Documentation ¶
Overview ¶
Package primitive contains definitions of the primitive types used in ag.
Index ¶
- Constants
- type BaseCredential
- type BaseKeyring
- type Claim
- type Credential
- type CredentialV1
- type CredentialValue
- type Environment
- type Keyring
- type KeyringMember
- type KeyringMemberClaim
- type KeyringMemberKey
- type KeyringMemberV1
- type KeyringV1
- type MEKShare
- type Machine
- type MachineToken
- type MachineTokenPublicKey
- type MasterKey
- type Membership
- type Org
- type OrgInvite
- type Policy
- type PolicyAction
- type PolicyAttachment
- type PolicyEffect
- type PolicyStatement
- type PrivateKey
- type PrivateKeyValue
- type Project
- type PublicKey
- type PublicKeyValue
- type Service
- type Signature
- type Team
- type User
- type UserPassword
Constants ¶
const ( SignatureClaimType = "signature" RevocationClaimType = "revocation" )
Types of claims that can be made against public keys.
const ( OrgInvitePendingState = "pending" OrgInviteAssociatedState = "associated" OrgInviteAcceptedState = "accepted" OrgInviteApprovedState = "approved" )
Org Invitations exist in four states: pending, associated, accepted, and approved.
const ( MachineActiveState = "active" MachineDestroyedState = "destroyed" )
Machines can be in one of two states: active or destroyed
const ( MachineTokenActiveState = "active" MachineTokenDestroyedState = "destroyed" )
MachineTokens can be in one of two states: active or destroyed
const ( PolicyEffectAllow = true PolicyEffectDeny = false )
These are the two policy effect types
const ( PolicyActionCreate = 1 << iota PolicyActionRead PolicyActionUpdate PolicyActionDelete PolicyActionList )
These are all the possible PolicyActions
const ( SystemTeam = "system" UserTeam = "user" MachineTeam = "machine" )
There are three types of teams: system, machine and user. System teams are managed by the Torus registry while Machine teams contain only machines.
const ( AdminTeamName = "admin" OwnerTeamName = "owner" MemberTeamName = "member" MachineTeamName = "machine" )
Teams are used to represent a group of identities and their associated access control policies
const (
DerivableMachineTeamSymbol = 0x04
)
Team IDs for certain system teams can be derived based on their OrgID.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BaseCredential ¶ added in v0.11.0
type BaseCredential struct { Credential *CredentialValue `json:"credential"` KeyringID *identity.ID `json:"keyring_id"` Name string `json:"name"` Nonce *base64.Value `json:"nonce"` OrgID *identity.ID `json:"org_id"` PathExp *pathexp.PathExp `json:"pathexp"` Previous *identity.ID `json:"previous"` ProjectID *identity.ID `json:"project_id"` CredentialVersion int `json:"version"` }
BaseCredential is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type BaseKeyring ¶ added in v0.12.0
type BaseKeyring struct { Created time.Time `json:"created_at"` OrgID *identity.ID `json:"org_id"` PathExp *pathexp.PathExp `json:"pathexp"` Previous *identity.ID `json:"previous"` ProjectID *identity.ID `json:"project_id"` KeyringVersion int `json:"version"` // contains filtered or unexported fields }
BaseKeyring is the shared structure between keyring schema versions.
type Claim ¶
type Claim struct { Created time.Time `json:"created_at"` OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` Previous *identity.ID `json:"previous"` PublicKeyID *identity.ID `json:"public_key_id"` KeyType string `json:"type"` // contains filtered or unexported fields }
Claim is a signature or revocation claim against a public key.
type Credential ¶
type Credential struct { BaseCredential State *string `json:"state"` // contains filtered or unexported fields }
Credential is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type CredentialV1 ¶ added in v0.11.0
type CredentialV1 struct { BaseCredential // contains filtered or unexported fields }
CredentialV1 is a secret value shared between a group of services based on users identity, operating environment, project, and organization
type CredentialValue ¶
type CredentialValue struct { Algorithm string `json:"alg"` Nonce *base64.Value `json:"nonce"` Value *base64.Value `json:"value"` }
CredentialValue is the secretbox encrypted value of the containing Credential.
type Environment ¶
type Environment struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` ProjectID *identity.ID `json:"project_id"` // contains filtered or unexported fields }
Environment is an entity that represents a group of processes
type Keyring ¶
type Keyring struct { BaseKeyring // contains filtered or unexported fields }
Keyring is a mechanism for sharing a shared secret between many different users and machines at a position in the credential path.
Credentials belong to Keyrings
func NewKeyring ¶ added in v0.10.0
NewKeyring returns a new v2 Keyring, with the created time set to now
type KeyringMember ¶
type KeyringMember struct { Created time.Time `json:"created_at"` EncryptingKeyID *identity.ID `json:"encrypting_key_id"` KeyringID *identity.ID `json:"keyring_id"` OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` PublicKeyID *identity.ID `json:"public_key_id"` // contains filtered or unexported fields }
KeyringMember is a record of sharing a master secret key with a user or machine.
This is the v2 schema version, which has a detached mekshare so it can be revoked.
KeyringMember belongs to a Keyring
type KeyringMemberClaim ¶ added in v0.10.0
type KeyringMemberClaim struct { OrgID *identity.ID `json:"org_id"` KeyringID *identity.ID `json:"keyring_id"` KeyringMemberID *identity.ID `json:"keyring_member_id"` OwnerID *identity.ID `json:"owner_id"` Previous *identity.ID `json:"previous"` ClaimType string `json:"type"` Created time.Time `json:"created_at"` // contains filtered or unexported fields }
KeyringMemberClaim is a claim for a keyring member. Only revocation is supported as a claim type.
type KeyringMemberKey ¶
type KeyringMemberKey struct { Algorithm string `json:"alg"` Nonce *base64.Value `json:"nonce"` Value *base64.Value `json:"value"` }
KeyringMemberKey is the keyring master encryption key, encrypted for the owner of a KeyringMember/MEKShare
type KeyringMemberV1 ¶ added in v0.10.0
type KeyringMemberV1 struct { Created time.Time `json:"created_at"` EncryptingKeyID *identity.ID `json:"encrypting_key_id"` Key *KeyringMemberKey `json:"key"` KeyringID *identity.ID `json:"keyring_id"` OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` ProjectID *identity.ID `json:"project_id"` PublicKeyID *identity.ID `json:"public_key_id"` // contains filtered or unexported fields }
KeyringMemberV1 is a record of sharing a master secret key with a user or machine.
KeyringMember belongs to a Keyring
type KeyringV1 ¶ added in v0.10.0
type KeyringV1 struct { BaseKeyring // contains filtered or unexported fields }
KeyringV1 is the old keyring format, without claims or mekshares.
type MEKShare ¶ added in v0.10.0
type MEKShare struct { // contains filtered or unexported fields }
MEKShare is a V2 KeyringMember's share of the keyring master encryption key.
type Machine ¶ added in v0.15.0
type Machine struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` CreatedBy *identity.ID `json:"created_by"` Created time.Time `json:"created_at"` DestroyedBy *identity.ID `json:"destroyed_by"` Destroyed *time.Time `json:"destroyed_at"` State string `json:"state"` // contains filtered or unexported fields }
Machine is an entity that represents a machine object
type MachineToken ¶ added in v0.15.0
type MachineToken struct { OrgID *identity.ID `json:"org_id"` MachineID *identity.ID `json:"machine_id"` PublicKey *MachineTokenPublicKey `json:"public_key"` Master *MasterKey `json:"master"` CreatedBy *identity.ID `json:"created_by"` Created time.Time `json:"created_at"` DestroyedBy *identity.ID `json:"destroyed_by"` Destroyed *time.Time `json:"destroyed_at"` State string `json:"state"` // contains filtered or unexported fields }
MachineToken is an portion of the MachineSegment object
type MachineTokenPublicKey ¶ added in v0.15.0
type MachineTokenPublicKey struct { Alg string `json:"alg"` Salt *base64.Value `json:"salt"` Value *base64.Value `json:"value"` }
MachineTokenPublicKey represents a public used by a machine to authenticate against the registry
type Membership ¶
type Membership struct { OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` TeamID *identity.ID `json:"team_id"` // contains filtered or unexported fields }
Membership is an entity that represents whether a user or machine is a part of a team in an organization.
type Org ¶
type Org struct { Name string `json:"name"` // contains filtered or unexported fields }
Org is a grouping of users that collaborate with each other
type OrgInvite ¶
type OrgInvite struct { OrgID *identity.ID `json:"org_id"` Email string `json:"email"` InviterID *identity.ID `json:"inviter_id"` InviteeID *identity.ID `json:"invitee_id"` ApproverID *identity.ID `json:"approver_id"` State string `json:"state"` Code *struct { Alg string `json:"alg"` Salt *base64.Value `json:"salt"` Value *base64.Value `json:"value"` } `json:"code"` PendingTeams []identity.ID `json:"pending_teams"` Created *time.Time `json:"created_at"` Accepted *time.Time `json:"accepted_at"` Approved *time.Time `json:"approved_at"` // contains filtered or unexported fields }
OrgInvite is an invitation for an individual to join an organization
type Policy ¶
type Policy struct { PolicyType string `json:"type"` Previous *identity.ID `json:"previous"` OrgID *identity.ID `json:"org_id"` Policy struct { Name string `json:"name"` Description string `json:"description"` Statements []PolicyStatement `json:"statements"` } `json:"policy"` // contains filtered or unexported fields }
Policy is an entity that represents a group of statements for acl
type PolicyAction ¶ added in v0.8.0
type PolicyAction byte
PolicyAction represents the user actions that are covered by a statement.
func (*PolicyAction) MarshalJSON ¶ added in v0.8.0
func (pa *PolicyAction) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. A PolicyAction is encoded in JSON either the string representations of its actions in a list, or a single string when there is only one action.
func (*PolicyAction) ShortString ¶ added in v0.9.0
func (pa *PolicyAction) ShortString() string
ShortString displays a single character representation of each of the policy's actions.
func (*PolicyAction) String ¶ added in v0.8.0
func (pa *PolicyAction) String() string
func (*PolicyAction) UnmarshalJSON ¶ added in v0.8.0
func (pa *PolicyAction) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type PolicyAttachment ¶
type PolicyAttachment struct { OwnerID *identity.ID `json:"owner_id"` PolicyID *identity.ID `json:"policy_id"` OrgID *identity.ID `json:"org_id"` // contains filtered or unexported fields }
PolicyAttachment is an entity that represents the link between policies and teams
type PolicyEffect ¶ added in v0.8.0
type PolicyEffect bool
PolicyEffect is the effect type of the statement (allow or deny)
func (*PolicyEffect) MarshalText ¶ added in v0.8.0
func (pe *PolicyEffect) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface, used for JSON marshaling.
func (*PolicyEffect) String ¶ added in v0.8.0
func (pe *PolicyEffect) String() string
String returns a string representation of the PolicyEffect (allow or deny)
func (*PolicyEffect) UnmarshalText ¶ added in v0.8.0
func (pe *PolicyEffect) UnmarshalText(b []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface, used for JSON unmarshaling.
type PolicyStatement ¶
type PolicyStatement struct { Effect PolicyEffect `json:"effect"` Action PolicyAction `json:"action"` Resource string `json:"resource"` }
PolicyStatement is an acl statement on a policy object
type PrivateKey ¶
type PrivateKey struct { Key PrivateKeyValue `json:"key"` OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` PNonce *base64.Value `json:"pnonce"` PublicKeyID *identity.ID `json:"public_key_id"` // contains filtered or unexported fields }
PrivateKey is the private portion of an asymetric key.
type PrivateKeyValue ¶
PrivateKeyValue holds the encrypted value of the PrivateKey.
type Project ¶
type Project struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` // contains filtered or unexported fields }
Project is an entity that represents a group of services
type PublicKey ¶
type PublicKey struct { Algorithm string `json:"alg"` Created time.Time `json:"created_at"` Expires time.Time `json:"expires_at"` Key PublicKeyValue `json:"key"` OrgID *identity.ID `json:"org_id"` OwnerID *identity.ID `json:"owner_id"` KeyType string `json:"type"` // contains filtered or unexported fields }
PublicKey is the public portion of an asymetric key.
type PublicKeyValue ¶
PublicKeyValue is the actual value of a PublicKey.
type Service ¶
type Service struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` ProjectID *identity.ID `json:"project_id"` // contains filtered or unexported fields }
Service is an entity that represents a group of processes
type Signature ¶
type Signature struct { Algorithm string `json:"alg"` PublicKeyID *identity.ID `json:"public_key_id"` Value *base64.Value `json:"value"` }
Signature is an immutable object, but not technically a payload. If PublicKeyID is nil, the signature is self-signed.
type Team ¶
type Team struct { Name string `json:"name"` OrgID *identity.ID `json:"org_id"` TeamType string `json:"type"` // contains filtered or unexported fields }
Team is an entity that represents a group of users