persistence

package
v0.24.442 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 8, 2023 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Index

Constants

View Source
const (
	FieldApiSessionCertificateApiSession  = "apiSession"
	FieldApiSessionCertificateSubject     = "subject"
	FieldApiSessionCertificateFingerprint = "fingerprint"
	FieldApiSessionCertificateValidAfter  = "validAfter"
	FieldApiSessionCertificateValidBefore = "validBefore"
	FieldApiSessionCertificatePem         = "pem"
)
View Source
const (
	FieldApiSessionIdentity       = "identity"
	FieldApiSessionToken          = "token"
	FieldApiSessionConfigTypes    = "configTypes"
	FieldApiSessionIPAddress      = "ipAddress"
	FieldApiSessionMfaComplete    = "mfaComplete"
	FieldApiSessionMfaRequired    = "mfaRequired"
	FieldApiSessionLastActivityAt = "lastActivityAt"
	FieldApiSessionAuthenticator  = "authenticator"

	EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED"

	EventualEventApiSessionDelete = "ApiSessionDelete"
)
View Source
const (
	DefaultUpdbMinPasswordLength = int64(5)
	DefaultUpdbMaxAttempts       = int64(5)
	DefaultAuthPolicyId          = "default"

	UpdbIndefiniteLockout      = int64(0)
	UpdbUnlimitedAttemptsLimit = int64(0)

	FieldAuthPolicyPrimaryCertAllowed           = "primary.cert.allowed"
	FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts"

	FieldAuthPolicyPrimaryUpdbAllowed                = "primary.updb.allowed"
	FiledAuthPolicyPrimaryUpdbMinPasswordLength      = "primary.updb.minPasswordLength"
	FieldAuthPolicyPrimaryUpdbRequireSpecialChar     = "primary.updb.requireSpecialChar"
	FieldAuthPolicyPrimaryUpdbRequireNumberChar      = "primary.updb.requireNumberChar"
	FieldAuthPolicyPrimaryUpdbRequireMixedCase       = "primary.updb.requireMixedCase"
	FieldAuthPolicyPrimaryUpdbMaxAttempts            = "primary.updb.maxAttempts"
	FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes"

	FieldAuthPolicyPrimaryExtJwtAllowed        = "primary.extJwt.allowed"
	FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners"

	FieldAuthSecondaryPolicyRequireTotp          = "secondary.requireTotp"
	FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner"
)
View Source
const (
	FieldAuthenticatorMethod   = "method"
	FieldAuthenticatorIdentity = "identity"

	FieldAuthenticatorCertFingerprint = "certFingerprint"
	FieldAuthenticatorCertPem         = "certPem"

	FieldAuthenticatorUnverifiedCertPem         = "unverifiedCertPem"
	FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint"

	FieldAuthenticatorUpdbUsername = "updbUsername"
	FieldAuthenticatorUpdbPassword = "updbPassword"
	FieldAuthenticatorUpdbSalt     = "updbSalt"

	MethodAuthenticatorUpdb = "updb"
	MethodAuthenticatorCert = "cert"
	// MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly
	// registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a
	// "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually
	// be stored for persistence and is defined here for as tobe near the other authenticator methods.
	MethodAuthenticatorCertCaExternalId = "certCaExternalId"
)
View Source
const (
	EntityTypeApiSessions               = "apiSessions"
	EntityTypeApiSessionCertificates    = "apiSessionCertificates"
	EntityTypeAuthPolicies              = "authPolicies"
	EntityTypeEventualEvents            = "eventualEvents"
	EntityTypeCas                       = "cas"
	EntityTypeConfigs                   = "configs"
	EntityTypeConfigTypes               = "configTypes"
	EntityTypeEdgeRouterPolicies        = "edgeRouterPolicies"
	EntityTypeExternalJwtSigners        = "externalJwtSigners"
	EntityTypeIdentities                = "identities"
	EntityTypeIdentityTypes             = "identityTypes"
	EntityTypeMfas                      = "mfas"
	EntityTypeRevocations               = "revocations"
	EntityTypeServicePolicies           = "servicePolicies"
	EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies"
	EntityTypeSessions                  = "sessions"
	EntityTypeSessionCerts              = "sessionCerts"
	EntityTypeEnrollments               = "enrollments"
	EntityTypeAuthenticators            = "authenticators"
	EntityTypePostureChecks             = "postureChecks"
	EntityTypePostureCheckTypes         = "postureCheckTypes"
	EdgeBucket                          = "edge"

	FieldName           = "name"
	FieldSemantic       = "semantic"
	FieldRoleAttributes = "roleAttributes"

	FieldEdgeRouterRoles   = "edgeRouterRoles"
	FieldIdentityRoles     = "identityRoles"
	FieldServiceRoles      = "serviceRoles"
	FieldPostureCheckRoles = "postureCheckRoles"

	SemanticAllOf = "AllOf"
	SemanticAnyOf = "AnyOf"
)
View Source
const (
	FieldCaFingerprint                    = "fingerprint"
	FieldCaCertPem                        = "certPem"
	FieldCaIsVerified                     = "isVerified"
	FieldCaVerificationToken              = "verificationToken"
	FieldCaIsAutoCaEnrollmentEnabled      = "isAutoCaEnrollmentEnabled"
	FieldCaIsOttCaEnrollmentEnabled       = "isOttCaEnrollmentEnabled"
	FieldCaIsAuthEnabled                  = "isAuthEnabled"
	FieldCaIdentityNameFormat             = "identityNameFormat"
	FieldCaEnrollments                    = "enrollments"
	FieldCaExternalIdClaim                = "externalIdClaim"
	FieldCaExternalIdClaimLocation        = "externalIdClaim.location"
	FieldCaExternalIdClaimIndex           = "externalIdClaim.index"
	FieldCaExternalIdClaimMatcher         = "externalIdClaim.matcher"
	FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria"
	FieldCaExternalIdClaimParser          = "externalIdClaim.parser"
	FieldCaExternalIdClaimParserCriteria  = "externalIdClaim.parserSeparator"
)
View Source
const (
	ExternalIdClaimLocCommonName = "COMMON_NAME"
	ExternalIdClaimLocSanUri     = "SAN_URI"
	ExternalIdClaimLocSanEmail   = "SAN_EMAIL"

	ExternalIdClaimMatcherAll    = "ALL"
	ExternalIdClaimMatcherSuffix = "SUFFIX"
	ExternalIdClaimMatcherPrefix = "PREFIX"
	ExternalIdClaimMatcherScheme = "SCHEME"

	ExternalIdClaimParserNone  = "NONE"
	ExternalIdClaimParserSplit = "SPLIT"
)
View Source
const (
	FieldConfigData            = "data"
	FieldConfigType            = "type"
	FieldConfigIdentityService = "identityServices"
)
View Source
const (
	FieldEdgeRouters                     = "edgeRouters"
	FieldEdgeRouterCertPEM               = "certPem"
	FieldEdgeRouterUnverifiedCertPEM     = "unverifiedCertPem"
	FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint"
	FieldEdgeRouterIsVerified            = "isVerified"
	FieldEdgeRouterIsTunnelerEnabled     = "isTunnelerEnabled"
	FieldEdgeRouterAppData               = "appData"
)
View Source
const (
	FieldEdgeServiceDialIdentities = "dialIdentities"
	FieldEdgeServiceBindIdentities = "bindIdentities"
	FieldServiceEncryptionRequired = "encryptionRequired"
)
View Source
const (
	FieldEnrollmentToken     = "token"
	FieldEnrollmentMethod    = "method"
	FieldEnrollIdentity      = "identity"
	FieldEnrollEdgeRouter    = "edgeRouter"
	FieldEnrollTransitRouter = "transitRouter"
	FieldEnrollmentExpiresAt = "expiresAt"
	FieldEnrollmentIssuedAt  = "issuedAt"
	FieldEnrollmentCaId      = "caId"
	FieldEnrollmentUsername  = "username"
	FieldEnrollmentJwt       = "jwt"

	MethodEnrollOtt   = "ott"
	MethodEnrollOttCa = "ottca"
	MethodEnrollCa    = "ca"
	MethodEnrollUpdb  = "updb"
)
View Source
const (
	FieldEventualEventType = "type"
	FieldEventualEventData = "data"
)
View Source
const (
	// EventualEventAddedName is emitted when a new event is added via AddEventualEvent().
	//
	// Event arguments:
	//	0 - an EventualEventAdded struct
	EventualEventAddedName = events.EventName("EventualEventAdded")

	// EventualEventRemovedName is emitted when a previously added eventual event is processed
	//
	// Event arguments:
	//	0 - an EventualEventRemoved struct
	EventualEventRemovedName = events.EventName("EventualEventRemoved")

	// EventualEventProcessingStartName is emitted as the first action during processing
	// Event arguments:
	//	0 - an EventualEventProcessingStart struct
	EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart")

	// EventualEventProcessingBatchStartName is emitted as the first set of events are processed
	// after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each
	// patch should contain 1+ events.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchStart struct
	EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart")

	// EventualEventProcessingListenerStartName is emitted for each function listener invoked
	// on each event.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerStart struct
	EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart")

	// EventualEventProcessingListenerDoneName is emitted for each function listener after invocation
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerDone struct
	EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone")

	// EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchDone struct
	EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone")

	// EventualEventProcessingDoneName is emitted as the last action during processing after
	// all events and batches.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingDone struct
	EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone")
)
View Source
const (
	FieldExternalJwtSignerFingerprint     = "fingerprint"
	FieldExternalJwtSignerCertPem         = "certPem"
	FieldExternalJwtSignerJwksEndpoint    = "jwksEndpoint"
	FieldExternalJwtSignerCommonName      = "commonName"
	FieldExternalJwtSignerNotAfter        = "notAfter"
	FieldExternalJwtSignerNotBefore       = "notBefore"
	FieldExternalJwtSignerEnabled         = "enabled"
	FieldExternalJwtSignerExternalAuthUrl = "externalAuthUrl"
	FieldExternalJwtSignerAuthPolicies    = "authPolicies"
	FieldExternalJwtSignerClaimsProperty  = "claimsProperty"
	FieldExternalJwtSignerUseExternalId   = "useExternalId"
	FieldExternalJwtSignerKid             = "kid"
	FieldExternalJwtSignerIssuer          = "issuer"
	FieldExternalJwtSignerAudience        = "audience"

	DefaultClaimsProperty = "sub"
)
View Source
const (
	FieldIdentityType           = "type"
	FieldIdentityIsDefaultAdmin = "isDefaultAdmin"
	FieldIdentityIsAdmin        = "isAdmin"
	FieldIdentityEnrollments    = "enrollments"
	FieldIdentityAuthenticators = "authenticators"
	FieldIdentityServiceConfigs = "serviceConfigs"

	FieldIdentityEnvInfoArch       = "envInfoArch"
	FieldIdentityEnvInfoOs         = "envInfoOs"
	FieldIdentityEnvInfoOsRelease  = "envInfoRelease"
	FieldIdentityEnvInfoOsVersion  = "envInfoVersion"
	FieldIdentitySdkInfoBranch     = "sdkInfoBranch"
	FieldIdentitySdkInfoRevision   = "sdkInfoRevision"
	FieldIdentitySdkInfoType       = "sdkInfoType"
	FieldIdentitySdkInfoVersion    = "sdkInfoVersion"
	FieldIdentitySdkInfoAppId      = "sdkInfoAppId"
	FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion"

	FieldIdentityBindServices              = "bindServices"
	FieldIdentityDialServices              = "dialServices"
	FieldIdentityDefaultHostingPrecedence  = "defaultHostingPrecedence"
	FieldIdentityDefaultHostingCost        = "defaultHostingCost"
	FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences"
	FieldIdentityServiceHostingCosts       = "serviceHostingCosts"
	FieldIdentityAppData                   = "appData"
	FieldIdentityAuthPolicyId              = "authPolicyId"
	FieldIdentityExternalId                = "externalId"
	FieldIdentityDisabledAt                = "disabledAt"
	FieldIdentityDisabledUntil             = "disabledUntil"
)
View Source
const (
	RouterIdentityType  = "Router"
	DefaultIdentityType = "Default"
)
View Source
const (
	FieldMfaIdentity      = "identity"
	FieldMfaIsVerified    = "isVerified"
	FieldMfaRecoveryCodes = "recoveryCodes"
	FieldMfaSecret        = "secret"
	FieldMfaSalt          = "salt"
)
View Source
const (
	CurrentDbVersion = 34
	FieldVersion     = "version"
)
View Source
const (
	FieldPostureCheckMfaTimeoutSeconds        = "timeoutSeconds"
	FieldPostureCheckMfaPromptOnWake          = "promptOnWake"
	FieldPostureCheckMfaPromptOnUnlock        = "promptOnUnlock"
	FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints"
)
View Source
const (
	FieldPostureCheckOsType     = "osType"
	FieldPostureCheckOsVersions = "osVersions"
)
View Source
const (
	FieldPostureCheckProcessOs          = "os"
	FieldPostureCheckProcessPath        = "path"
	FieldPostureCheckProcessHashes      = "hashes"
	FieldPostureCheckProcessFingerprint = "fingerprint"
)
View Source
const (
	FieldPostureCheckProcessMultiOsType             = "osType"
	FieldPostureCheckProcessMultiPath               = "path"
	FieldPostureCheckProcessMultiHashes             = "hashes"
	FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints"
	FieldPostureCheckProcessMultiProcesses          = "processes"
)
View Source
const (
	//Fields
	FieldPostureCheckTypeId       = "typeId"
	FieldPostureCheckVersion      = "version"
	FieldPostureCheckBindServices = "bindServices"
	FieldPostureCheckDialServices = "dialServices"
)
View Source
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source
const (
	FieldServicePolicyType = "type"

	PolicyTypeInvalidName = "Invalid"
	PolicyTypeDialName    = "Dial"
	PolicyTypeBindName    = "Bind"

	PolicyTypeInvalid PolicyType = PolicyTypeInvalidName
	PolicyTypeDial    PolicyType = PolicyTypeDialName
	PolicyTypeBind    PolicyType = PolicyTypeBindName
)
View Source
const (
	FieldSessionToken           = "token"
	FieldSessionApiSession      = "apiSession"
	FieldSessionService         = "service"
	FieldSessionIdentity        = "identity"
	FieldSessionType            = "type"
	FieldSessionServicePolicies = "servicePolicies"

	SessionTypeDial = "Dial"
	SessionTypeBind = "Bind"
)
View Source
const (
	TransitRouterPath             = "transitRouter"
	FieldTransitRouterIsVerified  = "isVerified"
	FieldTransitRouterEnrollments = "enrollments"
)
View Source
const (
	RolePrefix   = "#"
	EntityPrefix = "@"
	AllRole      = "#all"
)
View Source
const (
	FieldConfigTypeSchema = "schema"
)
View Source
const (
	FieldPostureCheckDomains = "domains"
)
View Source
const (
	FieldPostureCheckMacAddresses = "macAddresses"
)
View Source
const (
	FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)
View Source
const (
	FieldRevocationExpiresAt = "expiresAt"
)

Variables

View Source
var IdentityTypesV1 = map[string]string{
	"Default": "Default",
	"Router":  "Router",
}

Functions

func EvaluatePolicy added in v0.15.27

func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)

func FieldValuesToIds

func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string

func ProcessEntityPolicyMatched added in v0.15.27

func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func ProcessEntityPolicyUnmatched added in v0.15.27

func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func RunMigrations

func RunMigrations(db boltz.Db, stores *Stores) error

func UpdateRelatedRoles

func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)

Types

type ApiSession

type ApiSession struct {
	boltz.BaseExtEntity
	IdentityId      string    `json:"identityId"`
	Token           string    `json:"-"`
	IPAddress       string    `json:"ipAddress"`
	ConfigTypes     []string  `json:"configTypes"`
	MfaComplete     bool      `json:"mfaComplete"`
	MfaRequired     bool      `json:"mfaRequired"`
	LastActivityAt  time.Time `json:"lastActivityAt"`
	AuthenticatorId string    `json:"authenticatorId"`
}

func NewApiSession

func NewApiSession(identityId string) *ApiSession

func (*ApiSession) GetEntityType

func (entity *ApiSession) GetEntityType() string

type ApiSessionCertificate added in v0.17.30

type ApiSessionCertificate struct {
	boltz.BaseExtEntity
	ApiSessionId string     `json:"apiSessionId"`
	Subject      string     `json:"subject"`
	Fingerprint  string     `json:"fingerprint"`
	ValidAfter   *time.Time `json:"validAfter"`
	ValidBefore  *time.Time `json:"validBefore"`
	PEM          string     `json:"pem"`
}

func (*ApiSessionCertificate) GetEntityType added in v0.17.30

func (entity *ApiSessionCertificate) GetEntityType() string

type ApiSessionCertificateStore added in v0.17.30

type ApiSessionCertificateStore interface {
	Store[*ApiSessionCertificate]
}

type ApiSessionCertificateStoreImpl added in v0.17.30

type ApiSessionCertificateStoreImpl struct {
	// contains filtered or unexported fields
}

func (*ApiSessionCertificateStoreImpl) FillEntity added in v0.24.249

func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)

func (ApiSessionCertificateStoreImpl) GetName added in v0.17.30

func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (ApiSessionCertificateStoreImpl) LoadOneById added in v0.17.30

func (store ApiSessionCertificateStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*ApiSessionCertificateStoreImpl) NewEntity added in v0.24.249

func (*ApiSessionCertificateStoreImpl) PersistEntity added in v0.24.249

func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)

type ApiSessionStore

type ApiSessionStore interface {
	Store[*ApiSession]
	LoadOneByToken(tx *bbolt.Tx, token string) (*ApiSession, error)
	GetTokenIndex() boltz.ReadIndex
	GetCachedSessionId(tx *bbolt.Tx, apiSessionId, sessionType, serviceId string) *string
	GetEventsEmitter() events.EventEmmiter
}

type AuthPolicy added in v0.21.153

type AuthPolicy struct {
	boltz.BaseExtEntity
	Name string `json:"name"`

	Primary   AuthPolicyPrimary   `json:"primary"`
	Secondary AuthPolicySecondary `json:"secondary"`
}

func (*AuthPolicy) GetEntityType added in v0.21.153

func (entity *AuthPolicy) GetEntityType() string

func (*AuthPolicy) GetName added in v0.21.153

func (entity *AuthPolicy) GetName() string

type AuthPolicyCert added in v0.21.153

type AuthPolicyCert struct {
	Allowed           bool `json:"allowed"`
	AllowExpiredCerts bool `json:"allowExpiredCerts"`
}

type AuthPolicyExtJwt added in v0.21.153

type AuthPolicyExtJwt struct {
	Allowed              bool     `json:"allowed"`
	AllowedExtJwtSigners []string `json:"allowedExtJwtSigners"`
}

type AuthPolicyPrimary added in v0.21.153

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert   `json:"cert"`
	Updb   AuthPolicyUpdb   `json:"updb"`
	ExtJwt AuthPolicyExtJwt `json:"extJwt"`
}

type AuthPolicySecondary added in v0.21.153

type AuthPolicySecondary struct {
	RequireTotp          bool    `json:"requireTotp"`
	RequiredExtJwtSigner *string `json:"requiredExtJwtSigner"`
}

type AuthPolicyStore added in v0.21.153

type AuthPolicyStore interface {
	NameIndexed
	Store[*AuthPolicy]
}

type AuthPolicyStoreImpl added in v0.21.153

type AuthPolicyStoreImpl struct {
	// contains filtered or unexported fields
}

func (*AuthPolicyStoreImpl) FillEntity added in v0.24.249

func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)

func (AuthPolicyStoreImpl) GetName added in v0.21.153

func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*AuthPolicyStoreImpl) GetNameIndex added in v0.21.153

func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex

func (AuthPolicyStoreImpl) LoadOneById added in v0.21.153

func (store AuthPolicyStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*AuthPolicyStoreImpl) NewEntity added in v0.24.249

func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy

func (*AuthPolicyStoreImpl) PersistEntity added in v0.24.249

func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)

type AuthPolicyUpdb added in v0.21.153

type AuthPolicyUpdb struct {
	Allowed                bool  `json:"allowed"`
	MinPasswordLength      int64 `json:"minPasswordLength"`
	RequireSpecialChar     bool  `json:"requireSpecialChar"`
	RequireNumberChar      bool  `json:"requireNumberChar"`
	RequireMixedCase       bool  `json:"requireMixedCase"`
	MaxAttempts            int64 `json:"maxAttempts"`
	LockoutDurationMinutes int64 `json:"lockoutDurationMinutes"`
}

type Authenticator

type Authenticator struct {
	boltz.BaseExtEntity
	Type       string               `json:"type"`
	IdentityId string               `json:"identityId"`
	SubType    AuthenticatorSubType `json:"subType"`
}

func (*Authenticator) GetEntityType

func (entity *Authenticator) GetEntityType() string

func (*Authenticator) ToCert

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToSubType

func (entity *Authenticator) ToSubType() AuthenticatorSubType

func (*Authenticator) ToUpdb

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert

type AuthenticatorCert struct {
	Authenticator `json:"-"`
	Fingerprint   string `json:"fingerprint"`
	Pem           string `json:"pem"`

	UnverifiedPem         string `json:"unverifiedPem"`
	UnverifiedFingerprint string `json:"unverifiedFingerprint"`
}

func (*AuthenticatorCert) Fingerprints

func (entity *AuthenticatorCert) Fingerprints() []string

type AuthenticatorStore

type AuthenticatorStore interface {
	Store[*Authenticator]
}

type AuthenticatorSubType

type AuthenticatorSubType interface {
	Fingerprints() []string
}

type AuthenticatorUpdb

type AuthenticatorUpdb struct {
	Authenticator `json:"-"`
	Username      string `json:"username"`
	Password      string `json:"password"`
	Salt          string `json:"salt"`
}

func (*AuthenticatorUpdb) Fingerprints

func (entity *AuthenticatorUpdb) Fingerprints() []string

type Ca

type Ca struct {
	boltz.BaseExtEntity
	Name                      string           `json:"name"`
	Fingerprint               string           `json:"fingerprint"`
	CertPem                   string           `json:"certPem"`
	IsVerified                bool             `json:"isVerified"`
	VerificationToken         string           `json:"verificationToken"`
	IsAutoCaEnrollmentEnabled bool             `json:"isAutoCaEnrollmentEnabled"`
	IsOttCaEnrollmentEnabled  bool             `json:"isOttCaEnrollmentEnabled"`
	IsAuthEnabled             bool             `json:"isAuthEnabled"`
	IdentityRoles             []string         `json:"identityRoles"`
	IdentityNameFormat        string           `json:"identityNameFormat"`
	ExternalIdClaim           *ExternalIdClaim `json:"externalIdClaim"`
}

func (*Ca) GetEntityType

func (entity *Ca) GetEntityType() string

func (*Ca) GetName

func (entity *Ca) GetName() string

type CaStore

type CaStore interface {
	Store[*Ca]
}

type Config

type Config struct {
	boltz.BaseExtEntity
	Name string                 `json:"name"`
	Type string                 `json:"type"`
	Data map[string]interface{} `json:"data"`
}

func (*Config) GetEntityType

func (entity *Config) GetEntityType() string

func (*Config) GetName

func (entity *Config) GetName() string

type ConfigStore

type ConfigStore interface {
	Store[*Config]
	NameIndexed
}

type ConfigType

type ConfigType struct {
	boltz.BaseExtEntity
	Name   string                 `json:"name"`
	Schema map[string]interface{} `json:"schema"`
}

func (*ConfigType) GetEntityType

func (entity *ConfigType) GetEntityType() string

func (*ConfigType) GetName

func (entity *ConfigType) GetName() string

type ConfigTypeStore

type ConfigTypeStore interface {
	Store[*ConfigType]
	NameIndexed
	LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error)
	GetName(tx *bbolt.Tx, id string) *string
}

type DbProvider

type DbProvider interface {
	GetDb() boltz.Db
	GetStores() *db.Stores
	GetManagers() *network.Managers
}

type EdgeRouter

type EdgeRouter struct {
	db.Router
	IsVerified            bool                   `json:"isVerified"`
	CertPem               *string                `json:"certPem"`
	UnverifiedCertPem     *string                `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string                `json:"unverifiedFingerprint"`
	RoleAttributes        []string               `json:"roleAttributes"`
	IsTunnelerEnabled     bool                   `json:"isTunnelerEnabled"`
	AppData               map[string]interface{} `json:"appData"`
}

func (*EdgeRouter) GetName

func (entity *EdgeRouter) GetName() string

type EdgeRouterPolicy

type EdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	IdentityRoles   []string `json:"identityRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*EdgeRouterPolicy) GetEntityType

func (entity *EdgeRouterPolicy) GetEntityType() string

func (*EdgeRouterPolicy) GetName

func (entity *EdgeRouterPolicy) GetName() string

func (*EdgeRouterPolicy) GetSemantic added in v0.15.27

func (entity *EdgeRouterPolicy) GetSemantic() string

type EdgeRouterPolicyStore

type EdgeRouterPolicyStore interface {
	NameIndexed
	Store[*EdgeRouterPolicy]
}

type EdgeRouterStore

type EdgeRouterStore interface {
	NameIndexed
	Store[*EdgeRouter]
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type EdgeService

type EdgeService struct {
	db.Service
	RoleAttributes     []string `json:"roleAttributes"`
	Configs            []string `json:"configs"`
	EncryptionRequired bool     `json:"encryptionRequired"`
}

type EdgeServiceStore

type EdgeServiceStore interface {
	NameIndexed
	Store[*EdgeService]

	IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type Enrollment

type Enrollment struct {
	boltz.BaseExtEntity
	Token           string     `json:"token"`
	Method          string     `json:"method"`
	IdentityId      *string    `json:"identityId"`
	TransitRouterId *string    `json:"transitRouterId"`
	EdgeRouterId    *string    `json:"edgeRouterId"`
	ExpiresAt       *time.Time `json:"expiresAt"`
	IssuedAt        *time.Time `json:"issuedAt"`
	CaId            *string    `json:"caId"`
	Username        *string    `json:"username"`
	Jwt             string     `json:"-"`
}

func (*Enrollment) GetEntityType

func (entity *Enrollment) GetEntityType() string

type EnrollmentStore

type EnrollmentStore interface {
	Store[*Enrollment]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error)
}

type EnvInfo

type EnvInfo struct {
	Arch      string `json:"arch"`
	Os        string `json:"os"`
	OsRelease string `json:"osRelease"`
	OsVersion string `json:"osVersion"`
}

type EventListenerFunc added in v0.21.45

type EventListenerFunc func(name string, data []byte)

EventListenerFunc is a function handler that will be triggered asynchronously some point in the future

type EventualEvent added in v0.21.45

type EventualEvent struct {
	boltz.BaseExtEntity
	Type string `json:"type"`
	Data []byte `json:"data"`
}

func (*EventualEvent) GetEntityType added in v0.21.45

func (entity *EventualEvent) GetEntityType() string

type EventualEventAdded added in v0.21.45

type EventualEventAdded struct {
	// Id is a unique id for the event created
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventProcessingBatchDone added in v0.21.45

type EventualEventProcessingBatchDone struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time the batch was started
	StartTime time.Time

	// EndTime the time the batch ended
	EndTime time.Time
}

type EventualEventProcessingBatchStart added in v0.21.45

type EventualEventProcessingBatchStart struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time when the batch started processing
	StartTime time.Time
}

type EventualEventProcessingDone added in v0.21.45

type EventualEventProcessingDone struct {
	// Id is a unique id for processing run
	Id string

	// TotalBatches is the total number of batches executed during processing
	TotalBatches int64

	// TotalEvent is the total number of events processed
	TotalEvents int64

	// TotalListenersExecuted is the total number of listeners executed during processing
	TotalListenersExecuted int64

	// StartTime is the time when the processing began
	StartTime time.Time

	// EndTime is the time when the processing ended
	EndTime time.Time
}

type EventualEventProcessingListenerDone added in v0.21.45

type EventualEventProcessingListenerDone struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// Error is nil if no error occurred during execution, otherwise an error value
	Error error

	// EventType is the typeof the event that triggered the listener
	EventType string

	// StartTime is the time when the listener started execution
	StartTime time.Time

	// EndTime is the time when the listener ended execution
	EndTime time.Time
}

type EventualEventProcessingListenerStart added in v0.21.45

type EventualEventProcessingListenerStart struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// EventType is the typeof the event that is triggering the listener
	EventType string

	// StartTime is the time when the listener was started
	StartTime time.Time
}

type EventualEventProcessingStart added in v0.21.45

type EventualEventProcessingStart struct {
	// Id is a unique id for processing run
	Id string

	// StartTime is the time the processing began
	StartTime time.Time
}

type EventualEventRemoved added in v0.21.45

type EventualEventRemoved struct {
	// Id is a unique id for the event deleted
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventStore added in v0.21.45

type EventualEventStore interface {
	Store[*EventualEvent]
}

type EventualEventer added in v0.21.45

type EventualEventer interface {
	// EventEmmiter is used to provide processing event status on processing state, which is useful
	// for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime,
	// event counts, etc.)
	events.EventEmmiter

	// AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation
	// of the event's data payload is upto the event emitter and consumer.
	AddEventualEvent(eventType string, data []byte)

	// AddEventualListener adds a function as call back when an eventual event is processed.
	AddEventualListener(eventType string, handler EventListenerFunc)

	// Start should be called at the start of the lifetime of the EventualEventer.
	// A closeNotify channel must be supplied for application shutdown eventing.
	//
	// If an EventualEventer has already been started, it will return an error.
	// Errors may be returned for other reasons causing Start to fail.
	Start(closeNotify <-chan struct{}) error

	// Stop may be called to manually end of the lifetime of the EventualEventer outside the
	// closeNotify signaling provided in the Start call. If not started, an error will be returned.
	// Errors may be returned for other reasons causing Stop to fail.
	Stop() error

	// Trigger forces an EventualEventer to check for work to be processed. Beyond this method,
	// it is the implementation's responsibility to provide other mechanisms or logic to determine
	// when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop.
	//
	// If the EventualEventer is not currently running or can't process work and error will
	// be returned. If it is running a channel will be returned which will be closed after
	// the current or next iteration of the event processor has completed.
	Trigger() (<-chan struct{}, error)
}

An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.

EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.

type EventualEventerBbolt added in v0.21.45

type EventualEventerBbolt struct {
	events.EventEmmiter

	Interval time.Duration
	// contains filtered or unexported fields
}

EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.

Events are stored in the following format:

		id   - CUID   - a monotonic reference id
     name - string - an event name, used for log output
     data - []byte - a string array of arguments

func NewEventualEventerBbolt added in v0.21.45

func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt

NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.

func (*EventualEventerBbolt) AddEventualEvent added in v0.21.45

func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualEventWithCtx added in v0.21.45

func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualListener added in v0.21.45

func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)

func (*EventualEventerBbolt) Start added in v0.21.45

func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error

func (*EventualEventerBbolt) Stop added in v0.21.45

func (a *EventualEventerBbolt) Stop() error

func (*EventualEventerBbolt) Trigger added in v0.21.45

func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)

type ExternalIdClaim added in v0.21.221

type ExternalIdClaim struct {
	Location        string `json:"location"`
	Matcher         string `json:"matcher"`
	MatcherCriteria string `json:"matcherCriteria"`
	Parser          string `json:"parser"`
	ParserCriteria  string `json:"parserCriteria"`
	Index           int64  `json:"index"`
}

type ExternalJwtSigner added in v0.21.148

type ExternalJwtSigner struct {
	boltz.BaseExtEntity
	Name            string     `json:"name"`
	Fingerprint     *string    `json:"fingerprint"`
	Kid             *string    `json:"kid"`
	CertPem         *string    `json:"certPem"`
	JwksEndpoint    *string    `json:"jwksEndpoint"`
	CommonName      string     `json:"commonName"`
	NotAfter        *time.Time `json:"notAfter"`
	NotBefore       *time.Time `json:"notBefore"`
	Enabled         bool       `json:"enabled"`
	ExternalAuthUrl *string    `json:"externalAuthUrl"`
	ClaimsProperty  *string    `json:"claimsProperty"`
	UseExternalId   bool       `json:"useExternalId"`
	Issuer          *string    `json:"issuer"`
	Audience        *string    `json:"audience"`
}

func (*ExternalJwtSigner) GetEntityType added in v0.21.148

func (entity *ExternalJwtSigner) GetEntityType() string

func (*ExternalJwtSigner) GetName added in v0.21.148

func (entity *ExternalJwtSigner) GetName() string

type ExternalJwtSignerStore added in v0.21.148

type ExternalJwtSignerStore interface {
	Store[*ExternalJwtSigner]
}

type Identity

type Identity struct {
	boltz.BaseExtEntity
	Name                      string                     `json:"name"`
	IdentityTypeId            string                     `json:"identityTypeId"`
	IsDefaultAdmin            bool                       `json:"isDefaultAdmin"`
	IsAdmin                   bool                       `json:"isAdmin"`
	Enrollments               []string                   `json:"enrollments"`
	Authenticators            []string                   `json:"authenticators"`
	RoleAttributes            []string                   `json:"roleAttributes"`
	SdkInfo                   *SdkInfo                   `json:"sdkInfo"`
	EnvInfo                   *EnvInfo                   `json:"envInfo"`
	DefaultHostingPrecedence  ziti.Precedence            `json:"defaultHostingPrecedence"`
	DefaultHostingCost        uint16                     `json:"defaultHostingCost"`
	ServiceHostingPrecedences map[string]ziti.Precedence `json:"serviceHostingPrecedences"`
	ServiceHostingCosts       map[string]uint16          `json:"serviceHostingCosts"`
	AppData                   map[string]interface{}     `json:"appData"`
	AuthPolicyId              string                     `json:"authPolicyId"`
	ExternalId                *string                    `json:"externalId"`
	DisabledAt                *time.Time                 `json:"disabledAt"`
	DisabledUntil             *time.Time                 `json:"disabledUntil"`
	Disabled                  bool                       `json:"disabled"`
}

func (*Identity) GetEntityType

func (entity *Identity) GetEntityType() string

func (*Identity) GetName

func (entity *Identity) GetName() string

type IdentityServicesCursorProvider added in v0.24.228

type IdentityServicesCursorProvider struct {
	// contains filtered or unexported fields
}

func (*IdentityServicesCursorProvider) Cursor added in v0.24.228

func (self *IdentityServicesCursorProvider) Cursor(tx *bbolt.Tx, forward bool) ast.SetCursor

type IdentityStore

type IdentityStore interface {
	NameIndexed
	Store[*Identity]

	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)

	AssignServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	RemoveServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	GetServiceConfigs(tx *bbolt.Tx, identityId string) ([]ServiceConfig, error)
	LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{}
	GetIdentityServicesCursorProvider(identityId string) ast.SetCursorProvider
}

type IdentityType

type IdentityType struct {
	boltz.BaseExtEntity
	Name string `json:"name"`
}

func (*IdentityType) GetEntityType

func (entity *IdentityType) GetEntityType() string

func (*IdentityType) GetName

func (entity *IdentityType) GetName() string

type IdentityTypeStore

type IdentityTypeStore interface {
	NameIndexed
	Store[*IdentityType]
}

type IdentityTypeStoreImpl

type IdentityTypeStoreImpl struct {
	// contains filtered or unexported fields
}

func (*IdentityTypeStoreImpl) FillEntity added in v0.24.249

func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)

func (IdentityTypeStoreImpl) GetName

func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*IdentityTypeStoreImpl) GetNameIndex

func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex

func (IdentityTypeStoreImpl) LoadOneById

func (store IdentityTypeStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*IdentityTypeStoreImpl) NewEntity added in v0.24.249

func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType

func (*IdentityTypeStoreImpl) PersistEntity added in v0.24.249

func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)

type Mfa added in v0.17.52

type Mfa struct {
	boltz.BaseExtEntity
	IdentityId    string   `json:"identityId"`
	IsVerified    bool     `json:"isVerified"`
	Secret        string   `json:"secret"`
	Salt          string   `json:"salt"`
	RecoveryCodes []string `json:"recoveryCodes"`
}

func NewMfa added in v0.17.52

func NewMfa(identityId string) *Mfa

func (*Mfa) GetEntityType added in v0.17.52

func (entity *Mfa) GetEntityType() string

type MfaStore added in v0.17.52

type MfaStore interface {
	Store[*Mfa]
}

type MfaStoreImpl added in v0.17.52

type MfaStoreImpl struct {
	// contains filtered or unexported fields
}

func (*MfaStoreImpl) FillEntity added in v0.24.249

func (store *MfaStoreImpl) FillEntity(entity *Mfa, bucket *boltz.TypedBucket)

func (MfaStoreImpl) GetName added in v0.17.52

func (store MfaStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (MfaStoreImpl) LoadOneById added in v0.17.52

func (store MfaStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*MfaStoreImpl) NewEntity added in v0.24.249

func (store *MfaStoreImpl) NewEntity() *Mfa

func (*MfaStoreImpl) PersistEntity added in v0.24.249

func (store *MfaStoreImpl) PersistEntity(entity *Mfa, ctx *boltz.PersistContext)

type Migrations

type Migrations struct {
	// contains filtered or unexported fields
}

type NameIndexed added in v0.24.249

type NameIndexed interface {
	GetNameIndex() boltz.ReadIndex
}

type OperatingSystem added in v0.16.48

type OperatingSystem struct {
	OsType     string   `json:"osType"`
	OsVersions []string `json:"osVersions"`
}

type Policy added in v0.15.27

type Policy interface {
	boltz.NamedExtEntity
}

type PolicyType added in v0.17.36

type PolicyType string

func GetPolicyTypeForId added in v0.24.250

func GetPolicyTypeForId(policyTypeId int32) PolicyType

func (PolicyType) Id added in v0.24.250

func (self PolicyType) Id() int32

func (PolicyType) String added in v0.17.36

func (self PolicyType) String() string

type PostureCheck added in v0.16.46

type PostureCheck struct {
	boltz.BaseExtEntity
	Name           string              `json:"name"`
	TypeId         string              `json:"typeId"`
	Version        int64               `json:"version"`
	RoleAttributes []string            `json:"roleAttributes"`
	SubType        PostureCheckSubType `json:"subType"`
}

func (*PostureCheck) GetEntityType added in v0.16.46

func (entity *PostureCheck) GetEntityType() string

func (*PostureCheck) GetName added in v0.16.46

func (entity *PostureCheck) GetName() string

type PostureCheckMacAddresses added in v0.16.48

type PostureCheckMacAddresses struct {
	MacAddresses []string `json:"macAddresses"`
}

func (*PostureCheckMacAddresses) LoadValues added in v0.16.48

func (entity *PostureCheckMacAddresses) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMacAddresses) SetValues added in v0.16.48

func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckMfa added in v0.17.52

type PostureCheckMfa struct {
	TimeoutSeconds        int64 `json:"timeoutSeconds"`
	PromptOnWake          bool  `json:"promptOnWake"`
	PromptOnUnlock        bool  `json:"promptOnUnlock"`
	IgnoreLegacyEndpoints bool  `json:"ignoreLegacyEndpoints"`
}

func (*PostureCheckMfa) LoadValues added in v0.17.52

func (entity *PostureCheckMfa) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMfa) SetValues added in v0.17.52

func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOperatingSystem added in v0.16.48

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckOperatingSystem) LoadValues added in v0.16.48

func (entity *PostureCheckOperatingSystem) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckOperatingSystem) SetValues added in v0.16.48

func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcess added in v0.16.48

type PostureCheckProcess struct {
	OperatingSystem string   `json:"operatingSystem"`
	Path            string   `json:"path"`
	Hashes          []string `json:"hashes"`
	Fingerprint     string   `json:"fingerprint"`
}

func (*PostureCheckProcess) LoadValues added in v0.16.48

func (entity *PostureCheckProcess) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcess) SetValues added in v0.16.48

func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcessMulti added in v0.19.93

type PostureCheckProcessMulti struct {
	Semantic  string          `json:"semantic"`
	Processes []*ProcessMulti `json:"processes"`
}

func (*PostureCheckProcessMulti) LoadValues added in v0.19.93

func (entity *PostureCheckProcessMulti) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcessMulti) SetValues added in v0.19.93

func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckStore added in v0.16.46

type PostureCheckStore interface {
	Store[*PostureCheck]
	LoadOneById(tx *bbolt.Tx, id string) (*PostureCheck, error)
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error)
}

type PostureCheckSubType added in v0.16.48

type PostureCheckSubType interface {
	LoadValues(bucket *boltz.TypedBucket)
	SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
}

type PostureCheckType added in v0.16.48

type PostureCheckType struct {
	boltz.BaseExtEntity
	Name             string            `json:"name"`
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckType) GetEntityType added in v0.16.48

func (entity *PostureCheckType) GetEntityType() string

func (*PostureCheckType) GetName added in v0.16.48

func (entity *PostureCheckType) GetName() string

type PostureCheckTypeStore added in v0.16.48

type PostureCheckTypeStore interface {
	NameIndexed
	Store[*PostureCheckType]
}

type PostureCheckWindowsDomains added in v0.16.48

type PostureCheckWindowsDomains struct {
	Domains []string `json:"domains"`
}

func (*PostureCheckWindowsDomains) LoadValues added in v0.16.48

func (entity *PostureCheckWindowsDomains) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckWindowsDomains) SetValues added in v0.16.48

func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type ProcessMulti added in v0.19.93

type ProcessMulti struct {
	OsType             string   `json:"osType"`
	Path               string   `json:"path"`
	Hashes             []string `json:"hashes"`
	SignerFingerprints []string `json:"signerFingerprints"`
}

type Revocation added in v0.24.373

type Revocation struct {
	boltz.BaseExtEntity
	ExpiresAt time.Time `json:"expiresAt"`
}

func (Revocation) GetEntityType added in v0.24.373

func (r Revocation) GetEntityType() string

type RevocationStore added in v0.24.373

type RevocationStore interface {
	Store[*Revocation]
}

type SdkInfo

type SdkInfo struct {
	Branch     string `json:"branch"`
	Revision   string `json:"revision"`
	Type       string `json:"type"`
	Version    string `json:"version"`
	AppId      string `json:"appId"`
	AppVersion string `json:"appVersion"`
}

type SecretStore added in v0.17.52

type SecretStore interface {
	GetSecret() []byte
}

type ServiceConfig

type ServiceConfig struct {
	ServiceId string
	ConfigId  string
}

type ServiceEdgeRouterPolicy

type ServiceEdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	ServiceRoles    []string `json:"serviceRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*ServiceEdgeRouterPolicy) GetEntityType

func (entity *ServiceEdgeRouterPolicy) GetEntityType() string

func (*ServiceEdgeRouterPolicy) GetName

func (entity *ServiceEdgeRouterPolicy) GetName() string

func (*ServiceEdgeRouterPolicy) GetSemantic added in v0.15.27

func (entity *ServiceEdgeRouterPolicy) GetSemantic() string

type ServiceEdgeRouterPolicyStore

type ServiceEdgeRouterPolicyStore interface {
	NameIndexed
	Store[*ServiceEdgeRouterPolicy]
}

type ServiceEvent added in v0.17.36

type ServiceEvent struct {
	Type       ServiceEventType
	IdentityId string
	ServiceId  string
}

func (*ServiceEvent) String added in v0.17.36

func (self *ServiceEvent) String() string

type ServiceEventHandler added in v0.17.36

type ServiceEventHandler func(event *ServiceEvent)

type ServiceEventType added in v0.17.36

type ServiceEventType byte
const (
	ServiceDialAccessGained ServiceEventType = 1
	ServiceDialAccessLost   ServiceEventType = 2
	ServiceBindAccessGained ServiceEventType = 3
	ServiceBindAccessLost   ServiceEventType = 4
	ServiceUpdated          ServiceEventType = 5
)

func (ServiceEventType) String added in v0.17.36

func (self ServiceEventType) String() string

type ServiceEventsRegistry added in v0.17.36

type ServiceEventsRegistry struct {
	// contains filtered or unexported fields
}

func (*ServiceEventsRegistry) AddServiceEventHandler added in v0.17.36

func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)

func (*ServiceEventsRegistry) RemoveServiceEventHandler added in v0.17.36

func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)

type ServicePolicy

type ServicePolicy struct {
	boltz.BaseExtEntity
	PolicyType        PolicyType `json:"policyType"`
	Name              string     `json:"name"`
	Semantic          string     `json:"semantic"`
	IdentityRoles     []string   `json:"identityRoles"`
	ServiceRoles      []string   `json:"serviceRoles"`
	PostureCheckRoles []string   `json:"postureCheckRoles"`
}

func (*ServicePolicy) GetEntityType

func (entity *ServicePolicy) GetEntityType() string

func (*ServicePolicy) GetName

func (entity *ServicePolicy) GetName() string

func (*ServicePolicy) GetSemantic added in v0.15.27

func (entity *ServicePolicy) GetSemantic() string

type ServicePolicyStore

type ServicePolicyStore interface {
	NameIndexed
	Store[*ServicePolicy]
}

type Session

type Session struct {
	boltz.BaseExtEntity
	Token           string      `json:"-"`
	IdentityId      string      `json:"identityId"`
	ApiSessionId    string      `json:"apiSessionId"`
	ServiceId       string      `json:"serviceId"`
	Type            string      `json:"type"`
	ApiSession      *ApiSession `json:"-"`
	ServicePolicies []string    `json:"servicePolicies"`
}

func (*Session) GetEntityType

func (entity *Session) GetEntityType() string

type SessionStore

type SessionStore interface {
	Store[*Session]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Session, error)
	GetTokenIndex() boltz.ReadIndex
}

type Store

type Store[E boltz.ExtEntity] interface {
	boltz.EntityStore[E]

	LoadOneById(tx *bbolt.Tx, id string) (E, error)
	// contains filtered or unexported methods
}

type Stores

type Stores struct {
	DbProvider      DbProvider
	EventualEventer EventualEventer

	// fabric stores
	Router     db.RouterStore
	Service    db.ServiceStore
	Terminator db.TerminatorStore

	ApiSession              ApiSessionStore
	ApiSessionCertificate   ApiSessionCertificateStore
	AuthPolicy              AuthPolicyStore
	EventualEvent           EventualEventStore
	ExternalJwtSigner       ExternalJwtSignerStore
	Ca                      CaStore
	Config                  ConfigStore
	ConfigType              ConfigTypeStore
	EdgeRouter              EdgeRouterStore
	EdgeRouterPolicy        EdgeRouterPolicyStore
	EdgeService             EdgeServiceStore
	Identity                IdentityStore
	IdentityType            IdentityTypeStore
	Index                   boltz.Store
	Session                 SessionStore
	Revocation              RevocationStore
	ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore
	ServicePolicy           ServicePolicyStore
	TransitRouter           TransitRouterStore
	Enrollment              EnrollmentStore
	Authenticator           AuthenticatorStore
	PostureCheck            PostureCheckStore
	PostureCheckType        PostureCheckTypeStore
	Mfa                     MfaStore
	// contains filtered or unexported fields
}

func NewBoltStores

func NewBoltStores(dbProvider DbProvider) (*Stores, error)

func (*Stores) GetEntityCounts added in v0.21.97

func (stores *Stores) GetEntityCounts(dbProvider DbProvider) (map[string]int64, error)

func (*Stores) GetStoreForEntity

func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*Stores) GetStores added in v0.24.250

func (stores *Stores) GetStores() []boltz.Store

type TestContext

type TestContext struct {
	boltztest.BaseTestContext
	// contains filtered or unexported fields
}

func NewTestContext

func NewTestContext(t *testing.T) *TestContext

func (*TestContext) Cleanup added in v0.21.45

func (ctx *TestContext) Cleanup()

func (*TestContext) CleanupAll added in v0.20.36

func (ctx *TestContext) CleanupAll()

func (*TestContext) GetDb

func (ctx *TestContext) GetDb() boltz.Db

func (*TestContext) GetDbProvider

func (ctx *TestContext) GetDbProvider() DbProvider

func (*TestContext) GetNetwork added in v0.21.235

func (ctx *TestContext) GetNetwork() *network.Network

func (*TestContext) GetStoreForEntity

func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*TestContext) GetStores

func (ctx *TestContext) GetStores() *Stores

func (*TestContext) Init

func (ctx *TestContext) Init()

func (*TestContext) RequireNewIdentity added in v0.20.36

func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity

func (*TestContext) RequireNewService added in v0.20.36

func (ctx *TestContext) RequireNewService(name string) *EdgeService

type TransitRouter

type TransitRouter struct {
	db.Router
	IsVerified            bool     `json:"isVerified"`
	Enrollments           []string `json:"enrollments"`
	IsBase                bool     `json:"-"`
	UnverifiedCertPem     *string  `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string  `json:"unverifiedFingerprint"`
}

func (*TransitRouter) GetName

func (entity *TransitRouter) GetName() string

type TransitRouterStore

type TransitRouterStore interface {
	NameIndexed
	Store[*TransitRouter]
}

type UpdateLastActivityAtChecker added in v0.19.39

type UpdateLastActivityAtChecker struct{}

func (UpdateLastActivityAtChecker) IsUpdated added in v0.19.39

func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL