Documentation ¶
Overview ¶
Package rest_util provides helper functions to generate a client for the Ziti Edge REST APIs. It is a meat and potato API that is meant to be consumed by higher level implementations (e.g. CLIs).
The main entry functions are: - NewEdgeManagementClientWithToken() - NewEdgeManagementClientWithUpdb() - NewEdgeManagementClientWithCert() - NewEdgeManagementClientWithAuthenticator() - NewEdgeClientClientWithToken() - NewEdgeClientClientWithUpdb() - NewEdgeClientClientWithCert() - NewEdgeClientClientWithAuthenticator()
`updb` and `cert` are supported with specific helper functions. Any authentication method not supported explicitly can use the ***Authenticator helper functions to implement other authentication methods.
An example(s) is provided in the `examples` directory.
Index ¶
- func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error)
- func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error)
- func NewEdgeClientClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_client_api_client.ZitiEdgeClient, error)
- func NewEdgeClientClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, ...) (*rest_client_api_client.ZitiEdgeClient, error)
- func NewEdgeClientClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_client_api_client.ZitiEdgeClient, error)
- func NewEdgeClientClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)
- func NewEdgeManagementClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_management_api_client.ZitiEdgeManagement, error)
- func NewEdgeManagementClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, ...) (*rest_management_api_client.ZitiEdgeManagement, error)
- func NewEdgeManagementClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_management_api_client.ZitiEdgeManagement, error)
- func NewEdgeManagementClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)
- func NewHttpClientWithTlsConfig(tlsClientConfig *tls.Config) (*http.Client, error)
- func NewTlsConfig() (*tls.Config, error)
- func VerifyController(controllerAddr string, caPool *x509.CertPool) (bool, error)
- type ApiErrorPayload
- type Authenticator
- type AuthenticatorAuthHeader
- func (a *AuthenticatorAuthHeader) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)
- func (a *AuthenticatorAuthHeader) AuthenticateRequest(request runtime.ClientRequest, registry strfmt.Registry) error
- func (a *AuthenticatorAuthHeader) BuildHttpClient() (*http.Client, error)
- func (a *AuthenticatorAuthHeader) Params() *authentication.AuthenticateParams
- type AuthenticatorBase
- type AuthenticatorCert
- type AuthenticatorIdentity
- type AuthenticatorUpdb
- type CertProvider
- type HeaderAuth
- type HttpClientFunc
- type TlsConfigFunc
- type ZitiTokenAuth
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetControllerWellKnownCaPool ¶ added in v0.25.8
GetControllerWellKnownCaPool will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as an x509.CertPool
func GetControllerWellKnownCas ¶
func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error)
GetControllerWellKnownCas will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle.
func NewEdgeClientClientWithAuthenticator ¶
func NewEdgeClientClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_client_api_client.ZitiEdgeClient, error)
NewEdgeClientClientWithAuthenticator will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.
func NewEdgeClientClientWithCert ¶
func NewEdgeClientClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)
NewEdgeClientClientWithCert will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.
func NewEdgeClientClientWithToken ¶
func NewEdgeClientClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_client_api_client.ZitiEdgeClient, error)
NewEdgeClientClientWithToken will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.
func NewEdgeClientClientWithUpdb ¶
func NewEdgeClientClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)
NewEdgeClientClientWithUpdb will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.
func NewEdgeManagementClientWithAuthenticator ¶
func NewEdgeManagementClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_management_api_client.ZitiEdgeManagement, error)
NewEdgeManagementClientWithAuthenticator will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.
func NewEdgeManagementClientWithCert ¶
func NewEdgeManagementClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)
NewEdgeManagementClientWithCert will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.
func NewEdgeManagementClientWithToken ¶
func NewEdgeManagementClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_management_api_client.ZitiEdgeManagement, error)
NewEdgeManagementClientWithToken will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.
func NewEdgeManagementClientWithUpdb ¶
func NewEdgeManagementClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)
NewEdgeManagementClientWithUpdb will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.
func NewHttpClientWithTlsConfig ¶
NewHttpClientWithTlsConfig provides a default HTTP client with generous default timeouts.
func NewTlsConfig ¶
NewTlsConfig creates a tls.Config with default min/max TSL versions.
Types ¶
type ApiErrorPayload ¶ added in v0.25.8
type ApiErrorPayload interface {
GetPayload() *rest_model.APIErrorEnvelope
}
type Authenticator ¶
type Authenticator interface { //Authenticate issues an authentication HTTP requests to the designated controller. The method and operation // of this authentication request is determined by the implementor. Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error) //BuildHttpClient returns a http.Client to use for an API client. This specifically allows //client certificate authentication to be configured in the http.Client's transport/tls.Config BuildHttpClient() (*http.Client, error) //SetInfo sets the env and sdk info submitted on Authenticate SetInfo(*rest_model.EnvInfo, *rest_model.SdkInfo) }
Authenticator is an interface that facilitates obtaining an API Session.
type AuthenticatorAuthHeader ¶
type AuthenticatorAuthHeader struct { AuthenticatorBase Token string }
func NewAuthenticatorAuthHeader ¶
func NewAuthenticatorAuthHeader(token string) *AuthenticatorAuthHeader
func (*AuthenticatorAuthHeader) Authenticate ¶
func (a *AuthenticatorAuthHeader) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)
func (*AuthenticatorAuthHeader) AuthenticateRequest ¶ added in v0.25.8
func (a *AuthenticatorAuthHeader) AuthenticateRequest(request runtime.ClientRequest, registry strfmt.Registry) error
func (*AuthenticatorAuthHeader) BuildHttpClient ¶ added in v0.25.8
func (a *AuthenticatorAuthHeader) BuildHttpClient() (*http.Client, error)
func (*AuthenticatorAuthHeader) Params ¶
func (a *AuthenticatorAuthHeader) Params() *authentication.AuthenticateParams
type AuthenticatorBase ¶
type AuthenticatorBase struct { ConfigTypes rest_model.ConfigTypes EnvInfo *rest_model.EnvInfo SdkInfo *rest_model.SdkInfo HttpClientFunc HttpClientFunc TlsConfigFunc TlsConfigFunc RootCas *x509.CertPool }
AuthenticatorBase provides embeddable shared capabilities for all authenticators.
func (*AuthenticatorBase) BuildHttpClientWithModifyTls ¶
func (a *AuthenticatorBase) BuildHttpClientWithModifyTls(modifyTls func(*tls.Config)) (*http.Client, error)
BuildHttpClientWithModifyTls builds a new http.Client with the provided HttpClientFunc and TlsConfigFunc. If not set, default NewHttpClientWithTlsConfig and NewTlsConfig will be used.
func (*AuthenticatorBase) SetInfo ¶ added in v0.25.8
func (a *AuthenticatorBase) SetInfo(env *rest_model.EnvInfo, sdk *rest_model.SdkInfo)
type AuthenticatorCert ¶
type AuthenticatorCert struct { AuthenticatorBase Certificate *x509.Certificate PrivateKey crypto.PrivateKey }
AuthenticatorCert is an implementation of Authenticator that can fulfill client certificate authentication requests.
func NewAuthenticatorCert ¶
func NewAuthenticatorCert(cert *x509.Certificate, privateKey crypto.PrivateKey) *AuthenticatorCert
func (*AuthenticatorCert) Authenticate ¶
func (a *AuthenticatorCert) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)
func (*AuthenticatorCert) BuildHttpClient ¶
func (a *AuthenticatorCert) BuildHttpClient() (*http.Client, error)
func (*AuthenticatorCert) Params ¶
func (a *AuthenticatorCert) Params() *authentication.AuthenticateParams
type AuthenticatorIdentity ¶ added in v0.25.8
type AuthenticatorIdentity struct { CertProvider AuthenticatorBase }
AuthenticatorIdentity is meant to deal with OpenZiti identity files and interfaces defined in the `identity` repository
func (*AuthenticatorIdentity) BuildHttpClient ¶ added in v0.25.8
func (a *AuthenticatorIdentity) BuildHttpClient() (*http.Client, error)
type AuthenticatorUpdb ¶
type AuthenticatorUpdb struct { AuthenticatorBase Username string Password string }
AuthenticatorUpdb is an implementation of Authenticator that can fulfill username/password authentication requests.
func NewAuthenticatorUpdb ¶
func NewAuthenticatorUpdb(username, password string) *AuthenticatorUpdb
func (*AuthenticatorUpdb) Authenticate ¶
func (a *AuthenticatorUpdb) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)
func (*AuthenticatorUpdb) BuildHttpClient ¶
func (a *AuthenticatorUpdb) BuildHttpClient() (*http.Client, error)
func (*AuthenticatorUpdb) Params ¶
func (a *AuthenticatorUpdb) Params() *authentication.AuthenticateParams
type CertProvider ¶ added in v0.25.8
type CertProvider interface { Cert() *tls.Certificate CA() *x509.CertPool ClientTLSConfig() *tls.Config }
CertProvider scopes a subset of the identity.Identity interface
type HeaderAuth ¶
func (*HeaderAuth) AuthenticateRequest ¶
func (e *HeaderAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error
type HttpClientFunc ¶
HttpClientFunc allows an external HttpClient to be created and used.
type TlsConfigFunc ¶
TlsConfigFunc allows the tls.Config to be modified before use.
type ZitiTokenAuth ¶
type ZitiTokenAuth struct {
Token string
}
ZitiTokenAuth is an implementation of runtime.ClientAuthInfoWriter. It allows an API Session token to be injected into out going HTTP requests.
func (*ZitiTokenAuth) AuthenticateRequest ¶
func (e *ZitiTokenAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error
AuthenticateRequest injects the API Session token into outgoing requests.