Documentation ¶
Index ¶
- Constants
- type Claims
- type Client
- func (c *Client) Close()
- func (c *Client) DilithiumGenerateKeys(mode int) (publicKey string, privateKey string, err error)
- func (c *Client) DilithiumSign(mode int, privateKey, message string) (signature string, err error)
- func (c *Client) DilithiumVerify(mode int, publicKey, message, signature string) (verifyResult bool, err error)
- func (c *Client) GenerateHeaders() (headers [2][2]string)
- func (c *Client) GetConfig(configId string, result interface{}) (err error)
- func (c *Client) GetErrorChannel() (ch <-chan Error)
- func (c *Client) GetMyToken() (token string)
- func (c *Client) GetTokenClaims(workloadId, token string) (*Claims, error)
- func (c *Client) KyberDecrypt(privateKey string, ciphertext string) (secret string, err error)
- func (c *Client) KyberEncrypt(publicKey string) (ciphertext, secret string, err error)
- func (c *Client) KyberGenerateKeys() (publicKey, privateKey string, err error)
- func (c *Client) ValidateGinRequest(context *gin.Context) (verifyResult bool)
- func (c *Client) ValidateGinRequestWithAccess(context *gin.Context, resource, action string) (verifyResult bool)
- func (c *Client) ValidateToken(workloadId, token string) (verifyResult bool)
- func (c *Client) ValidateTokenWithAccess(workloadId, token, resource, action string) (verifyResult bool)
- type ClientOptions
- type Error
Constants ¶
const ( IdHeaderName = "magellanic-workload-id" AuthHeaderName = "magellanic-authorization" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct { // ID is a unique ID of this workload ID string // contains filtered or unexported fields }
Client is used to integrate your application into Magellanic.
Use NewClient or NewClientWithOptions to create an instance
func NewClient ¶
NewClient creates a new Client instance without options. Use it if you are providing all Magellanic configuration options via environment variables
func NewClientWithOptions ¶
func NewClientWithOptions(options *ClientOptions) (client *Client, err error)
NewClientWithOptions creates a new Client instance with options. Use it if you want to provide all Magellanic configuration options directly
func (*Client) Close ¶
func (c *Client) Close()
Close will terminate the go routines being executed to perform token rotation
func (*Client) DilithiumGenerateKeys ¶
DilithiumGenerateKeys generates Dilithium public key/private key pair. Mode must be 2 or 3
func (*Client) DilithiumSign ¶
DilithiumSign creates a signature of provided message using Dilithium
func (*Client) DilithiumVerify ¶
func (c *Client) DilithiumVerify(mode int, publicKey, message, signature string) (verifyResult bool, err error)
DilithiumVerify verifies the signature of the message using Dilithium
func (*Client) GenerateHeaders ¶
GenerateHeaders returns headers to be appended to an outgoing request addressed to another workload.
It returns the array of 2 arrays of 2 strings, where the first string of the nested array is the header name and the second is the value
func (*Client) GetConfig ¶
GetConfig pulls the specified configuration from Magellanic and unmarshalls it into provided result
func (*Client) GetErrorChannel ¶
GetErrorChannel returns the receive-only channel that will be notified of any occurring errors.
It should always be consumed and handled in a separate goroutine
func (*Client) GetMyToken ¶
GetMyToken returns the most recent token of this workload
func (*Client) GetTokenClaims ¶
GetTokenClaims validates the token and returns its Claims if the token is valid
func (*Client) KyberDecrypt ¶
KyberDecrypt decrypts a secret using ciphertext and private key
func (*Client) KyberEncrypt ¶
KyberEncrypt generates Kyber secret and ciphertext using provided public key
func (*Client) KyberGenerateKeys ¶
KyberGenerateKeys generates Kyber public key/private key pair
func (*Client) ValidateGinRequest ¶
ValidateGinRequest validates request's token using provided gin context
Returns true if the token is valid or false if not
func (*Client) ValidateGinRequestWithAccess ¶
func (c *Client) ValidateGinRequestWithAccess(context *gin.Context, resource, action string) (verifyResult bool)
ValidateGinRequestWithAccess validates request's token and access to the specified resource using provided gin context
Returns true if the token is valid and the workload has proper permissions or false if token is not valid or workload has no sufficient permissions
func (*Client) ValidateToken ¶
ValidateToken validates the token of the specified workload.
Returns true if the token is valid or false if not
func (*Client) ValidateTokenWithAccess ¶
func (c *Client) ValidateTokenWithAccess(workloadId, token, resource, action string) (verifyResult bool)
ValidateTokenWithAccess validates the token and access to the resource of the specified workload.
Returns true if the token is valid and the workload has proper permissions or false if token is not valid or workload has no sufficient permissions