Documentation ¶
Index ¶
- Constants
- Variables
- func Asset(name string) ([]byte, error)
- func AssetDigest(name string) ([sha256.Size]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func AssetString(name string) (string, error)
- func AuthenticationMiddleware() gin.HandlerFunc
- func DatabaseMiddleware(db *gorm.DB) gin.HandlerFunc
- func Digests() (map[string][sha256.Size]byte, error)
- func MustAsset(name string) []byte
- func MustAssetString(name string) string
- func NewAPIMux(server *Server, router *gin.RouterGroup)
- func RequestTimeoutMiddleware() gin.HandlerFunc
- func RequireAccessKey(c *gin.Context) error
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func Run(options Options) (err error)
- func SetupMetrics(db *gorm.DB) error
- type API
- func (a *API) CreateAccessKey(c *gin.Context, r *api.CreateAccessKeyRequest) (*api.CreateAccessKeyResponse, error)
- func (a *API) CreateDestination(c *gin.Context, r *api.CreateDestinationRequest) (*api.Destination, error)
- func (a *API) CreateGrant(c *gin.Context, r *api.CreateGrantRequest) (*api.Grant, error)
- func (a *API) CreateGroup(c *gin.Context, r *api.CreateGroupRequest) (*api.Group, error)
- func (a *API) CreateMachine(c *gin.Context, r *api.CreateMachineRequest) (*api.Machine, error)
- func (a *API) CreateProvider(c *gin.Context, r *api.CreateProviderRequest) (*api.Provider, error)
- func (a *API) CreateToken(c *gin.Context, r *api.CreateTokenRequest) (*api.CreateTokenResponse, error)
- func (a *API) CreateUser(c *gin.Context, r *api.CreateUserRequest) (*api.User, error)
- func (a *API) DeleteAccessKey(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteDestination(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteGrant(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteMachine(c *gin.Context, r *api.Resource) error
- func (a *API) DeleteProvider(c *gin.Context, r *api.Resource) error
- func (a *API) GetDestination(c *gin.Context, r *api.Resource) (*api.Destination, error)
- func (a *API) GetGrant(c *gin.Context, r *api.Resource) (*api.Grant, error)
- func (a *API) GetGroup(c *gin.Context, r *api.Resource) (*api.Group, error)
- func (a *API) GetMachine(c *gin.Context, r *api.Resource) (*api.Machine, error)
- func (a *API) GetProvider(c *gin.Context, r *api.Resource) (*api.Provider, error)
- func (a *API) GetUser(c *gin.Context, r *api.Resource) (*api.User, error)
- func (a *API) Introspect(c *gin.Context, r *api.EmptyRequest) (*api.Introspect, error)
- func (a *API) ListAccessKeys(c *gin.Context, r *api.ListAccessKeysRequest) ([]api.AccessKey, error)
- func (a *API) ListDestinations(c *gin.Context, r *api.ListDestinationsRequest) ([]api.Destination, error)
- func (a *API) ListGrants(c *gin.Context, r *api.ListGrantsRequest) ([]api.Grant, error)
- func (a *API) ListGroupGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)
- func (a *API) ListGroups(c *gin.Context, r *api.ListGroupsRequest) ([]api.Group, error)
- func (a *API) ListMachineGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)
- func (a *API) ListMachines(c *gin.Context, r *api.ListMachinesRequest) ([]api.Machine, error)
- func (a *API) ListProviders(c *gin.Context, r *api.ListProvidersRequest) ([]api.Provider, error)
- func (a *API) ListUserGrants(c *gin.Context, r *api.Resource) ([]api.Grant, error)
- func (a *API) ListUserGroups(c *gin.Context, r *api.Resource) ([]api.Group, error)
- func (a *API) ListUsers(c *gin.Context, r *api.ListUsersRequest) ([]api.User, error)
- func (a *API) Login(c *gin.Context, r *api.LoginRequest) (*api.LoginResponse, error)
- func (a *API) Logout(c *gin.Context, r *api.EmptyRequest) (*api.EmptyResponse, error)
- func (a *API) Setup(c *gin.Context, _ *api.EmptyRequest) (*api.CreateAccessKeyResponse, error)
- func (a *API) SetupRequired(c *gin.Context, _ *api.EmptyRequest) (*api.SetupRequiredResponse, error)
- func (a *API) UpdateDestination(c *gin.Context, r *api.UpdateDestinationRequest) (*api.Destination, error)
- func (a *API) UpdateProvider(c *gin.Context, r *api.UpdateProviderRequest) (*api.Provider, error)
- func (a *API) Version(c *gin.Context, r *api.EmptyRequest) (*api.Version, error)
- type Config
- type Grant
- type KeyProvider
- type Options
- type Provider
- type ReqHandlerFunc
- type ReqResHandlerFunc
- type ResHandlerFunc
- type SecretProvider
- type Server
- type StaticFileSystem
- type Telemetry
Constants ¶
const AssetDebug = false
AssetDebug is true if the assets were built with the debug flag enabled.
Variables ¶
var ( CookieAuthorizationName = "auth" CookieLoginName = "login" CookieDomain = "" CookiePath = "/" // while these vars look goofy, they avoid "magic number" arguments to SetCookie CookieHTTPOnlyNotJavascriptAccessible = true // setting HttpOnly to true means JS can't access it. CookieSecureHTTPSOnly = true // setting Secure to true means the cookie is only sent over https connections CookieMaxAgeDeleteImmediately = int(-1) // <0: delete immediately CookieMaxAgeNoExpiry = int(0) // zero has special meaning of "no expiry" )
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDigest ¶ added in v0.5.8
AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetString ¶ added in v0.5.8
AssetString returns the asset contents as a string (instead of a []byte).
func AuthenticationMiddleware ¶ added in v0.5.4
func AuthenticationMiddleware() gin.HandlerFunc
AuthenticationMiddleware validates the incoming token
func DatabaseMiddleware ¶ added in v0.5.4
func DatabaseMiddleware(db *gorm.DB) gin.HandlerFunc
DatabaseMiddleware injects a `db` object into the Gin context.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func MustAssetString ¶ added in v0.5.8
MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.
func NewAPIMux ¶ added in v0.5.4
func NewAPIMux(server *Server, router *gin.RouterGroup)
func RequestTimeoutMiddleware ¶ added in v0.5.4
func RequestTimeoutMiddleware() gin.HandlerFunc
RequestTimeoutMiddleware adds a timeout to the request context within the Gin context. To correctly abort long-running requests, this depends on the users of the context to stop working when the context cancels. Note: The goroutine for the request is never halted; if the context is not passed down to lower packages and long-running tasks, then the app will not magically stop working on the request. No effort should be made to write an early http response here; it's up to the users of the context to watch for c.Request.Context().Err() or <-c.Request.Context().Done()
func RequireAccessKey ¶ added in v0.5.4
RequireAccessKey checks the bearer token is present and valid
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory.
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively.
func SetupMetrics ¶ added in v0.5.4
Types ¶
type API ¶ added in v0.5.4
type API struct {
// contains filtered or unexported fields
}
func (*API) CreateAccessKey ¶ added in v0.5.4
func (a *API) CreateAccessKey(c *gin.Context, r *api.CreateAccessKeyRequest) (*api.CreateAccessKeyResponse, error)
func (*API) CreateDestination ¶ added in v0.5.4
func (a *API) CreateDestination(c *gin.Context, r *api.CreateDestinationRequest) (*api.Destination, error)
func (*API) CreateGrant ¶ added in v0.5.4
func (*API) CreateGroup ¶ added in v0.5.4
func (*API) CreateMachine ¶ added in v0.5.4
func (*API) CreateProvider ¶ added in v0.5.4
func (*API) CreateToken ¶ added in v0.5.4
func (a *API) CreateToken(c *gin.Context, r *api.CreateTokenRequest) (*api.CreateTokenResponse, error)
func (*API) CreateUser ¶ added in v0.5.4
func (*API) DeleteAccessKey ¶ added in v0.5.4
func (*API) DeleteDestination ¶ added in v0.5.4
func (*API) DeleteGrant ¶ added in v0.5.4
func (*API) DeleteMachine ¶ added in v0.5.4
func (*API) DeleteProvider ¶ added in v0.5.4
func (*API) GetDestination ¶ added in v0.5.4
func (*API) GetMachine ¶ added in v0.5.8
func (*API) GetProvider ¶ added in v0.5.4
caution: this endpoint is unauthenticated, do not return sensitive info
func (*API) Introspect ¶ added in v0.5.8
func (a *API) Introspect(c *gin.Context, r *api.EmptyRequest) (*api.Introspect, error)
Introspect is used by clients to get info about the token they are using
func (*API) ListAccessKeys ¶ added in v0.5.4
func (*API) ListDestinations ¶ added in v0.5.4
func (a *API) ListDestinations(c *gin.Context, r *api.ListDestinationsRequest) ([]api.Destination, error)
func (*API) ListGrants ¶ added in v0.5.4
func (*API) ListGroupGrants ¶ added in v0.5.4
func (*API) ListGroups ¶ added in v0.5.4
func (*API) ListMachineGrants ¶ added in v0.5.8
func (*API) ListMachines ¶ added in v0.5.4
func (*API) ListProviders ¶ added in v0.5.4
caution: this endpoint is unauthenticated, do not return sensitive info
func (*API) ListUserGrants ¶ added in v0.5.4
func (*API) ListUserGroups ¶ added in v0.5.4
func (*API) Login ¶ added in v0.5.4
func (a *API) Login(c *gin.Context, r *api.LoginRequest) (*api.LoginResponse, error)
func (*API) Logout ¶ added in v0.5.4
func (a *API) Logout(c *gin.Context, r *api.EmptyRequest) (*api.EmptyResponse, error)
func (*API) Setup ¶ added in v0.5.9
func (a *API) Setup(c *gin.Context, _ *api.EmptyRequest) (*api.CreateAccessKeyResponse, error)
func (*API) SetupRequired ¶ added in v0.5.9
func (a *API) SetupRequired(c *gin.Context, _ *api.EmptyRequest) (*api.SetupRequiredResponse, error)
func (*API) UpdateDestination ¶ added in v0.5.4
func (a *API) UpdateDestination(c *gin.Context, r *api.UpdateDestinationRequest) (*api.Destination, error)
func (*API) UpdateProvider ¶ added in v0.5.4
type Grant ¶ added in v0.5.9
type Grant struct { User string `mapstructure:"user" validate:"excluded_with=Group,excluded_with=Machine"` Group string `mapstructure:"group" validate:"excluded_with=User,excluded_with=Machine"` Machine string `mapstructure:"machine" validate:"excluded_with=User,excluded_with=Group"` Provider string `mapstructure:"provider"` Role string `mapstructure:"role" validate:"required"` Resource string `mapstructure:"resource" validate:"required"` }
type KeyProvider ¶ added in v0.5.4
type KeyProvider struct { Kind string `yaml:"kind" validate:"required"` Config interface{} // contains secret-provider-specific config }
func (*KeyProvider) UnmarshalYAML ¶ added in v0.5.4
func (sp *KeyProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type Options ¶ added in v0.5.4
type Options struct { TLSCache string `mapstructure:"tlsCache"` AdminAccessKey string `mapstructure:"adminAccessKey"` AccessKey string `mapstructure:"accessKey"` EnableTelemetry bool `mapstructure:"enableTelemetry"` EnableCrashReporting bool `mapstructure:"enableCrashReporting"` EnableUI bool `mapstructure:"enableUI"` UIProxyURL string `mapstructure:"uiProxyURL"` EnableSetup bool `mapstructure:"enableSetup"` SessionDuration time.Duration `mapstructure:"sessionDuration"` DBFile string `mapstructure:"dbFile" ` DBEncryptionKey string `mapstructure:"dbEncryptionKey"` DBEncryptionKeyProvider string `mapstructure:"dbEncryptionKeyProvider"` DBHost string `mapstructure:"dbHost" ` DBPort int `mapstructure:"dbPort"` DBName string `mapstructure:"dbName"` DBUser string `mapstructure:"dbUser"` DBPassword string `mapstructure:"dbPassword"` DBParameters string `mapstructure:"dbParameters"` Keys []KeyProvider `mapstructure:"keys"` Secrets []SecretProvider `mapstructure:"secrets"` Config `mapstructure:",squash"` NetworkEncryption string `mapstructure:"networkEncryption"` // mtls (default), e2ee, none. TrustInitialClientPublicKey string `mapstructure:"trustInitialClientPublicKey"` InitialRootCACert string `mapstructure:"initialRootCACert"` InitialRootCAPublicKey string `mapstructure:"initialRootCAPublicKey"` FullKeyRotationInDays int `mapstructure:"fullKeyRotationInDays"` // 365 default }
type ReqHandlerFunc ¶ added in v0.5.4
type ReqResHandlerFunc ¶ added in v0.5.4
type ResHandlerFunc ¶ added in v0.5.4
type SecretProvider ¶ added in v0.5.4
type SecretProvider struct { Kind string `yaml:"kind" validate:"required"` Name string `yaml:"name"` // optional Config interface{} // contains secret-provider-specific config }
func (*SecretProvider) UnmarshalYAML ¶ added in v0.5.4
func (sp *SecretProvider) UnmarshalYAML(unmarshal func(interface{}) error) error
type StaticFileSystem ¶
type StaticFileSystem struct {
// contains filtered or unexported fields
}