model

package
v0.22.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2022 License: Apache-2.0 Imports: 63 Imported by: 1

Documentation

Overview

Copyright NetFoundry Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source
const (
	ClientCertHeader       = "X-Client-CertPem"
	EdgeRouterProxyRequest = "X-Edge-Router-Proxy-Request"
)
View Source
const (
	AuthMethodExtJwt    = "ext-jwt"
	ExtJwtInternalClaim = "-internal-ext-jwt"
)
View Source
const (
	FormatSentinelStart       = "["
	FormatSentinelEnd         = "]"
	FormatSymbolCaName        = "caName"
	FormatSymbolCaId          = "caId"
	FormatSymbolCommonName    = "commonName"
	FormatSymbolRequestedName = "requestedName"
	FormatSymbolIdentityId    = "identityId"

	// DefaultCaIdentityNameFormat = "[caName] - [commonName]"
	DefaultCaIdentityNameFormat = FormatSentinelStart + FormatSymbolCaName + FormatSentinelEnd + "-" + FormatSentinelStart + FormatSymbolCommonName + FormatSentinelEnd
)
View Source
const (
	EdgeRouterEnrollmentCommonNameInvalidCode    = "EDGE_ROUTER_ENROLL_COMMON_NAME_INVALID"
	EdgeRouterEnrollmentCommonNameInvalidMessage = "The edge router CSR enrollment must have a common name that matches the edge router's id"
	MethodEnrollEdgeRouterOtt                    = "erott"
)
View Source
const (
	TotpMinLength = 4
	TotpMaxLength = 6
)
View Source
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source
const (
	ConfigTypeAll = "all"
)
View Source
const (
	EventIdentityPostureDataAltered = "EventIdentityPostureDataAltered"
)
View Source
const (
	IdentityActiveIntervalSeconds = 60
)
View Source
const (
	IdentityTypeUser = "User"
)
View Source
const MaxPostureFailures = 100
View Source
const (
	MethodEnrollTransitRouterOtt = "trott"
)
View Source
const MfaPromptGracePeriod = -5 * time.Minute //5m
View Source
const (
	MfaProviderZiti string = "ziti"
)
View Source
const (
	PostureCheckNoTimeout = int64(-1)
)
View Source
const (
	WindowSizeTOTP int = 5
)
View Source
const ZitiSdkTypeC = "ziti-sdk-c"

Variables

This section is empty.

Functions

func CleanHexString added in v0.17.5

func CleanHexString(hexString string) string

func NewFieldChecker

func NewFieldChecker(fields ...string) boltz.FieldChecker

func RegisterCommand added in v0.21.235

func RegisterCommand[MT any, CT any, M network.CommandMsg[MT], C decodableCommand[CT, M]](env Env, _ C, _ M)

RegisterCommand register a decoder for the given command and message pair MT is the message type (ex: cmd_pb.CreateServiceCommand) CT is the command type (ex: CreateServiceCommand) M is the CommandMsg/command.TypedMessage implementation (ex: *cmd_pb.CreateServiceCommand) C is the decodableCommand/command.Command implementation (ex: *CreateServiceCommand)

We only have both types specified so that we can enforce that each is a pointer type. If didn't enforce that the instances were pointer types, we couldn't use new to instantiate new instances.

Types

type AdvisorEdgeRouter

type AdvisorEdgeRouter struct {
	Router   *EdgeRouter
	IsOnline bool
}
type AdvisorIdentityEdgeRouterLinks struct {
	Identity   *Identity
	EdgeRouter *EdgeRouter
	Policies   []*EdgeRouterPolicy
}
type AdvisorIdentityServiceLinks struct {
	Identity *Identity
	Service  *Service
	Policies []*ServicePolicy
}
type AdvisorServiceEdgeRouterLinks struct {
	Service    *Service
	EdgeRouter *EdgeRouter
	Policies   []*ServiceEdgeRouterPolicy
}

type AdvisorServiceReachability

type AdvisorServiceReachability struct {
	Identity            *Identity
	Service             *Service
	IsBindAllowed       bool
	IsDialAllowed       bool
	IdentityRouterCount int
	ServiceRouterCount  int
	CommonRouters       []*AdvisorEdgeRouter
}

type AndFieldChecker

type AndFieldChecker struct {
	// contains filtered or unexported fields
}

func (*AndFieldChecker) IsUpdated

func (checker *AndFieldChecker) IsUpdated(field string) bool

type ApiSession

type ApiSession struct {
	models.BaseEntity
	Token              string
	IdentityId         string
	Identity           *Identity
	IPAddress          string
	ConfigTypes        map[string]struct{}
	MfaComplete        bool
	MfaRequired        bool
	ExpiresAt          time.Time
	ExpirationDuration time.Duration
	LastActivityAt     time.Time
	AuthenticatorId    string
}

type ApiSessionCertificate added in v0.17.30

type ApiSessionCertificate struct {
	models.BaseEntity
	ApiSession   *ApiSession
	ApiSessionId string
	Subject      string
	Fingerprint  string
	ValidAfter   *time.Time
	ValidBefore  *time.Time
	PEM          string
}

type ApiSessionCertificateHandler added in v0.17.30

type ApiSessionCertificateHandler struct {
	// contains filtered or unexported fields
}

func NewApiSessionCertificateHandler added in v0.17.30

func NewApiSessionCertificateHandler(env Env) *ApiSessionCertificateHandler

func (*ApiSessionCertificateHandler) ApplyDelete added in v0.21.235

func (self *ApiSessionCertificateHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ApiSessionCertificateHandler) BaseList added in v0.17.30

func (handler *ApiSessionCertificateHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ApiSessionCertificateHandler) BaseLoad added in v0.17.30

func (handler *ApiSessionCertificateHandler) BaseLoad(id string) (models.Entity, error)

func (*ApiSessionCertificateHandler) BaseLoadInTx added in v0.17.30

func (handler *ApiSessionCertificateHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ApiSessionCertificateHandler) BasePreparedList added in v0.17.30

func (handler *ApiSessionCertificateHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionCertificateHandler) BasePreparedListAssociated added in v0.17.30

func (handler *ApiSessionCertificateHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionCertificateHandler) BasePreparedListIndexed added in v0.17.30

func (handler *ApiSessionCertificateHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionCertificateHandler) Create added in v0.17.30

func (handler *ApiSessionCertificateHandler) Create(entity *ApiSessionCertificate) (string, error)

func (*ApiSessionCertificateHandler) CreateFromCSR added in v0.17.30

func (handler *ApiSessionCertificateHandler) CreateFromCSR(apiSessionId string, lifespan time.Duration, csrPem []byte) (string, error)

func (*ApiSessionCertificateHandler) Delete added in v0.17.30

func (handler *ApiSessionCertificateHandler) Delete(id string) error

func (*ApiSessionCertificateHandler) Dispatch added in v0.21.235

func (self *ApiSessionCertificateHandler) Dispatch(command command.Command) error

func (*ApiSessionCertificateHandler) GetDb added in v0.17.30

func (handler *ApiSessionCertificateHandler) GetDb() boltz.Db

func (*ApiSessionCertificateHandler) GetEntityTypeId added in v0.21.235

func (handler *ApiSessionCertificateHandler) GetEntityTypeId() string

func (*ApiSessionCertificateHandler) GetEnv added in v0.17.30

func (handler *ApiSessionCertificateHandler) GetEnv() Env

func (*ApiSessionCertificateHandler) GetStore added in v0.17.30

func (handler *ApiSessionCertificateHandler) GetStore() boltz.CrudStore

func (*ApiSessionCertificateHandler) IsUpdated added in v0.17.30

func (handler *ApiSessionCertificateHandler) IsUpdated(_ string) bool

func (*ApiSessionCertificateHandler) Query added in v0.17.30

func (*ApiSessionCertificateHandler) Read added in v0.17.30

func (*ApiSessionCertificateHandler) ReadByApiSessionId added in v0.17.30

func (handler *ApiSessionCertificateHandler) ReadByApiSessionId(tx *bbolt.Tx, apiSessionId string) ([]*ApiSessionCertificate, error)

type ApiSessionCertificateListResult added in v0.17.30

type ApiSessionCertificateListResult struct {
	ApiSessionCertificates []*ApiSessionCertificate
	models.QueryMetaData
	// contains filtered or unexported fields
}

type ApiSessionHandler

type ApiSessionHandler struct {
	HeartbeatCollector *HeartbeatCollector
	// contains filtered or unexported fields
}

func NewApiSessionHandler

func NewApiSessionHandler(env Env) *ApiSessionHandler

func (*ApiSessionHandler) ApplyDelete added in v0.21.235

func (self *ApiSessionHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ApiSessionHandler) BaseList

func (handler *ApiSessionHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ApiSessionHandler) BaseLoad

func (handler *ApiSessionHandler) BaseLoad(id string) (models.Entity, error)

func (*ApiSessionHandler) BaseLoadInTx

func (handler *ApiSessionHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ApiSessionHandler) BasePreparedList

func (handler *ApiSessionHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionHandler) BasePreparedListAssociated

func (handler *ApiSessionHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionHandler) BasePreparedListIndexed

func (handler *ApiSessionHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ApiSessionHandler) Create

func (handler *ApiSessionHandler) Create(entity *ApiSession, sessionCerts []*ApiSessionCertificate) (string, error)

func (*ApiSessionHandler) Delete

func (handler *ApiSessionHandler) Delete(id string) error

func (*ApiSessionHandler) DeleteBatch added in v0.19.132

func (handler *ApiSessionHandler) DeleteBatch(id []string) error

func (*ApiSessionHandler) DeleteByIdentityId added in v0.21.157

func (handler *ApiSessionHandler) DeleteByIdentityId(identityId string) error

func (*ApiSessionHandler) Dispatch added in v0.21.235

func (self *ApiSessionHandler) Dispatch(command command.Command) error

func (*ApiSessionHandler) GetDb

func (handler *ApiSessionHandler) GetDb() boltz.Db

func (*ApiSessionHandler) GetEntityTypeId added in v0.21.235

func (handler *ApiSessionHandler) GetEntityTypeId() string

func (*ApiSessionHandler) GetEnv

func (handler *ApiSessionHandler) GetEnv() Env

func (*ApiSessionHandler) GetStore

func (handler *ApiSessionHandler) GetStore() boltz.CrudStore

func (*ApiSessionHandler) IsUpdated

func (handler *ApiSessionHandler) IsUpdated(_ string) bool

func (*ApiSessionHandler) MarkActivityById added in v0.19.33

func (handler *ApiSessionHandler) MarkActivityById(apiSessionId string)

func (*ApiSessionHandler) MarkActivityByTokens added in v0.19.33

func (handler *ApiSessionHandler) MarkActivityByTokens(tokens ...string) ([]string, error)

MarkActivityByTokens returns tokens that were not found if any and/or an error.

func (*ApiSessionHandler) MfaCompleted added in v0.17.52

func (handler *ApiSessionHandler) MfaCompleted(apiSession *ApiSession) error

func (*ApiSessionHandler) Query

func (handler *ApiSessionHandler) Query(query string) (*ApiSessionListResult, error)

func (*ApiSessionHandler) Read

func (handler *ApiSessionHandler) Read(id string) (*ApiSession, error)

func (*ApiSessionHandler) ReadByToken

func (handler *ApiSessionHandler) ReadByToken(token string) (*ApiSession, error)

func (*ApiSessionHandler) Stream added in v0.16.4

func (handler *ApiSessionHandler) Stream(query string, collect func(*ApiSession, error) error) error

func (*ApiSessionHandler) StreamIds added in v0.16.4

func (handler *ApiSessionHandler) StreamIds(query string, collect func(string, error) error) error

func (*ApiSessionHandler) Update

func (handler *ApiSessionHandler) Update(apiSession *ApiSession) error

func (*ApiSessionHandler) UpdateWithFieldChecker added in v0.19.46

func (handler *ApiSessionHandler) UpdateWithFieldChecker(apiSession *ApiSession, fieldChecker boltz.FieldChecker) error

func (*ApiSessionHandler) VisitFingerprintsForApiSession added in v0.19.0

func (handler *ApiSessionHandler) VisitFingerprintsForApiSession(tx *bbolt.Tx, identityId, apiSessionId string, visitor func(fingerprint string) bool) error

func (*ApiSessionHandler) VisitFingerprintsForApiSessionId added in v0.19.0

func (handler *ApiSessionHandler) VisitFingerprintsForApiSessionId(apiSessionId string, visitor func(fingerprint string) bool) error

type ApiSessionListResult

type ApiSessionListResult struct {
	ApiSessions []*ApiSession
	models.QueryMetaData
	// contains filtered or unexported fields
}

type ApiSessionPostureData added in v0.17.52

type ApiSessionPostureData struct {
	Mfa           *PostureResponseMfa           `json:"mfa"`
	EndpointState *PostureResponseEndpointState `json:"endpointState"`
	SdkInfo       *SdkInfo
}

func (*ApiSessionPostureData) GetPassedMfaAt added in v0.20.47

func (self *ApiSessionPostureData) GetPassedMfaAt() *time.Time

type AuthContext

type AuthContext interface {
	GetMethod() string
	GetData() map[string]interface{}
	GetCerts() []*x509.Certificate
	GetHeaders() map[string]interface{}
}

func NewAuthContextHttp added in v0.14.35

func NewAuthContextHttp(request *http.Request, method string, data interface{}) AuthContext

type AuthContextHttp

type AuthContextHttp struct {
	Method  string
	Data    map[string]interface{}
	Certs   []*x509.Certificate
	Headers map[string]interface{}
}

func (*AuthContextHttp) GetCerts

func (context *AuthContextHttp) GetCerts() []*x509.Certificate

func (*AuthContextHttp) GetData

func (context *AuthContextHttp) GetData() map[string]interface{}

func (*AuthContextHttp) GetHeaders

func (context *AuthContextHttp) GetHeaders() map[string]interface{}

func (*AuthContextHttp) GetMethod

func (context *AuthContextHttp) GetMethod() string

type AuthModuleCert

type AuthModuleCert struct {
	// contains filtered or unexported fields
}

func NewAuthModuleCert

func NewAuthModuleCert(env Env, caChain []byte) *AuthModuleCert

func (*AuthModuleCert) CanHandle

func (module *AuthModuleCert) CanHandle(method string) bool

func (*AuthModuleCert) Process

func (module *AuthModuleCert) Process(context AuthContext) (AuthResult, error)

Process will inspect the provided AuthContext and attempt to verify the client certificates provided during a TLS handshake. Authentication via client certificates follows these steps:

1) obtain client certificates 2) verify client certificates against known CAs 3) link a CA certificate back to a model.Ca if possible 4) obtain the target identity by authenticator (cert fingerprint) or by external id (claims stuffed into a x509.Certificate resolved by model.Ca) 5) verify identity status (disabled) 6) obtain the target identity's auth policy 7) verify according to auth policy

type AuthModuleExtJwt added in v0.21.148

type AuthModuleExtJwt struct {
	// contains filtered or unexported fields
}

func NewAuthModuleExtJwt added in v0.21.148

func NewAuthModuleExtJwt(env Env) *AuthModuleExtJwt

func (*AuthModuleExtJwt) CanHandle added in v0.21.148

func (a *AuthModuleExtJwt) CanHandle(method string) bool

func (*AuthModuleExtJwt) Process added in v0.21.148

func (a *AuthModuleExtJwt) Process(context AuthContext) (AuthResult, error)

func (*AuthModuleExtJwt) ProcessSecondary added in v0.21.160

func (a *AuthModuleExtJwt) ProcessSecondary(context AuthContext) (AuthResult, error)

type AuthModuleUpdb

type AuthModuleUpdb struct {
	// contains filtered or unexported fields
}

func NewAuthModuleUpdb

func NewAuthModuleUpdb(env Env) *AuthModuleUpdb

func (*AuthModuleUpdb) CanHandle

func (handler *AuthModuleUpdb) CanHandle(method string) bool

func (*AuthModuleUpdb) Process

func (handler *AuthModuleUpdb) Process(context AuthContext) (AuthResult, error)

type AuthPolicy added in v0.21.153

type AuthPolicy struct {
	models.BaseEntity
	Name      string
	Primary   AuthPolicyPrimary
	Secondary AuthPolicySecondary
}

type AuthPolicyCert added in v0.21.153

type AuthPolicyCert struct {
	Allowed           bool
	AllowExpiredCerts bool
}

type AuthPolicyExtJwt added in v0.21.153

type AuthPolicyExtJwt struct {
	Allowed              bool
	AllowAllSigners      bool
	AllowedExtJwtSigners []string
}

type AuthPolicyHandler added in v0.21.153

type AuthPolicyHandler struct {
	// contains filtered or unexported fields
}

func NewAuthPolicyHandler added in v0.21.153

func NewAuthPolicyHandler(env Env) *AuthPolicyHandler

func (*AuthPolicyHandler) ApplyDelete added in v0.21.235

func (self *AuthPolicyHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*AuthPolicyHandler) BaseList added in v0.21.153

func (handler *AuthPolicyHandler) BaseList(query string) (*models.EntityListResult, error)

func (*AuthPolicyHandler) BaseLoad added in v0.21.153

func (handler *AuthPolicyHandler) BaseLoad(id string) (models.Entity, error)

func (*AuthPolicyHandler) BaseLoadInTx added in v0.21.153

func (handler *AuthPolicyHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*AuthPolicyHandler) BasePreparedList added in v0.21.153

func (handler *AuthPolicyHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*AuthPolicyHandler) BasePreparedListAssociated added in v0.21.153

func (handler *AuthPolicyHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*AuthPolicyHandler) BasePreparedListIndexed added in v0.21.153

func (handler *AuthPolicyHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*AuthPolicyHandler) Create added in v0.21.153

func (handler *AuthPolicyHandler) Create(authPolicy *AuthPolicy) (string, error)

func (*AuthPolicyHandler) Delete added in v0.21.153

func (handler *AuthPolicyHandler) Delete(id string) error

func (*AuthPolicyHandler) Dispatch added in v0.21.235

func (self *AuthPolicyHandler) Dispatch(command command.Command) error

func (*AuthPolicyHandler) GetDb added in v0.21.153

func (handler *AuthPolicyHandler) GetDb() boltz.Db

func (*AuthPolicyHandler) GetEntityTypeId added in v0.21.235

func (handler *AuthPolicyHandler) GetEntityTypeId() string

func (*AuthPolicyHandler) GetEnv added in v0.21.153

func (handler *AuthPolicyHandler) GetEnv() Env

func (*AuthPolicyHandler) GetStore added in v0.21.153

func (handler *AuthPolicyHandler) GetStore() boltz.CrudStore

func (*AuthPolicyHandler) IsUpdated added in v0.21.153

func (handler *AuthPolicyHandler) IsUpdated(_ string) bool

func (*AuthPolicyHandler) Patch added in v0.21.153

func (handler *AuthPolicyHandler) Patch(ca *AuthPolicy, checker boltz.FieldChecker) error

func (*AuthPolicyHandler) Query added in v0.21.153

func (handler *AuthPolicyHandler) Query(query string) (*AuthPolicyListResult, error)

func (*AuthPolicyHandler) Read added in v0.21.153

func (handler *AuthPolicyHandler) Read(id string) (*AuthPolicy, error)

func (*AuthPolicyHandler) Update added in v0.21.153

func (handler *AuthPolicyHandler) Update(ca *AuthPolicy) error

type AuthPolicyListResult added in v0.21.153

type AuthPolicyListResult struct {
	AuthPolicies []*AuthPolicy
	models.QueryMetaData
	// contains filtered or unexported fields
}

type AuthPolicyPrimary added in v0.21.153

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert
	Updb   AuthPolicyUpdb
	ExtJwt AuthPolicyExtJwt
}

type AuthPolicySecondary added in v0.21.153

type AuthPolicySecondary struct {
	RequireTotp          bool
	RequiredExtJwtSigner *string
}

type AuthPolicyUpdb added in v0.21.153

type AuthPolicyUpdb struct {
	Allowed                bool
	MinPasswordLength      int64
	RequireSpecialChar     bool
	RequireNumberChar      bool
	RequireMixedCase       bool
	MaxAttempts            int64
	LockoutDurationMinutes int64
}

type AuthProcessor

type AuthProcessor interface {
	CanHandle(method string) bool
	Process(context AuthContext) (AuthResult, error)
}

type AuthProcessorRegistryImpl

type AuthProcessorRegistryImpl struct {
	// contains filtered or unexported fields
}

func (*AuthProcessorRegistryImpl) Add

func (registry *AuthProcessorRegistryImpl) Add(processor AuthProcessor)

func (*AuthProcessorRegistryImpl) GetByMethod

func (registry *AuthProcessorRegistryImpl) GetByMethod(method string) AuthProcessor

type AuthRegistry

type AuthRegistry interface {
	Add(method AuthProcessor)
	GetByMethod(method string) AuthProcessor
}

type AuthResult added in v0.21.221

type AuthResult interface {
	IdentityId() string
	ExternalId() string
	AuthenticatorId() string
	SessionCerts() []*x509.Certificate
	Identity() *Identity
	Authenticator() *Authenticator
	AuthPolicy() *AuthPolicy
	AuthPolicyId() string
	IsSuccessful() bool
}

type AuthResultBase added in v0.21.221

type AuthResultBase struct {
	// contains filtered or unexported fields
}

func (*AuthResultBase) AuthPolicy added in v0.21.221

func (a *AuthResultBase) AuthPolicy() *AuthPolicy

func (*AuthResultBase) AuthPolicyId added in v0.21.221

func (a *AuthResultBase) AuthPolicyId() string

func (*AuthResultBase) Authenticator added in v0.21.221

func (a *AuthResultBase) Authenticator() *Authenticator

func (*AuthResultBase) AuthenticatorId added in v0.21.221

func (a *AuthResultBase) AuthenticatorId() string

func (*AuthResultBase) ExternalId added in v0.21.221

func (a *AuthResultBase) ExternalId() string

func (*AuthResultBase) Identity added in v0.21.221

func (a *AuthResultBase) Identity() *Identity

func (*AuthResultBase) IdentityId added in v0.21.221

func (a *AuthResultBase) IdentityId() string

func (*AuthResultBase) IsSuccessful added in v0.21.221

func (a *AuthResultBase) IsSuccessful() bool

func (*AuthResultBase) SessionCerts added in v0.21.221

func (a *AuthResultBase) SessionCerts() []*x509.Certificate

type AuthResultJwt added in v0.21.221

type AuthResultJwt struct {
	AuthResultBase
	// contains filtered or unexported fields
}

func (*AuthResultJwt) IsSuccessful added in v0.21.221

func (a *AuthResultJwt) IsSuccessful() bool

type Authenticator

type Authenticator struct {
	models.BaseEntity
	Method     string
	IdentityId string
	SubType    interface{}
}

func (*Authenticator) Fingerprints

func (entity *Authenticator) Fingerprints() []string

func (*Authenticator) ToCert

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToUpdb

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert

type AuthenticatorCert struct {
	*Authenticator
	Fingerprint string
	Pem         string

	UnverifiedFingerprint string
	UnverifiedPem         string
}

type AuthenticatorHandler

type AuthenticatorHandler struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorHandler

func NewAuthenticatorHandler(env Env) *AuthenticatorHandler

func (*AuthenticatorHandler) ApplyDelete added in v0.21.235

func (self *AuthenticatorHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (AuthenticatorHandler) Authorize added in v0.21.221

func (handler AuthenticatorHandler) Authorize(authContext AuthContext) (AuthResult, error)

func (*AuthenticatorHandler) BaseList

func (handler *AuthenticatorHandler) BaseList(query string) (*models.EntityListResult, error)

func (*AuthenticatorHandler) BaseLoad

func (handler *AuthenticatorHandler) BaseLoad(id string) (models.Entity, error)

func (*AuthenticatorHandler) BaseLoadInTx

func (handler *AuthenticatorHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*AuthenticatorHandler) BasePreparedList

func (handler *AuthenticatorHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*AuthenticatorHandler) BasePreparedListAssociated

func (handler *AuthenticatorHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*AuthenticatorHandler) BasePreparedListIndexed

func (handler *AuthenticatorHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*AuthenticatorHandler) Create

func (handler *AuthenticatorHandler) Create(authenticator *Authenticator) (string, error)

func (AuthenticatorHandler) Delete

func (handler AuthenticatorHandler) Delete(id string) error

func (*AuthenticatorHandler) Dispatch added in v0.21.235

func (self *AuthenticatorHandler) Dispatch(command command.Command) error

func (AuthenticatorHandler) ExtendCertForIdentity added in v0.20.117

func (handler AuthenticatorHandler) ExtendCertForIdentity(identityId string, authenticatorId string, peerCerts []*x509.Certificate, csrPem string) ([]byte, error)

func (*AuthenticatorHandler) GetDb

func (handler *AuthenticatorHandler) GetDb() boltz.Db

func (*AuthenticatorHandler) GetEntityTypeId added in v0.21.235

func (handler *AuthenticatorHandler) GetEntityTypeId() string

func (*AuthenticatorHandler) GetEnv

func (handler *AuthenticatorHandler) GetEnv() Env

func (*AuthenticatorHandler) GetStore

func (handler *AuthenticatorHandler) GetStore() boltz.CrudStore

func (AuthenticatorHandler) HashPassword

func (handler AuthenticatorHandler) HashPassword(password string) *HashedPassword

func (AuthenticatorHandler) IsUpdated

func (handler AuthenticatorHandler) IsUpdated(field string) bool

func (AuthenticatorHandler) ListForIdentity

func (handler AuthenticatorHandler) ListForIdentity(identityId string, query ast.Query) (*AuthenticatorListQueryResult, error)

func (AuthenticatorHandler) Patch

func (handler AuthenticatorHandler) Patch(authenticator *Authenticator, checker boltz.FieldChecker) error

func (AuthenticatorHandler) PatchSelf

func (handler AuthenticatorHandler) PatchSelf(authenticatorSelf *AuthenticatorSelf, checker boltz.FieldChecker) error

func (AuthenticatorHandler) PatchUnrestricted added in v0.21.107

func (handler AuthenticatorHandler) PatchUnrestricted(authenticator *Authenticator, checker boltz.FieldChecker) error

func (AuthenticatorHandler) ReEnroll added in v0.21.201

func (handler AuthenticatorHandler) ReEnroll(id string, expiresAt time.Time) (string, error)

ReEnroll converts the given authenticator `id` back to an enrollment of the same type with the same constraints that expires at the time specified by `expiresAt`. The result is a string id of the new enrollment or an error.

func (AuthenticatorHandler) ReHashPassword

func (handler AuthenticatorHandler) ReHashPassword(password string, salt []byte) *HashedPassword

func (*AuthenticatorHandler) Read

func (handler *AuthenticatorHandler) Read(id string) (*Authenticator, error)

func (AuthenticatorHandler) ReadByFingerprint

func (handler AuthenticatorHandler) ReadByFingerprint(fingerprint string) (*Authenticator, error)

func (AuthenticatorHandler) ReadByUsername

func (handler AuthenticatorHandler) ReadByUsername(username string) (*Authenticator, error)

func (AuthenticatorHandler) ReadFingerprints

func (handler AuthenticatorHandler) ReadFingerprints(authenticatorId string) ([]string, error)

func (AuthenticatorHandler) ReadForIdentity

func (handler AuthenticatorHandler) ReadForIdentity(identityId string, authenticatorId string) (*Authenticator, error)

func (AuthenticatorHandler) Update

func (handler AuthenticatorHandler) Update(authenticator *Authenticator) error

func (AuthenticatorHandler) UpdateSelf

func (handler AuthenticatorHandler) UpdateSelf(authenticatorSelf *AuthenticatorSelf) error

func (AuthenticatorHandler) VerifyExtendCertForIdentity added in v0.21.107

func (handler AuthenticatorHandler) VerifyExtendCertForIdentity(identityId, authenticatorId string, verifyCertPem string) error

type AuthenticatorListQueryResult

type AuthenticatorListQueryResult struct {
	*models.EntityListResult
	Authenticators []*Authenticator
}

type AuthenticatorSelf

type AuthenticatorSelf struct {
	models.BaseEntity
	CurrentPassword string
	NewPassword     string
	IdentityId      string
	Username        string
}

type AuthenticatorUpdb

type AuthenticatorUpdb struct {
	*Authenticator
	Username string
	Password string
	Salt     string
}

func (*AuthenticatorUpdb) DecodedSalt

func (au *AuthenticatorUpdb) DecodedSalt() []byte

type Ca

type Ca struct {
	models.BaseEntity
	Name                      string
	Fingerprint               string
	CertPem                   string
	IsVerified                bool
	VerificationToken         string
	IsAutoCaEnrollmentEnabled bool
	IsOttCaEnrollmentEnabled  bool
	IsAuthEnabled             bool
	IdentityRoles             []string
	IdentityNameFormat        string
	ExternalIdClaim           *ExternalIdClaim
}

func (*Ca) GetExternalId added in v0.21.221

func (entity *Ca) GetExternalId(cert *x509.Certificate) (string, error)

GetExternalId will attempt to retrieve a string claim from a x509 Certificate based on location, matching, and parsing of various x509 Certificate fields.

type CaHandler

type CaHandler struct {
	// contains filtered or unexported fields
}

func NewCaHandler

func NewCaHandler(env Env) *CaHandler

func (*CaHandler) ApplyDelete added in v0.21.235

func (self *CaHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*CaHandler) BaseList

func (handler *CaHandler) BaseList(query string) (*models.EntityListResult, error)

func (*CaHandler) BaseLoad

func (handler *CaHandler) BaseLoad(id string) (models.Entity, error)

func (*CaHandler) BaseLoadInTx

func (handler *CaHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*CaHandler) BasePreparedList

func (handler *CaHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*CaHandler) BasePreparedListAssociated

func (handler *CaHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*CaHandler) BasePreparedListIndexed

func (handler *CaHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*CaHandler) Create

func (handler *CaHandler) Create(caModel *Ca) (string, error)

func (*CaHandler) Delete

func (handler *CaHandler) Delete(id string) error

func (*CaHandler) Dispatch added in v0.21.235

func (self *CaHandler) Dispatch(command command.Command) error

func (*CaHandler) GetDb

func (handler *CaHandler) GetDb() boltz.Db

func (*CaHandler) GetEntityTypeId added in v0.21.235

func (handler *CaHandler) GetEntityTypeId() string

func (*CaHandler) GetEnv

func (handler *CaHandler) GetEnv() Env

func (*CaHandler) GetStore

func (handler *CaHandler) GetStore() boltz.CrudStore

func (*CaHandler) IsUpdated

func (handler *CaHandler) IsUpdated(field string) bool

func (*CaHandler) Patch

func (handler *CaHandler) Patch(ca *Ca, checker boltz.FieldChecker) error

func (*CaHandler) Query

func (handler *CaHandler) Query(query string) (*CaListResult, error)

func (*CaHandler) Read

func (handler *CaHandler) Read(id string) (*Ca, error)

func (*CaHandler) Stream added in v0.16.19

func (handler *CaHandler) Stream(query string, collect func(*Ca, error) error) error

func (*CaHandler) Update

func (handler *CaHandler) Update(ca *Ca) error

func (*CaHandler) Verified

func (handler *CaHandler) Verified(ca *Ca) error

type CaListResult

type CaListResult struct {
	Cas []*Ca
	models.QueryMetaData
	// contains filtered or unexported fields
}

type Config

type Config struct {
	models.BaseEntity
	Name   string
	TypeId string
	Data   map[string]interface{}
}

type ConfigListResult

type ConfigListResult struct {
	Configs []*Config
	models.QueryMetaData
}

type ConfigManager added in v0.21.235

type ConfigManager struct {
	// contains filtered or unexported fields
}

func NewConfigManager added in v0.21.235

func NewConfigManager(env Env) *ConfigManager

func (*ConfigManager) ApplyCreate added in v0.21.235

func (self *ConfigManager) ApplyCreate(cmd *command.CreateEntityCommand[*Config]) error

func (*ConfigManager) ApplyDelete added in v0.21.235

func (self *ConfigManager) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ConfigManager) ApplyUpdate added in v0.21.235

func (self *ConfigManager) ApplyUpdate(cmd *command.UpdateEntityCommand[*Config]) error

func (*ConfigManager) BaseList added in v0.21.235

func (handler *ConfigManager) BaseList(query string) (*models.EntityListResult, error)

func (*ConfigManager) BaseLoad added in v0.21.235

func (handler *ConfigManager) BaseLoad(id string) (models.Entity, error)

func (*ConfigManager) BaseLoadInTx added in v0.21.235

func (handler *ConfigManager) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ConfigManager) BasePreparedList added in v0.21.235

func (handler *ConfigManager) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ConfigManager) BasePreparedListAssociated added in v0.21.235

func (handler *ConfigManager) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ConfigManager) BasePreparedListIndexed added in v0.21.235

func (handler *ConfigManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ConfigManager) Create added in v0.21.235

func (self *ConfigManager) Create(config *Config) error

func (*ConfigManager) Delete added in v0.21.235

func (self *ConfigManager) Delete(id string) error

func (*ConfigManager) Dispatch added in v0.21.235

func (self *ConfigManager) Dispatch(command command.Command) error

func (*ConfigManager) GetDb added in v0.21.235

func (handler *ConfigManager) GetDb() boltz.Db

func (*ConfigManager) GetEntityTypeId added in v0.21.235

func (handler *ConfigManager) GetEntityTypeId() string

func (*ConfigManager) GetEnv added in v0.21.235

func (handler *ConfigManager) GetEnv() Env

func (*ConfigManager) GetStore added in v0.21.235

func (handler *ConfigManager) GetStore() boltz.CrudStore

func (*ConfigManager) IsUpdated added in v0.21.235

func (self *ConfigManager) IsUpdated(field string) bool

func (*ConfigManager) Marshall added in v0.21.235

func (self *ConfigManager) Marshall(entity *Config) ([]byte, error)

func (*ConfigManager) Read added in v0.21.235

func (self *ConfigManager) Read(id string) (*Config, error)

func (*ConfigManager) Unmarshall added in v0.21.235

func (self *ConfigManager) Unmarshall(bytes []byte) (*Config, error)

func (*ConfigManager) Update added in v0.21.235

func (self *ConfigManager) Update(config *Config, checker boltz.UpdatedFields) error

type ConfigType

type ConfigType struct {
	models.BaseEntity
	Name   string
	Schema map[string]interface{}
}

func (*ConfigType) GetCompiledSchema

func (entity *ConfigType) GetCompiledSchema() (*gojsonschema.Schema, error)

type ConfigTypeHandler

type ConfigTypeHandler struct {
	// contains filtered or unexported fields
}

func NewConfigTypeHandler

func NewConfigTypeHandler(env Env) *ConfigTypeHandler

func (*ConfigTypeHandler) ApplyDelete added in v0.21.235

func (self *ConfigTypeHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ConfigTypeHandler) BaseList

func (handler *ConfigTypeHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ConfigTypeHandler) BaseLoad

func (handler *ConfigTypeHandler) BaseLoad(id string) (models.Entity, error)

func (*ConfigTypeHandler) BaseLoadInTx

func (handler *ConfigTypeHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ConfigTypeHandler) BasePreparedList

func (handler *ConfigTypeHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ConfigTypeHandler) BasePreparedListAssociated

func (handler *ConfigTypeHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ConfigTypeHandler) BasePreparedListIndexed

func (handler *ConfigTypeHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ConfigTypeHandler) Create

func (handler *ConfigTypeHandler) Create(configType *ConfigType) (string, error)

func (*ConfigTypeHandler) Delete

func (handler *ConfigTypeHandler) Delete(id string) error

func (*ConfigTypeHandler) Dispatch added in v0.21.235

func (self *ConfigTypeHandler) Dispatch(command command.Command) error

func (*ConfigTypeHandler) GetDb

func (handler *ConfigTypeHandler) GetDb() boltz.Db

func (*ConfigTypeHandler) GetEntityTypeId added in v0.21.235

func (handler *ConfigTypeHandler) GetEntityTypeId() string

func (*ConfigTypeHandler) GetEnv

func (handler *ConfigTypeHandler) GetEnv() Env

func (*ConfigTypeHandler) GetStore

func (handler *ConfigTypeHandler) GetStore() boltz.CrudStore

func (*ConfigTypeHandler) MapConfigTypeNamesToIds added in v0.19.36

func (handler *ConfigTypeHandler) MapConfigTypeNamesToIds(values []string, identityId string) map[string]struct{}

func (*ConfigTypeHandler) Patch

func (handler *ConfigTypeHandler) Patch(configType *ConfigType, checker boltz.FieldChecker) error

func (*ConfigTypeHandler) Read

func (handler *ConfigTypeHandler) Read(id string) (*ConfigType, error)

func (*ConfigTypeHandler) ReadByName

func (handler *ConfigTypeHandler) ReadByName(name string) (*ConfigType, error)

func (*ConfigTypeHandler) Update

func (handler *ConfigTypeHandler) Update(configType *ConfigType) error

type CreateEdgeTerminatorCmd added in v0.21.235

type CreateEdgeTerminatorCmd struct {
	Env    Env
	Entity *network.Terminator
}

func (*CreateEdgeTerminatorCmd) Apply added in v0.21.235

func (self *CreateEdgeTerminatorCmd) Apply() error

func (*CreateEdgeTerminatorCmd) Decode added in v0.21.235

func (*CreateEdgeTerminatorCmd) Encode added in v0.21.235

func (self *CreateEdgeTerminatorCmd) Encode() ([]byte, error)

type EdgeRouter

type EdgeRouter struct {
	models.BaseEntity
	Name                  string
	RoleAttributes        []string
	IsVerified            bool
	Fingerprint           *string
	CertPem               *string
	Hostname              *string
	EdgeRouterProtocols   map[string]string
	VersionInfo           *versions.VersionInfo
	IsTunnelerEnabled     bool
	AppData               map[string]interface{}
	UnverifiedFingerprint *string
	UnverifiedCertPem     *string
	Cost                  uint16
	NoTraversal           bool
}

type EdgeRouterHandler

type EdgeRouterHandler struct {
	// contains filtered or unexported fields
}

func NewEdgeRouterHandler

func NewEdgeRouterHandler(env Env) *EdgeRouterHandler

func (*EdgeRouterHandler) ApplyDelete added in v0.21.235

func (self *EdgeRouterHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*EdgeRouterHandler) BaseList

func (handler *EdgeRouterHandler) BaseList(query string) (*models.EntityListResult, error)

func (*EdgeRouterHandler) BaseLoad

func (handler *EdgeRouterHandler) BaseLoad(id string) (models.Entity, error)

func (*EdgeRouterHandler) BaseLoadInTx

func (handler *EdgeRouterHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*EdgeRouterHandler) BasePreparedList

func (handler *EdgeRouterHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterHandler) BasePreparedListAssociated

func (handler *EdgeRouterHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterHandler) BasePreparedListIndexed

func (handler *EdgeRouterHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterHandler) CollectEnrollments

func (handler *EdgeRouterHandler) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*EdgeRouterHandler) Create

func (handler *EdgeRouterHandler) Create(modelEntity *EdgeRouter) (string, error)

func (*EdgeRouterHandler) CreateWithEnrollment

func (handler *EdgeRouterHandler) CreateWithEnrollment(edgeRouter *EdgeRouter, enrollment *Enrollment) (string, string, error)

func (*EdgeRouterHandler) Delete

func (handler *EdgeRouterHandler) Delete(id string) error

func (*EdgeRouterHandler) Dispatch added in v0.21.235

func (self *EdgeRouterHandler) Dispatch(command command.Command) error

func (*EdgeRouterHandler) ExtendEnrollment added in v0.19.81

func (handler *EdgeRouterHandler) ExtendEnrollment(router *EdgeRouter, clientCsrPem []byte, serverCertCsrPem []byte) (*ExtendedCerts, error)

func (*EdgeRouterHandler) ExtendEnrollmentVerify added in v0.21.20

func (handler *EdgeRouterHandler) ExtendEnrollmentVerify(router *EdgeRouter) error

func (*EdgeRouterHandler) ExtendEnrollmentWithVerify added in v0.21.20

func (handler *EdgeRouterHandler) ExtendEnrollmentWithVerify(router *EdgeRouter, clientCsrPem []byte, serverCertCsrPem []byte) (*ExtendedCerts, error)

func (*EdgeRouterHandler) GetDb

func (handler *EdgeRouterHandler) GetDb() boltz.Db

func (*EdgeRouterHandler) GetEntityTypeId added in v0.21.235

func (handler *EdgeRouterHandler) GetEntityTypeId() string

func (*EdgeRouterHandler) GetEnv

func (handler *EdgeRouterHandler) GetEnv() Env

func (*EdgeRouterHandler) GetStore

func (handler *EdgeRouterHandler) GetStore() boltz.CrudStore

func (*EdgeRouterHandler) ListForIdentityAndService added in v0.19.40

func (handler *EdgeRouterHandler) ListForIdentityAndService(identityId, serviceId string, limit *int) (*EdgeRouterListResult, error)

func (*EdgeRouterHandler) ListForIdentityAndServiceWithTx

func (handler *EdgeRouterHandler) ListForIdentityAndServiceWithTx(tx *bbolt.Tx, identityId, serviceId string, limit *int) (*EdgeRouterListResult, error)

func (*EdgeRouterHandler) ListForSession

func (handler *EdgeRouterHandler) ListForSession(sessionId string) (*EdgeRouterListResult, error)

func (*EdgeRouterHandler) Patch

func (handler *EdgeRouterHandler) Patch(modelEntity *EdgeRouter, checker boltz.FieldChecker) error

func (*EdgeRouterHandler) PatchUnrestricted added in v0.19.81

func (handler *EdgeRouterHandler) PatchUnrestricted(modelEntity *EdgeRouter, checker boltz.FieldChecker) error

func (*EdgeRouterHandler) Query

func (handler *EdgeRouterHandler) Query(query string) (*EdgeRouterListResult, error)

func (*EdgeRouterHandler) QueryRoleAttributes

func (handler *EdgeRouterHandler) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*EdgeRouterHandler) ReEnroll added in v0.21.32

func (handler *EdgeRouterHandler) ReEnroll(router *EdgeRouter) error

ReEnroll creates a new JWT enrollment for an existing edge router. If the edge router already exists with a JWT, a new JWT is created. If the edge router was already enrolled, all record of the enrollment is reset and the edge router is disconnected forcing the edge router to complete enrollment before connecting.

func (*EdgeRouterHandler) Read

func (handler *EdgeRouterHandler) Read(id string) (*EdgeRouter, error)

func (*EdgeRouterHandler) ReadOneByFingerprint

func (handler *EdgeRouterHandler) ReadOneByFingerprint(fingerprint string) (*EdgeRouter, error)

func (*EdgeRouterHandler) ReadOneByQuery

func (handler *EdgeRouterHandler) ReadOneByQuery(query string) (*EdgeRouter, error)

func (*EdgeRouterHandler) ReadOneByUnverifiedFingerprint added in v0.21.20

func (handler *EdgeRouterHandler) ReadOneByUnverifiedFingerprint(fingerprint string) (*EdgeRouter, error)

func (*EdgeRouterHandler) Update

func (handler *EdgeRouterHandler) Update(modelEntity *EdgeRouter, restrictFields bool) error

type EdgeRouterListResult

type EdgeRouterListResult struct {
	EdgeRouters []*EdgeRouter
	models.QueryMetaData
	// contains filtered or unexported fields
}

type EdgeRouterPolicy

type EdgeRouterPolicy struct {
	models.BaseEntity
	Name            string
	Semantic        string
	IdentityRoles   []string
	EdgeRouterRoles []string
}

type EdgeRouterPolicyHandler

type EdgeRouterPolicyHandler struct {
	// contains filtered or unexported fields
}

func NewEdgeRouterPolicyHandler

func NewEdgeRouterPolicyHandler(env Env) *EdgeRouterPolicyHandler

func (*EdgeRouterPolicyHandler) ApplyDelete added in v0.21.235

func (self *EdgeRouterPolicyHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*EdgeRouterPolicyHandler) BaseList

func (handler *EdgeRouterPolicyHandler) BaseList(query string) (*models.EntityListResult, error)

func (*EdgeRouterPolicyHandler) BaseLoad

func (handler *EdgeRouterPolicyHandler) BaseLoad(id string) (models.Entity, error)

func (*EdgeRouterPolicyHandler) BaseLoadInTx

func (handler *EdgeRouterPolicyHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*EdgeRouterPolicyHandler) BasePreparedList

func (handler *EdgeRouterPolicyHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterPolicyHandler) BasePreparedListAssociated

func (handler *EdgeRouterPolicyHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterPolicyHandler) BasePreparedListIndexed

func (handler *EdgeRouterPolicyHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*EdgeRouterPolicyHandler) Create

func (handler *EdgeRouterPolicyHandler) Create(edgeRouterPolicy *EdgeRouterPolicy) (string, error)

func (*EdgeRouterPolicyHandler) Delete

func (handler *EdgeRouterPolicyHandler) Delete(id string) error

func (*EdgeRouterPolicyHandler) Dispatch added in v0.21.235

func (self *EdgeRouterPolicyHandler) Dispatch(command command.Command) error

func (*EdgeRouterPolicyHandler) GetDb

func (handler *EdgeRouterPolicyHandler) GetDb() boltz.Db

func (*EdgeRouterPolicyHandler) GetEntityTypeId added in v0.21.235

func (handler *EdgeRouterPolicyHandler) GetEntityTypeId() string

func (*EdgeRouterPolicyHandler) GetEnv

func (handler *EdgeRouterPolicyHandler) GetEnv() Env

func (*EdgeRouterPolicyHandler) GetStore

func (handler *EdgeRouterPolicyHandler) GetStore() boltz.CrudStore

func (*EdgeRouterPolicyHandler) Patch

func (handler *EdgeRouterPolicyHandler) Patch(edgeRouterPolicy *EdgeRouterPolicy, checker boltz.FieldChecker) error

func (*EdgeRouterPolicyHandler) Read

func (handler *EdgeRouterPolicyHandler) Read(id string) (*EdgeRouterPolicy, error)

func (*EdgeRouterPolicyHandler) Update

func (handler *EdgeRouterPolicyHandler) Update(edgeRouterPolicy *EdgeRouterPolicy) error

type EdgeRouterPolicyListResult

type EdgeRouterPolicyListResult struct {
	EdgeRouterPolicies []*EdgeRouterPolicy
	models.QueryMetaData
}

type EdgeServiceHandler

type EdgeServiceHandler struct {
	// contains filtered or unexported fields
}

func NewEdgeServiceHandler

func NewEdgeServiceHandler(env Env) *EdgeServiceHandler

func (*EdgeServiceHandler) ApplyDelete added in v0.21.235

func (self *EdgeServiceHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*EdgeServiceHandler) BaseList

func (handler *EdgeServiceHandler) BaseList(query string) (*models.EntityListResult, error)

func (*EdgeServiceHandler) BaseLoad

func (handler *EdgeServiceHandler) BaseLoad(id string) (models.Entity, error)

func (*EdgeServiceHandler) BaseLoadInTx

func (handler *EdgeServiceHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*EdgeServiceHandler) BasePreparedList

func (handler *EdgeServiceHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*EdgeServiceHandler) BasePreparedListAssociated

func (handler *EdgeServiceHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*EdgeServiceHandler) BasePreparedListIndexed

func (handler *EdgeServiceHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*EdgeServiceHandler) Create

func (handler *EdgeServiceHandler) Create(service *Service) (string, error)

func (*EdgeServiceHandler) Delete

func (handler *EdgeServiceHandler) Delete(id string) error

func (*EdgeServiceHandler) Dispatch added in v0.21.235

func (self *EdgeServiceHandler) Dispatch(command command.Command) error

func (*EdgeServiceHandler) GetDb

func (handler *EdgeServiceHandler) GetDb() boltz.Db

func (*EdgeServiceHandler) GetEntityTypeId added in v0.21.235

func (handler *EdgeServiceHandler) GetEntityTypeId() string

func (*EdgeServiceHandler) GetEnv

func (handler *EdgeServiceHandler) GetEnv() Env

func (*EdgeServiceHandler) GetPolicyPostureChecks added in v0.19.79

func (handler *EdgeServiceHandler) GetPolicyPostureChecks(identityId, serviceId string) map[string]*PolicyPostureChecks

func (*EdgeServiceHandler) GetStore

func (handler *EdgeServiceHandler) GetStore() boltz.CrudStore

func (*EdgeServiceHandler) Patch

func (handler *EdgeServiceHandler) Patch(service *Service, checker boltz.FieldChecker) error

func (*EdgeServiceHandler) PublicQueryForIdentity

func (handler *EdgeServiceHandler) PublicQueryForIdentity(sessionIdentity *Identity, configTypes map[string]struct{}, query ast.Query) (*ServiceListResult, error)

func (*EdgeServiceHandler) QueryForIdentity

func (handler *EdgeServiceHandler) QueryForIdentity(identityId string, configTypes map[string]struct{}, query ast.Query) (*ServiceListResult, error)

func (*EdgeServiceHandler) QueryRoleAttributes

func (handler *EdgeServiceHandler) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*EdgeServiceHandler) Read

func (handler *EdgeServiceHandler) Read(id string) (*Service, error)

func (*EdgeServiceHandler) ReadByName added in v0.19.36

func (handler *EdgeServiceHandler) ReadByName(name string) (*Service, error)

func (*EdgeServiceHandler) ReadForIdentity

func (handler *EdgeServiceHandler) ReadForIdentity(id string, identityId string, configTypes map[string]struct{}) (*ServiceDetail, error)

func (*EdgeServiceHandler) ReadForIdentityInTx

func (handler *EdgeServiceHandler) ReadForIdentityInTx(tx *bbolt.Tx, id string, identityId string, configTypes map[string]struct{}) (*ServiceDetail, error)

func (*EdgeServiceHandler) ReadForNonAdminIdentityInTx added in v0.15.15

func (handler *EdgeServiceHandler) ReadForNonAdminIdentityInTx(tx *bbolt.Tx, id string, identityId string) (*ServiceDetail, error)

func (*EdgeServiceHandler) Update

func (handler *EdgeServiceHandler) Update(service *Service) error

type EnrollModuleCa

type EnrollModuleCa struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleCa

func NewEnrollModuleCa(env Env) *EnrollModuleCa

func (*EnrollModuleCa) CanHandle

func (module *EnrollModuleCa) CanHandle(method string) bool

func (*EnrollModuleCa) Process

func (module *EnrollModuleCa) Process(context EnrollmentContext) (*EnrollmentResult, error)

Process will attempt to verify a client certificate bundle (supplied via the TLS handshake) with known CAs. The first certificate must be the client certificate and all subsequent certificates are treated as untrusted intermediates. If a verifying CA has `externalIdClaim` configuration present, the claim will be searched for. If it resolves, the values will be used as the `externalId` for the resulting identity. Subsequent authentications will match the certificate `externalId`. If not present, a certificate authenticator will be created where the fingerprint of the certificate will be matched on subsequent authentications.

type EnrollModuleEr

type EnrollModuleEr struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleEdgeRouterOtt

func NewEnrollModuleEdgeRouterOtt(env Env) *EnrollModuleEr

func (*EnrollModuleEr) CanHandle

func (module *EnrollModuleEr) CanHandle(method string) bool

func (*EnrollModuleEr) Process

func (module *EnrollModuleEr) Process(context EnrollmentContext) (*EnrollmentResult, error)

func (*EnrollModuleEr) ProcessClientCsrPem added in v0.19.81

func (module *EnrollModuleEr) ProcessClientCsrPem(clientCertCsrPem []byte, edgeRouterId string) ([]byte, error)

func (*EnrollModuleEr) ProcessServerCsrPem added in v0.19.81

func (module *EnrollModuleEr) ProcessServerCsrPem(serverCertCsrPem []byte) ([]byte, error)

type EnrollModuleOtt

type EnrollModuleOtt struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleOtt

func NewEnrollModuleOtt(env Env) *EnrollModuleOtt

func (*EnrollModuleOtt) CanHandle

func (module *EnrollModuleOtt) CanHandle(method string) bool

func (*EnrollModuleOtt) Process

func (module *EnrollModuleOtt) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleOttCa

type EnrollModuleOttCa struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleOttCa

func NewEnrollModuleOttCa(env Env) *EnrollModuleOttCa

func (*EnrollModuleOttCa) CanHandle

func (module *EnrollModuleOttCa) CanHandle(method string) bool

func (*EnrollModuleOttCa) Process

func (module *EnrollModuleOttCa) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleRouterOtt

type EnrollModuleRouterOtt struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleTransitRouterOtt

func NewEnrollModuleTransitRouterOtt(env Env) *EnrollModuleRouterOtt

func (*EnrollModuleRouterOtt) CanHandle

func (module *EnrollModuleRouterOtt) CanHandle(method string) bool

func (*EnrollModuleRouterOtt) Process

func (module *EnrollModuleRouterOtt) Process(context EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleUpdb

type EnrollModuleUpdb struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleUpdb

func NewEnrollModuleUpdb(env Env) *EnrollModuleUpdb

func (*EnrollModuleUpdb) CanHandle

func (module *EnrollModuleUpdb) CanHandle(method string) bool

func (*EnrollModuleUpdb) Process

func (module *EnrollModuleUpdb) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type Enrollment

type Enrollment struct {
	models.BaseEntity
	Method          string
	IdentityId      *string
	TransitRouterId *string
	EdgeRouterId    *string
	Token           string
	IssuedAt        *time.Time
	ExpiresAt       *time.Time
	Jwt             string
	CaId            *string
	Username        *string
}

func (*Enrollment) FillJwtInfo

func (entity *Enrollment) FillJwtInfo(env Env, subject string) error

func (*Enrollment) FillJwtInfoWithExpiresAt added in v0.21.194

func (entity *Enrollment) FillJwtInfoWithExpiresAt(env Env, subject string, expiresAt time.Time) error

type EnrollmentContext

type EnrollmentContext interface {
	GetParameters() map[string]interface{}
	GetToken() string
	GetData() interface{}
	GetDataAsMap() map[string]interface{}
	GetDataAsByteArray() []byte
	GetCerts() []*x509.Certificate
	GetHeaders() map[string]interface{}
	GetMethod() string
}

type EnrollmentContextHttp

type EnrollmentContextHttp struct {
	Headers    map[string]interface{}
	Parameters map[string]interface{}
	Data       interface{}
	Certs      []*x509.Certificate
	Token      string
	Method     string
}

func (*EnrollmentContextHttp) FillFromHttpRequest

func (context *EnrollmentContextHttp) FillFromHttpRequest(request *http.Request) error

func (*EnrollmentContextHttp) GetCerts

func (context *EnrollmentContextHttp) GetCerts() []*x509.Certificate

func (*EnrollmentContextHttp) GetData

func (context *EnrollmentContextHttp) GetData() interface{}

func (*EnrollmentContextHttp) GetDataAsByteArray

func (context *EnrollmentContextHttp) GetDataAsByteArray() []byte

func (*EnrollmentContextHttp) GetDataAsMap

func (context *EnrollmentContextHttp) GetDataAsMap() map[string]interface{}

func (*EnrollmentContextHttp) GetHeaders

func (context *EnrollmentContextHttp) GetHeaders() map[string]interface{}

func (*EnrollmentContextHttp) GetMethod

func (context *EnrollmentContextHttp) GetMethod() string

func (*EnrollmentContextHttp) GetParameters

func (context *EnrollmentContextHttp) GetParameters() map[string]interface{}

func (*EnrollmentContextHttp) GetToken

func (context *EnrollmentContextHttp) GetToken() string

type EnrollmentHandler

type EnrollmentHandler struct {
	// contains filtered or unexported fields
}

func NewEnrollmentHandler

func NewEnrollmentHandler(env Env) *EnrollmentHandler

func (*EnrollmentHandler) ApplyDelete added in v0.21.235

func (self *EnrollmentHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*EnrollmentHandler) BaseList

func (handler *EnrollmentHandler) BaseList(query string) (*models.EntityListResult, error)

func (*EnrollmentHandler) BaseLoad

func (handler *EnrollmentHandler) BaseLoad(id string) (models.Entity, error)

func (*EnrollmentHandler) BaseLoadInTx

func (handler *EnrollmentHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*EnrollmentHandler) BasePreparedList

func (handler *EnrollmentHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*EnrollmentHandler) BasePreparedListAssociated

func (handler *EnrollmentHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*EnrollmentHandler) BasePreparedListIndexed

func (handler *EnrollmentHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*EnrollmentHandler) Create added in v0.21.214

func (handler *EnrollmentHandler) Create(model *Enrollment) (string, error)

func (*EnrollmentHandler) Delete

func (handler *EnrollmentHandler) Delete(id string) error

func (*EnrollmentHandler) Dispatch added in v0.21.235

func (self *EnrollmentHandler) Dispatch(command command.Command) error

func (*EnrollmentHandler) Enroll

func (handler *EnrollmentHandler) Enroll(ctx EnrollmentContext) (*EnrollmentResult, error)

func (*EnrollmentHandler) GetDb

func (handler *EnrollmentHandler) GetDb() boltz.Db

func (*EnrollmentHandler) GetEntityTypeId added in v0.21.235

func (handler *EnrollmentHandler) GetEntityTypeId() string

func (*EnrollmentHandler) GetEnv

func (handler *EnrollmentHandler) GetEnv() Env

func (*EnrollmentHandler) GetStore

func (handler *EnrollmentHandler) GetStore() boltz.CrudStore

func (*EnrollmentHandler) Query added in v0.21.214

func (handler *EnrollmentHandler) Query(query string) ([]*Enrollment, error)

func (*EnrollmentHandler) Read

func (handler *EnrollmentHandler) Read(id string) (*Enrollment, error)

func (*EnrollmentHandler) ReadByToken

func (handler *EnrollmentHandler) ReadByToken(token string) (*Enrollment, error)

func (*EnrollmentHandler) RefreshJwt added in v0.21.194

func (handler *EnrollmentHandler) RefreshJwt(id string, expiresAt time.Time) error

func (*EnrollmentHandler) ReplaceWithAuthenticator

func (handler *EnrollmentHandler) ReplaceWithAuthenticator(enrollmentId string, authenticator *Authenticator) error

type EnrollmentProcessor

type EnrollmentProcessor interface {
	CanHandle(method string) bool
	Process(context EnrollmentContext) (*EnrollmentResult, error)
}

type EnrollmentRegistry

type EnrollmentRegistry interface {
	Add(method EnrollmentProcessor)
	GetByMethod(method string) EnrollmentProcessor
}

type EnrollmentRegistryImpl

type EnrollmentRegistryImpl struct {
	// contains filtered or unexported fields
}

func (*EnrollmentRegistryImpl) Add

func (registry *EnrollmentRegistryImpl) Add(processor EnrollmentProcessor)

func (*EnrollmentRegistryImpl) GetByMethod

func (registry *EnrollmentRegistryImpl) GetByMethod(method string) EnrollmentProcessor

type EnrollmentResult

type EnrollmentResult struct {
	Identity      *Identity
	Authenticator *Authenticator
	Content       interface{}
	TextContent   []byte
	Producer      runtime.Producer
	Status        int
}

type EntityManager added in v0.21.235

type EntityManager interface {
	models.EntityRetriever

	GetEnv() Env
	// contains filtered or unexported methods
}

type Env

type Env interface {
	GetManagers() *Managers
	GetConfig() *config.Config
	GetJwtSigner() jwtsigner.Signer
	GetDbProvider() persistence.DbProvider
	GetStores() *persistence.Stores
	GetAuthRegistry() AuthRegistry
	GetEnrollRegistry() EnrollmentRegistry
	GetApiClientCsrSigner() cert.Signer
	GetApiServerCsrSigner() cert.Signer
	GetControlClientCsrSigner() cert.Signer
	GetHostController() HostController
	IsEdgeRouterOnline(id string) bool
	GetMetricsRegistry() metrics.Registry
	GetFingerprintGenerator() cert.FingerprintGenerator
	HandleServiceUpdatedEventForIdentityId(identityId string)
}

type EnvInfo

type EnvInfo struct {
	Arch      string
	Os        string
	OsRelease string
	OsVersion string
}

type ExtendedCerts added in v0.19.81

type ExtendedCerts struct {
	RawClientCert []byte
	RawServerCert []byte
}

type ExternalIdClaim added in v0.21.221

type ExternalIdClaim struct {
	Location        string
	Matcher         string
	MatcherCriteria string
	Parser          string
	ParserCriteria  string
	Index           int64
}

type ExternalIdFieldType added in v0.21.221

type ExternalIdFieldType string

type ExternalJwtSigner added in v0.21.148

type ExternalJwtSigner struct {
	models.BaseEntity
	Name            string
	CertPem         *string
	JwksEndpoint    *string
	Kid             *string
	Enabled         bool
	ExternalAuthUrl *string
	UseExternalId   bool
	ClaimsProperty  *string
	Issuer          *string
	Audience        *string

	CommonName  string
	Fingerprint *string
	NotAfter    time.Time
	NotBefore   time.Time
}

type ExternalJwtSignerHandler added in v0.21.148

type ExternalJwtSignerHandler struct {
	// contains filtered or unexported fields
}

func NewExternalJwtSignerHandler added in v0.21.148

func NewExternalJwtSignerHandler(env Env) *ExternalJwtSignerHandler

func (*ExternalJwtSignerHandler) ApplyDelete added in v0.21.235

func (self *ExternalJwtSignerHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ExternalJwtSignerHandler) BaseList added in v0.21.148

func (handler *ExternalJwtSignerHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ExternalJwtSignerHandler) BaseLoad added in v0.21.148

func (handler *ExternalJwtSignerHandler) BaseLoad(id string) (models.Entity, error)

func (*ExternalJwtSignerHandler) BaseLoadInTx added in v0.21.148

func (handler *ExternalJwtSignerHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ExternalJwtSignerHandler) BasePreparedList added in v0.21.148

func (handler *ExternalJwtSignerHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ExternalJwtSignerHandler) BasePreparedListAssociated added in v0.21.148

func (handler *ExternalJwtSignerHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ExternalJwtSignerHandler) BasePreparedListIndexed added in v0.21.148

func (handler *ExternalJwtSignerHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ExternalJwtSignerHandler) Create added in v0.21.148

func (handler *ExternalJwtSignerHandler) Create(model *ExternalJwtSigner) (string, error)

func (*ExternalJwtSignerHandler) Delete added in v0.21.148

func (handler *ExternalJwtSignerHandler) Delete(id string) error

func (*ExternalJwtSignerHandler) Dispatch added in v0.21.235

func (self *ExternalJwtSignerHandler) Dispatch(command command.Command) error

func (*ExternalJwtSignerHandler) GetDb added in v0.21.148

func (handler *ExternalJwtSignerHandler) GetDb() boltz.Db

func (*ExternalJwtSignerHandler) GetEntityTypeId added in v0.21.235

func (handler *ExternalJwtSignerHandler) GetEntityTypeId() string

func (*ExternalJwtSignerHandler) GetEnv added in v0.21.148

func (handler *ExternalJwtSignerHandler) GetEnv() Env

func (*ExternalJwtSignerHandler) GetStore added in v0.21.148

func (handler *ExternalJwtSignerHandler) GetStore() boltz.CrudStore

func (*ExternalJwtSignerHandler) IsUpdated added in v0.21.148

func (handler *ExternalJwtSignerHandler) IsUpdated(_ string) bool

func (*ExternalJwtSignerHandler) Patch added in v0.21.148

func (handler *ExternalJwtSignerHandler) Patch(model *ExternalJwtSigner, fields boltz.FieldChecker) error

func (*ExternalJwtSignerHandler) PublicQuery added in v0.21.157

func (handler *ExternalJwtSignerHandler) PublicQuery(query ast.Query) (*ListExtJwtSignerResult, error)

func (*ExternalJwtSignerHandler) Read added in v0.21.148

func (*ExternalJwtSignerHandler) Update added in v0.21.148

func (handler *ExternalJwtSignerHandler) Update(model *ExternalJwtSigner) error

type Formatter

type Formatter struct {
	// contains filtered or unexported fields
}

func NewFormatter

func NewFormatter(symbols map[string]string) *Formatter

func NewIdentityNameFormatter

func NewIdentityNameFormatter(ca *Ca, clientCert *x509.Certificate, identityName, identityId string) *Formatter

func (*Formatter) Format

func (formatter *Formatter) Format(name string) string

type HashedPassword

type HashedPassword struct {
	RawResult *crypto.HashResult //raw byte hash results
	Salt      string             //base64 encoded hash
	Password  string             //base64 encoded hash
}

type Heartbeat added in v0.19.39

type Heartbeat struct {
	ApiSessionId   string
	LastActivityAt time.Time
}

type HeartbeatCollector added in v0.19.39

type HeartbeatCollector struct {
	// contains filtered or unexported fields
}

func NewHeartbeatCollector added in v0.19.39

func NewHeartbeatCollector(env Env, batchSize int, updateInterval time.Duration, action func([]*Heartbeat)) *HeartbeatCollector

NewHeartbeatCollector creates a HeartbeatCollector which is used to manage situations where an SDK is connecting to multiple Edge Routers and making API calls that all update their last updated at and trigger writes. The heartbeat collector aggregates all of those calls into a single write and acts as an in memory buffer for last update times.

func (*HeartbeatCollector) LastAccessedAt added in v0.19.39

func (self *HeartbeatCollector) LastAccessedAt(apiSessionId string) (*time.Time, bool)

LastAccessedAt will return the last time an API Sessions was either connected to an Edge Router or made a REST API call and true. If no such action has happened or the API Session no longer exists nil and false will be returned.

func (*HeartbeatCollector) Mark added in v0.19.39

func (self *HeartbeatCollector) Mark(apiSessionId string)

func (*HeartbeatCollector) Remove added in v0.19.39

func (self *HeartbeatCollector) Remove(id string)

func (*HeartbeatCollector) Start added in v0.19.39

func (self *HeartbeatCollector) Start()

func (*HeartbeatCollector) Stop added in v0.19.39

func (self *HeartbeatCollector) Stop()

type HeartbeatStatus added in v0.19.39

type HeartbeatStatus struct {
	// contains filtered or unexported fields
}

type HostController

type HostController interface {
	GetNetwork() *network.Network
	Shutdown()
	GetCloseNotifyChannel() <-chan struct{}
}

type Identity

type Identity struct {
	models.BaseEntity
	Name                      string
	IdentityTypeId            string
	IsDefaultAdmin            bool
	IsAdmin                   bool
	RoleAttributes            []string
	EnvInfo                   *EnvInfo
	SdkInfo                   *SdkInfo
	HasHeartbeat              bool
	DefaultHostingPrecedence  ziti.Precedence
	DefaultHostingCost        uint16
	ServiceHostingPrecedences map[string]ziti.Precedence
	ServiceHostingCosts       map[string]uint16
	AppData                   map[string]interface{}
	AuthPolicyId              string
	ExternalId                *string
	Disabled                  bool
	DisabledAt                *time.Time
	DisabledUntil             *time.Time
}

type IdentityHandler

type IdentityHandler struct {
	// contains filtered or unexported fields
}

func NewIdentityHandler

func NewIdentityHandler(env Env) *IdentityHandler

func (*IdentityHandler) ApplyDelete added in v0.21.235

func (self *IdentityHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*IdentityHandler) AssignServiceConfigs

func (handler *IdentityHandler) AssignServiceConfigs(id string, serviceConfigs []ServiceConfig) error

func (*IdentityHandler) BaseList

func (handler *IdentityHandler) BaseList(query string) (*models.EntityListResult, error)

func (*IdentityHandler) BaseLoad

func (handler *IdentityHandler) BaseLoad(id string) (models.Entity, error)

func (*IdentityHandler) BaseLoadInTx

func (handler *IdentityHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*IdentityHandler) BasePreparedList

func (handler *IdentityHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*IdentityHandler) BasePreparedListAssociated

func (handler *IdentityHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*IdentityHandler) BasePreparedListIndexed

func (handler *IdentityHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*IdentityHandler) CollectAuthenticators

func (handler *IdentityHandler) CollectAuthenticators(id string, collector func(entity *Authenticator) error) error

func (*IdentityHandler) CollectEnrollments

func (handler *IdentityHandler) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*IdentityHandler) Create

func (handler *IdentityHandler) Create(identityModel *Identity) (string, error)

func (*IdentityHandler) CreateWithAuthenticator

func (handler *IdentityHandler) CreateWithAuthenticator(identity *Identity, authenticator *Authenticator) (string, string, error)

func (*IdentityHandler) CreateWithEnrollments

func (handler *IdentityHandler) CreateWithEnrollments(identityModel *Identity, enrollmentsModels []*Enrollment) (string, []string, error)

func (*IdentityHandler) Delete

func (handler *IdentityHandler) Delete(id string) error

func (*IdentityHandler) Disable added in v0.21.157

func (handler *IdentityHandler) Disable(identityId string, duration time.Duration) error

func (*IdentityHandler) Dispatch added in v0.21.235

func (self *IdentityHandler) Dispatch(command command.Command) error

func (*IdentityHandler) Enable added in v0.21.157

func (handler *IdentityHandler) Enable(identityId string) error

func (*IdentityHandler) GetDb

func (handler *IdentityHandler) GetDb() boltz.Db

func (*IdentityHandler) GetEntityTypeId added in v0.21.235

func (handler *IdentityHandler) GetEntityTypeId() string

func (*IdentityHandler) GetEnv

func (handler *IdentityHandler) GetEnv() Env

func (*IdentityHandler) GetServiceConfigs

func (handler *IdentityHandler) GetServiceConfigs(id string) ([]ServiceConfig, error)

func (*IdentityHandler) GetStore

func (handler *IdentityHandler) GetStore() boltz.CrudStore

func (*IdentityHandler) InitializeDefaultAdmin

func (handler *IdentityHandler) InitializeDefaultAdmin(username, password, name string) error

func (*IdentityHandler) IsActive added in v0.17.8

func (handler *IdentityHandler) IsActive(id string) bool

func (*IdentityHandler) IsUpdated

func (handler *IdentityHandler) IsUpdated(field string) bool

func (*IdentityHandler) Patch

func (handler *IdentityHandler) Patch(identity *Identity, checker boltz.FieldChecker) error

func (*IdentityHandler) PatchInfo

func (handler *IdentityHandler) PatchInfo(identity *Identity) error

func (*IdentityHandler) QueryRoleAttributes

func (handler *IdentityHandler) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*IdentityHandler) Read

func (handler *IdentityHandler) Read(id string) (*Identity, error)

func (*IdentityHandler) ReadByExternalId added in v0.21.157

func (handler *IdentityHandler) ReadByExternalId(externalId string) (*Identity, error)

func (*IdentityHandler) ReadByName added in v0.19.36

func (handler *IdentityHandler) ReadByName(name string) (*Identity, error)

func (*IdentityHandler) ReadDefaultAdmin

func (handler *IdentityHandler) ReadDefaultAdmin() (*Identity, error)

func (*IdentityHandler) ReadOneByQuery

func (handler *IdentityHandler) ReadOneByQuery(query string) (*Identity, error)

func (*IdentityHandler) RemoveServiceConfigs

func (handler *IdentityHandler) RemoveServiceConfigs(id string, serviceConfigs []ServiceConfig) error

func (*IdentityHandler) SetActive added in v0.17.8

func (handler *IdentityHandler) SetActive(id string)

func (*IdentityHandler) Update

func (handler *IdentityHandler) Update(identity *Identity) error

func (*IdentityHandler) VisitIdentityAuthenticatorFingerprints added in v0.19.0

func (handler *IdentityHandler) VisitIdentityAuthenticatorFingerprints(tx *bbolt.Tx, identityId string, visitor func(string) bool) (bool, error)

type IdentityType

type IdentityType struct {
	models.BaseEntity
	Name string `json:"name"`
}

type IdentityTypeHandler

type IdentityTypeHandler struct {
	// contains filtered or unexported fields
}

func NewIdentityTypeHandler

func NewIdentityTypeHandler(env Env) *IdentityTypeHandler

func (*IdentityTypeHandler) ApplyDelete added in v0.21.235

func (self *IdentityTypeHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*IdentityTypeHandler) BaseList

func (handler *IdentityTypeHandler) BaseList(query string) (*models.EntityListResult, error)

func (*IdentityTypeHandler) BaseLoad

func (handler *IdentityTypeHandler) BaseLoad(id string) (models.Entity, error)

func (*IdentityTypeHandler) BaseLoadInTx

func (handler *IdentityTypeHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*IdentityTypeHandler) BasePreparedList

func (handler *IdentityTypeHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*IdentityTypeHandler) BasePreparedListAssociated

func (handler *IdentityTypeHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*IdentityTypeHandler) BasePreparedListIndexed

func (handler *IdentityTypeHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*IdentityTypeHandler) Create

func (handler *IdentityTypeHandler) Create(IdentityTypeModel *IdentityType) (string, error)

func (*IdentityTypeHandler) Delete

func (handler *IdentityTypeHandler) Delete(id string) error

func (*IdentityTypeHandler) Dispatch added in v0.21.235

func (self *IdentityTypeHandler) Dispatch(command command.Command) error

func (*IdentityTypeHandler) GetDb

func (handler *IdentityTypeHandler) GetDb() boltz.Db

func (*IdentityTypeHandler) GetEntityTypeId added in v0.21.235

func (handler *IdentityTypeHandler) GetEntityTypeId() string

func (*IdentityTypeHandler) GetEnv

func (handler *IdentityTypeHandler) GetEnv() Env

func (*IdentityTypeHandler) GetStore

func (handler *IdentityTypeHandler) GetStore() boltz.CrudStore

func (*IdentityTypeHandler) Read

func (handler *IdentityTypeHandler) Read(id string) (*IdentityType, error)

func (*IdentityTypeHandler) ReadByIdOrName

func (handler *IdentityTypeHandler) ReadByIdOrName(idOrName string) (*IdentityType, error)

func (*IdentityTypeHandler) ReadByName

func (handler *IdentityTypeHandler) ReadByName(name string) (*IdentityType, error)

type ListExtJwtSignerResult added in v0.21.157

type ListExtJwtSignerResult struct {
	QueryMetaData models.QueryMetaData
	ExtJwtSigners []*ExternalJwtSigner
	// contains filtered or unexported fields
}

type Managers added in v0.21.235

type Managers struct {
	// fabric
	Router     *network.RouterManager
	Service    *network.ServiceManager
	Terminator *network.TerminatorManager
	Command    *network.CommandManager

	// edge
	ApiSession              *ApiSessionHandler
	ApiSessionCertificate   *ApiSessionCertificateHandler
	Ca                      *CaHandler
	Config                  *ConfigManager
	ConfigType              *ConfigTypeHandler
	EdgeRouter              *EdgeRouterHandler
	EdgeRouterPolicy        *EdgeRouterPolicyHandler
	EdgeService             *EdgeServiceHandler
	ExternalJwtSigner       *ExternalJwtSignerHandler
	Identity                *IdentityHandler
	IdentityType            *IdentityTypeHandler
	PolicyAdvisor           *PolicyAdvisor
	ServiceEdgeRouterPolicy *ServiceEdgeRouterPolicyHandler
	ServicePolicy           *ServicePolicyHandler
	TransitRouter           *TransitRouterHandler
	Session                 *SessionHandler
	Authenticator           *AuthenticatorHandler
	Enrollment              *EnrollmentHandler
	PostureCheck            *PostureCheckHandler
	PostureCheckType        *PostureCheckTypeHandler
	PostureResponse         *PostureResponseHandler
	Mfa                     *MfaHandler
	AuthPolicy              *AuthPolicyHandler
}

func InitEntityManagers added in v0.21.235

func InitEntityManagers(env Env) *Managers

type Mfa added in v0.17.52

type Mfa struct {
	models.BaseEntity
	IsVerified    bool
	IdentityId    string
	Identity      *Identity
	Secret        string
	RecoveryCodes []string
}

type MfaHandler added in v0.17.52

type MfaHandler struct {
	// contains filtered or unexported fields
}

func NewMfaHandler added in v0.17.52

func NewMfaHandler(env Env) *MfaHandler

func (*MfaHandler) ApplyDelete added in v0.21.235

func (self *MfaHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*MfaHandler) BaseList added in v0.17.52

func (handler *MfaHandler) BaseList(query string) (*models.EntityListResult, error)

func (*MfaHandler) BaseLoad added in v0.17.52

func (handler *MfaHandler) BaseLoad(id string) (models.Entity, error)

func (*MfaHandler) BaseLoadInTx added in v0.17.52

func (handler *MfaHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*MfaHandler) BasePreparedList added in v0.17.52

func (handler *MfaHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*MfaHandler) BasePreparedListAssociated added in v0.17.52

func (handler *MfaHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*MfaHandler) BasePreparedListIndexed added in v0.17.52

func (handler *MfaHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*MfaHandler) Create added in v0.17.52

func (handler *MfaHandler) Create(entity *Mfa) (string, error)

func (*MfaHandler) CreateForIdentity added in v0.17.52

func (handler *MfaHandler) CreateForIdentity(identity *Identity) (string, error)

func (*MfaHandler) Delete added in v0.17.52

func (handler *MfaHandler) Delete(id string) error

func (*MfaHandler) DeleteForIdentity added in v0.17.52

func (handler *MfaHandler) DeleteForIdentity(identity *Identity, code string) error

func (*MfaHandler) Dispatch added in v0.21.235

func (self *MfaHandler) Dispatch(command command.Command) error

func (*MfaHandler) GetDb added in v0.17.52

func (handler *MfaHandler) GetDb() boltz.Db

func (*MfaHandler) GetEntityTypeId added in v0.21.235

func (handler *MfaHandler) GetEntityTypeId() string

func (*MfaHandler) GetEnv added in v0.17.52

func (handler *MfaHandler) GetEnv() Env

func (*MfaHandler) GetProvisioningUrl added in v0.17.52

func (handler *MfaHandler) GetProvisioningUrl(mfa *Mfa) string

func (*MfaHandler) GetStore added in v0.17.52

func (handler *MfaHandler) GetStore() boltz.CrudStore

func (*MfaHandler) IsUpdated added in v0.17.52

func (handler *MfaHandler) IsUpdated(field string) bool

func (*MfaHandler) QrCodePng added in v0.17.52

func (handler *MfaHandler) QrCodePng(mfa *Mfa) ([]byte, error)

func (*MfaHandler) Query added in v0.17.52

func (handler *MfaHandler) Query(query string) (*MfaListResult, error)

func (*MfaHandler) Read added in v0.17.52

func (handler *MfaHandler) Read(id string) (*Mfa, error)

func (*MfaHandler) ReadByIdentityId added in v0.17.52

func (handler *MfaHandler) ReadByIdentityId(identityId string) (*Mfa, error)

func (*MfaHandler) RecreateRecoveryCodes added in v0.17.52

func (handler *MfaHandler) RecreateRecoveryCodes(mfa *Mfa) error

func (*MfaHandler) Update added in v0.17.52

func (handler *MfaHandler) Update(Mfa *Mfa) error

func (*MfaHandler) Verify added in v0.17.52

func (handler *MfaHandler) Verify(mfa *Mfa, code string) (bool, error)

func (*MfaHandler) VerifyTOTP added in v0.17.52

func (handler *MfaHandler) VerifyTOTP(mfa *Mfa, code string) (bool, error)

VerifyTOTP verifies TOTP values only, not recovery codes

type MfaListResult added in v0.17.52

type MfaListResult struct {
	Mfas []*Mfa
	models.QueryMetaData
	// contains filtered or unexported fields
}

type OperatingSystem added in v0.16.48

type OperatingSystem struct {
	OsType     string
	OsVersions []string
}

type OrFieldChecker

type OrFieldChecker struct {
	// contains filtered or unexported fields
}

func NewOrFieldChecker

func NewOrFieldChecker(checker boltz.FieldChecker, fields ...string) *OrFieldChecker

func (*OrFieldChecker) IsUpdated

func (checker *OrFieldChecker) IsUpdated(field string) bool

type PolicyAdvisor

type PolicyAdvisor struct {
	// contains filtered or unexported fields
}

func NewPolicyAdvisor

func NewPolicyAdvisor(env Env) *PolicyAdvisor

func (*PolicyAdvisor) AnalyzeServiceReachability

func (advisor *PolicyAdvisor) AnalyzeServiceReachability(identityId, serviceId string) (*AdvisorServiceReachability, error)
func (advisor *PolicyAdvisor) InspectIdentityEdgeRouterLinks(identityId, edgeRouterId string) (*AdvisorIdentityEdgeRouterLinks, error)
func (advisor *PolicyAdvisor) InspectIdentityServiceLinks(identityId, serviceId string) (*AdvisorIdentityServiceLinks, error)
func (advisor *PolicyAdvisor) InspectServiceEdgeRouterLinks(serviceId, edgeRouterId string) (*AdvisorServiceEdgeRouterLinks, error)

type PolicyPostureChecks added in v0.19.79

type PolicyPostureChecks struct {
	PostureChecks []*PostureCheck
	PolicyType    persistence.PolicyType
	PolicyName    string
}

type PostureCache added in v0.17.5

type PostureCache struct {
	events.EventEmmiter
	// contains filtered or unexported fields
}

func (*PostureCache) Add added in v0.17.5

func (pc *PostureCache) Add(identityId string, postureResponses []*PostureResponse)

func (*PostureCache) AddSessionRequestFailure added in v0.19.40

func (pc *PostureCache) AddSessionRequestFailure(identityId string, failure *PostureSessionRequestFailure)

func (*PostureCache) ApiSessionCreated added in v0.19.158

func (pc *PostureCache) ApiSessionCreated(args ...interface{})

func (*PostureCache) ApiSessionDeleted added in v0.19.158

func (pc *PostureCache) ApiSessionDeleted(args ...interface{})

func (*PostureCache) Evaluate added in v0.17.5

func (pc *PostureCache) Evaluate(identityId, apiSessionId string, postureChecks []*PostureCheck) (bool, []*PostureCheckFailure)

func (*PostureCache) IdentityDeleted added in v0.19.158

func (pc *PostureCache) IdentityDeleted(args ...interface{})

func (*PostureCache) PostureCheckChanged added in v0.20.35

func (pc *PostureCache) PostureCheckChanged(args ...interface{})

PostureCheckChanged notifies all associated identities that posture configuration has changed and that endpoints may need to reevaluate posture queries.

func (*PostureCache) PostureData added in v0.17.5

func (pc *PostureCache) PostureData(identityId string) *PostureData

PostureData returns a copy of the current posture data for an identity. Suitable for read only rendering. To alter/update posture data see Upsert.

func (*PostureCache) Upsert added in v0.19.158

func (pc *PostureCache) Upsert(identityId string, emitDataAltered bool, cb func(exist bool, valueInMap *PostureData, newValue *PostureData) *PostureData)

Upsert is a convenience function to alter the existing PostureData for an identity. If emitDataAltered is true, posture data listeners will be alerted: this will trigger service update notifications and posture check evaluation.

type PostureCheck added in v0.16.46

type PostureCheck struct {
	models.BaseEntity
	Name           string
	TypeId         string
	Version        int64
	RoleAttributes []string
	SubType        PostureCheckSubType
}

func (*PostureCheck) Evaluate added in v0.17.5

func (entity *PostureCheck) Evaluate(apiSessionId string, pd *PostureData) (bool, *PostureCheckFailure)

func (*PostureCheck) LastUpdatedAt added in v0.21.87

func (entity *PostureCheck) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

LastUpdatedAt returns the last time posture state changed for a specific posture check. If the posture state does not report changes, nil is returned.

func (*PostureCheck) TimeoutRemainingSeconds added in v0.19.168

func (entity *PostureCheck) TimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

func (*PostureCheck) TimeoutSeconds added in v0.19.158

func (entity *PostureCheck) TimeoutSeconds() int64

type PostureCheckDomains added in v0.19.40

type PostureCheckDomains struct {
	Domains []string
}

func (*PostureCheckDomains) ActualValue added in v0.19.40

func (p *PostureCheckDomains) ActualValue(apiSessionId string, pd *PostureData) interface{}

func (*PostureCheckDomains) Evaluate added in v0.19.40

func (p *PostureCheckDomains) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckDomains) ExpectedValue added in v0.19.40

func (p *PostureCheckDomains) ExpectedValue() interface{}

func (*PostureCheckDomains) FailureValues added in v0.19.40

func (*PostureCheckDomains) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckDomains) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckDomains) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckDomains) GetTimeoutSeconds() int64

func (*PostureCheckDomains) LastUpdatedAt added in v0.21.87

func (p *PostureCheckDomains) LastUpdatedAt(id string, pd *PostureData) *time.Time

type PostureCheckFailure added in v0.19.40

type PostureCheckFailure struct {
	PostureCheckId   string `json:"postureCheckId'"`
	PostureCheckName string `json:"postureCheckName"`
	PostureCheckType string `json:"postureCheckType"`
	PostureCheckFailureValues
}

func (PostureCheckFailure) ToClientErrorData added in v0.19.40

func (self PostureCheckFailure) ToClientErrorData() interface{}

type PostureCheckFailureSubType added in v0.19.40

type PostureCheckFailureSubType interface {
	Value() interface{}
	Expected() interface{}
}

type PostureCheckFailureValues added in v0.19.40

type PostureCheckFailureValues interface {
	Expected() interface{}
	Actual() interface{}
}

type PostureCheckFailureValuesDomain added in v0.19.40

type PostureCheckFailureValuesDomain struct {
	ActualValue   string
	ExpectedValue []string
}

func (PostureCheckFailureValuesDomain) Actual added in v0.19.40

func (p PostureCheckFailureValuesDomain) Actual() interface{}

func (PostureCheckFailureValuesDomain) Expected added in v0.19.40

func (p PostureCheckFailureValuesDomain) Expected() interface{}

type PostureCheckFailureValuesMac added in v0.19.40

type PostureCheckFailureValuesMac struct {
	ActualValue   []string
	ExpectedValue []string
}

func (PostureCheckFailureValuesMac) Actual added in v0.19.40

func (p PostureCheckFailureValuesMac) Actual() interface{}

func (PostureCheckFailureValuesMac) Expected added in v0.19.40

func (p PostureCheckFailureValuesMac) Expected() interface{}

type PostureCheckFailureValuesMfa added in v0.19.40

type PostureCheckFailureValuesMfa struct {
	ActualValue   PostureCheckMfaValues
	ExpectedValue PostureCheckMfaValues
	Criteria      PostureCheckMfaCriteria
}

func (PostureCheckFailureValuesMfa) Actual added in v0.19.40

func (p PostureCheckFailureValuesMfa) Actual() interface{}

func (PostureCheckFailureValuesMfa) Expected added in v0.19.40

func (p PostureCheckFailureValuesMfa) Expected() interface{}

type PostureCheckFailureValuesOperatingSystem added in v0.19.40

type PostureCheckFailureValuesOperatingSystem struct {
	ActualValue   PostureResponseOs
	ExpectedValue []OperatingSystem
}

func (PostureCheckFailureValuesOperatingSystem) Actual added in v0.19.40

func (p PostureCheckFailureValuesOperatingSystem) Actual() interface{}

func (PostureCheckFailureValuesOperatingSystem) Expected added in v0.19.40

func (p PostureCheckFailureValuesOperatingSystem) Expected() interface{}

type PostureCheckFailureValuesProcess added in v0.19.40

type PostureCheckFailureValuesProcess struct {
	ActualValue   PostureResponseProcess
	ExpectedValue PostureCheckProcess
}

func (PostureCheckFailureValuesProcess) Actual added in v0.19.40

func (p PostureCheckFailureValuesProcess) Actual() interface{}

func (PostureCheckFailureValuesProcess) Expected added in v0.19.40

func (p PostureCheckFailureValuesProcess) Expected() interface{}

type PostureCheckFailureValuesProcessMulti added in v0.19.93

type PostureCheckFailureValuesProcessMulti struct {
	ActualValue   []PostureResponseProcess
	ExpectedValue PostureCheckProcessMulti
}

func (PostureCheckFailureValuesProcessMulti) Actual added in v0.19.93

func (p PostureCheckFailureValuesProcessMulti) Actual() interface{}

func (PostureCheckFailureValuesProcessMulti) Expected added in v0.19.93

func (p PostureCheckFailureValuesProcessMulti) Expected() interface{}

type PostureCheckHandler added in v0.16.46

type PostureCheckHandler struct {
	// contains filtered or unexported fields
}

func NewPostureCheckHandler added in v0.16.46

func NewPostureCheckHandler(env Env) *PostureCheckHandler

func (*PostureCheckHandler) ApplyDelete added in v0.21.235

func (self *PostureCheckHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*PostureCheckHandler) BaseList added in v0.16.46

func (handler *PostureCheckHandler) BaseList(query string) (*models.EntityListResult, error)

func (*PostureCheckHandler) BaseLoad added in v0.16.46

func (handler *PostureCheckHandler) BaseLoad(id string) (models.Entity, error)

func (*PostureCheckHandler) BaseLoadInTx added in v0.16.46

func (handler *PostureCheckHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*PostureCheckHandler) BasePreparedList added in v0.16.46

func (handler *PostureCheckHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckHandler) BasePreparedListAssociated added in v0.16.46

func (handler *PostureCheckHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckHandler) BasePreparedListIndexed added in v0.16.46

func (handler *PostureCheckHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckHandler) Create added in v0.16.46

func (handler *PostureCheckHandler) Create(postureCheckModel *PostureCheck) (string, error)

func (*PostureCheckHandler) Delete added in v0.16.46

func (handler *PostureCheckHandler) Delete(id string) error

func (*PostureCheckHandler) Dispatch added in v0.21.235

func (self *PostureCheckHandler) Dispatch(command command.Command) error

func (*PostureCheckHandler) GetDb added in v0.16.46

func (handler *PostureCheckHandler) GetDb() boltz.Db

func (*PostureCheckHandler) GetEntityTypeId added in v0.21.235

func (handler *PostureCheckHandler) GetEntityTypeId() string

func (*PostureCheckHandler) GetEnv added in v0.16.46

func (handler *PostureCheckHandler) GetEnv() Env

func (*PostureCheckHandler) GetStore added in v0.16.46

func (handler *PostureCheckHandler) GetStore() boltz.CrudStore

func (*PostureCheckHandler) IsUpdated added in v0.16.46

func (handler *PostureCheckHandler) IsUpdated(field string) bool

func (*PostureCheckHandler) Patch added in v0.16.46

func (handler *PostureCheckHandler) Patch(ca *PostureCheck, checker boltz.FieldChecker) error

func (*PostureCheckHandler) Query added in v0.16.46

func (handler *PostureCheckHandler) Query(query string) (*PostureCheckListResult, error)

func (*PostureCheckHandler) QueryPostureChecks added in v0.17.5

func (handler *PostureCheckHandler) QueryPostureChecks(query ast.Query) (*PostureCheckListResult, error)

func (*PostureCheckHandler) Read added in v0.16.46

func (handler *PostureCheckHandler) Read(id string) (*PostureCheck, error)

func (*PostureCheckHandler) Update added in v0.16.46

func (handler *PostureCheckHandler) Update(ca *PostureCheck) error

type PostureCheckListResult added in v0.16.46

type PostureCheckListResult struct {
	PostureChecks []*PostureCheck
	models.QueryMetaData
	// contains filtered or unexported fields
}

type PostureCheckMacAddresses added in v0.16.48

type PostureCheckMacAddresses struct {
	MacAddresses []string
}

func (*PostureCheckMacAddresses) Evaluate added in v0.17.5

func (p *PostureCheckMacAddresses) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckMacAddresses) FailureValues added in v0.19.40

func (*PostureCheckMacAddresses) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckMacAddresses) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckMacAddresses) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckMacAddresses) GetTimeoutSeconds() int64

func (*PostureCheckMacAddresses) LastUpdatedAt added in v0.21.87

func (p *PostureCheckMacAddresses) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

type PostureCheckMfa added in v0.17.52

type PostureCheckMfa struct {
	TimeoutSeconds        int64
	PromptOnWake          bool
	PromptOnUnlock        bool
	IgnoreLegacyEndpoints bool
}

func (*PostureCheckMfa) Evaluate added in v0.17.52

func (p *PostureCheckMfa) Evaluate(apiSessionId string, pd *PostureData) bool

func (*PostureCheckMfa) FailureValues added in v0.19.40

func (p *PostureCheckMfa) FailureValues(apiSessionId string, pd *PostureData) PostureCheckFailureValues

func (*PostureCheckMfa) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckMfa) GetTimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

func (*PostureCheckMfa) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckMfa) GetTimeoutSeconds() int64

func (*PostureCheckMfa) IsLegacyClient added in v0.19.158

func (p *PostureCheckMfa) IsLegacyClient(apiSessionData *ApiSessionPostureData) bool

func (*PostureCheckMfa) LastUpdatedAt added in v0.21.87

func (p *PostureCheckMfa) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

func (*PostureCheckMfa) PassedOnUnlock added in v0.19.158

func (p *PostureCheckMfa) PassedOnUnlock(apiSessionData *ApiSessionPostureData, now time.Time) bool

func (*PostureCheckMfa) PassedOnWake added in v0.19.158

func (p *PostureCheckMfa) PassedOnWake(apiSessionData *ApiSessionPostureData, now time.Time) bool

type PostureCheckMfaCriteria added in v0.21.82

type PostureCheckMfaCriteria struct {
	PassedMfaAt             *time.Time
	WokenAt                 *time.Time
	UnlockedAt              *time.Time
	TimeoutSeconds          int64
	TimeoutRemainingSeconds int64
}

type PostureCheckMfaValues added in v0.19.158

type PostureCheckMfaValues struct {
	TimedOutSeconds       bool
	PassedMfa             bool
	PassedOnWake          bool
	PassedOnUnlock        bool
	IgnoreLegacyEndpoints bool
}

type PostureCheckOperatingSystem added in v0.16.48

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem
}

func (*PostureCheckOperatingSystem) Evaluate added in v0.17.5

func (p *PostureCheckOperatingSystem) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckOperatingSystem) FailureValues added in v0.19.40

func (*PostureCheckOperatingSystem) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckOperatingSystem) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckOperatingSystem) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckOperatingSystem) GetTimeoutSeconds() int64

func (*PostureCheckOperatingSystem) LastUpdatedAt added in v0.21.87

func (p *PostureCheckOperatingSystem) LastUpdatedAt(id string, pd *PostureData) *time.Time

type PostureCheckProcess added in v0.16.48

type PostureCheckProcess struct {
	PostureCheckId string
	OsType         string
	Path           string
	Hashes         []string
	Fingerprint    string
}

func (*PostureCheckProcess) Evaluate added in v0.17.5

func (p *PostureCheckProcess) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckProcess) FailureValues added in v0.19.40

func (*PostureCheckProcess) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckProcess) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckProcess) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckProcess) GetTimeoutSeconds() int64

func (*PostureCheckProcess) LastUpdatedAt added in v0.21.87

func (p *PostureCheckProcess) LastUpdatedAt(id string, pd *PostureData) *time.Time

type PostureCheckProcessMulti added in v0.19.93

type PostureCheckProcessMulti struct {
	PostureCheckId string
	Semantic       string
	Processes      []*ProcessMulti
}

func (*PostureCheckProcessMulti) Evaluate added in v0.19.93

func (p *PostureCheckProcessMulti) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckProcessMulti) FailureValues added in v0.19.93

func (*PostureCheckProcessMulti) GetTimeoutRemainingSeconds added in v0.19.168

func (p *PostureCheckProcessMulti) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckProcessMulti) GetTimeoutSeconds added in v0.19.158

func (p *PostureCheckProcessMulti) GetTimeoutSeconds() int64

func (*PostureCheckProcessMulti) LastUpdatedAt added in v0.21.87

func (p *PostureCheckProcessMulti) LastUpdatedAt(id string, pd *PostureData) *time.Time

type PostureCheckSubType added in v0.16.48

type PostureCheckSubType interface {
	Evaluate(apiSessionId string, pd *PostureData) bool
	FailureValues(_ string, pd *PostureData) PostureCheckFailureValues
	GetTimeoutSeconds() int64
	GetTimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

	// LastUpdatedAt returns the last time the posture state changed or nil if not supported.
	LastUpdatedAt(id string, pd *PostureData) *time.Time
	// contains filtered or unexported methods
}

type PostureCheckType added in v0.16.48

type PostureCheckType struct {
	models.BaseEntity
	Name             string
	OperatingSystems []OperatingSystem
}

type PostureCheckTypeHandler added in v0.16.48

type PostureCheckTypeHandler struct {
	// contains filtered or unexported fields
}

func NewPostureCheckTypeHandler added in v0.16.48

func NewPostureCheckTypeHandler(env Env) *PostureCheckTypeHandler

func (*PostureCheckTypeHandler) ApplyDelete added in v0.21.235

func (self *PostureCheckTypeHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*PostureCheckTypeHandler) BaseList added in v0.16.48

func (handler *PostureCheckTypeHandler) BaseList(query string) (*models.EntityListResult, error)

func (*PostureCheckTypeHandler) BaseLoad added in v0.16.48

func (handler *PostureCheckTypeHandler) BaseLoad(id string) (models.Entity, error)

func (*PostureCheckTypeHandler) BaseLoadInTx added in v0.16.48

func (handler *PostureCheckTypeHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*PostureCheckTypeHandler) BasePreparedList added in v0.16.48

func (handler *PostureCheckTypeHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckTypeHandler) BasePreparedListAssociated added in v0.16.48

func (handler *PostureCheckTypeHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckTypeHandler) BasePreparedListIndexed added in v0.16.48

func (handler *PostureCheckTypeHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*PostureCheckTypeHandler) Create added in v0.16.48

func (handler *PostureCheckTypeHandler) Create(PostureCheckTypeModel *PostureCheckType) (string, error)

func (*PostureCheckTypeHandler) Delete added in v0.16.48

func (handler *PostureCheckTypeHandler) Delete(id string) error

func (*PostureCheckTypeHandler) Dispatch added in v0.21.235

func (self *PostureCheckTypeHandler) Dispatch(command command.Command) error

func (*PostureCheckTypeHandler) GetDb added in v0.16.48

func (handler *PostureCheckTypeHandler) GetDb() boltz.Db

func (*PostureCheckTypeHandler) GetEntityTypeId added in v0.21.235

func (handler *PostureCheckTypeHandler) GetEntityTypeId() string

func (*PostureCheckTypeHandler) GetEnv added in v0.16.48

func (handler *PostureCheckTypeHandler) GetEnv() Env

func (*PostureCheckTypeHandler) GetStore added in v0.16.48

func (handler *PostureCheckTypeHandler) GetStore() boltz.CrudStore

func (*PostureCheckTypeHandler) Read added in v0.16.48

func (handler *PostureCheckTypeHandler) Read(id string) (*PostureCheckType, error)

func (*PostureCheckTypeHandler) ReadByName added in v0.16.48

func (handler *PostureCheckTypeHandler) ReadByName(name string) (*PostureCheckType, error)

type PostureData added in v0.17.5

type PostureData struct {
	Mac                    PostureResponseMac
	Domain                 PostureResponseDomain
	Os                     PostureResponseOs
	Processes              []*PostureResponseProcess
	ProcessPathMap         map[string]*PostureResponseProcess
	ApiSessions            map[string]*ApiSessionPostureData
	SessionRequestFailures []*PostureSessionRequestFailure
}

func (*PostureData) Copy added in v0.20.24

func (pd *PostureData) Copy() *PostureData

func (*PostureData) Evaluate added in v0.17.5

func (pd *PostureData) Evaluate(apiSessionId string, checks []*PostureCheck) (bool, []*PostureCheckFailure)

type PosturePolicyFailure added in v0.19.40

type PosturePolicyFailure struct {
	PolicyId   string
	PolicyName string
	Checks     []*PostureCheckFailure
}

type PostureResponse added in v0.17.5

type PostureResponse struct {
	PostureCheckId string
	TypeId         string
	TimedOut       bool
	LastUpdatedAt  time.Time
	SubType        PostureResponseSubType
}

func (*PostureResponse) Apply added in v0.17.5

func (pr *PostureResponse) Apply(postureData *PostureData)

type PostureResponseDomain added in v0.17.5

type PostureResponseDomain struct {
	*PostureResponse
	Name string `json:"name"`
}

func (*PostureResponseDomain) Apply added in v0.17.5

func (pr *PostureResponseDomain) Apply(postureData *PostureData)

type PostureResponseEndpointState added in v0.19.158

type PostureResponseEndpointState struct {
	*PostureResponse
	ApiSessionId string
	WokenAt      *time.Time
	UnlockedAt   *time.Time
}

func (*PostureResponseEndpointState) Apply added in v0.19.158

func (pr *PostureResponseEndpointState) Apply(postureData *PostureData)

type PostureResponseHandler added in v0.17.5

type PostureResponseHandler struct {
	// contains filtered or unexported fields
}

func NewPostureResponseHandler added in v0.17.5

func NewPostureResponseHandler(env Env) *PostureResponseHandler

func (*PostureResponseHandler) AddPostureDataListener added in v0.17.5

func (handler *PostureResponseHandler) AddPostureDataListener(cb func(env Env, identityId string))

func (*PostureResponseHandler) Create added in v0.17.5

func (handler *PostureResponseHandler) Create(identityId string, postureResponses []*PostureResponse)

func (*PostureResponseHandler) Evaluate added in v0.17.5

func (handler *PostureResponseHandler) Evaluate(identityId, apiSessionId string, check *PostureCheck) (bool, *PostureCheckFailure)

func (*PostureResponseHandler) GetEndpointStateChangeAffectedServices added in v0.20.35

func (handler *PostureResponseHandler) GetEndpointStateChangeAffectedServices(timeSinceLastMfa, gracePeriod time.Duration, onWake bool, onUnlock bool) []*ServiceWithTimeout

func (*PostureResponseHandler) PostureData added in v0.17.5

func (handler *PostureResponseHandler) PostureData(id string) *PostureData

func (*PostureResponseHandler) SetMfaPosture added in v0.19.46

func (handler *PostureResponseHandler) SetMfaPosture(identityId string, apiSessionId string, isPassed bool)

SetMfaPosture sets the MFA passing status a specific API Session owned by an identity

func (*PostureResponseHandler) SetMfaPostureForIdentity added in v0.19.46

func (handler *PostureResponseHandler) SetMfaPostureForIdentity(identityId string, isPassed bool)

SetMfaPostureForIdentity sets the MFA passing status for all API Sessions associated to an identity

func (*PostureResponseHandler) SetSdkInfo added in v0.19.158

func (handler *PostureResponseHandler) SetSdkInfo(identityId, apiSessionId string, sdkInfo *SdkInfo)

type PostureResponseMac added in v0.17.5

type PostureResponseMac struct {
	*PostureResponse
	Addresses []string `json:"addresses"`
}

func (*PostureResponseMac) Apply added in v0.17.5

func (pr *PostureResponseMac) Apply(postureData *PostureData)

type PostureResponseMfa added in v0.17.52

type PostureResponseMfa struct {
	*PostureResponse
	ApiSessionId string     `json:"-"`
	PassedMfaAt  *time.Time `json:"passedMfaAt"`
}

func (*PostureResponseMfa) Apply added in v0.17.52

func (pr *PostureResponseMfa) Apply(postureData *PostureData)

type PostureResponseOs added in v0.17.5

type PostureResponseOs struct {
	*PostureResponse
	Type    string `json:"type"`
	Version string `json:"version"`
	Build   string `json:"build"`
}

func (*PostureResponseOs) Apply added in v0.17.5

func (pr *PostureResponseOs) Apply(postureData *PostureData)

type PostureResponseProcess added in v0.17.5

type PostureResponseProcess struct {
	*PostureResponse
	Path               string
	IsRunning          bool
	BinaryHash         string
	SignerFingerprints []string
}

func (*PostureResponseProcess) Apply added in v0.17.5

func (pr *PostureResponseProcess) Apply(postureData *PostureData)

func (*PostureResponseProcess) VerifyMultiCriteria added in v0.19.93

func (pr *PostureResponseProcess) VerifyMultiCriteria(process *ProcessMulti) bool

type PostureResponseSubType added in v0.17.5

type PostureResponseSubType interface {
	Apply(postureData *PostureData)
}

type PostureSessionData added in v0.19.158

type PostureSessionData struct {
	MfaTimeout int64
}

type PostureSessionRequestFailure added in v0.19.40

type PostureSessionRequestFailure struct {
	When           time.Time
	ServiceId      string
	ServiceName    string
	SessionType    string
	PolicyFailures []*PosturePolicyFailure
	ApiSessionId   string
}

type ProcessMulti added in v0.19.93

type ProcessMulti struct {
	OsType             string
	Path               string
	Hashes             []string
	SignerFingerprints []string
}

type Schemas

type Schemas interface {
	GetEnrollErPost() *gojsonschema.Schema
	GetEnrollUpdbPost() *gojsonschema.Schema
}

type SdkInfo

type SdkInfo struct {
	AppId      string
	AppVersion string
	Branch     string
	Revision   string
	Type       string
	Version    string
}

type Service

type Service struct {
	models.BaseEntity
	Name               string   `json:"name"`
	TerminatorStrategy string   `json:"terminatorStrategy"`
	RoleAttributes     []string `json:"roleAttributes"`
	Configs            []string `json:"configs"`
	EncryptionRequired bool     `json:"encryptionRequired"`
}

type ServiceConfig

type ServiceConfig struct {
	Service string
	Config  string
}

type ServiceDetail

type ServiceDetail struct {
	models.BaseEntity
	Name               string                            `json:"name"`
	TerminatorStrategy string                            `json:"terminatorStrategy"`
	RoleAttributes     []string                          `json:"roleAttributes"`
	Permissions        []string                          `json:"permissions"`
	Configs            []string                          `json:"configs"`
	Config             map[string]map[string]interface{} `json:"config"`
	EncryptionRequired bool                              `json:"encryptionRequired"`
}

type ServiceEdgeRouterPolicy

type ServiceEdgeRouterPolicy struct {
	models.BaseEntity
	Name            string
	Semantic        string
	ServiceRoles    []string
	EdgeRouterRoles []string
}

type ServiceEdgeRouterPolicyHandler

type ServiceEdgeRouterPolicyHandler struct {
	// contains filtered or unexported fields
}

func NewServiceEdgeRouterPolicyHandler

func NewServiceEdgeRouterPolicyHandler(env Env) *ServiceEdgeRouterPolicyHandler

func (*ServiceEdgeRouterPolicyHandler) ApplyDelete added in v0.21.235

func (self *ServiceEdgeRouterPolicyHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ServiceEdgeRouterPolicyHandler) BaseList

func (handler *ServiceEdgeRouterPolicyHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ServiceEdgeRouterPolicyHandler) BaseLoad

func (handler *ServiceEdgeRouterPolicyHandler) BaseLoad(id string) (models.Entity, error)

func (*ServiceEdgeRouterPolicyHandler) BaseLoadInTx

func (handler *ServiceEdgeRouterPolicyHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ServiceEdgeRouterPolicyHandler) BasePreparedList

func (handler *ServiceEdgeRouterPolicyHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ServiceEdgeRouterPolicyHandler) BasePreparedListAssociated

func (handler *ServiceEdgeRouterPolicyHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ServiceEdgeRouterPolicyHandler) BasePreparedListIndexed

func (handler *ServiceEdgeRouterPolicyHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ServiceEdgeRouterPolicyHandler) Create

func (handler *ServiceEdgeRouterPolicyHandler) Create(edgeRouterPolicy *ServiceEdgeRouterPolicy) (string, error)

func (*ServiceEdgeRouterPolicyHandler) Delete

func (handler *ServiceEdgeRouterPolicyHandler) Delete(id string) error

func (*ServiceEdgeRouterPolicyHandler) Dispatch added in v0.21.235

func (self *ServiceEdgeRouterPolicyHandler) Dispatch(command command.Command) error

func (*ServiceEdgeRouterPolicyHandler) GetDb

func (handler *ServiceEdgeRouterPolicyHandler) GetDb() boltz.Db

func (*ServiceEdgeRouterPolicyHandler) GetEntityTypeId added in v0.21.235

func (handler *ServiceEdgeRouterPolicyHandler) GetEntityTypeId() string

func (*ServiceEdgeRouterPolicyHandler) GetEnv

func (handler *ServiceEdgeRouterPolicyHandler) GetEnv() Env

func (*ServiceEdgeRouterPolicyHandler) GetStore

func (handler *ServiceEdgeRouterPolicyHandler) GetStore() boltz.CrudStore

func (*ServiceEdgeRouterPolicyHandler) Patch

func (handler *ServiceEdgeRouterPolicyHandler) Patch(edgeRouterPolicy *ServiceEdgeRouterPolicy, checker boltz.FieldChecker) error

func (*ServiceEdgeRouterPolicyHandler) Read

func (*ServiceEdgeRouterPolicyHandler) Update

func (handler *ServiceEdgeRouterPolicyHandler) Update(edgeRouterPolicy *ServiceEdgeRouterPolicy) error

type ServiceEdgeRouterPolicyListResult

type ServiceEdgeRouterPolicyListResult struct {
	ServiceEdgeRouterPolicies []*ServiceEdgeRouterPolicy
	models.QueryMetaData
}

type ServiceListResult

type ServiceListResult struct {
	Services []*ServiceDetail

	models.QueryMetaData
	// contains filtered or unexported fields
}

type ServicePolicy

type ServicePolicy struct {
	models.BaseEntity
	Name              string
	PolicyType        string
	Semantic          string
	IdentityRoles     []string
	ServiceRoles      []string
	PostureCheckRoles []string
}

type ServicePolicyHandler

type ServicePolicyHandler struct {
	// contains filtered or unexported fields
}

func NewServicePolicyHandler

func NewServicePolicyHandler(env Env) *ServicePolicyHandler

func (*ServicePolicyHandler) ApplyDelete added in v0.21.235

func (self *ServicePolicyHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*ServicePolicyHandler) BaseList

func (handler *ServicePolicyHandler) BaseList(query string) (*models.EntityListResult, error)

func (*ServicePolicyHandler) BaseLoad

func (handler *ServicePolicyHandler) BaseLoad(id string) (models.Entity, error)

func (*ServicePolicyHandler) BaseLoadInTx

func (handler *ServicePolicyHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*ServicePolicyHandler) BasePreparedList

func (handler *ServicePolicyHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*ServicePolicyHandler) BasePreparedListAssociated

func (handler *ServicePolicyHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*ServicePolicyHandler) BasePreparedListIndexed

func (handler *ServicePolicyHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*ServicePolicyHandler) Create

func (handler *ServicePolicyHandler) Create(servicePolicy *ServicePolicy) (string, error)

func (*ServicePolicyHandler) Delete

func (handler *ServicePolicyHandler) Delete(id string) error

func (*ServicePolicyHandler) Dispatch added in v0.21.235

func (self *ServicePolicyHandler) Dispatch(command command.Command) error

func (*ServicePolicyHandler) GetDb

func (handler *ServicePolicyHandler) GetDb() boltz.Db

func (*ServicePolicyHandler) GetEntityTypeId added in v0.21.235

func (handler *ServicePolicyHandler) GetEntityTypeId() string

func (*ServicePolicyHandler) GetEnv

func (handler *ServicePolicyHandler) GetEnv() Env

func (*ServicePolicyHandler) GetStore

func (handler *ServicePolicyHandler) GetStore() boltz.CrudStore

func (*ServicePolicyHandler) Patch

func (handler *ServicePolicyHandler) Patch(servicePolicy *ServicePolicy, checker boltz.FieldChecker) error

func (*ServicePolicyHandler) Read

func (handler *ServicePolicyHandler) Read(id string) (*ServicePolicy, error)

func (*ServicePolicyHandler) Update

func (handler *ServicePolicyHandler) Update(servicePolicy *ServicePolicy) error

type ServiceWithTimeout added in v0.20.35

type ServiceWithTimeout struct {
	Service *Service
	Timeout int64
}

type Session

type Session struct {
	models.BaseEntity
	Token           string
	IdentityId      string
	ApiSessionId    string
	ServiceId       string
	Type            string
	SessionCerts    []*SessionCert
	ServicePolicies []string
}

type SessionCert

type SessionCert struct {
	Cert        string
	Fingerprint string
	ValidFrom   time.Time
	ValidTo     time.Time
}

func (*SessionCert) FillFrom

func (entity *SessionCert) FillFrom(_ EntityManager, _ *bbolt.Tx, boltEntity boltz.Entity) error

type SessionHandler

type SessionHandler struct {
	// contains filtered or unexported fields
}

func NewSessionHandler

func NewSessionHandler(env Env) *SessionHandler

func (*SessionHandler) ApplyDelete added in v0.21.235

func (self *SessionHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*SessionHandler) BaseList

func (handler *SessionHandler) BaseList(query string) (*models.EntityListResult, error)

func (*SessionHandler) BaseLoad

func (handler *SessionHandler) BaseLoad(id string) (models.Entity, error)

func (*SessionHandler) BaseLoadInTx

func (handler *SessionHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*SessionHandler) BasePreparedList

func (handler *SessionHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*SessionHandler) BasePreparedListAssociated

func (handler *SessionHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*SessionHandler) BasePreparedListIndexed

func (handler *SessionHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*SessionHandler) Create

func (handler *SessionHandler) Create(entity *Session) (string, error)

func (*SessionHandler) Delete

func (handler *SessionHandler) Delete(id string) error

func (*SessionHandler) DeleteForIdentity

func (handler *SessionHandler) DeleteForIdentity(id, identityId string) error

func (*SessionHandler) Dispatch added in v0.21.235

func (self *SessionHandler) Dispatch(command command.Command) error

func (*SessionHandler) EvaluatePostureForService added in v0.20.35

func (handler *SessionHandler) EvaluatePostureForService(identityId, apiSessionId, sessionType, serviceId, serviceName string) *SessionPostureResult

func (*SessionHandler) GetDb

func (handler *SessionHandler) GetDb() boltz.Db

func (*SessionHandler) GetEntityTypeId added in v0.21.235

func (handler *SessionHandler) GetEntityTypeId() string

func (*SessionHandler) GetEnv

func (handler *SessionHandler) GetEnv() Env

func (*SessionHandler) GetStore

func (handler *SessionHandler) GetStore() boltz.CrudStore

func (*SessionHandler) ListSessionsForEdgeRouter

func (handler *SessionHandler) ListSessionsForEdgeRouter(edgeRouterId string) (*SessionListResult, error)

func (*SessionHandler) PublicQueryForIdentity

func (handler *SessionHandler) PublicQueryForIdentity(sessionIdentity *Identity, query ast.Query) (*SessionListResult, error)

func (*SessionHandler) Query

func (handler *SessionHandler) Query(query string) (*SessionListResult, error)

func (*SessionHandler) Read

func (handler *SessionHandler) Read(id string) (*Session, error)

func (*SessionHandler) ReadByToken added in v0.19.0

func (handler *SessionHandler) ReadByToken(token string) (*Session, error)

func (*SessionHandler) ReadForIdentity

func (handler *SessionHandler) ReadForIdentity(id string, identityId string) (*Session, error)

func (*SessionHandler) ReadSessionCerts

func (handler *SessionHandler) ReadSessionCerts(sessionId string) ([]*SessionCert, error)

type SessionListResult

type SessionListResult struct {
	Sessions []*Session
	models.QueryMetaData
	// contains filtered or unexported fields
}

type SessionPostureResult added in v0.20.35

type SessionPostureResult struct {
	Passed           bool
	Failure          *PostureSessionRequestFailure
	PassingPolicyIds []string
	Cause            *fabricApiError.GenericCauseError
}

type TestContext

type TestContext struct {
	*persistence.TestContext
	// contains filtered or unexported fields
}

func NewTestContext added in v0.20.36

func NewTestContext(t *testing.T) *TestContext

func (*TestContext) Cleanup

func (ctx *TestContext) Cleanup()

func (*TestContext) Generate

func (ctx *TestContext) Generate(string, string, jwt.MapClaims) (string, error)

func (*TestContext) GetApiClientCsrSigner

func (ctx *TestContext) GetApiClientCsrSigner() cert.Signer

func (*TestContext) GetApiServerCsrSigner

func (ctx *TestContext) GetApiServerCsrSigner() cert.Signer

func (*TestContext) GetAuthRegistry

func (ctx *TestContext) GetAuthRegistry() AuthRegistry

func (*TestContext) GetConfig

func (ctx *TestContext) GetConfig() *config.Config

func (*TestContext) GetControlClientCsrSigner

func (ctx *TestContext) GetControlClientCsrSigner() cert.Signer

func (*TestContext) GetEnrollRegistry

func (ctx *TestContext) GetEnrollRegistry() EnrollmentRegistry

func (*TestContext) GetFingerprintGenerator added in v0.17.30

func (ctx *TestContext) GetFingerprintGenerator() cert.FingerprintGenerator

func (*TestContext) GetHostController

func (ctx *TestContext) GetHostController() HostController

func (*TestContext) GetJwtSigner added in v0.19.109

func (ctx *TestContext) GetJwtSigner() jwtsigner.Signer

func (*TestContext) GetManagers added in v0.21.235

func (ctx *TestContext) GetManagers() *Managers

func (*TestContext) GetMetricsRegistry added in v0.16.0

func (ctx *TestContext) GetMetricsRegistry() metrics.Registry

func (*TestContext) GetSchemas

func (ctx *TestContext) GetSchemas() Schemas

func (*TestContext) HandleServiceUpdatedEventForIdentityId added in v0.19.46

func (ctx *TestContext) HandleServiceUpdatedEventForIdentityId(identityId string)

func (*TestContext) Init

func (ctx *TestContext) Init()

func (*TestContext) InitWithDbFile added in v0.20.110

func (ctx *TestContext) InitWithDbFile(dbPath string)

func (*TestContext) IsEdgeRouterOnline

func (ctx *TestContext) IsEdgeRouterOnline(string) bool

type TransitRouter

type TransitRouter struct {
	models.BaseEntity
	Name                  string
	Fingerprint           *string
	IsVerified            bool
	IsBase                bool
	UnverifiedFingerprint *string
	UnverifiedCertPem     *string
	Cost                  uint16
	NoTraversal           bool
}

type TransitRouterHandler

type TransitRouterHandler struct {
	// contains filtered or unexported fields
}

func NewTransitRouterHandler

func NewTransitRouterHandler(env Env) *TransitRouterHandler

func (*TransitRouterHandler) ApplyDelete added in v0.21.235

func (self *TransitRouterHandler) ApplyDelete(cmd *command.DeleteEntityCommand) error

func (*TransitRouterHandler) BaseList

func (handler *TransitRouterHandler) BaseList(query string) (*models.EntityListResult, error)

func (*TransitRouterHandler) BaseLoad

func (handler *TransitRouterHandler) BaseLoad(id string) (models.Entity, error)

func (*TransitRouterHandler) BaseLoadInTx

func (handler *TransitRouterHandler) BaseLoadInTx(tx *bbolt.Tx, id string) (models.Entity, error)

func (*TransitRouterHandler) BasePreparedList

func (handler *TransitRouterHandler) BasePreparedList(query ast.Query) (*models.EntityListResult, error)

func (*TransitRouterHandler) BasePreparedListAssociated

func (handler *TransitRouterHandler) BasePreparedListAssociated(id string, typeLoader models.EntityRetriever, query ast.Query) (*models.EntityListResult, error)

func (*TransitRouterHandler) BasePreparedListIndexed

func (handler *TransitRouterHandler) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult, error)

func (*TransitRouterHandler) CollectEnrollments

func (handler *TransitRouterHandler) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*TransitRouterHandler) Create

func (handler *TransitRouterHandler) Create(entity *TransitRouter) (string, error)

func (*TransitRouterHandler) CreateWithEnrollment

func (handler *TransitRouterHandler) CreateWithEnrollment(txRouter *TransitRouter, enrollment *Enrollment) (string, string, error)

func (*TransitRouterHandler) Delete

func (handler *TransitRouterHandler) Delete(id string) error

func (*TransitRouterHandler) Dispatch added in v0.21.235

func (self *TransitRouterHandler) Dispatch(command command.Command) error

func (*TransitRouterHandler) ExtendEnrollment added in v0.19.81

func (handler *TransitRouterHandler) ExtendEnrollment(router *TransitRouter, clientCsrPem []byte, serverCertCsrPem []byte) (*ExtendedCerts, error)

func (*TransitRouterHandler) ExtendEnrollmentVerify added in v0.21.20

func (handler *TransitRouterHandler) ExtendEnrollmentVerify(router *TransitRouter) error

func (*TransitRouterHandler) ExtendEnrollmentWithVerify added in v0.21.20

func (handler *TransitRouterHandler) ExtendEnrollmentWithVerify(router *TransitRouter, clientCsrPem []byte, serverCertCsrPem []byte) (*ExtendedCerts, error)

func (*TransitRouterHandler) GetDb

func (handler *TransitRouterHandler) GetDb() boltz.Db

func (*TransitRouterHandler) GetEntityTypeId added in v0.21.235

func (handler *TransitRouterHandler) GetEntityTypeId() string

func (*TransitRouterHandler) GetEnv

func (handler *TransitRouterHandler) GetEnv() Env

func (*TransitRouterHandler) GetStore

func (handler *TransitRouterHandler) GetStore() boltz.CrudStore

func (*TransitRouterHandler) Patch

func (handler *TransitRouterHandler) Patch(entity *TransitRouter, checker boltz.FieldChecker, allowAllFields bool) error

func (*TransitRouterHandler) Read

func (handler *TransitRouterHandler) Read(id string) (*TransitRouter, error)

func (*TransitRouterHandler) ReadOneByFingerprint added in v0.19.81

func (handler *TransitRouterHandler) ReadOneByFingerprint(fingerprint string) (*TransitRouter, error)

func (*TransitRouterHandler) ReadOneByQuery

func (handler *TransitRouterHandler) ReadOneByQuery(query string) (*TransitRouter, error)

func (*TransitRouterHandler) ReadOneByUnverifiedFingerprint added in v0.21.20

func (handler *TransitRouterHandler) ReadOneByUnverifiedFingerprint(fingerprint string) (*TransitRouter, error)

func (*TransitRouterHandler) Update

func (handler *TransitRouterHandler) Update(entity *TransitRouter, allowAllFields bool) error

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL