Documentation ¶
Index ¶
- type AddDevice
- type AddInvitation
- type AddOrganization
- type AddRegKey
- type AddSecurityGroup
- type AddServiceNetwork
- type AddSite
- type AddVPC
- type Base
- type BaseError
- type CertificateSigningRequest
- type CertificateSigningResponse
- type ConflictsError
- type Device
- type DeviceMetadata
- type Duration
- type Endpoint
- type InternalServerError
- type Invitation
- type KeyUsage
- type NexodusClaims
- type NotAllowedError
- type NotFoundError
- type Organization
- type RegKey
- type SecurityGroup
- type SecurityRule
- type ServiceNetwork
- type Site
- type StringArray
- type TunnelIP
- type UpdateDevice
- type UpdateRegKey
- type UpdateSecurityGroup
- type UpdateServiceNetwork
- type UpdateSite
- type UpdateVPC
- type User
- type UserIdentity
- type UserOrganization
- type VPC
- type ValidationError
- func NewBadPathParameterError(param string) ValidationError
- func NewBadPathParameterErrorAndReason(param string, reason string) ValidationError
- func NewBadPayloadError(err error) ValidationError
- func NewBadQueryParameterError(param string) ValidationError
- func NewFieldNotPresentError(field string) ValidationError
- func NewFieldValidationError(field string, reason string) ValidationError
- func NewInvalidField(field string) ValidationError
- type Watch
- type WatchEvent
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddDevice ¶
type AddDevice struct { VpcID uuid.UUID `json:"vpc_id" example:"694aa002-5d19-495e-980b-3d8fd508ea10"` PublicKey string `json:"public_key"` AdvertiseCidrs []string `json:"advertise_cidrs" example:"172.16.42.0/24"` IPv4TunnelIPs []TunnelIP `json:"ipv4_tunnel_ips" gorm:"type:JSONB; serializer:json"` Relay bool `json:"relay"` SymmetricNat bool `json:"symmetric_nat"` Hostname string `json:"hostname" example:"myhost"` Endpoints []Endpoint `json:"endpoints" gorm:"type:JSONB; serializer:json"` Os string `json:"os"` SecurityGroupId uuid.UUID `json:"security_group_id"` }
AddDevice is the information needed to add a new Device.
type AddInvitation ¶
type AddInvitation struct { Email *string `json:"email"` // The email address of the user to invite (one of email or user_id is required) UserID *uuid.UUID `json:"user_id"` // The user id to invite (one of email or user_id is required) OrganizationID uuid.UUID `json:"organization_id"` Roles []string `json:"roles"` }
type AddOrganization ¶
type AddRegKey ¶
type AddRegKey struct { VpcID *uuid.UUID `json:"vpc_id,omitempty"` // VpcID is the ID of the VPC the device will join. ServiceNetworkID *uuid.UUID `json:"service_network_id,omitempty"` // ServiceNetworkID is the ID of the Service Network the device can join. Description string `json:"description,omitempty"` // Description of the registration key. SingleUse bool `json:"single_use,omitempty"` // SingleUse only allows the registration key to be used once. ExpiresAt *time.Time `json:"expires_at,omitempty"` // ExpiresAt is optional, if set the registration key is only valid until the ExpiresAt time. SecurityGroupId *uuid.UUID `json:"security_group_id"` // SecurityGroupId is the ID of the security group to assign to the device. Settings map[string]interface{} `json:"settings"` // Settings contains general settings for the device. }
type AddSecurityGroup ¶
type AddSecurityGroup struct { Description string `json:"description" example:"group_description"` VpcId uuid.UUID `json:"vpc_id"` InboundRules []SecurityRule `json:"inbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` OutboundRules []SecurityRule `json:"outbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` }
AddSecurityGroup is the information needed to add a new Security Group.
type AddServiceNetwork ¶
type AddSite ¶
type AddSite struct { ServiceNetworkID uuid.UUID `json:"service_network_id" example:"694aa002-5d19-495e-980b-3d8fd508ea10"` Name string `json:"name"` Platform string `json:"platform"` PublicKey string `json:"public_key"` }
AddSite is the information needed to add a new Site.
type Base ¶
type Base struct { ID uuid.UUID `gorm:"type:uuid;primary_key;" json:"id" example:"aa22666c-0f57-45cb-a449-16efecc04f2e"` CreatedAt time.Time `json:"-"` UpdatedAt time.Time `json:"-"` DeletedAt gorm.DeletedAt `gorm:"index" json:"-"` }
Base contains common columns for all tables.
type BaseError ¶
type BaseError struct {
Error string `json:"error" example:"something bad"`
}
BaseError is the base type for API errors
func NewApiError ¶
NewApiError returns a new response body for a general error
func NewBaseError ¶
type CertificateSigningRequest ¶
type CertificateSigningRequest struct { // Requested 'duration' (i.e. lifetime) of the Certificate. Note that the // issuer may choose to ignore the requested duration, just like any other // requested attribute. // +optional Duration *Duration `json:"duration,omitempty" swaggertype:"string"` // The PEM-encoded X.509 certificate signing request to be submitted to the // issuer for signing. // // If the CSR has a BasicConstraints extension, its isCA attribute must // match the `isCA` value of this CertificateRequest. // If the CSR has a KeyUsage extension, its key usages must match the // key usages in the `usages` field of this CertificateRequest. // If the CSR has a ExtKeyUsage extension, its extended key usages // must match the extended key usages in the `usages` field of this // CertificateRequest. Request string `json:"request" example:"-----BEGIN CERTIFICATE REQUEST-----(...)-----END CERTIFICATE REQUEST-----"` // Requested basic constraints isCA value. Note that the issuer may choose // to ignore the requested isCA value, just like any other requested attribute. // // NOTE: If the CSR in the `Request` field has a BasicConstraints extension, // it must have the same isCA value as specified here. // // If true, this will automatically add the `cert sign` usage to the list // of requested `usages`. // +optional IsCA bool `json:"is_ca,omitempty"` // Requested key usages and extended key usages. // // NOTE: If the CSR in the `Request` field has uses the KeyUsage or // ExtKeyUsage extension, these extensions must have the same values // as specified here without any additional values. // // If unset, defaults to `digital signature` and `key encipherment`. // +optional Usages []KeyUsage `json:"usages,omitempty"` }
CertificateSigningRequest is a certificate signing request
type CertificateSigningResponse ¶
type CertificateSigningResponse struct { // The PEM encoded X.509 certificate resulting from the certificate // signing request. // If not set, the CertificateRequest has either not been completed or has // failed. More information on failure can be found by checking the // `conditions` field. // +optional Certificate string `json:"certificate,omitempty" example:"-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE-----"` // The PEM encoded X.509 certificate of the signer, also known as the CA // (Certificate Authority). // This is set on a best-effort basis by different issuers. // If not set, the CA is assumed to be unknown/not available. // +optional CA string `json:"ca,omitempty" example:"-----BEGIN CERTIFICATE-----(...)-----END CERTIFICATE-----"` }
CertificateSigningResponse is a certificate signing response
type ConflictsError ¶
type ConflictsError struct { ID string `json:"id" example:"a1fae5de-dd96-4b20-8362-95f6a574c4b1"` BaseError }
ConflictsError is returned in the body of an HTTP 409
func NewConflictsError ¶
func NewConflictsError(id string) ConflictsError
type Device ¶
type Device struct { Base OwnerID uuid.UUID `json:"owner_id"` VpcID uuid.UUID `json:"vpc_id" example:"694aa002-5d19-495e-980b-3d8fd508ea10"` OrganizationID uuid.UUID `json:"-"` // Denormalized from the VPC record for performance PublicKey string `json:"public_key"` AllowedIPs pq.StringArray `json:"allowed_ips" gorm:"type:text[]" swaggertype:"array,string"` IPv4TunnelIPs []TunnelIP `json:"ipv4_tunnel_ips" gorm:"type:JSONB; serializer:json"` IPv6TunnelIPs []TunnelIP `json:"ipv6_tunnel_ips" gorm:"type:JSONB; serializer:json"` AdvertiseCidrs pq.StringArray `json:"advertise_cidrs" gorm:"type:text[]" swaggertype:"array,string"` Relay bool `json:"relay"` SymmetricNat bool `json:"symmetric_nat"` Hostname string `json:"hostname"` Os string `json:"os"` Endpoints []Endpoint `json:"endpoints" gorm:"type:JSONB; serializer:json"` Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` SecurityGroupId uuid.UUID `json:"security_group_id"` Online bool `json:"online"` OnlineAt *time.Time `json:"online_at"` RegKeyID uuid.UUID `json:"-"` // the reg key id that created the device (if it was created with a registration token) BearerToken string `json:"bearer_token,omitempty"` // the token nexd should use to reconcile device state. }
Device is a unique, end-user device. Devices belong to one User and may be onboarded into an organization
type DeviceMetadata ¶
type DeviceMetadata struct { DeviceID uuid.UUID `json:"device_id" gorm:"type:uuid;primary_key"` Key string `json:"key" gorm:"primary_key"` Value interface{} `json:"value" gorm:"type:JSONB; serializer:json"` Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` DeletedAt gorm.DeletedAt `json:"-" gorm:"index"` CreatedAt time.Time `json:"-"` UpdatedAt time.Time `json:"-"` }
DeviceMetadata represents a key-value pair of device metadata in the database
type Duration ¶
Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.
func (Duration) MarshalJSON ¶
MarshalJSON implements the json.Marshaler interface.
func (*Duration) UnmarshalJSON ¶
UnmarshalJSON implements the json.Unmarshaller interface.
type InternalServerError ¶
type Invitation ¶
type Invitation struct { Base UserID *uuid.UUID `json:"user_id,omitempty"` Email *string `json:"email,omitempty"` // The email address to invite OrganizationID uuid.UUID `json:"organization_id"` Organization *Organization `json:"organization,omitempty"` ExpiresAt time.Time `json:"expires_at"` FromID uuid.UUID `json:"-"` From *User `json:"from,omitempty"` Roles StringArray `json:"roles" swaggertype:"array,string"` }
Invitation is a request for a user to join an organization
type KeyUsage ¶
type KeyUsage string
const ( UsageSigning KeyUsage = "signing" UsageDigitalSignature KeyUsage = "digital signature" UsageContentCommitment KeyUsage = "content commitment" UsageKeyEncipherment KeyUsage = "key encipherment" UsageKeyAgreement KeyUsage = "key agreement" UsageDataEncipherment KeyUsage = "data encipherment" UsageCertSign KeyUsage = "cert sign" UsageCRLSign KeyUsage = "crl sign" UsageEncipherOnly KeyUsage = "encipher only" UsageDecipherOnly KeyUsage = "decipher only" UsageAny KeyUsage = "any" UsageServerAuth KeyUsage = "server auth" UsageClientAuth KeyUsage = "client auth" UsageCodeSigning KeyUsage = "code signing" UsageEmailProtection KeyUsage = "email protection" UsageSMIME KeyUsage = "s/mime" UsageIPsecEndSystem KeyUsage = "ipsec end system" UsageIPsecTunnel KeyUsage = "ipsec tunnel" UsageIPsecUser KeyUsage = "ipsec user" UsageTimestamping KeyUsage = "timestamping" UsageOCSPSigning KeyUsage = "ocsp signing" UsageMicrosoftSGC KeyUsage = "microsoft sgc" UsageNetscapeSGC KeyUsage = "netscape sgc" )
type NexodusClaims ¶
type NexodusClaims struct { jwt.RegisteredClaims Scope string `json:"scope,omitempty"` // Scope is the scope of the token. AgentID *uuid.UUID `json:"agent_id,omitempty"` // AgentID is the ID of the agent VpcID *uuid.UUID `json:"vpc_id,omitempty"` // VpcID is the ID of the VPC the agent will join. ServiceNetworkID *uuid.UUID `json:"service_network_id,omitempty"` // ServiceNetworkID is the ID of the ServiceNetwork the agent will join. }
type NotAllowedError ¶
NotAllowedError is returned in the body of an HTTP 403
func NewNotAllowedError ¶
func NewNotAllowedError(reason string) NotAllowedError
type NotFoundError ¶
NotFoundError is returned in the body of an HTTP 404
func NewNotFoundError ¶
func NewNotFoundError(resource string) NotFoundError
type Organization ¶
type Organization struct { Base Name string `json:"name" gorm:"uniqueIndex" sql:"index" example:"zone-red"` Description string `json:"description" example:"Team A"` Users []*User `json:"-" gorm:"many2many:user_organizations;"` Invitations []*Invitation `json:"-"` }
Organization contains Users and VPCs
func (*Organization) BeforeCreate ¶
func (z *Organization) BeforeCreate(tx *gorm.DB) error
type RegKey ¶
type RegKey struct { Base OwnerID uuid.UUID `json:"owner_id,omitempty"` // OwnerID is the ID of the user that created the registration key. VpcID *uuid.UUID `json:"vpc_id,omitempty"` // VpcID is the ID of the VPC the device can join. OrganizationID *uuid.UUID `json:"-" gorm:"type:uuid"` // OrganizationID is denormalized from the VPC record for performance ServiceNetworkID *uuid.UUID `json:"service_network_id,omitempty"` // ServiceNetworkID is the ID of the Service Network the device can join. SNOrganizationID *uuid.UUID `json:"-" gorm:"type:uuid; column:sn_organization_id"` // OrganizationID is denormalized from the ServiceNetwork record for performance BearerToken string `json:"bearer_token,omitempty"` // BearerToken is the bearer token the client should use to authenticate the device registration request. Description string `json:"description,omitempty"` // Description of the registration key. DeviceId *uuid.UUID `json:"device_id,omitempty"` // DeviceId is set if the RegKey was created for single use ExpiresAt *time.Time `json:"expires_at,omitempty"` // ExpiresAt is optional, if set the registration key is only valid until the ExpiresAt time. SecurityGroupId *uuid.UUID `json:"security_group_id"` // SecurityGroupId is the ID of the security group to assign to the device. Settings map[string]interface{} `json:"settings" gorm:"type:JSONB; serializer:json"` // Settings contains general settings for the device. }
RegKey is used to register devices without an interactive login.
type SecurityGroup ¶
type SecurityGroup struct { Base Description string `json:"description"` VpcId uuid.UUID `json:"vpc_id"` OrganizationID uuid.UUID `json:"-"` // Denormalized from the VPC record for performance InboundRules []SecurityRule `json:"inbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` OutboundRules []SecurityRule `json:"outbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` }
SecurityGroup represents a security group containing security rules and a group owner
type SecurityRule ¶
type SecurityRule struct { IpProtocol string `json:"ip_protocol"` FromPort int64 `json:"from_port"` ToPort int64 `json:"to_port"` IpRanges []string `json:"ip_ranges,omitempty"` }
SecurityRule represents a Security Rule
type ServiceNetwork ¶
type ServiceNetwork struct { Base OrganizationID uuid.UUID `json:"organization_id" gorm:"type:uuid"` Organization *Organization `json:"-"` Description string `json:"description"` CaKey string `json:"-"` CaCertificates []string `json:"ca_certificates,omitempty" gorm:"type:JSONB; serializer:json"` Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` }
ServiceNetwork contains interconnected Sites
type Site ¶
type Site struct { Base Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` OwnerID uuid.UUID `json:"owner_id" gorm:"type:uuid"` ServiceNetworkID uuid.UUID `json:"service_network_id" gorm:"type:uuid" example:"694aa002-5d19-495e-980b-3d8fd508ea10"` OrganizationID uuid.UUID `json:"-" gorm:"type:uuid"` // Denormalized from the VPC record for performance RegKeyID uuid.UUID `json:"-" gorm:"type:uuid"` // the reg key id that created the Site (if it was created with a registration token) BearerToken string `json:"bearer_token,omitempty"` // the token nexd should use to reconcile Site state. Hostname string `json:"hostname" example:"myhost"` Os string `json:"os"` Name string `json:"name"` Platform string `json:"platform"` PublicKey string `json:"public_key"` LinkSecret string `json:"link_secret"` ServiceNetwork *ServiceNetwork `json:"-"` Online bool `json:"online"` OnlineAt *time.Time `json:"online_at"` }
Site is a unique, end-user Site. Sites belong to one User and may be onboarded into an organization
type StringArray ¶
type StringArray = datatype.StringArray
type UpdateDevice ¶
type UpdateDevice struct { VpcID *uuid.UUID `json:"vpc_id" example:"694aa002-5d19-495e-980b-3d8fd508ea10"` AdvertiseCidrs []string `json:"advertise_cidrs" example:"172.16.42.0/24"` SymmetricNat *bool `json:"symmetric_nat"` Hostname string `json:"hostname" example:"myhost"` Endpoints []Endpoint `json:"endpoints" gorm:"type:JSONB; serializer:json"` Revision *uint64 `json:"revision"` Relay *bool `json:"relay"` SecurityGroupId *uuid.UUID `json:"security_group_id"` }
UpdateDevice is the information needed to update a Device.
type UpdateRegKey ¶
type UpdateRegKey struct { Description *string `json:"description,omitempty"` // Description of the registration key. ExpiresAt *time.Time `json:"expires_at,omitempty"` // ExpiresAt is optional, if set the registration key is only valid until the ExpiresAt time. SecurityGroupId *uuid.UUID `json:"security_group_id"` // SecurityGroupId is the ID of the security group to assign to the device. Settings map[string]interface{} `json:"settings"` // Settings contains general settings for the device. }
type UpdateSecurityGroup ¶
type UpdateSecurityGroup struct { Description *string `json:"description,omitempty"` InboundRules []SecurityRule `json:"inbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` OutboundRules []SecurityRule `json:"outbound_rules,omitempty" gorm:"type:JSONB; serializer:json"` }
UpdateSecurityGroup is the information needed to update an existing Security Group.
type UpdateServiceNetwork ¶
type UpdateServiceNetwork struct {
Description *string `json:"description" example:"The Red Zone"`
}
type UpdateSite ¶
type UpdateSite struct { Os *string `json:"os"` Hostname *string `json:"hostname" example:"myhost"` Revision *uint64 `json:"revision"` LinkSecret *string `json:"link_secret"` }
UpdateSite is the information needed to update a Site.
type UpdateVPC ¶
type UpdateVPC struct {
Description *string `json:"description" example:"The Red Zone"`
}
type User ¶
type User struct { Base IdpID string `json:"-"` // Comes from the IDP Organizations []*Organization `gorm:"many2many:user_organizations" json:"-"` FullName string `json:"full_name"` Picture string `json:"picture"` UserName string `json:"username"` Invitations []*Invitation `json:"-"` }
User is the a person who uses Nexodus
type UserIdentity ¶
type UserIdentity struct { Kind string `gorm:"primary_key" json:"kind" example:"email"` // email, phone, keycloak-id, etc Value string `gorm:"primary_key" json:"value" example:"hiram@example.com"` // the value of the identity UserID uuid.UUID `gorm:"type:uuid" json:"user_id" example:"aa22666c-0f57-45cb-a449-16efecc04f2e"` // the id of the user }
UserIdentity is an identity of a user. A user can have multiple identities.
type UserOrganization ¶
type UserOrganization struct { UserID uuid.UUID `json:"user_id" gorm:"type:uuid;primary_key"` OrganizationID uuid.UUID `json:"organization_id" gorm:"type:uuid;primary_key"` User *User `json:"user,omitempty"` Roles StringArray `json:"roles" swaggertype:"array,string"` }
UserOrganization record means the user is a member of the organization
type VPC ¶
type VPC struct { Base OrganizationID uuid.UUID `json:"organization_id"` Description string `json:"description"` PrivateCidr bool `json:"private_cidr"` Ipv4Cidr string `json:"ipv4_cidr"` Ipv6Cidr string `json:"ipv6_cidr"` Organization *Organization `json:"-"` Revision uint64 `json:"revision" gorm:"type:bigserial;index:"` }
VPC contains Devices
type ValidationError ¶
type ValidationError struct { BaseError Field string `json:"field,omitempty"` Reason string `json:"reason,omitempty"` }
ValidationError is returned in the body of an HTTP 400
func NewBadPathParameterError ¶
func NewBadPathParameterError(param string) ValidationError
func NewBadPathParameterErrorAndReason ¶
func NewBadPathParameterErrorAndReason(param string, reason string) ValidationError
func NewBadPayloadError ¶
func NewBadPayloadError(err error) ValidationError
func NewBadQueryParameterError ¶
func NewBadQueryParameterError(param string) ValidationError
func NewFieldNotPresentError ¶
func NewFieldNotPresentError(field string) ValidationError
func NewFieldValidationError ¶
func NewFieldValidationError(field string, reason string) ValidationError
func NewInvalidField ¶
func NewInvalidField(field string) ValidationError
type Watch ¶
type Watch struct { Kind string `json:"kind,omitempty"` GtRevision uint64 `json:"gt_revision,omitempty"` AtTail bool `json:"at_tail,omitempty"` Options map[string]interface{} `json:"options,omitempty"` }
Watch is used to describe events you are interested in
type WatchEvent ¶
type WatchEvent struct { Kind string `json:"kind,omitempty"` Type string `json:"type"` Value interface{} `json:"value,omitempty"` }
WatchEvent struct for WatchEvent