access

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 29, 2024 License: BSD-3-Clause-Clear Imports: 49 Imported by: 0

Documentation

Overview

Package access is a reverse proxy.

It translates gRPC into RESTful JSON APIs.

Index

Constants

View Source 
const (
	ErrPolicyDissemInvalid = Error("policy dissem invalid")
	ErrDecisionUnexpected  = Error("access policy decision unexpected")
)
View Source 
const (
	ErrAttributeDefinitionsUnmarshal   = Error("attribute definitions unmarshal")
	ErrAttributeDefinitionsServiceCall = Error("attribute definitions service call unexpected")
)
View Source 
const (
	ErrHSM    = Error("hsm unexpected")
	ErrConfig = Error("invalid port")
)
View Source 
const (
	ErrCertificateEncode = Error("certificate encode error")
	ErrPublicKeyMarshal  = Error("public key marshal error")
)
View Source 
const (
	ErrUser     = Error("request error")
	ErrInternal = Error("internal error")
)
View Source 
const (
	AccessService_Info_FullMethodName            = "/access.AccessService/Info"
	AccessService_PublicKey_FullMethodName       = "/access.AccessService/PublicKey"
	AccessService_LegacyPublicKey_FullMethodName = "/access.AccessService/LegacyPublicKey"
	AccessService_Rewrap_FullMethodName          = "/access.AccessService/Rewrap"
)
View Source 
const (
	ErrPolicyDataAttributeParse = Error("policy data attribute invalid")
)

Variables

View Source 
var AccessService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "access.AccessService",
	HandlerType: (*AccessServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Info",
			Handler:    _AccessService_Info_Handler,
		},
		{
			MethodName: "PublicKey",
			Handler:    _AccessService_PublicKey_Handler,
		},
		{
			MethodName: "LegacyPublicKey",
			Handler:    _AccessService_LegacyPublicKey_Handler,
		},
		{
			MethodName: "Rewrap",
			Handler:    _AccessService_Rewrap_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "access/service.proto",
}

AccessService_ServiceDesc is the grpc.ServiceDesc for AccessService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_access_service_proto protoreflect.FileDescriptor

Functions

func RegisterAccessServiceHandler added in v0.1.7 

func RegisterAccessServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterAccessServiceHandler registers the http handlers for service AccessService to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterAccessServiceHandlerClient added in v0.1.7 

func RegisterAccessServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AccessServiceClient) error

RegisterAccessServiceHandlerClient registers the http handlers for service AccessService to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AccessServiceClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AccessServiceClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "AccessServiceClient" to call the correct interceptors.

func RegisterAccessServiceHandlerFromEndpoint added in v0.1.7 

func RegisterAccessServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterAccessServiceHandlerFromEndpoint is same as RegisterAccessServiceHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterAccessServiceHandlerServer added in v0.1.7 

func RegisterAccessServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AccessServiceServer) error

RegisterAccessServiceHandlerServer registers the http handlers for service AccessService to "mux". UnaryRPC :call AccessServiceServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAccessServiceHandlerFromEndpoint instead.

func RegisterAccessServiceServer added in v0.1.7 

func RegisterAccessServiceServer(s grpc.ServiceRegistrar, srv AccessServiceServer)

func ResolveAttributeAuthority added in v0.1.10 

func ResolveAttributeAuthority(s string) (*url.URL, error)

Types

type AccessServiceClient added in v0.1.7 

type AccessServiceClient interface {
	// Get the current version of the service
	Info(ctx context.Context, in *InfoRequest, opts ...grpc.CallOption) (*InfoResponse, error)
	PublicKey(ctx context.Context, in *PublicKeyRequest, opts ...grpc.CallOption) (*PublicKeyResponse, error)
	LegacyPublicKey(ctx context.Context, in *LegacyPublicKeyRequest, opts ...grpc.CallOption) (*wrapperspb.StringValue, error)
	Rewrap(ctx context.Context, in *RewrapRequest, opts ...grpc.CallOption) (*RewrapResponse, error)
}

AccessServiceClient is the client API for AccessService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewAccessServiceClient added in v0.1.7 

func NewAccessServiceClient(cc grpc.ClientConnInterface) AccessServiceClient

type AccessServiceServer added in v0.1.7 

type AccessServiceServer interface {
	// Get the current version of the service
	Info(context.Context, *InfoRequest) (*InfoResponse, error)
	PublicKey(context.Context, *PublicKeyRequest) (*PublicKeyResponse, error)
	LegacyPublicKey(context.Context, *LegacyPublicKeyRequest) (*wrapperspb.StringValue, error)
	Rewrap(context.Context, *RewrapRequest) (*RewrapResponse, error)
	// contains filtered or unexported methods
}

AccessServiceServer is the server API for AccessService service. All implementations must embed UnimplementedAccessServiceServer for forward compatibility

type Attribute 

type Attribute struct {
	URI           string           `json:"attribute"` // attribute
	PublicKey     crypto.PublicKey `json:"pubKey"`    // pubKey
	ProviderURI   string           `json:"kasUrl"`    // kasUrl
	SchemaVersion string           `json:"tdf_spec_version,omitempty"`
	Name          string           `json:"displayName"` // displayName
}

type ClaimsObject 

type ClaimsObject struct {
	PublicKey              string        `json:"public_key"`
	ClientPublicSigningKey string        `json:"client_public_signing_key"`
	SchemaVersion          string        `json:"tdf_spec_version,omitempty"`
	Entitlements           []Entitlement `json:"entitlements"`
}

type Entitlement 

type Entitlement struct {
	EntityID         string      `json:"entity_identifier"`
	EntityAttributes []Attribute `json:"entity_attributes"`
}

type Error 

type Error string

func (Error) Error 

func (e Error) Error() string

type InfoRequest added in v0.1.7 

type InfoRequest struct {
	// contains filtered or unexported fields
}

func (*InfoRequest) Descriptor deprecated added in v0.1.7 

func (*InfoRequest) Descriptor() ([]byte, []int)

Deprecated: Use InfoRequest.ProtoReflect.Descriptor instead.

func (*InfoRequest) ProtoMessage added in v0.1.7 

func (*InfoRequest) ProtoMessage()

func (*InfoRequest) ProtoReflect added in v0.1.7 

func (x *InfoRequest) ProtoReflect() protoreflect.Message

func (*InfoRequest) Reset added in v0.1.7 

func (x *InfoRequest) Reset()

func (*InfoRequest) String added in v0.1.7 

func (x *InfoRequest) String() string

type InfoResponse added in v0.1.7 

type InfoResponse struct {
	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

Service application level metadata

func (*InfoResponse) Descriptor deprecated added in v0.1.7 

func (*InfoResponse) Descriptor() ([]byte, []int)

Deprecated: Use InfoResponse.ProtoReflect.Descriptor instead.

func (*InfoResponse) GetVersion added in v0.1.7 

func (x *InfoResponse) GetVersion() string

func (*InfoResponse) ProtoMessage added in v0.1.7 

func (*InfoResponse) ProtoMessage()

func (*InfoResponse) ProtoReflect added in v0.1.7 

func (x *InfoResponse) ProtoReflect() protoreflect.Message

func (*InfoResponse) Reset added in v0.1.7 

func (x *InfoResponse) Reset()

func (*InfoResponse) String added in v0.1.7 

func (x *InfoResponse) String() string

type LegacyPublicKeyRequest added in v0.1.7 

type LegacyPublicKeyRequest struct {
	Algorithm string `protobuf:"bytes,1,opt,name=algorithm,proto3" json:"algorithm,omitempty"`
	// contains filtered or unexported fields
}

func (*LegacyPublicKeyRequest) Descriptor deprecated added in v0.1.7 

func (*LegacyPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use LegacyPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*LegacyPublicKeyRequest) GetAlgorithm added in v0.1.7 

func (x *LegacyPublicKeyRequest) GetAlgorithm() string

func (*LegacyPublicKeyRequest) ProtoMessage added in v0.1.7 

func (*LegacyPublicKeyRequest) ProtoMessage()

func (*LegacyPublicKeyRequest) ProtoReflect added in v0.1.7 

func (x *LegacyPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*LegacyPublicKeyRequest) Reset added in v0.1.7 

func (x *LegacyPublicKeyRequest) Reset()

func (*LegacyPublicKeyRequest) String added in v0.1.7 

func (x *LegacyPublicKeyRequest) String() string

type Policy 

type Policy struct {
	UUID uuid.UUID  `json:"uuid"`
	Body PolicyBody `json:"body"`
}

type PolicyBody added in v0.1.15 

type PolicyBody struct {
	DataAttributes []Attribute `json:"dataAttributes"`
	Dissem         []string    `json:"dissem"`
}

type Provider 

type Provider struct {
	AccessServiceServer
	URI           url.URL `json:"uri"`
	PrivateKey    p11.Pkcs11PrivateKeyRSA
	PublicKeyRSA  rsa.PublicKey `json:"publicKey"`
	PrivateKeyEC  p11.Pkcs11PrivateKeyEC
	PublicKeyEC   ecdsa.PublicKey
	Certificate   x509.Certificate `json:"certificate"`
	CertificateEC x509.Certificate `json:"certificateEc"`
	AttributeSvc  *url.URL
	Session       p11.Pkcs11Session
	OIDCVerifier  *oidc.IDTokenVerifier
}

func (*Provider) HealthZ added in v0.1.1 

func (p *Provider) HealthZ(w http.ResponseWriter, r *http.Request)

func (*Provider) Info added in v0.1.7 

func (p *Provider) Info(_ context.Context, in *InfoRequest) (*InfoResponse, error)

func (*Provider) LegacyPublicKey added in v0.1.7 

func (p *Provider) LegacyPublicKey(ctx context.Context, in *LegacyPublicKeyRequest) (*wrapperspb.StringValue, error)

func (*Provider) PublicKey added in v0.1.7 

func (p *Provider) PublicKey(ctx context.Context, in *PublicKeyRequest) (*PublicKeyResponse, error)

func (*Provider) Rewrap added in v0.1.7 

func (p *Provider) Rewrap(ctx context.Context, in *RewrapRequest) (*RewrapResponse, error)

type PublicKeyRequest added in v0.1.7 

type PublicKeyRequest struct {
	Algorithm string `protobuf:"bytes,1,opt,name=algorithm,proto3" json:"algorithm,omitempty"`
	Fmt       string `protobuf:"bytes,2,opt,name=fmt,proto3" json:"fmt,omitempty"`
	V         string `protobuf:"bytes,3,opt,name=v,proto3" json:"v,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKeyRequest) Descriptor deprecated added in v0.1.7 

func (*PublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use PublicKeyRequest.ProtoReflect.Descriptor instead.

func (*PublicKeyRequest) GetAlgorithm added in v0.1.7 

func (x *PublicKeyRequest) GetAlgorithm() string

func (*PublicKeyRequest) GetFmt added in v0.1.7 

func (x *PublicKeyRequest) GetFmt() string

func (*PublicKeyRequest) GetV added in v0.1.7 

func (x *PublicKeyRequest) GetV() string

func (*PublicKeyRequest) ProtoMessage added in v0.1.7 

func (*PublicKeyRequest) ProtoMessage()

func (*PublicKeyRequest) ProtoReflect added in v0.1.7 

func (x *PublicKeyRequest) ProtoReflect() protoreflect.Message

func (*PublicKeyRequest) Reset added in v0.1.7 

func (x *PublicKeyRequest) Reset()

func (*PublicKeyRequest) String added in v0.1.7 

func (x *PublicKeyRequest) String() string

type PublicKeyResponse added in v0.1.7 

type PublicKeyResponse struct {
	PublicKey string `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKeyResponse) Descriptor deprecated added in v0.1.7 

func (*PublicKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use PublicKeyResponse.ProtoReflect.Descriptor instead.

func (*PublicKeyResponse) GetPublicKey added in v0.1.7 

func (x *PublicKeyResponse) GetPublicKey() string

func (*PublicKeyResponse) ProtoMessage added in v0.1.7 

func (*PublicKeyResponse) ProtoMessage()

func (*PublicKeyResponse) ProtoReflect added in v0.1.7 

func (x *PublicKeyResponse) ProtoReflect() protoreflect.Message

func (*PublicKeyResponse) Reset added in v0.1.7 

func (x *PublicKeyResponse) Reset()

func (*PublicKeyResponse) String added in v0.1.7 

func (x *PublicKeyResponse) String() string

type RequestBody 

type RequestBody struct {
	AuthToken       string         `json:"authToken"`
	KeyAccess       tdf3.KeyAccess `json:"keyAccess"`
	Policy          string         `json:"policy,omitempty"`
	Algorithm       string         `json:"algorithm,omitempty"`
	ClientPublicKey string         `json:"clientPublicKey"`
	SchemaVersion   string         `json:"schemaVersion,omitempty"`
}

type RewrapRequest 

type RewrapRequest struct {
	SignedRequestToken string `protobuf:"bytes,1,opt,name=signed_request_token,json=signedRequestToken,proto3" json:"signed_request_token,omitempty"`
	Bearer             string `protobuf:"bytes,2,opt,name=bearer,proto3" json:"bearer,omitempty"`
	// contains filtered or unexported fields
}

func (*RewrapRequest) Descriptor deprecated added in v0.1.7 

func (*RewrapRequest) Descriptor() ([]byte, []int)

Deprecated: Use RewrapRequest.ProtoReflect.Descriptor instead.

func (*RewrapRequest) GetBearer added in v0.1.7 

func (x *RewrapRequest) GetBearer() string

func (*RewrapRequest) GetSignedRequestToken added in v0.1.7 

func (x *RewrapRequest) GetSignedRequestToken() string

func (*RewrapRequest) ProtoMessage added in v0.1.7 

func (*RewrapRequest) ProtoMessage()

func (*RewrapRequest) ProtoReflect added in v0.1.7 

func (x *RewrapRequest) ProtoReflect() protoreflect.Message

func (*RewrapRequest) Reset added in v0.1.7 

func (x *RewrapRequest) Reset()

func (*RewrapRequest) String added in v0.1.7 

func (x *RewrapRequest) String() string

type RewrapResponse 

type RewrapResponse struct {
	Metadata         map[string]*structpb.Value `` /* 157-byte string literal not displayed */
	EntityWrappedKey []byte                     `protobuf:"bytes,2,opt,name=entity_wrapped_key,json=entityWrappedKey,proto3" json:"entity_wrapped_key,omitempty"`
	SessionPublicKey string                     `protobuf:"bytes,3,opt,name=session_public_key,json=sessionPublicKey,proto3" json:"session_public_key,omitempty"`
	SchemaVersion    string                     `protobuf:"bytes,4,opt,name=schema_version,json=schemaVersion,proto3" json:"schema_version,omitempty"`
	// contains filtered or unexported fields
}

func (*RewrapResponse) Descriptor deprecated added in v0.1.7 

func (*RewrapResponse) Descriptor() ([]byte, []int)

Deprecated: Use RewrapResponse.ProtoReflect.Descriptor instead.

func (*RewrapResponse) GetEntityWrappedKey added in v0.1.7 

func (x *RewrapResponse) GetEntityWrappedKey() []byte

func (*RewrapResponse) GetMetadata added in v0.1.7 

func (x *RewrapResponse) GetMetadata() map[string]*structpb.Value

func (*RewrapResponse) GetSchemaVersion added in v0.1.7 

func (x *RewrapResponse) GetSchemaVersion() string

func (*RewrapResponse) GetSessionPublicKey added in v0.1.7 

func (x *RewrapResponse) GetSessionPublicKey() string

func (*RewrapResponse) ProtoMessage added in v0.1.7 

func (*RewrapResponse) ProtoMessage()

func (*RewrapResponse) ProtoReflect added in v0.1.7 

func (x *RewrapResponse) ProtoReflect() protoreflect.Message

func (*RewrapResponse) Reset added in v0.1.7 

func (x *RewrapResponse) Reset()

func (*RewrapResponse) String added in v0.1.7 

func (x *RewrapResponse) String() string

type UnimplementedAccessServiceServer added in v0.1.7 

type UnimplementedAccessServiceServer struct {
}

UnimplementedAccessServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedAccessServiceServer) Info added in v0.1.7 

func (UnimplementedAccessServiceServer) Info(context.Context, *InfoRequest) (*InfoResponse, error)

func (UnimplementedAccessServiceServer) LegacyPublicKey added in v0.1.7 

func (UnimplementedAccessServiceServer) LegacyPublicKey(context.Context, *LegacyPublicKeyRequest) (*wrapperspb.StringValue, error)

func (UnimplementedAccessServiceServer) PublicKey added in v0.1.7 

func (UnimplementedAccessServiceServer) PublicKey(context.Context, *PublicKeyRequest) (*PublicKeyResponse, error)

func (UnimplementedAccessServiceServer) Rewrap added in v0.1.7 

func (UnimplementedAccessServiceServer) Rewrap(context.Context, *RewrapRequest) (*RewrapResponse, error)

type UnsafeAccessServiceServer added in v0.1.7 

type UnsafeAccessServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeAccessServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AccessServiceServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.