// MergedEntityIDs are the entities which got merged to this one. Entities
	// will be indexed based on all the entities that got merged into it. This
	// helps to apply the actions on this entity on the tokens that are merged
	// to the merged entities. Merged entities will be deleted entirely and
	// this is the only trackable trail of its earlier presence.
	MergedEntityIDs []string `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"`
	// Policies the entity is entitled to
	Policies []string `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"`
	// BucketKey is the path of the storage packer key into which this entity is
	// stored.
	BucketKey string `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"`
	// MFASecrets holds the MFA secrets indexed by the identifier of the MFA
	// method configuration.
	MFASecrets map[string]*mfa.Secret `` /* 192-byte string literal not displayed */
	// Disabled indicates whether tokens associated with the account should not
	// be able to be used
	Disabled bool `sentinel:"" protobuf:"varint,11,opt,name=disabled,proto3" json:"disabled,omitempty"`
	// NamespaceID is the identifier of the namespace to which this entity
	// belongs to. Do not return this value over the API when reading the
	// entity.
	NamespaceID string `sentinel:"" protobuf:"bytes,12,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
	// contains filtered or unexported fields
}

Entity represents an entity that gets persisted and indexed. Entity is fundamentally composed of zero or many aliases.

func (*Entity) Clone

func (e *Entity) Clone() (*Entity, error)

func (*Entity) Descriptor deprecated

func (*Entity) Descriptor() ([]byte, []int)

Deprecated: Use Entity.ProtoReflect.Descriptor instead.

func (*Entity) GetAliases

func (x *Entity) GetAliases() []*Alias

func (*Entity) GetBucketKey added in v1.2.0

func (x *Entity) GetBucketKey() string

func (*Entity) GetCreationTime

func (x *Entity) GetCreationTime() *timestamp.Timestamp

func (*Entity) GetDisabled added in v0.10.1

func (x *Entity) GetDisabled() bool

func (*Entity) GetID

func (x *Entity) GetID() string

func (*Entity) GetLastUpdateTime

func (x *Entity) GetLastUpdateTime() *timestamp.Timestamp

func (*Entity) GetMFASecrets added in v0.11.2

func (x *Entity) GetMFASecrets() map[string]*mfa.Secret

func (*Entity) GetMergedEntityIDs

func (x *Entity) GetMergedEntityIDs() []string

func (*Entity) GetMetadata

func (x *Entity) GetMetadata() map[string]string

func (*Entity) GetName

func (x *Entity) GetName() string

func (*Entity) GetNamespaceID added in v0.11.2

func (x *Entity) GetNamespaceID() string

func (*Entity) GetPolicies

func (x *Entity) GetPolicies() []string

func (*Entity) ProtoMessage

func (*Entity) ProtoMessage()

func (*Entity) ProtoReflect added in v1.5.0

func (x *Entity) ProtoReflect() protoreflect.Message

func (*Entity) Reset

func (x *Entity) Reset()

func (*Entity) SentinelGet

func (e *Entity) SentinelGet(key string) (interface{}, error)

func (*Entity) SentinelKeys

func (e *Entity) SentinelKeys() []string

func (*Entity) String

func (x *Entity) String() string

type EntityStorageEntry added in v0.11.2

type EntityStorageEntry struct {
	Personas        []*PersonaIndexEntry   `sentinel:"" protobuf:"bytes,1,rep,name=personas,proto3" json:"personas,omitempty"`
	ID              string                 `sentinel:"" protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	Name            string                 `sentinel:"" protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
	Metadata        map[string]string      `` /* 169-byte string literal not displayed */
	CreationTime    *timestamp.Timestamp   `sentinel:"" protobuf:"bytes,5,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	LastUpdateTime  *timestamp.Timestamp   `sentinel:"" protobuf:"bytes,6,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	MergedEntityIDs []string               `sentinel:"" protobuf:"bytes,7,rep,name=merged_entity_ids,json=mergedEntityIDs,proto3" json:"merged_entity_ids,omitempty"`
	Policies        []string               `sentinel:"" protobuf:"bytes,8,rep,name=policies,proto3" json:"policies,omitempty"`
	BucketKeyHash   string                 `sentinel:"" protobuf:"bytes,9,opt,name=bucket_key_hash,json=bucketKeyHash,proto3" json:"bucket_key_hash,omitempty"`
	MFASecrets      map[string]*mfa.Secret `` /* 192-byte string literal not displayed */
	// contains filtered or unexported fields
}

Deprecated. Retained for backwards compatibility.

func (*EntityStorageEntry) Descriptor deprecated added in v0.11.2

func (*EntityStorageEntry) Descriptor() ([]byte, []int)

Deprecated: Use EntityStorageEntry.ProtoReflect.Descriptor instead.

func (*EntityStorageEntry) GetBucketKeyHash added in v0.11.2

func (x *EntityStorageEntry) GetBucketKeyHash() string

func (*EntityStorageEntry) GetCreationTime added in v0.11.2

func (x *EntityStorageEntry) GetCreationTime() *timestamp.Timestamp

func (*EntityStorageEntry) GetID added in v0.11.2

func (x *EntityStorageEntry) GetID() string

func (*EntityStorageEntry) GetLastUpdateTime added in v0.11.2

func (x *EntityStorageEntry) GetLastUpdateTime() *timestamp.Timestamp

func (*EntityStorageEntry) GetMFASecrets added in v0.11.2

func (x *EntityStorageEntry) GetMFASecrets() map[string]*mfa.Secret

func (*EntityStorageEntry) GetMergedEntityIDs added in v0.11.2

func (x *EntityStorageEntry) GetMergedEntityIDs() []string

func (*EntityStorageEntry) GetMetadata added in v0.11.2

func (x *EntityStorageEntry) GetMetadata() map[string]string

func (*EntityStorageEntry) GetName added in v0.11.2

func (x *EntityStorageEntry) GetName() string

func (*EntityStorageEntry) GetPersonas added in v0.11.2

func (x *EntityStorageEntry) GetPersonas() []*PersonaIndexEntry

func (*EntityStorageEntry) GetPolicies added in v0.11.2

func (x *EntityStorageEntry) GetPolicies() []string

func (*EntityStorageEntry) ProtoMessage added in v0.11.2

func (*EntityStorageEntry) ProtoMessage()

func (*EntityStorageEntry) ProtoReflect added in v1.5.0

func (x *EntityStorageEntry) ProtoReflect() protoreflect.Message

func (*EntityStorageEntry) Reset added in v0.11.2

func (x *EntityStorageEntry) Reset()

func (*EntityStorageEntry) String added in v0.11.2

func (x *EntityStorageEntry) String() string

type Group

type Group struct {

	// ID is the unique identifier for this group
	ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Name is the unique name for this group
	Name string `sentinel:"" protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// Policies are the vault policies to be granted to members of this group
	Policies []string `sentinel:"" protobuf:"bytes,3,rep,name=policies,proto3" json:"policies,omitempty"`
	// ParentGroupIDs are the identifiers of those groups to which this group is a
	// member of. These will serve as references to the parent group in the
	// hierarchy.
	ParentGroupIDs []string `sentinel:"" protobuf:"bytes,4,rep,name=parent_group_ids,json=parentGroupIds,proto3" json:"parent_group_ids,omitempty"`
	// MemberEntityIDs are the identifiers of entities which are members of this
	// group
	MemberEntityIDs []string `sentinel:"" protobuf:"bytes,5,rep,name=member_entity_ids,json=memberEntityIDs,proto3" json:"member_entity_ids,omitempty"`
	// Metadata represents the custom data tied with this group
	Metadata map[string]string `` /* 169-byte string literal not displayed */
	// CreationTime is the time at which this group was created
	CreationTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,7,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	// LastUpdateTime is the time at which this group was last modified
	LastUpdateTime *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	// ModifyIndex tracks the number of updates to the group. It is useful to detect
	// updates to the groups.
	ModifyIndex uint64 `sentinel:"" protobuf:"varint,9,opt,name=modify_index,json=modifyIndex,proto3" json:"modify_index,omitempty"`
	// BucketKey is the path of the storage packer key into which this group is
	// stored.
	BucketKey string `sentinel:"" protobuf:"bytes,10,opt,name=bucket_key,json=bucketKey,proto3" json:"bucket_key,omitempty"`
	// Alias is used to mark this group as an internal mapping of a group that
	// is external to the identity store. Alias can only be set if the 'type'
	// is set to 'external'.
	Alias *Alias `sentinel:"" protobuf:"bytes,11,opt,name=alias,proto3" json:"alias,omitempty"`
	// Type indicates if this group is an internal group or an external group.
	// Memberships of the internal groups can be managed over the API whereas
	// the memberships on the external group --for which a corresponding alias
	// will be set-- will be managed automatically.
	Type string `sentinel:"" protobuf:"bytes,12,opt,name=type,proto3" json:"type,omitempty"`
	// NamespaceID is the identifier of the namespace to which this group
	// belongs to. Do not return this value over the API when reading the
	// group.
	NamespaceID string `sentinel:"" protobuf:"bytes,13,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"`
	// contains filtered or unexported fields
}

Group represents an identity group.

func (*Group) Clone

func (g *Group) Clone() (*Group, error)

func (*Group) Descriptor deprecated

func (*Group) Descriptor() ([]byte, []int)

Deprecated: Use Group.ProtoReflect.Descriptor instead.

func (*Group) GetAlias

func (x *Group) GetAlias() *Alias

func (*Group) GetBucketKey added in v1.2.0

func (x *Group) GetBucketKey() string

func (*Group) GetCreationTime

func (x *Group) GetCreationTime() *timestamp.Timestamp

func (*Group) GetID

func (x *Group) GetID() string

func (*Group) GetLastUpdateTime

func (x *Group) GetLastUpdateTime() *timestamp.Timestamp

func (*Group) GetMemberEntityIDs

func (x *Group) GetMemberEntityIDs() []string

func (*Group) GetMetadata

func (x *Group) GetMetadata() map[string]string

func (*Group) GetModifyIndex

func (x *Group) GetModifyIndex() uint64

func (*Group) GetName

func (x *Group) GetName() string

func (*Group) GetNamespaceID added in v0.11.2

func (x *Group) GetNamespaceID() string

func (*Group) GetParentGroupIDs

func (x *Group) GetParentGroupIDs() []string

func (*Group) GetPolicies

func (x *Group) GetPolicies() []string

func (*Group) GetType

func (x *Group) GetType() string

func (*Group) ProtoMessage

func (*Group) ProtoMessage()

func (*Group) ProtoReflect added in v1.5.0

func (x *Group) ProtoReflect() protoreflect.Message

func (*Group) Reset

func (x *Group) Reset()

func (*Group) SentinelGet

func (g *Group) SentinelGet(key string) (interface{}, error)

func (*Group) SentinelKeys

func (g *Group) SentinelKeys() []string

func (*Group) String

func (x *Group) String() string

type PersonaIndexEntry added in v0.11.2

type PersonaIndexEntry struct {
	ID                  string               `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	EntityID            string               `sentinel:"" protobuf:"bytes,2,opt,name=entity_id,json=entityId,proto3" json:"entity_id,omitempty"`
	MountType           string               `sentinel:"" protobuf:"bytes,3,opt,name=mount_type,json=mountType,proto3" json:"mount_type,omitempty"`
	MountAccessor       string               `sentinel:"" protobuf:"bytes,4,opt,name=mount_accessor,json=mountAccessor,proto3" json:"mount_accessor,omitempty"`
	MountPath           string               `sentinel:"" protobuf:"bytes,5,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"`
	Metadata            map[string]string    `` /* 169-byte string literal not displayed */
	Name                string               `sentinel:"" protobuf:"bytes,7,opt,name=name,proto3" json:"name,omitempty"`
	CreationTime        *timestamp.Timestamp `sentinel:"" protobuf:"bytes,8,opt,name=creation_time,json=creationTime,proto3" json:"creation_time,omitempty"`
	LastUpdateTime      *timestamp.Timestamp `sentinel:"" protobuf:"bytes,9,opt,name=last_update_time,json=lastUpdateTime,proto3" json:"last_update_time,omitempty"`
	MergedFromEntityIDs []string             `` /* 135-byte string literal not displayed */
	// contains filtered or unexported fields
}

Deprecated. Retained for backwards compatibility.

func (*PersonaIndexEntry) Descriptor deprecated added in v0.11.2

func (*PersonaIndexEntry) Descriptor() ([]byte, []int)

Deprecated: Use PersonaIndexEntry.ProtoReflect.Descriptor instead.

func (*PersonaIndexEntry) GetCreationTime added in v0.11.2

func (x *PersonaIndexEntry) GetCreationTime() *timestamp.Timestamp

func (*PersonaIndexEntry) GetEntityID added in v0.11.2

func (x *PersonaIndexEntry) GetEntityID() string

func (*PersonaIndexEntry) GetID added in v0.11.2

func (x *PersonaIndexEntry) GetID() string

func (*PersonaIndexEntry) GetLastUpdateTime added in v0.11.2

func (x *PersonaIndexEntry) GetLastUpdateTime() *timestamp.Timestamp

func (*PersonaIndexEntry) GetMergedFromEntityIDs added in v0.11.2

func (x *PersonaIndexEntry) GetMergedFromEntityIDs() []string

func (*PersonaIndexEntry) GetMetadata added in v0.11.2

func (x *PersonaIndexEntry) GetMetadata() map[string]string

func (*PersonaIndexEntry) GetMountAccessor added in v0.11.2

func (x *PersonaIndexEntry) GetMountAccessor() string

func (*PersonaIndexEntry) GetMountPath added in v0.11.2

func (x *PersonaIndexEntry) GetMountPath() string

func (*PersonaIndexEntry) GetMountType added in v0.11.2

func (x *PersonaIndexEntry) GetMountType() string

func (*PersonaIndexEntry) GetName added in v0.11.2

func (x *PersonaIndexEntry) GetName() string

func (*PersonaIndexEntry) ProtoMessage added in v0.11.2

func (*PersonaIndexEntry) ProtoMessage()

func (*PersonaIndexEntry) ProtoReflect added in v1.5.0

func (x *PersonaIndexEntry) ProtoReflect() protoreflect.Message

func (*PersonaIndexEntry) Reset added in v0.11.2

func (x *PersonaIndexEntry) Reset()

func (*PersonaIndexEntry) String added in v0.11.2

func (x *PersonaIndexEntry) String() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL