rest_util

package
v0.26.36 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 19 Imported by: 6

Documentation

Overview

Package rest_util provides helper functions to generate a client for the Ziti Edge REST APIs. It is a meat and potato API that is meant to be consumed by higher level implementations (e.g. CLIs).

The main entry functions are: - NewEdgeManagementClientWithToken() - NewEdgeManagementClientWithUpdb() - NewEdgeManagementClientWithCert() - NewEdgeManagementClientWithAuthenticator() - NewEdgeClientClientWithToken() - NewEdgeClientClientWithUpdb() - NewEdgeClientClientWithCert() - NewEdgeClientClientWithAuthenticator()

`updb` and `cert` are supported with specific helper functions. Any authentication method not supported explicitly can use the ***Authenticator helper functions to implement other authentication methods.

An example(s) is provided in the `examples` directory.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetControllerWellKnownCaPool added in v0.25.8

func GetControllerWellKnownCaPool(controllerAddr string) (*x509.CertPool, error)

GetControllerWellKnownCaPool will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as an x509.CertPool.

func GetControllerWellKnownCaPoolWithTlsConfig added in v0.26.20

func GetControllerWellKnownCaPoolWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) (*x509.CertPool, error)

GetControllerWellKnownCaPoolWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle as an x509.CertPool using a pre-configured TLS config.

func GetControllerWellKnownCas

func GetControllerWellKnownCas(controllerAddr string) ([]*x509.Certificate, error)

GetControllerWellKnownCas will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle.

func GetControllerWellKnownCasWithTlsConfig added in v0.26.20

func GetControllerWellKnownCasWithTlsConfig(controllerAddr string, tlsConfig *tls.Config) ([]*x509.Certificate, error)

GetControllerWellKnownCasWithTlsConfig will attempt to connect to a controller and retrieve its PKCS11 well-known CA bundle with a specific TLS config.

func NewEdgeClientClientWithAuthenticator

func NewEdgeClientClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithAuthenticator will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.

func NewEdgeClientClientWithCert

func NewEdgeClientClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithCert will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.

func NewEdgeClientClientWithToken

func NewEdgeClientClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithToken will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.

func NewEdgeClientClientWithUpdb

func NewEdgeClientClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_client_api_client.ZitiEdgeClient, error)

NewEdgeClientClientWithUpdb will generate a new rest_client_api_client.ZitiEdgeClient client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.

func NewEdgeManagementClientWithAuthenticator

func NewEdgeManagementClientWithAuthenticator(authenticator Authenticator, apiAddress string) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithAuthenticator will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate with the provided Authenticator to obtain an API Session token.

func NewEdgeManagementClientWithCert

func NewEdgeManagementClientWithCert(cert *x509.Certificate, privateKey crypto.PrivateKey, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithCert will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via client certificate to obtain an API Session token.

func NewEdgeManagementClientWithToken

func NewEdgeManagementClientWithToken(httpClient *http.Client, apiAddress string, apiSessionToken string) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithToken will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and an API Session token that has been previously obtained.

func NewEdgeManagementClientWithUpdb

func NewEdgeManagementClientWithUpdb(username, password string, apiAddress string, rootCas *x509.CertPool) (*rest_management_api_client.ZitiEdgeManagement, error)

NewEdgeManagementClientWithUpdb will generate a new rest_management_api_client.ZitiEdgeManagement client based upon a provided http.Client, controller address, and will authenticate via username/password database (updb) to obtain an API Session token.

func NewHttpClientWithTlsConfig

func NewHttpClientWithTlsConfig(tlsClientConfig *tls.Config) (*http.Client, error)

NewHttpClientWithTlsConfig provides a default HTTP client with generous default timeouts.

func NewTlsConfig

func NewTlsConfig() (*tls.Config, error)

NewTlsConfig creates a tls.Config with default min/max TSL versions.

func VerifyController

func VerifyController(controllerAddr string, caPool *x509.CertPool) (bool, error)

VerifyController will attempt to use the provided x509.CertPool to connect to the provided controller. If successful true an no error will be returned.

func WrapErr added in v0.25.24

func WrapErr(err error) error

WrapErr return an error that has been wrapped so that err.Error() prints useful API error information if possible. If the error does not support deep API error information, the error is returned as is.

Types

type APIFormattedError added in v0.25.24

type APIFormattedError struct {
	*rest_model.APIError
	// contains filtered or unexported fields
}

APIFormattedError takes a rest_model.APIError and wraps it so that it can output helpful information rather than pointer addresses for `Data` and `Meta`

func (*APIFormattedError) Error added in v0.25.24

func (e *APIFormattedError) Error() string

func (*APIFormattedError) Unwrap added in v0.25.34

func (e *APIFormattedError) Unwrap() error

type ApiErrorPayload added in v0.25.8

type ApiErrorPayload interface {
	GetPayload() *rest_model.APIErrorEnvelope
}

type Authenticator

type Authenticator interface {
	//Authenticate issues an authentication HTTP requests to the designated controller. The method and operation
	// of this authentication request is determined by the implementor.
	Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

	//BuildHttpClient returns a http.Client to use for an API client. This specifically allows
	//client certificate authentication to be configured in the http.Client's transport/tls.Config
	BuildHttpClient() (*http.Client, error)

	//SetInfo sets the env and sdk info submitted on Authenticate
	SetInfo(*rest_model.EnvInfo, *rest_model.SdkInfo)
}

Authenticator is an interface that facilitates obtaining an API Session.

type AuthenticatorAuthHeader

type AuthenticatorAuthHeader struct {
	AuthenticatorBase
	Token string
}

func NewAuthenticatorAuthHeader

func NewAuthenticatorAuthHeader(token string) *AuthenticatorAuthHeader

func (*AuthenticatorAuthHeader) Authenticate

func (a *AuthenticatorAuthHeader) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorAuthHeader) AuthenticateRequest added in v0.25.8

func (a *AuthenticatorAuthHeader) AuthenticateRequest(request runtime.ClientRequest, registry strfmt.Registry) error

func (*AuthenticatorAuthHeader) BuildHttpClient added in v0.25.8

func (a *AuthenticatorAuthHeader) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorAuthHeader) Params

type AuthenticatorBase

type AuthenticatorBase struct {
	ConfigTypes    rest_model.ConfigTypes
	EnvInfo        *rest_model.EnvInfo
	SdkInfo        *rest_model.SdkInfo
	HttpClientFunc HttpClientFunc
	TlsConfigFunc  TlsConfigFunc
	RootCas        *x509.CertPool
}

AuthenticatorBase provides embeddable shared capabilities for all authenticators.

func (*AuthenticatorBase) BuildHttpClientWithModifyTls

func (a *AuthenticatorBase) BuildHttpClientWithModifyTls(modifyTls func(*tls.Config)) (*http.Client, error)

BuildHttpClientWithModifyTls builds a new http.Client with the provided HttpClientFunc and TlsConfigFunc. If not set, default NewHttpClientWithTlsConfig and NewTlsConfig will be used.

func (*AuthenticatorBase) SetInfo added in v0.25.8

func (a *AuthenticatorBase) SetInfo(env *rest_model.EnvInfo, sdk *rest_model.SdkInfo)

type AuthenticatorCert

type AuthenticatorCert struct {
	AuthenticatorBase
	Certificate *x509.Certificate
	PrivateKey  crypto.PrivateKey
}

AuthenticatorCert is an implementation of Authenticator that can fulfill client certificate authentication requests.

func NewAuthenticatorCert

func NewAuthenticatorCert(cert *x509.Certificate, privateKey crypto.PrivateKey) *AuthenticatorCert

func (*AuthenticatorCert) Authenticate

func (a *AuthenticatorCert) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorCert) BuildHttpClient

func (a *AuthenticatorCert) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorCert) Params

type AuthenticatorIdentity added in v0.25.8

type AuthenticatorIdentity struct {
	CertProvider
	AuthenticatorBase
}

AuthenticatorIdentity is meant to deal with OpenZiti identity files and interfaces defined in the `identity` repository

func (*AuthenticatorIdentity) BuildHttpClient added in v0.25.8

func (a *AuthenticatorIdentity) BuildHttpClient() (*http.Client, error)

type AuthenticatorUpdb

type AuthenticatorUpdb struct {
	AuthenticatorBase
	Username string
	Password string
}

AuthenticatorUpdb is an implementation of Authenticator that can fulfill username/password authentication requests.

func NewAuthenticatorUpdb

func NewAuthenticatorUpdb(username, password string) *AuthenticatorUpdb

func (*AuthenticatorUpdb) Authenticate

func (a *AuthenticatorUpdb) Authenticate(controllerAddress *url.URL) (*rest_model.CurrentAPISessionDetail, error)

func (*AuthenticatorUpdb) BuildHttpClient

func (a *AuthenticatorUpdb) BuildHttpClient() (*http.Client, error)

func (*AuthenticatorUpdb) Params

type CertProvider added in v0.25.8

type CertProvider interface {
	Cert() *tls.Certificate
	CA() *x509.CertPool
	ClientTLSConfig() *tls.Config
}

CertProvider scopes a subset of the identity.Identity interface

type HeaderAuth

type HeaderAuth struct {
	HeaderName  string
	HeaderValue string
}

func (*HeaderAuth) AuthenticateRequest

func (e *HeaderAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error

type HttpClientFunc

type HttpClientFunc func(tlsClientConfig *tls.Config) (*http.Client, error)

HttpClientFunc allows an external HttpClient to be created and used.

type TlsConfigFunc

type TlsConfigFunc func() (*tls.Config, error)

TlsConfigFunc allows the tls.Config to be modified before use.

type ZitiTokenAuth

type ZitiTokenAuth struct {
	Token string
}

ZitiTokenAuth is an implementation of runtime.ClientAuthInfoWriter. It allows an API Session token to be injected into out going HTTP requests.

func (*ZitiTokenAuth) AuthenticateRequest

func (e *ZitiTokenAuth) AuthenticateRequest(request openApiRuntime.ClientRequest, _ strfmt.Registry) error

AuthenticateRequest injects the API Session token into outgoing requests.

Directories

Path Synopsis
examples

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL