Documentation ¶
Overview ¶
Package registry provides access to the Torus registry REST API.
Index ¶
- Variables
- type ClaimTree
- type ClaimTreeClient
- type ClaimedKeyPair
- type ClaimsClient
- type Client
- type CredentialGraph
- type CredentialGraphClient
- func (c *CredentialGraphClient) List(ctx context.Context, path string, pathExp *pathexp.PathExp, ...) ([]CredentialGraph, error)
- func (c *CredentialGraphClient) Post(ctx context.Context, t *CredentialGraph) (CredentialGraph, error)
- func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string, ownerID *identity.ID, ...) ([]CredentialGraph, error)
- type CredentialGraphV1
- type CredentialGraphV2
- type Credentials
- type DefaultRequestDoer
- type EnvironmentsClient
- type KeyPairsClient
- type Keypairs
- type KeyringClient
- type KeyringMember
- type KeyringMemberClientV1
- type KeyringMembersClient
- type KeyringSection
- type KeyringSectionV1
- func (k *KeyringSectionV1) FindMEKByKeyID(id *identity.ID) (*primitive.MEKShare, error)
- func (k *KeyringSectionV1) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
- func (KeyringSectionV1) GetClaims() []envelope.KeyringMemberClaim
- func (k *KeyringSectionV1) GetKeyring() envelope.KeyringInf
- func (KeyringSectionV1) HasRevocations() bool
- func (k *KeyringSectionV1) KeyringVersion() int
- type KeyringSectionV2
- func (k *KeyringSectionV2) FindMEKByKeyID(id *identity.ID) (*primitive.MEKShare, error)
- func (k *KeyringSectionV2) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
- func (k *KeyringSectionV2) GetClaims() []envelope.KeyringMemberClaim
- func (k *KeyringSectionV2) GetKeyring() envelope.KeyringInf
- func (k *KeyringSectionV2) HasRevocations() bool
- func (k *KeyringSectionV2) KeyringVersion() int
- type MachineCreationSegment
- type MachineTokenCreationSegment
- type MachinesClient
- func (m *MachinesClient) Create(ctx context.Context, machine *envelope.Machine, ...) (*apitypes.MachineSegment, error)
- func (m *MachinesClient) Destroy(ctx context.Context, machineID *identity.ID) error
- func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)
- func (m *MachinesClient) List(ctx context.Context, orgID *identity.ID, state *string, name *string, ...) ([]apitypes.MachineSegment, error)
- type MembershipsClient
- func (m *MembershipsClient) Create(ctx context.Context, userID, orgID, teamID *identity.ID) error
- func (m *MembershipsClient) Delete(ctx context.Context, membership *identity.ID) error
- func (m *MembershipsClient) List(ctx context.Context, orgID *identity.ID, teamID *identity.ID, ...) ([]envelope.Membership, error)
- type OrgInvitesClient
- func (o *OrgInvitesClient) Accept(ctx context.Context, org, email, code string) error
- func (o *OrgInvitesClient) Approve(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)
- func (o *OrgInvitesClient) Associate(ctx context.Context, org, email, code string) (*envelope.OrgInvite, error)
- func (o *OrgInvitesClient) Get(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)
- func (o *OrgInvitesClient) List(ctx context.Context, orgID *identity.ID, states []string, email string) ([]envelope.OrgInvite, error)
- func (o *OrgInvitesClient) Send(ctx context.Context, email string, orgID, inviterID identity.ID, ...) error
- type OrgTreeSegment
- type OrgsClient
- func (o *OrgsClient) Create(ctx context.Context, name string) (*envelope.Org, error)
- func (o *OrgsClient) Get(ctx context.Context, orgID *identity.ID) (*envelope.Org, error)
- func (o *OrgsClient) GetByName(ctx context.Context, name string) (*envelope.Org, error)
- func (o *OrgsClient) GetTree(ctx context.Context, orgID identity.ID) ([]OrgTreeSegment, error)
- func (o *OrgsClient) List(ctx context.Context) ([]envelope.Org, error)
- func (o *OrgsClient) RemoveMember(ctx context.Context, orgID identity.ID, userID identity.ID) error
- type PoliciesClient
- func (p *PoliciesClient) Attach(ctx context.Context, org, policy, team *identity.ID) error
- func (p *PoliciesClient) AttachmentsList(ctx context.Context, orgID, ownerID, policyID *identity.ID) ([]envelope.PolicyAttachment, error)
- func (p *PoliciesClient) Create(ctx context.Context, policy *primitive.Policy) (*envelope.Policy, error)
- func (p *PoliciesClient) Delete(ctx context.Context, policyID *identity.ID) error
- func (p *PoliciesClient) Detach(ctx context.Context, attachmentID *identity.ID) error
- func (p *PoliciesClient) List(ctx context.Context, orgID *identity.ID, name string) ([]envelope.Policy, error)
- type ProfilesClient
- type ProjectTreeSegment
- type ProjectsClient
- func (p *ProjectsClient) Create(ctx context.Context, org *identity.ID, name string) (*envelope.Project, error)
- func (p *ProjectsClient) GetTree(ctx context.Context, orgID *identity.ID) ([]ProjectTreeSegment, error)
- func (p *ProjectsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Project, error)
- func (p *ProjectsClient) Search(ctx context.Context, orgIDs []identity.ID, names []string) ([]envelope.Project, error)
- type RequestDoer
- type RoundTripper
- type SelfClient
- type ServicesClient
- type TeamsClient
- func (t *TeamsClient) Create(ctx context.Context, orgID *identity.ID, name string, ...) (*envelope.Team, error)
- func (t *TeamsClient) GetByName(ctx context.Context, orgID *identity.ID, name string) ([]envelope.Team, error)
- func (t *TeamsClient) GetByOrg(ctx context.Context, orgID *identity.ID) ([]envelope.Team, error)
- func (t *TeamsClient) List(ctx context.Context, orgID *identity.ID, name string, ...) ([]envelope.Team, error)
- type TokenHolder
- type TokensClient
- func (t *TokensClient) Delete(ctx context.Context, token string) error
- func (t *TokensClient) PostEdDSAAuth(ctx context.Context, token string, sig *base64.Value) (*envelope.Token, error)
- func (t *TokensClient) PostLogin(ctx context.Context, creds apitypes.LoginCredential) (*base64.Value, *envelope.Token, error)
- func (t *TokensClient) PostUpgradeEdDSAAuth(ctx context.Context, token, hmac string, sig, publicKey *base64.Value) (*envelope.Token, error)
- type UsersClient
- func (u *UsersClient) Create(ctx context.Context, userObj *envelope.User, signup apitypes.Signup) (envelope.UserInf, error)
- func (u *UsersClient) Update(ctx context.Context, userObj interface{}) (envelope.UserInf, error)
- func (u *UsersClient) VerifyEmail(ctx context.Context, verifyCode string) error
- type VersionClient
Constants ¶
This section is empty.
Variables ¶
var ErrClaimTreeNotFound = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Could not find claim tree for org"}, }
ErrClaimTreeNotFound represents a situation where a claimtree could not be found
var ErrKeyNotFound = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Could not locate public key segment for specified key id"}, }
ErrKeyNotFound represents a situation where a key could not be found
var ErrMemberNotFound = errors.New("keyring membership not found")
ErrMemberNotFound is returned when a keyring member find call fails.
var ErrMissingKeyForOwner = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Could not locate public key segment in claimtree for target"}, }
ErrMissingKeyForOwner represents a situation where a key of a specific type could not be found for the owner inside an org
var ErrMissingKeysForOrg = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Could not find keypairs for org"}, }
ErrMissingKeysForOrg returns an error where the given org id is not present in the keypairs map
var ErrMissingValidKeypair = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Missing encryption or signing keypairs"}, }
ErrMissingValidKeypair represents an error where a valid signing or encryption keypair could not be found for an organization
var ErrPublicKeyNotFound = &apitypes.Error{ Type: apitypes.NotFoundError, Err: []string{"Could not find public key"}, }
ErrPublicKeyNotFound represents an error where a given public key inside a Keypairs struct could not be found.
Functions ¶
This section is empty.
Types ¶
type ClaimTree ¶
type ClaimTree struct { Org *envelope.Org `json:"org"` PublicKeys []apitypes.PublicKeySegment `json:"public_keys"` }
ClaimTree represents an organizations claim tree which contains public signing and encryption keys for every member.
func (*ClaimTree) Find ¶ added in v0.27.0
Find returns the PublicKeySegment for the given PublicKeyID. Accepts a boolean for indicating whether or not to enforce that the key must be active.
If a key segment could not be found an error is returned.
func (*ClaimTree) FindActive ¶ added in v0.27.0
func (ct *ClaimTree) FindActive(ownerID *identity.ID, t primitive.KeyType) (*apitypes.PublicKeySegment, error)
FindActive returns the PublicKeySegment for a non-revoked Public Key for the given owner id.
If an active key cannot be found an error is returned
type ClaimTreeClient ¶
type ClaimTreeClient struct {
// contains filtered or unexported fields
}
ClaimTreeClient represents the `/claimtree` registry endpoint, used for retrieving the public keys and their associated claims for an organization.
func (*ClaimTreeClient) Get ¶ added in v0.27.0
func (c *ClaimTreeClient) Get(ctx context.Context, orgID *identity.ID, ownerID *identity.ID) (*ClaimTree, error)
Get returns a claimtree for a specific organization by the given orgID.
If an ownerID is provided then only public keys and claims related to that user or machine will be returned.
func (*ClaimTreeClient) List ¶
func (c *ClaimTreeClient) List(ctx context.Context, orgID *identity.ID, ownerID *identity.ID) ([]ClaimTree, error)
List returns a list of all claimtrees for a given orgID. If no orgID is provided then it returns all claimtrees for every organization the user belongs too.
If an ownerID is provided then only public keys and claims related to that user or machine will be returned.
type ClaimedKeyPair ¶
type ClaimedKeyPair struct { apitypes.PublicKeySegment PrivateKey *envelope.PrivateKey `json:"private_key"` }
ClaimedKeyPair contains a public/private keypair, and all the Claims made against it (system and user signatures).
type ClaimsClient ¶
type ClaimsClient struct {
// contains filtered or unexported fields
}
ClaimsClient represents the `/claims` registry endpoint for making claims against keypairs. Claims can either be a signature or a revocation.
type Client ¶
type Client struct { KeyPairs *KeyPairsClient Tokens *TokensClient Users *UsersClient Teams *TeamsClient Memberships *MembershipsClient Credentials *Credentials Orgs *OrgsClient OrgInvites *OrgInvitesClient Policies *PoliciesClient Projects *ProjectsClient Environments *EnvironmentsClient Services *ServicesClient Keyring *KeyringClient KeyringMember *KeyringMemberClientV1 Claims *ClaimsClient ClaimTree *ClaimTreeClient CredentialGraph *CredentialGraphClient Machines *MachinesClient Profiles *ProfilesClient Self *SelfClient Version *VersionClient }
Client exposes the registry REST API.
func NewClient ¶
func NewClient(prefix string, apiVersion string, version string, token TokenHolder, t http.RoundTripper) *Client
NewClient returns a new Client.
func NewClientWithRoundTripper ¶
func NewClientWithRoundTripper(rt RoundTripper) *Client
NewClientWithRoundTripper returns a new Client using the provided RoundTripper. This is used in the api package to embed registry endpoints.
type CredentialGraph ¶
type CredentialGraph interface { KeyringSection GetCredentials() []envelope.CredentialInf }
CredentialGraph is the shared interface between different credential graph versions
type CredentialGraphClient ¶
type CredentialGraphClient struct {
// contains filtered or unexported fields
}
CredentialGraphClient represents the `/credentialgraph` registry endpoint, user for retrieving keyrings, keyring members, and credentials associated with claims.
func (*CredentialGraphClient) List ¶
func (c *CredentialGraphClient) List(ctx context.Context, path string, pathExp *pathexp.PathExp, ownerID *identity.ID, teamIDs []identity.ID) ([]CredentialGraph, error)
List returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that match the given name, path, or path expression.
func (*CredentialGraphClient) Post ¶
func (c *CredentialGraphClient) Post(ctx context.Context, t *CredentialGraph) (CredentialGraph, error)
Post creates a new CredentialGraph on the registry.
The CredentialGraph includes the keyring, it's members, and credentials.
func (*CredentialGraphClient) Search ¶
func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string, ownerID *identity.ID, teamIDs []identity.ID) ([]CredentialGraph, error)
Search returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that are contained within the given loose path expression. It is loose in that it can have * for projects.
type CredentialGraphV1 ¶
type CredentialGraphV1 struct { KeyringSectionV1 Credentials []envelope.CredentialInf `json:"credentials"` }
CredentialGraphV1 represents a Keyring, it's members, and associated Credentials.
func (*CredentialGraphV1) GetCredentials ¶
func (c *CredentialGraphV1) GetCredentials() []envelope.CredentialInf
GetCredentials returns the Credentials objects in this CredentialGraph
type CredentialGraphV2 ¶
type CredentialGraphV2 struct { KeyringSectionV2 Credentials []envelope.CredentialInf `json:"credentials"` }
CredentialGraphV2 represents a Keyring, it's members, and associated Credentials.
func (*CredentialGraphV2) GetCredentials ¶
func (c *CredentialGraphV2) GetCredentials() []envelope.CredentialInf
GetCredentials returns the Credentials objects in this CredentialGraph
type Credentials ¶
type Credentials struct {
// contains filtered or unexported fields
}
Credentials represents the `/credentials` registry endpoint, used for accessing encrypted credentials/secrets.
func (*Credentials) Create ¶
func (c *Credentials) Create(ctx context.Context, creds []envelope.CredentialInf) ([]*envelope.Credential, error)
Create creates the provided credential in the registry.
type DefaultRequestDoer ¶
DefaultRequestDoer is a default implementation of the RequestDoer interface. It is shared and extended by the registry and api clients.
func (*DefaultRequestDoer) Do ¶
func (rt *DefaultRequestDoer) Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error)
Do executes an http.Request, populating v with the JSON response on success.
If the request errors with a JSON formatted response body, it will be unmarshaled into the returned error.
func (*DefaultRequestDoer) NewRequest ¶
func (rt *DefaultRequestDoer) NewRequest(method, path string, query *url.Values, body interface{}) (*http.Request, error)
NewRequest constructs a new http.Request, with a body containing the json representation of body, if provided.
type EnvironmentsClient ¶
type EnvironmentsClient struct {
// contains filtered or unexported fields
}
EnvironmentsClient makes proxied requests to the registry's envs endpoints
type KeyPairsClient ¶
type KeyPairsClient struct {
// contains filtered or unexported fields
}
KeyPairsClient represents the `/keypairs` registry endpoint, used for accessing users' signing and encryption keypairs.
func (*KeyPairsClient) Create ¶
func (k *KeyPairsClient) Create(ctx context.Context, pubKey *envelope.PublicKey, privKey *envelope.PrivateKey, claim *envelope.Claim) (*envelope.PublicKey, *envelope.PrivateKey, []envelope.Claim, error)
Create creates a new keypair on the registry.
The keypair includes the user's public key, private key, and a self-signed claim on the public key.
keys may be either signing or encryption keys.
type Keypairs ¶ added in v0.27.0
type Keypairs struct {
// contains filtered or unexported fields
}
Keypairs contains a slice of a users claimed keypairs for many different organizations
func NewKeypairs ¶ added in v0.27.0
func NewKeypairs() *Keypairs
NewKeypairs returns an empty keypairs struct
func (*Keypairs) Add ¶ added in v0.27.0
func (kp *Keypairs) Add(keypairs ...ClaimedKeyPair) error
Add adds the given keypairs to the list of keypairs
func (*Keypairs) All ¶ added in v0.27.0
func (kp *Keypairs) All() []ClaimedKeyPair
All returns all keypairs including those which have been revoked.
type KeyringClient ¶
type KeyringClient struct { Members *KeyringMembersClient // contains filtered or unexported fields }
KeyringClient represents the `/keyrings` registry end point for accessing keyrings the user or machine belong too.
type KeyringMember ¶
type KeyringMember struct { Member *envelope.KeyringMember `json:"member"` }
KeyringMember holds membership information for v2 keyrings. In v2, a user can have their master encryption key share removed.
type KeyringMemberClientV1 ¶
type KeyringMemberClientV1 struct {
// contains filtered or unexported fields
}
KeyringMemberClientV1 represents the `/keyring-members` registry endpoint for creating memberships related to a set of Keyrings.
func (*KeyringMemberClientV1) Post ¶
func (k *KeyringMemberClientV1) Post(ctx context.Context, members []envelope.KeyringMemberV1) ([]envelope.KeyringMemberV1, error)
Post sends a creation requests for a set of KeyringMember objects to the registry.
type KeyringMembersClient ¶
type KeyringMembersClient struct {
// contains filtered or unexported fields
}
KeyringMembersClient represents the `/keyring/:id/members` registry endpoint for creating memberships in a keyring.
func (*KeyringMembersClient) Post ¶
func (k *KeyringMembersClient) Post(ctx context.Context, member KeyringMember) error
Post sends a creation requests for a set of KeyringMember objects to the registry.
type KeyringSection ¶
type KeyringSection interface { GetKeyring() envelope.KeyringInf KeyringVersion() int FindMember(*identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error) FindMEKByKeyID(*identity.ID) (*primitive.MEKShare, error) HasRevocations() bool GetClaims() []envelope.KeyringMemberClaim }
KeyringSection is the shared interface between different KeyringSection versions.
type KeyringSectionV1 ¶
type KeyringSectionV1 struct { Keyring *envelope.KeyringV1 `json:"keyring"` Members []envelope.KeyringMemberV1 `json:"members"` }
KeyringSectionV1 represents a section of the CredentialGraph only pertaining to a keyring and it's membership.
func (*KeyringSectionV1) FindMEKByKeyID ¶ added in v0.27.0
FindMEKByKeyID returns the MEKShare for the given encrypting key id.
The data is returned in the V2 format.
func (*KeyringSectionV1) FindMember ¶
func (k *KeyringSectionV1) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
FindMember returns the membership and mekshare for the given user id. The data is returned in V2 format.
func (KeyringSectionV1) GetClaims ¶ added in v0.23.0
func (KeyringSectionV1) GetClaims() []envelope.KeyringMemberClaim
GetClaims returns the Member claims for this keyring. These don't exist in V1 so it is always an empty list.
func (*KeyringSectionV1) GetKeyring ¶
func (k *KeyringSectionV1) GetKeyring() envelope.KeyringInf
GetKeyring returns the Keyring object in this KeyringSection
func (KeyringSectionV1) HasRevocations ¶
func (KeyringSectionV1) HasRevocations() bool
HasRevocations indicates that a Keyring holds revoked user keys. We don't track in V1 so it is always false.
func (*KeyringSectionV1) KeyringVersion ¶
func (k *KeyringSectionV1) KeyringVersion() int
KeyringVersion returns the version of the keyring itself (not its schema).
type KeyringSectionV2 ¶
type KeyringSectionV2 struct { Keyring *envelope.Keyring `json:"keyring"` Members []KeyringMember `json:"members"` Claims []envelope.KeyringMemberClaim `json:"claims"` }
KeyringSectionV2 represents a Keyring and its members.
func (*KeyringSectionV2) FindMEKByKeyID ¶ added in v0.27.0
FindMEKByKeyID returns the mekshare for the given encrypting key id.
An owner (user/machine token) may have multiple memberships, one per encryption key. There will only be one unrevoked membership. Eitgher this unrevoked membership will ber returned, or the result will error with ErrMemberNotFound.
func (*KeyringSectionV2) FindMember ¶
func (k *KeyringSectionV2) FindMember(id *identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
FindMember returns the membership and mekshare for the given user id.
An owner (user/machine token) may have multiple memberships, one per encryption key. There will only be one unrevoked membership. Either this unrevoked membership will be returned, or the result will error with ErrMemberNotFound.
func (*KeyringSectionV2) GetClaims ¶ added in v0.23.0
func (k *KeyringSectionV2) GetClaims() []envelope.KeyringMemberClaim
GetClaims returns the list of Member claims for this keyring.
func (*KeyringSectionV2) GetKeyring ¶
func (k *KeyringSectionV2) GetKeyring() envelope.KeyringInf
GetKeyring returns the Keyring object in this KeyringSection
func (*KeyringSectionV2) HasRevocations ¶
func (k *KeyringSectionV2) HasRevocations() bool
HasRevocations indicates that a Keyring holds revoked user keys.
func (*KeyringSectionV2) KeyringVersion ¶
func (k *KeyringSectionV2) KeyringVersion() int
KeyringVersion returns the version of the keyring itself (not its schema).
type MachineCreationSegment ¶
type MachineCreationSegment struct { apitypes.MachineSegment Tokens []MachineTokenCreationSegment `json:"tokens"` }
MachineCreationSegment represents the request sent to create the registry to create a machine and it's first token
type MachineTokenCreationSegment ¶
type MachineTokenCreationSegment struct { Token *envelope.MachineToken `json:"token"` Keypairs []*ClaimedKeyPair `json:"keypairs"` }
MachineTokenCreationSegment represents the request send to the registry to create a Machine Token
type MachinesClient ¶
type MachinesClient struct {
// contains filtered or unexported fields
}
MachinesClient represents the `/machines` registry endpoint, used for creating, listing, authorizing, and destroying machines and their tokens.
func (*MachinesClient) Create ¶
func (m *MachinesClient) Create(ctx context.Context, machine *envelope.Machine, memberships []envelope.Membership, token *MachineTokenCreationSegment) (*apitypes.MachineSegment, error)
Create requests the registry to create a MachineSegment.
The MachineSegment includes the Machine, it's Memberships, and authorization tokens.
func (*MachinesClient) Get ¶
func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)
Get requests a single machine from the registry
type MembershipsClient ¶
type MembershipsClient struct {
// contains filtered or unexported fields
}
MembershipsClient represents the `/memberships` registry endpoint, used for accessing the relationship between users, organization, and teams.
type OrgInvitesClient ¶
type OrgInvitesClient struct {
// contains filtered or unexported fields
}
OrgInvitesClient represents the `/org-invites` registry endpoint, used for sending, accepting, and approving invitations to organizations in Torus.
func (*OrgInvitesClient) Accept ¶
func (o *OrgInvitesClient) Accept(ctx context.Context, org, email, code string) error
Accept executes the accept invite request
func (*OrgInvitesClient) Approve ¶
func (o *OrgInvitesClient) Approve(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)
Approve sends an approval notification to the registry regarding a specific invitation.
func (*OrgInvitesClient) Associate ¶
func (o *OrgInvitesClient) Associate(ctx context.Context, org, email, code string) (*envelope.OrgInvite, error)
Associate executes the associate invite request
func (*OrgInvitesClient) Get ¶
func (o *OrgInvitesClient) Get(ctx context.Context, inviteID *identity.ID) (*envelope.OrgInvite, error)
Get returns a specific Org Invite based on it's ID
type OrgTreeSegment ¶
type OrgTreeSegment struct { Org *primitive.Org `json:"org"` Policies []primitive.Policy `json:"policies"` Profiles []*apitypes.Profile `json:"profiles"` Teams []*struct { Team *envelope.Team `json:"team"` Memberships *[]envelope.Membership `json:"memberships"` PolicyAttachments *[]envelope.PolicyAttachment `json:"policy_attachments"` } `json:"teams"` }
OrgTreeSegment is the payload returned for an org tree
type OrgsClient ¶
type OrgsClient struct {
// contains filtered or unexported fields
}
OrgsClient makes proxied requests to the registry's orgs endpoints
func (*OrgsClient) Create ¶
Create creates a new org with the given name. It returns the newly-created org.
func (*OrgsClient) GetTree ¶
func (o *OrgsClient) GetTree(ctx context.Context, orgID identity.ID) ([]OrgTreeSegment, error)
GetTree returns an org tree
func (*OrgsClient) RemoveMember ¶
RemoveMember removes a user from an org
type PoliciesClient ¶
type PoliciesClient struct {
// contains filtered or unexported fields
}
PoliciesClient makes proxied requests to the registry's policies endpoints
func (*PoliciesClient) AttachmentsList ¶
func (p *PoliciesClient) AttachmentsList(ctx context.Context, orgID, ownerID, policyID *identity.ID) ([]envelope.PolicyAttachment, error)
AttachmentsList retrieves all policy attachments for an org
func (*PoliciesClient) Create ¶
func (p *PoliciesClient) Create(ctx context.Context, policy *primitive.Policy) (*envelope.Policy, error)
Create creates a new policy
type ProfilesClient ¶
type ProfilesClient struct {
// contains filtered or unexported fields
}
ProfilesClient makes proxied requests to the registry's profiles endpoints
func (*ProfilesClient) ListByID ¶
func (p *ProfilesClient) ListByID(ctx context.Context, userIDs []identity.ID) ([]apitypes.Profile, error)
ListByID returns profiles looked up by User ID
func (*ProfilesClient) ListByName ¶
ListByName returns profiles looked up by username
type ProjectTreeSegment ¶
type ProjectTreeSegment struct { Org *envelope.Org `json:"org"` Envs []*envelope.Environment `json:"envs"` Services []*envelope.Service `json:"services"` Projects []envelope.Project `json:"projects"` Profiles []*apitypes.Profile `json:"profiles"` }
ProjectTreeSegment is the payload returned for a project tree
type ProjectsClient ¶
type ProjectsClient struct {
// contains filtered or unexported fields
}
ProjectsClient makes proxied requests to the registry's projects endpoints
func (*ProjectsClient) Create ¶
func (p *ProjectsClient) Create(ctx context.Context, org *identity.ID, name string) (*envelope.Project, error)
Create creates a new project with the given name within the given org
func (*ProjectsClient) GetTree ¶
func (p *ProjectsClient) GetTree(ctx context.Context, orgID *identity.ID) ([]ProjectTreeSegment, error)
GetTree returns a project tree
type RequestDoer ¶
type RequestDoer interface { NewRequest(method, path string, query *url.Values, body interface{}) (*http.Request, error) Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error) }
RequestDoer is the interface used to construct and send requests to the torus registry.
type RoundTripper ¶
type RoundTripper interface { RequestDoer RoundTrip(ctx context.Context, method, path string, query *url.Values, body, response interface{}) error }
RoundTripper is a RequestDoer with a convenience method for doing a request/response round trip in a single call.
type SelfClient ¶
type SelfClient struct {
// contains filtered or unexported fields
}
SelfClient represents the registry `/self` endpoints.
type ServicesClient ¶
type ServicesClient struct {
// contains filtered or unexported fields
}
ServicesClient makes proxied requests to the registry's services endpoints
type TeamsClient ¶
type TeamsClient struct {
// contains filtered or unexported fields
}
TeamsClient makes proxied requests to the registry's teams endpoints
func (*TeamsClient) Create ¶
func (t *TeamsClient) Create(ctx context.Context, orgID *identity.ID, name string, teamType primitive.TeamType) (*envelope.Team, error)
Create performs a request to create a new team object
func (*TeamsClient) GetByName ¶
func (t *TeamsClient) GetByName(ctx context.Context, orgID *identity.ID, name string) ([]envelope.Team, error)
GetByName retrieves the team with the specified name
type TokenHolder ¶
TokenHolder holds an authorization token
type TokensClient ¶
type TokensClient struct {
// contains filtered or unexported fields
}
TokensClient represents the registry '/tokens' endpoints, used for session management.
Logging in is a two step process. We must first request a login token. This token is then HMAC'd and returned to the server, exchanging it for an auth token, which is used for all other operations.
func (*TokensClient) Delete ¶
func (t *TokensClient) Delete(ctx context.Context, token string) error
Delete deletes the token with the provided value from the registry. This effectively logs a user out.
func (*TokensClient) PostEdDSAAuth ¶
func (t *TokensClient) PostEdDSAAuth(ctx context.Context, token string, sig *base64.Value) (*envelope.Token, error)
PostEdDSAAuth requests an auth token from the registry for the provided login token value, and it's signature.
func (*TokensClient) PostLogin ¶
func (t *TokensClient) PostLogin(ctx context.Context, creds apitypes.LoginCredential) ( *base64.Value, *envelope.Token, error)
PostLogin requests a login token from the registry for the provided email address.
func (*TokensClient) PostUpgradeEdDSAAuth ¶
func (t *TokensClient) PostUpgradeEdDSAAuth(ctx context.Context, token, hmac string, sig, publicKey *base64.Value) (*envelope.Token, error)
PostUpgradeEdDSAAuth requests an auth token from the registry while upgrading the user from HMAC based authentication to EdDSA
type UsersClient ¶
type UsersClient struct {
// contains filtered or unexported fields
}
UsersClient represents the registry `/users` endpoints.
func (*UsersClient) Create ¶
func (u *UsersClient) Create(ctx context.Context, userObj *envelope.User, signup apitypes.Signup) (envelope.UserInf, error)
Create attempts to register a new user
func (*UsersClient) VerifyEmail ¶
func (u *UsersClient) VerifyEmail(ctx context.Context, verifyCode string) error
VerifyEmail will confirm the user's email with the registry
type VersionClient ¶
type VersionClient struct {
// contains filtered or unexported fields
}
VersionClient provides access to the daemon's /v1/version endpoint, for inspecting the daemon's release version.