rest_util

package
v0.26.22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 22, 2024 License: Apache-2.0 Imports: 19 Imported by: 7

Documentation

Overview

Package rest_util provides helper functions to generate a client for the Ziti Edge REST APIs. It is a meat and potato API that is meant to be consumed by higher level implementations (e.g. CLIs).

The main entry functions are: - NewEdgeManagementClientWithToken() - NewEdgeManagementClientWithUpdb() - NewEdgeManagementClientWithCert() - NewEdgeManagementClientWithAuthenticator() - NewEdgeClientClientWithToken() - NewEdgeClientClientWithUpdb() - NewEdgeClientClientWithCert() - NewEdgeClientClientWithAuthenticator()

`updb` and `cert` are supported with specific helper functions. Any authentication method not supported explicitly can use the ***Authenticator helper functions to implement other authentication methods.

An example(s) is provided in the `examples` directory.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetControllerWellKnownCaPool added in v0.25.8 

func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error)

GetControllerWellKnownCaPool will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as an x509.CertPool.

func GetControllerWellKnownCaPoolWithTlsConfig added in v0.26.20 

func GetControllerWellKnownCaPoolWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) (*x509.CertPool, error)

GetControllerWellKnownCaPoolWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as an x509.CertPool using a pre-configured TLS config.

func GetControllerWellKnownCas 

func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error)

GetControllerWellKnownCas will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle.

func GetControllerWellKnownCasWithTlsConfig added in v0.26.20 

func GetControllerWellKnownCasWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) ([]*x509.Certificate, error)

GetControllerWellKnownCasWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle with a specific TLS config.

func NewEdgeClientClientWithAuthenticator 

func NewEdgeClientClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithAuthenticator will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.

func NewEdgeClientClientWithCert 

func NewEdgeClientClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithCert will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.

func NewEdgeClientClientWithToken 

func NewEdgeClientClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithToken will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.

func NewEdgeClientClientWithUpdb 

func NewEdgeClientClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithUpdb will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.

func NewEdgeManagementClientWithAuthenticator 

func NewEdgeManagementClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithAuthenticator will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.

func NewEdgeManagementClientWithCert 

func NewEdgeManagementClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithCert will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.

func NewEdgeManagementClientWithToken 

func NewEdgeManagementClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithToken will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.

func NewEdgeManagementClientWithUpdb 

func NewEdgeManagementClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithUpdb will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.

func NewHttpClientWithTlsConfig 

func NewHttpClientWithTlsConfig(tlsClientConfig *tls.Config) (*http.Client, error)

NewHttpClientWithTlsConfig provides a default HTTP client with generous default timeouts.

func NewTlsConfig 

func NewTlsConfig() (*tls.Config, error)

NewTlsConfig creates a tls.Config with default min/max TSL versions.

func VerifyController 

func VerifyController(controllerAddr string, caPool *x509.CertPool) (bool, error)

VerifyController will attempt to use the provided x509.CertPool to connect to the provided controller. If successful true an no error will be returned.

func WrapErr added in v0.25.24 

func WrapErr(err error) error

WrapErr return an error that has been wrapped so that err.Error() prints useful API error information if possible. If the error does not support deep API error information, the error is returned as is.

Types

type APIFormattedError added in v0.25.24 

type APIFormattedError struct {
	*rest_model.APIError
	// contains filtered or unexported fields
}

APIFormattedError takes a rest_model.APIError and wraps it so that it can output helpful information rather than pointer addresses for `Data` and `Meta`

func (*APIFormattedError) Error added in v0.25.24 

func (e *APIFormattedError) Error() string

func (*APIFormattedError) Unwrap added in v0.25.34 

func (e *APIFormattedError) Unwrap() error

type ApiErrorPayload added in v0.25.8 

type ApiErrorPayload interface {
	GetPayload() *rest_model.APIErrorEnvelope
}

type Authenticator 

type Authenticator interface {
	//Authenticate issues an authentication HTTP requests to the designated controller. The method and operation
	// of this authentication request is determined by the implementor.
	Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

	//BuildHttpClient returns a http.Client to use for an API client. This specifically allows
	//client certificate authentication to be configured in the http.Client's transport/tls.Config
	BuildHttpClient() (*http.Client, error)

	//SetInfo sets the env and sdk info submitted on Authenticate
	SetInfo(*rest_model.EnvInfo, *rest_model.SdkInfo)
}

Authenticator is an interface that facilitates obtaining an API Session.

type AuthenticatorAuthHeader 

type AuthenticatorAuthHeader struct {
	AuthenticatorBase
	Token string
}

func NewAuthenticatorAuthHeader 

func NewAuthenticatorAuthHeader(token string) *AuthenticatorAuthHeader

func (*AuthenticatorAuthHeader) Authenticate 

func (a *AuthenticatorAuthHeader) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorAuthHeader) AuthenticateRequest added in v0.25.8 

func (a *AuthenticatorAuthHeader) AuthenticateRequest(request runtime.ClientRequest, registry strfmt.Registry) error

func (*AuthenticatorAuthHeader) BuildHttpClient added in v0.25.8 

func (a *AuthenticatorAuthHeader) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorAuthHeader) Params 

func (a *AuthenticatorAuthHeader) Params() *authentication.AuthenticateParams

type AuthenticatorBase 

type AuthenticatorBase struct {
	ConfigTypes    rest_model.ConfigTypes
	EnvInfo        *rest_model.EnvInfo
	SdkInfo        *rest_model.SdkInfo
	HttpClientFunc HttpClientFunc
	TlsConfigFunc  TlsConfigFunc
	RootCas        *x509.CertPool
}

AuthenticatorBase provides embeddable shared capabilities for all authenticators.

func (*AuthenticatorBase) BuildHttpClientWithModifyTls 

func (a *AuthenticatorBase) BuildHttpClientWithModifyTls(modifyTls func(*tls.Config)) (*http.Client, error)

BuildHttpClientWithModifyTls builds a new http.Client with the provided HttpClientFunc and TlsConfigFunc. If not set, default NewHttpClientWithTlsConfig and NewTlsConfig will be used.

func (*AuthenticatorBase) SetInfo added in v0.25.8 

func (a *AuthenticatorBase) SetInfo(env *rest_model.EnvInfo, sdk *rest_model.SdkInfo)

type AuthenticatorCert 

type AuthenticatorCert struct {
	AuthenticatorBase
	Certificate *x509.Certificate
	PrivateKey  crypto.PrivateKey
}

AuthenticatorCert is an implementation of Authenticator that can fulfill client certificate authentication requests.

func NewAuthenticatorCert 

func NewAuthenticatorCert(cert *x509.Certificate, privateKey crypto.PrivateKey) *AuthenticatorCert

func (*AuthenticatorCert) Authenticate 

func (a *AuthenticatorCert) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorCert) BuildHttpClient 

func (a *AuthenticatorCert) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorCert) Params 

func (a *AuthenticatorCert) Params() *authentication.AuthenticateParams

type AuthenticatorIdentity added in v0.25.8 

type AuthenticatorIdentity struct {
	CertProvider
	AuthenticatorBase
}

AuthenticatorIdentity is meant to deal with OpenZiti identity files and interfaces defined in the `identity` repository

func (*AuthenticatorIdentity) BuildHttpClient added in v0.25.8 

func (a *AuthenticatorIdentity) BuildHttpClient() (*http.Client, error)

type AuthenticatorUpdb 

type AuthenticatorUpdb struct {
	AuthenticatorBase
	Username string
	Password string
}

AuthenticatorUpdb is an implementation of Authenticator that can fulfill username/password authentication requests.

func NewAuthenticatorUpdb 

func NewAuthenticatorUpdb(username, password string) *AuthenticatorUpdb

func (*AuthenticatorUpdb) Authenticate 

func (a *AuthenticatorUpdb) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorUpdb) BuildHttpClient 

func (a *AuthenticatorUpdb) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorUpdb) Params 

func (a *AuthenticatorUpdb) Params() *authentication.AuthenticateParams

type CertProvider added in v0.25.8 

type CertProvider interface {
	Cert() *tls.Certificate
	CA() *x509.CertPool
	ClientTLSConfig() *tls.Config
}

CertProvider scopes a subset of the identity.Identity interface

type HeaderAuth 

type HeaderAuth struct {
	HeaderName  string
	HeaderValue string
}

func (*HeaderAuth) AuthenticateRequest 

func (e *HeaderAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error

type HttpClientFunc 

type HttpClientFunc func(tlsClientConfig *tls.Config) (*http.Client, error)

HttpClientFunc allows an external HttpClient to be created and used.

type TlsConfigFunc 

type TlsConfigFunc func() (*tls.Config, error)

TlsConfigFunc allows the tls.Config to be modified before use.

type ZitiTokenAuth 

type ZitiTokenAuth struct {
	Token string
}

ZitiTokenAuth is an implementation of runtime.ClientAuthInfoWriter. It allows an API Session token to be injected into out going HTTP requests.

func (*ZitiTokenAuth) AuthenticateRequest 

func (e *ZitiTokenAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error

AuthenticateRequest injects the API Session token into outgoing requests.

Source Files

View all Source files

Directories

Path Synopsis
examples
ziti-example-list-identities

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.