conjur

package
v0.9.2-beta Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 17, 2020 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAnnotationValue 

func GetAnnotationValue(resource map[string]interface{}, key string) (string, error)

GetAnnotationValue ... This method assumes that the key is on the given resource If this annotation is not present on the resource an error will be returned If the annotation is found but the value is empty than an empty string is returned and no error.

func GetFullResourceID 

func GetFullResourceID(account string, kind string, id string) string

GetFullResourceID returns string of the full resource id

func IsCertificateExpired 

func IsCertificateExpired(resource map[string]interface{}, currentTime time.Time, dayBuffer int) bool

IsCertificateExpired this function will take in a certificate resource, the current time and the day buffer It will check if the current time is past the expirationTime with the day buffer added to the expiration time

func ListResources 

func ListResources(client *conjurapi.Client, filter *conjurapi.ResourceFilter) ([]string, error)

ListResources ...

func NewDefaultConjurClient 

func NewDefaultConjurClient() (*conjurapi.Client, error)

NewDefaultConjurClient return the default conjur client

func ParseRevokedCertificate 

func ParseRevokedCertificate(resource map[string]interface{}) (types.RevokedCertificate, error)

ParseRevokedCertificate Recieve a resource and return a types.RevokedCertificate object

func ReplaceCertificate 

func ReplaceCertificate(cert types.CreateCertificateData, certificateContent string) string

ReplaceCertificate ...

func ReplaceSSHTemplate 

func ReplaceSSHTemplate(template types.SSHTemplate, templateContent string) string

ReplaceSSHTemplate Replace the ssh template content with TemplateName

func ReplaceTemplate 

func ReplaceTemplate(template types.Template, templateContent string) string

ReplaceTemplate ... TODO: If a variable value is empty should we not create it or should we leave it empty on the conjur side?

func SplitConjurID 

func SplitConjurID(fullID string) (string, string, string)

SplitConjurID returns account, kind, id

func StringToTime 

func StringToTime(s string) (time.Time, error)

StringToTime take an EPOCH string and convert to time.Time

Types

type AccessControl 

type AccessControl struct {
	// contains filtered or unexported fields
}

AccessControl ...

func NewAccess 

func NewAccess(conjurConfig conjurapi.Config, policyBranch string, privileges Privileges, disabled bool) AccessControl

NewAccess ...

func NewAccessFromDefaults 

func NewAccessFromDefaults(conjurConfig conjurapi.Config, policyBranch string) AccessControl

NewAccessFromDefaults ...

func NewAccessFromDefaultsDisabled 

func NewAccessFromDefaultsDisabled(conjurConfig conjurapi.Config, policyBranch string) AccessControl

NewAccessFromDefaultsDisabled ...

func (AccessControl) Authenticate 

func (a AccessControl) Authenticate(accessToken string) error

Authenticate If the client has ability to authenticate to the PKI service

func (AccessControl) CRLPurge 

func (a AccessControl) CRLPurge(accessToken string) error

CRLPurge ...

func (AccessControl) CreateCertificate 

func (a AccessControl) CreateCertificate(accessToken string, templateName string) error

CreateCertificate ...

func (AccessControl) CreateSSHCertificate 

func (a AccessControl) CreateSSHCertificate(accessToken string, templateName string) error

CreateSSHCertificate ----

func (AccessControl) CreateSSHTemplate 

func (a AccessControl) CreateSSHTemplate(accessToken string) error

CreateSSHTemplate ----

func (AccessControl) CreateTemplate 

func (a AccessControl) CreateTemplate(accessToken string) error

CreateTemplate creating a template is not granular, you either have the ability to create templates or not

func (AccessControl) DeleteSSHTemplate 

func (a AccessControl) DeleteSSHTemplate(accessToken string, templateName string) error

DeleteSSHTemplate ----

func (AccessControl) DeleteTemplate 

func (a AccessControl) DeleteTemplate(accessToken string, templateName string) error

DeleteTemplate ..

func (AccessControl) GenerateIntermediateCSR 

func (a AccessControl) GenerateIntermediateCSR(accessToken string) error

GenerateIntermediateCSR ...

func (AccessControl) ListSSHTemplates 

func (a AccessControl) ListSSHTemplates(accessToken string) error

ListSSHTemplates ----

func (AccessControl) ListTemplates 

func (a AccessControl) ListTemplates(accessToken string) error

ListTemplates ...

func (AccessControl) ManageSSHTemplate 

func (a AccessControl) ManageSSHTemplate(accessToken string, templateName string) error

ManageSSHTemplate ---

func (AccessControl) ManageTemplate 

func (a AccessControl) ManageTemplate(accessToken string, templateName string) error

ManageTemplate ...

func (AccessControl) Purge 

func (a AccessControl) Purge(accessToken string) error

Purge ...

func (AccessControl) ReadSSHTemplate 

func (a AccessControl) ReadSSHTemplate(accessToken string, templateName string) error

ReadSSHTemplate ----

func (AccessControl) ReadTemplate 

func (a AccessControl) ReadTemplate(accessToken string, templateName string) error

ReadTemplate ...

func (AccessControl) RevokeCertificate 

func (a AccessControl) RevokeCertificate(accessToken string, serialNumber string) error

RevokeCertificate ...

func (AccessControl) SetCAChain 

func (a AccessControl) SetCAChain(accessToken string) error

SetCAChain ...

func (AccessControl) SetIntermediateCertificate 

func (a AccessControl) SetIntermediateCertificate(accessToken string) error

SetIntermediateCertificate ...

func (AccessControl) SignCertificate 

func (a AccessControl) SignCertificate(accessToken string, templateName string) error

SignCertificate ...

type AccessToken 

type AccessToken struct {
	Protected string `json:"protected"`
	Payload   string `json:"payload"`
	Signature string `json:"signature"`
}

AccessToken ...

type Payload 

type Payload struct {
	Sub string `json:"sub"`
	Iat int    `json:"iat"`
}

Payload ...

type PolicyTemplates 

type PolicyTemplates struct {
	// contains filtered or unexported fields
}

PolicyTemplates ...

func NewDefaultTemplates 

func NewDefaultTemplates() PolicyTemplates

NewDefaultTemplates calls NewTemplates with all of the default policy templates

func NewTemplates 

func NewTemplates(newTemplate string, deleteTemplate string, newCertificate string, deleteCertificate string, revokedCertificate string, newSSHTemplate string, deleteSSHTemplate string) PolicyTemplates

NewTemplates ...

type Privileges 

type Privileges struct {
	Authenticate                 string
	Purge                        string
	CRLPurge                     string
	CertificateSignSpecific      string
	CertificateCreateSpecific    string
	CertificateRevokeSpecific    string
	TemplateCreateAny            string
	TemplateManageSpecific       string
	TemplateDeleteSpecific       string
	TemplateReadSpecific         string
	ListTemplates                string
	GenerateIntermediateCSR      string
	SetIntermediateCertificate   string
	SetCAChain                   string
	SSHTemplateCreateAny         string
	SSHTemplateManageSpecific    string
	SSHTemplateDeleteSpecific    string
	SSHTemplateReadSpecific      string
	ListSSHTemplates             string
	SSHCertificateCreateSpecific string
}

Privileges ...

func NewDefaultPrivileges 

func NewDefaultPrivileges() Privileges

NewDefaultPrivileges ...

type Role 

type Role string

Role of conjur instance. Should be master or follower

type StorageBackend 

type StorageBackend struct {
	Access AccessControl
	// contains filtered or unexported fields
}

StorageBackend ...

func NewConjurPki 

func NewConjurPki(client *conjurapi.Client, policyBranch string, templates PolicyTemplates, access AccessControl, role Role) StorageBackend

NewConjurPki ...

func NewFromDefaults 

func NewFromDefaults() (StorageBackend, error)

NewFromDefaults ---

func (StorageBackend) CertificateRevoked 

func (c StorageBackend) CertificateRevoked(serialNumber *big.Int) (types.RevokedCertificate, error)

CertificateRevoked Return the types.RevokedCertifcate repersented by the certificate If the certificate is not revoked, and empty types.RevokedCertificate is returned

func (StorageBackend) CreateCertificate 

func (c StorageBackend) CreateCertificate(cert types.CreateCertificateData) error

CreateCertificate ...

func (StorageBackend) CreateSSHTemplate 

func (c StorageBackend) CreateSSHTemplate(template types.SSHTemplate) error

CreateSSHTemplate Creates a new SSH template in the Conjur backend

func (StorageBackend) CreateTemplate 

func (c StorageBackend) CreateTemplate(template types.Template) error

CreateTemplate ...

func (StorageBackend) DeleteCertificate 

func (c StorageBackend) DeleteCertificate(serialNumber *big.Int) error

DeleteCertificate ...

func (StorageBackend) DeleteSSHTemplate 

func (c StorageBackend) DeleteSSHTemplate(templateName string) error

DeleteSSHTemplate Deletes the template with given as `templateName` from the Conjur backend

func (StorageBackend) DeleteTemplate 

func (c StorageBackend) DeleteTemplate(templateName string) error

DeleteTemplate ...

func (StorageBackend) GetAccessControl 

func (c StorageBackend) GetAccessControl() backend.Access

GetAccessControl -----

func (StorageBackend) GetCAChain 

func (c StorageBackend) GetCAChain() ([]string, error)

GetCAChain ...

func (StorageBackend) GetCRL 

func (c StorageBackend) GetCRL() (string, error)

GetCRL ...

func (StorageBackend) GetCertificate 

func (c StorageBackend) GetCertificate(serialNumber *big.Int) (string, error)

GetCertificate ...

func (StorageBackend) GetRevokedCerts 

func (c StorageBackend) GetRevokedCerts() ([]types.RevokedCertificate, error)

GetRevokedCerts ...

func (StorageBackend) GetSSHTemplate 

func (c StorageBackend) GetSSHTemplate(templateName string) (types.SSHTemplate, error)

GetSSHTemplate Retrieves the information about a given template with `templateName` from the Conjur backend

func (StorageBackend) GetSigningCert 

func (c StorageBackend) GetSigningCert() (string, error)

GetSigningCert ...

func (StorageBackend) GetSigningKey 

func (c StorageBackend) GetSigningKey() (string, error)

GetSigningKey ...

func (StorageBackend) GetTemplate 

func (c StorageBackend) GetTemplate(templateName string) (types.Template, error)

GetTemplate ...

func (StorageBackend) InitConfig 

func (c StorageBackend) InitConfig() error

InitConfig This will init the policy in the 'pki' webservice

func (StorageBackend) ListCertificates 

func (c StorageBackend) ListCertificates() ([]*big.Int, error)

ListCertificates ...

func (StorageBackend) ListExpiredCertificates 

func (c StorageBackend) ListExpiredCertificates(dayBuffer int) ([]*big.Int, error)

ListExpiredCertificates List all certificates that are currenty expired

func (StorageBackend) ListSSHTemplates 

func (c StorageBackend) ListSSHTemplates() ([]string, error)

ListSSHTemplates Retrieves a list of all templates in the Conjur backend

func (StorageBackend) ListTemplates 

func (c StorageBackend) ListTemplates() ([]string, error)

ListTemplates ...

func (StorageBackend) RevokeCertificate 

func (c StorageBackend) RevokeCertificate(serialNumber *big.Int, reasonCode int, revocationDate time.Time) error

RevokeCertificate ...

func (StorageBackend) WriteCAChain 

func (c StorageBackend) WriteCAChain(certBundle []string) error

WriteCAChain ...

func (StorageBackend) WriteCRL 

func (c StorageBackend) WriteCRL(content string) error

WriteCRL ...

func (StorageBackend) WriteSigningCert 

func (c StorageBackend) WriteSigningCert(content string) error

WriteSigningCert ...

func (StorageBackend) WriteSigningKey 

func (c StorageBackend) WriteSigningKey(content string) error

WriteSigningKey ...

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.