persistence

package
v0.24.18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 20, 2022 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Index

Constants

View Source
const (
	FieldApiSessionCertificateApiSession  = "apiSession"
	FieldApiSessionCertificateSubject     = "subject"
	FieldApiSessionCertificateFingerprint = "fingerprint"
	FieldApiSessionCertificateValidAfter  = "validAfter"
	FieldApiSessionCertificateValidBefore = "validBefore"
	FieldApiSessionCertificatePem         = "pem"
)
View Source
const (
	FieldApiSessionIdentity       = "identity"
	FieldApiSessionToken          = "token"
	FieldApiSessionConfigTypes    = "configTypes"
	FieldApiSessionIPAddress      = "ipAddress"
	FieldApiSessionMfaComplete    = "mfaComplete"
	FieldApiSessionMfaRequired    = "mfaRequired"
	FieldApiSessionLastActivityAt = "lastActivityAt"
	FieldApiSessionAuthenticator  = "authenticator"

	EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED"

	EventualEventApiSessionDelete = "ApiSessionDelete"
)
View Source
const (
	DefaultUpdbMinPasswordLength = int64(5)
	DefaultUpdbMaxAttempts       = int64(5)
	DefaultAuthPolicyId          = "default"

	UpdbIndefiniteLockout      = int64(0)
	UpdbUnlimitedAttemptsLimit = int64(0)

	FieldAuthPolicyPrimaryCertAllowed           = "primary.cert.allowed"
	FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts"

	FieldAuthPolicyPrimaryUpdbAllowed                = "primary.updb.allowed"
	FiledAuthPolicyPrimaryUpdbMinPasswordLength      = "primary.updb.minPasswordLength"
	FieldAuthPolicyPrimaryUpdbRequireSpecialChar     = "primary.updb.requireSpecialChar"
	FieldAuthPolicyPrimaryUpdbRequireNumberChar      = "primary.updb.requireNumberChar"
	FieldAuthPolicyPrimaryUpdbRequireMixedCase       = "primary.updb.requireMixedCase"
	FieldAuthPolicyPrimaryUpdbMaxAttempts            = "primary.updb.maxAttempts"
	FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes"

	FieldAuthPolicyPrimaryExtJwtAllowed        = "primary.extJwt.allowed"
	FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners"

	FieldAuthSecondaryPolicyRequireTotp          = "secondary.requireTotp"
	FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner"
)
View Source
const (
	FieldAuthenticatorMethod   = "method"
	FieldAuthenticatorIdentity = "identity"

	FieldAuthenticatorCertFingerprint = "certFingerprint"
	FieldAuthenticatorCertPem         = "certPem"

	FieldAuthenticatorUnverifiedCertPem         = "unverifiedCertPem"
	FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint"

	FieldAuthenticatorUpdbUsername = "updbUsername"
	FieldAuthenticatorUpdbPassword = "updbPassword"
	FieldAuthenticatorUpdbSalt     = "updbSalt"

	MethodAuthenticatorUpdb = "updb"
	MethodAuthenticatorCert = "cert"
	// MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly
	// registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a
	// "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually
	// be stored for persistence and is defined here for as tobe near the other authenticator methods.
	MethodAuthenticatorCertCaExternalId = "certCaExternalId"
)
View Source
const (
	EntityTypeApiSessions               = "apiSessions"
	EntityTypeApiSessionCertificates    = "apiSessionCertificates"
	EntityTypeAuthPolicies              = "authPolicies"
	EntityTypeEventualEvents            = "eventualEvents"
	EntityTypeCas                       = "cas"
	EntityTypeConfigs                   = "configs"
	EntityTypeConfigTypes               = "configTypes"
	EntityTypeEdgeRouterPolicies        = "edgeRouterPolicies"
	EntityTypeExternalJwtSigners        = "externalJwtSigners"
	EntityTypeIdentities                = "identities"
	EntityTypeIdentityTypes             = "identityTypes"
	EntityTypeMfas                      = "mfas"
	EntityTypeServicePolicies           = "servicePolicies"
	EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies"
	EntityTypeSessions                  = "sessions"
	EntityTypeSessionCerts              = "sessionCerts"
	EntityTypeEnrollments               = "enrollments"
	EntityTypeAuthenticators            = "authenticators"
	EntityTypePostureChecks             = "postureChecks"
	EntityTypePostureCheckTypes         = "postureCheckTypes"
	EdgeBucket                          = "edge"

	FieldName           = "name"
	FieldSemantic       = "semantic"
	FieldRoleAttributes = "roleAttributes"

	FieldEdgeRouterRoles   = "edgeRouterRoles"
	FieldIdentityRoles     = "identityRoles"
	FieldServiceRoles      = "serviceRoles"
	FieldPostureCheckRoles = "postureCheckRoles"

	SemanticAllOf = "AllOf"
	SemanticAnyOf = "AnyOf"
)
View Source
const (
	FieldCaFingerprint                    = "fingerprint"
	FieldCaCertPem                        = "certPem"
	FieldCaIsVerified                     = "isVerified"
	FieldCaVerificationToken              = "verificationToken"
	FieldCaIsAutoCaEnrollmentEnabled      = "isAutoCaEnrollmentEnabled"
	FieldCaIsOttCaEnrollmentEnabled       = "isOttCaEnrollmentEnabled"
	FieldCaIsAuthEnabled                  = "isAuthEnabled"
	FieldCaIdentityNameFormat             = "identityNameFormat"
	FieldCaEnrollments                    = "enrollments"
	FieldCaExternalIdClaim                = "externalIdClaim"
	FieldCaExternalIdClaimLocation        = "externalIdClaim.location"
	FieldCaExternalIdClaimIndex           = "externalIdClaim.index"
	FieldCaExternalIdClaimMatcher         = "externalIdClaim.matcher"
	FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria"
	FieldCaExternalIdClaimParser          = "externalIdClaim.parser"
	FieldCaExternalIdClaimParserCriteria  = "externalIdClaim.parserSeparator"
)
View Source
const (
	ExternalIdClaimLocCommonName = "COMMON_NAME"
	ExternalIdClaimLocSanUri     = "SAN_URI"
	ExternalIdClaimLocSanEmail   = "SAN_EMAIL"

	ExternalIdClaimMatcherAll    = "ALL"
	ExternalIdClaimMatcherSuffix = "SUFFIX"
	ExternalIdClaimMatcherPrefix = "PREFIX"
	ExternalIdClaimMatcherScheme = "SCHEME"

	ExternalIdClaimParserNone  = "NONE"
	ExternalIdClaimParserSplit = "SPLIT"
)
View Source
const (
	FieldConfigData            = "data"
	FieldConfigType            = "type"
	FieldConfigIdentityService = "identityServices"
)
View Source
const (
	FieldEdgeRouters                     = "edgeRouters"
	FieldEdgeRouterCertPEM               = "certPem"
	FieldEdgeRouterUnverifiedCertPEM     = "unverifiedCertPem"
	FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint"
	FieldEdgeRouterIsVerified            = "isVerified"
	FieldEdgeRouterProtocols             = "protocols"
	FieldEdgeRouterEnrollments           = "enrollments"
	FieldEdgeRouterIsTunnelerEnabled     = "isTunnelerEnabled"
	FieldEdgeRouterAppData               = "appData"
)
View Source
const (
	FieldEdgeServiceDialIdentities = "dialIdentities"
	FieldEdgeServiceBindIdentities = "bindIdentities"
	FieldServiceEncryptionRequired = "encryptionRequired"
)
View Source
const (
	FieldEnrollmentToken     = "token"
	FieldEnrollmentMethod    = "method"
	FieldEnrollIdentity      = "identity"
	FieldEnrollEdgeRouter    = "edgeRouter"
	FieldEnrollTransitRouter = "transitRouter"
	FieldEnrollmentExpiresAt = "expiresAt"
	FieldEnrollmentIssuedAt  = "issuedAt"
	FieldEnrollmentCaId      = "caId"
	FieldEnrollmentUsername  = "username"
	FieldEnrollmentJwt       = "jwt"

	MethodEnrollOtt   = "ott"
	MethodEnrollOttCa = "ottca"
	MethodEnrollCa    = "ca"
	MethodEnrollUpdb  = "updb"
)
View Source
const (
	FieldEventualEventType = "type"
	FieldEventualEventData = "data"
)
View Source
const (
	// EventualEventAddedName is emitted when a new event is added via AddEventualEvent().
	//
	// Event arguments:
	//	0 - an EventualEventAdded struct
	EventualEventAddedName = events.EventName("EventualEventAdded")

	// EventualEventRemovedName is emitted when a previously added eventual event is processed
	//
	// Event arguments:
	//	0 - an EventualEventRemoved struct
	EventualEventRemovedName = events.EventName("EventualEventRemoved")

	// EventualEventProcessingStartName is emitted as the first action during processing
	// Event arguments:
	//	0 - an EventualEventProcessingStart struct
	EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart")

	// EventualEventProcessingBatchStartName is emitted as the first set of events are processed
	// after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each
	// patch should contain 1+ events.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchStart struct
	EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart")

	// EventualEventProcessingListenerStartName is emitted for each function listener invoked
	// on each event.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerStart struct
	EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart")

	// EventualEventProcessingListenerDoneName is emitted for each function listener after invocation
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerDone struct
	EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone")

	// EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchDone struct
	EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone")

	// EventualEventProcessingDoneName is emitted as the last action during processing after
	// all events and batches.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingDone struct
	EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone")
)
View Source
const (
	FieldExternalJwtSignerFingerprint     = "fingerprint"
	FieldExternalJwtSignerCertPem         = "certPem"
	FieldExternalJwtSignerJwksEndpoint    = "jwksEndpoint"
	FieldExternalJwtSignerCommonName      = "commonName"
	FieldExternalJwtSignerNotAfter        = "notAfter"
	FieldExternalJwtSignerNotBefore       = "notBefore"
	FieldExternalJwtSignerEnabled         = "enabled"
	FieldExternalJwtSignerExternalAuthUrl = "externalAuthUrl"
	FieldExternalJwtSignerAuthPolicies    = "authPolicies"
	FieldExternalJwtSignerClaimsProperty  = "claimsProperty"
	FieldExternalJwtSignerUseExternalId   = "useExternalId"
	FieldExternalJwtSignerKid             = "kid"
	FieldExternalJwtSignerIssuer          = "issuer"
	FieldExternalJwtSignerAudience        = "audience"

	DefaultClaimsProperty = "sub"
)
View Source
const (
	FieldIdentityType           = "type"
	FieldIdentityIsDefaultAdmin = "isDefaultAdmin"
	FieldIdentityIsAdmin        = "isAdmin"
	FieldIdentityEnrollments    = "enrollments"
	FieldIdentityAuthenticators = "authenticators"
	FieldIdentityServiceConfigs = "serviceConfigs"

	FieldIdentityEnvInfoArch       = "envInfoArch"
	FieldIdentityEnvInfoOs         = "envInfoOs"
	FieldIdentityEnvInfoOsRelease  = "envInfoRelease"
	FieldIdentityEnvInfoOsVersion  = "envInfoVersion"
	FieldIdentitySdkInfoBranch     = "sdkInfoBranch"
	FieldIdentitySdkInfoRevision   = "sdkInfoRevision"
	FieldIdentitySdkInfoType       = "sdkInfoType"
	FieldIdentitySdkInfoVersion    = "sdkInfoVersion"
	FieldIdentitySdkInfoAppId      = "sdkInfoAppId"
	FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion"

	FieldIdentityBindServices              = "bindServices"
	FieldIdentityDialServices              = "dialServices"
	FieldIdentityDefaultHostingPrecedence  = "defaultHostingPrecedence"
	FieldIdentityDefaultHostingCost        = "defaultHostingCost"
	FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences"
	FieldIdentityServiceHostingCosts       = "serviceHostingCosts"
	FieldIdentityAppData                   = "appData"
	FieldIdentityAuthPolicyId              = "authPolicyId"
	FieldIdentityExternalId                = "externalId"
	FieldIdentityDisabledAt                = "disabledAt"
	FieldIdentityDisabledUntil             = "disabledUntil"
)
View Source
const (
	FieldMfaIdentity      = "identity"
	FieldMfaIsVerified    = "isVerified"
	FieldMfaRecoveryCodes = "recoveryCodes"
	FieldMfaSecret        = "secret"
	FieldMfaSalt          = "salt"
)
View Source
const (
	CurrentDbVersion = 29
	FieldVersion     = "version"
)
View Source
const (
	FieldPostureCheckMfaTimeoutSeconds        = "timeoutSeconds"
	FieldPostureCheckMfaPromptOnWake          = "promptOnWake"
	FieldPostureCheckMfaPromptOnUnlock        = "promptOnUnlock"
	FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints"
)
View Source
const (
	FieldPostureCheckOsType     = "osType"
	FieldPostureCheckOsVersions = "osVersions"
)
View Source
const (
	FieldPostureCheckProcessOs          = "os"
	FieldPostureCheckProcessPath        = "path"
	FieldPostureCheckProcessHashes      = "hashes"
	FieldPostureCheckProcessFingerprint = "fingerprint"
)
View Source
const (
	FieldPostureCheckProcessMultiOsType             = "osType"
	FieldPostureCheckProcessMultiPath               = "path"
	FieldPostureCheckProcessMultiHashes             = "hashes"
	FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints"
	FieldPostureCheckProcessMultiProcesses          = "processes"
)
View Source
const (
	//Fields
	FieldPostureCheckTypeId       = "typeId"
	FieldPostureCheckVersion      = "version"
	FieldPostureCheckBindServices = "bindServices"
	FieldPostureCheckDialServices = "dialServices"
)
View Source
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source
const (
	FieldServicePolicyType = "type"

	PolicyTypeInvalidName = "Invalid"
	PolicyTypeDialName    = "Dial"
	PolicyTypeBindName    = "Bind"

	PolicyTypeInvalid PolicyType = 0
	PolicyTypeDial    PolicyType = 1
	PolicyTypeBind    PolicyType = 2
)
View Source
const (
	FieldSessionToken           = "token"
	FieldSessionApiSession      = "apiSession"
	FieldSessionService         = "service"
	FieldSessionIdentity        = "identity"
	FieldSessionType            = "type"
	FieldSessionServicePolicies = "servicePolicies"

	FieldSessionCertCert        = "cert"
	FieldSessionCertFingerprint = "fingerprint"
	FieldSessionCertValidFrom   = "validFrom"
	FieldSessionCertValidTo     = "validTo"

	SessionTypeDial = "Dial"
	SessionTypeBind = "Bind"
)
View Source
const (
	TransitRouterPath             = "transitRouter"
	FieldTransitRouterIsVerified  = "isVerified"
	FieldTransitRouterEnrollments = "enrollments"
)
View Source
const (
	RolePrefix   = "#"
	EntityPrefix = "@"
	AllRole      = "#all"
)
View Source
const (
	FieldConfigTypeSchema = "schema"
)
View Source
const (
	FieldPostureCheckDomains = "domains"
)
View Source
const (
	FieldPostureCheckMacAddresses = "macAddresses"
)
View Source
const (
	FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)
View Source
const (
	RouterIdentityType = "Router"
)

Variables

View Source
var IdentityTypesV1 = map[string]string{
	"User":    "User",
	"Device":  "Device",
	"Service": "Service",
	"Router":  "Router",
}

Functions

func EvaluatePolicy added in v0.15.27

func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)

func FieldValuesToIds

func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string

func ProcessEntityPolicyMatched added in v0.15.27

func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func ProcessEntityPolicyUnmatched added in v0.15.27

func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func RunMigrations

func RunMigrations(db boltz.Db, stores *Stores) error

func UpdateRelatedRoles

func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)

Types

type ApiSession

type ApiSession struct {
	boltz.BaseExtEntity
	IdentityId      string
	Token           string
	IPAddress       string
	ConfigTypes     []string
	MfaComplete     bool
	MfaRequired     bool
	LastActivityAt  time.Time
	AuthenticatorId string
}

func NewApiSession

func NewApiSession(identityId string) *ApiSession

func (*ApiSession) GetEntityType

func (entity *ApiSession) GetEntityType() string

func (*ApiSession) LoadValues

func (entity *ApiSession) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ApiSession) SetValues

func (entity *ApiSession) SetValues(ctx *boltz.PersistContext)

type ApiSessionCertificate added in v0.17.30

type ApiSessionCertificate struct {
	boltz.BaseExtEntity
	ApiSessionId string
	Subject      string
	Fingerprint  string
	ValidAfter   *time.Time
	ValidBefore  *time.Time
	PEM          string
}

func NewApiSessionCertificate added in v0.17.30

func NewApiSessionCertificate(apiSessionId string) *ApiSessionCertificate

func (*ApiSessionCertificate) GetEntityType added in v0.17.30

func (entity *ApiSessionCertificate) GetEntityType() string

func (*ApiSessionCertificate) LoadValues added in v0.17.30

func (entity *ApiSessionCertificate) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ApiSessionCertificate) SetValues added in v0.17.30

func (entity *ApiSessionCertificate) SetValues(ctx *boltz.PersistContext)

type ApiSessionCertificateStore added in v0.17.30

type ApiSessionCertificateStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*ApiSessionCertificate, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*ApiSessionCertificate, error)
}

type ApiSessionCertificateStoreImpl added in v0.17.30

type ApiSessionCertificateStoreImpl struct {
	// contains filtered or unexported fields
}

func (ApiSessionCertificateStoreImpl) GetName added in v0.17.30

func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*ApiSessionCertificateStoreImpl) LoadOneById added in v0.17.30

func (store *ApiSessionCertificateStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (*ApiSessionCertificate, error)

func (*ApiSessionCertificateStoreImpl) LoadOneByQuery added in v0.17.30

func (store *ApiSessionCertificateStoreImpl) LoadOneByQuery(tx *bbolt.Tx, query string) (*ApiSessionCertificate, error)

func (*ApiSessionCertificateStoreImpl) NewStoreEntity added in v0.17.30

func (store *ApiSessionCertificateStoreImpl) NewStoreEntity() boltz.Entity

type ApiSessionStore

type ApiSessionStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*ApiSession, error)
	LoadOneByToken(tx *bbolt.Tx, token string) (*ApiSession, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*ApiSession, error)
	GetTokenIndex() boltz.ReadIndex
}

type AuthPolicy added in v0.21.153

type AuthPolicy struct {
	boltz.BaseExtEntity
	Name string

	Primary   AuthPolicyPrimary
	Secondary AuthPolicySecondary
}

func (*AuthPolicy) GetEntityType added in v0.21.153

func (entity *AuthPolicy) GetEntityType() string

func (*AuthPolicy) GetName added in v0.21.153

func (entity *AuthPolicy) GetName() string

func (*AuthPolicy) LoadValues added in v0.21.153

func (entity *AuthPolicy) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*AuthPolicy) SetValues added in v0.21.153

func (entity *AuthPolicy) SetValues(ctx *boltz.PersistContext)

type AuthPolicyCert added in v0.21.153

type AuthPolicyCert struct {
	Allowed           bool
	AllowExpiredCerts bool
}

type AuthPolicyExtJwt added in v0.21.153

type AuthPolicyExtJwt struct {
	Allowed              bool
	AllowedExtJwtSigners []string
}

type AuthPolicyPrimary added in v0.21.153

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert
	Updb   AuthPolicyUpdb
	ExtJwt AuthPolicyExtJwt
}

type AuthPolicySecondary added in v0.21.153

type AuthPolicySecondary struct {
	RequireTotp          bool
	RequiredExtJwtSigner *string
}

type AuthPolicyStore added in v0.21.153

type AuthPolicyStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*AuthPolicy, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*AuthPolicy, error)
}

type AuthPolicyStoreImpl added in v0.21.153

type AuthPolicyStoreImpl struct {
	// contains filtered or unexported fields
}

func (AuthPolicyStoreImpl) GetName added in v0.21.153

func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*AuthPolicyStoreImpl) GetNameIndex added in v0.21.153

func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex

func (*AuthPolicyStoreImpl) LoadOneById added in v0.21.153

func (store *AuthPolicyStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (*AuthPolicy, error)

func (*AuthPolicyStoreImpl) LoadOneByName added in v0.21.153

func (store *AuthPolicyStoreImpl) LoadOneByName(tx *bbolt.Tx, name string) (*AuthPolicy, error)

func (*AuthPolicyStoreImpl) LoadOneByQuery added in v0.21.153

func (store *AuthPolicyStoreImpl) LoadOneByQuery(tx *bbolt.Tx, query string) (*AuthPolicy, error)

func (*AuthPolicyStoreImpl) NewStoreEntity added in v0.21.153

func (store *AuthPolicyStoreImpl) NewStoreEntity() boltz.Entity

type AuthPolicyUpdb added in v0.21.153

type AuthPolicyUpdb struct {
	Allowed                bool
	MinPasswordLength      int64
	RequireSpecialChar     bool
	RequireNumberChar      bool
	RequireMixedCase       bool
	MaxAttempts            int64
	LockoutDurationMinutes int64
}

type Authenticator

type Authenticator struct {
	boltz.BaseExtEntity
	Type       string
	IdentityId string
	SubType    AuthenticatorSubType
}

func (*Authenticator) GetEntityType

func (entity *Authenticator) GetEntityType() string

func (*Authenticator) LoadValues

func (entity *Authenticator) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Authenticator) SetValues

func (entity *Authenticator) SetValues(ctx *boltz.PersistContext)

func (*Authenticator) ToCert

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToSubType

func (entity *Authenticator) ToSubType() AuthenticatorSubType

func (*Authenticator) ToUpdb

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert

type AuthenticatorCert struct {
	Authenticator
	Fingerprint string
	Pem         string

	UnverifiedPem         string
	UnverifiedFingerprint string
}

func (*AuthenticatorCert) Fingerprints

func (entity *AuthenticatorCert) Fingerprints() []string

type AuthenticatorStore

type AuthenticatorStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*Authenticator, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*Authenticator, error)
}

type AuthenticatorSubType

type AuthenticatorSubType interface {
	Fingerprints() []string
}

type AuthenticatorUpdb

type AuthenticatorUpdb struct {
	Authenticator
	Username string
	Password string
	Salt     string
}

func (*AuthenticatorUpdb) Fingerprints

func (entity *AuthenticatorUpdb) Fingerprints() []string

type Ca

type Ca struct {
	boltz.BaseExtEntity
	Name                      string
	Fingerprint               string
	CertPem                   string
	IsVerified                bool
	VerificationToken         string
	IsAutoCaEnrollmentEnabled bool
	IsOttCaEnrollmentEnabled  bool
	IsAuthEnabled             bool
	IdentityRoles             []string
	IdentityNameFormat        string
	ExternalIdClaim           *ExternalIdClaim
}

func (*Ca) GetEntityType

func (entity *Ca) GetEntityType() string

func (*Ca) GetName

func (entity *Ca) GetName() string

func (*Ca) LoadValues

func (entity *Ca) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Ca) SetValues

func (entity *Ca) SetValues(ctx *boltz.PersistContext)

type CaStore

type CaStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*Ca, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*Ca, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*Ca, error)
}

type Config

type Config struct {
	boltz.BaseExtEntity
	Name string
	Type string
	Data map[string]interface{}
}

func (*Config) GetEntityType

func (entity *Config) GetEntityType() string

func (*Config) GetName

func (entity *Config) GetName() string

func (*Config) LoadValues

func (entity *Config) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Config) SetValues

func (entity *Config) SetValues(ctx *boltz.PersistContext)

type ConfigStore

type ConfigStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*Config, error)
	LoadOneByName(tx *bbolt.Tx, name string) (*Config, error)
}

type ConfigType

type ConfigType struct {
	boltz.BaseExtEntity
	Name   string
	Schema map[string]interface{}
}

func (*ConfigType) GetEntityType

func (entity *ConfigType) GetEntityType() string

func (*ConfigType) GetName

func (entity *ConfigType) GetName() string

func (*ConfigType) LoadValues

func (entity *ConfigType) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ConfigType) SetValues

func (entity *ConfigType) SetValues(ctx *boltz.PersistContext)

type ConfigTypeStore

type ConfigTypeStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*ConfigType, error)
	LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error)
	GetName(tx *bbolt.Tx, id string) *string
}

type DbProvider

type DbProvider interface {
	GetDb() boltz.Db
	GetStores() *db.Stores
	GetManagers() *network.Managers
}

type EdgeRouter

type EdgeRouter struct {
	db.Router
	IsVerified            bool
	CertPem               *string
	UnverifiedCertPem     *string
	UnverifiedFingerprint *string
	EdgeRouterProtocols   map[string]string
	RoleAttributes        []string
	Enrollments           []string
	IsTunnelerEnabled     bool
	AppData               map[string]interface{}
}

func (*EdgeRouter) GetName

func (entity *EdgeRouter) GetName() string

func (*EdgeRouter) LoadValues

func (entity *EdgeRouter) LoadValues(store boltz.CrudStore, bucket *boltz.TypedBucket)

func (*EdgeRouter) SetValues

func (entity *EdgeRouter) SetValues(ctx *boltz.PersistContext)

type EdgeRouterPolicy

type EdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string
	Semantic        string
	IdentityRoles   []string
	EdgeRouterRoles []string
}

func (*EdgeRouterPolicy) GetEntityType

func (entity *EdgeRouterPolicy) GetEntityType() string

func (*EdgeRouterPolicy) GetName

func (entity *EdgeRouterPolicy) GetName() string

func (*EdgeRouterPolicy) GetSemantic added in v0.15.27

func (entity *EdgeRouterPolicy) GetSemantic() string

func (*EdgeRouterPolicy) LoadValues

func (entity *EdgeRouterPolicy) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*EdgeRouterPolicy) SetValues

func (entity *EdgeRouterPolicy) SetValues(ctx *boltz.PersistContext)

type EdgeRouterPolicyStore

type EdgeRouterPolicyStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*EdgeRouterPolicy, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*EdgeRouterPolicy, error)
}

type EdgeRouterStore

type EdgeRouterStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*EdgeRouter, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*EdgeRouter, error)
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type EdgeService

type EdgeService struct {
	db.Service
	RoleAttributes     []string
	Configs            []string
	EncryptionRequired bool
}

func (*EdgeService) GetName

func (entity *EdgeService) GetName() string

func (*EdgeService) LoadValues

func (entity *EdgeService) LoadValues(store boltz.CrudStore, bucket *boltz.TypedBucket)

func (*EdgeService) SetValues

func (entity *EdgeService) SetValues(ctx *boltz.PersistContext)

type EdgeServiceStore

type EdgeServiceStore interface {
	NameIndexedStore

	LoadOneById(tx *bbolt.Tx, id string) (*EdgeService, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*EdgeService, error)
	IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type Enrollment

type Enrollment struct {
	boltz.BaseExtEntity
	Token           string
	Method          string
	IdentityId      *string
	TransitRouterId *string
	EdgeRouterId    *string
	ExpiresAt       *time.Time
	IssuedAt        *time.Time
	CaId            *string
	Username        *string
	Jwt             string
}

func (*Enrollment) GetEntityType

func (entity *Enrollment) GetEntityType() string

func (*Enrollment) LoadValues

func (entity *Enrollment) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Enrollment) SetValues

func (entity *Enrollment) SetValues(ctx *boltz.PersistContext)

type EnrollmentStore

type EnrollmentStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*Enrollment, error)
	LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*Enrollment, error)
}

type EnvInfo

type EnvInfo struct {
	Arch      string
	Os        string
	OsRelease string
	OsVersion string
}

type EventListenerFunc added in v0.21.45

type EventListenerFunc func(name string, data []byte)

EventListenerFunc is a function handler that will be triggered asynchronously some point in the future

type EventualEvent added in v0.21.45

type EventualEvent struct {
	boltz.BaseExtEntity
	Type string
	Data []byte
}

func (*EventualEvent) GetEntityType added in v0.21.45

func (entity *EventualEvent) GetEntityType() string

func (*EventualEvent) LoadValues added in v0.21.45

func (entity *EventualEvent) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*EventualEvent) SetValues added in v0.21.45

func (entity *EventualEvent) SetValues(ctx *boltz.PersistContext)

type EventualEventAdded added in v0.21.45

type EventualEventAdded struct {
	// Id is a unique id for the event created
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventProcessingBatchDone added in v0.21.45

type EventualEventProcessingBatchDone struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time the batch was started
	StartTime time.Time

	// EndTime the time the batch ended
	EndTime time.Time
}

type EventualEventProcessingBatchStart added in v0.21.45

type EventualEventProcessingBatchStart struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time when the batch started processing
	StartTime time.Time
}

type EventualEventProcessingDone added in v0.21.45

type EventualEventProcessingDone struct {
	// Id is a unique id for processing run
	Id string

	// TotalBatches is the total number of batches executed during processing
	TotalBatches int64

	// TotalEvent is the total number of events processed
	TotalEvents int64

	// TotalListenersExecuted is the total number of listeners executed during processing
	TotalListenersExecuted int64

	// StartTime is the time when the processing began
	StartTime time.Time

	// EndTime is the time when the processing ended
	EndTime time.Time
}

type EventualEventProcessingListenerDone added in v0.21.45

type EventualEventProcessingListenerDone struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// Error is nil if no error occurred during execution, otherwise an error value
	Error error

	// EventType is the typeof the event that triggered the listener
	EventType string

	// StartTime is the time when the listener started execution
	StartTime time.Time

	// EndTime is the time when the listener ended execution
	EndTime time.Time
}

type EventualEventProcessingListenerStart added in v0.21.45

type EventualEventProcessingListenerStart struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// EventType is the typeof the event that is triggering the listener
	EventType string

	// StartTime is the time when the listener was started
	StartTime time.Time
}

type EventualEventProcessingStart added in v0.21.45

type EventualEventProcessingStart struct {
	// Id is a unique id for processing run
	Id string

	// StartTime is the time the processing began
	StartTime time.Time
}

type EventualEventRemoved added in v0.21.45

type EventualEventRemoved struct {
	// Id is a unique id for the event deleted
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventStore added in v0.21.45

type EventualEventStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*EventualEvent, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*EventualEvent, error)
}

type EventualEventer added in v0.21.45

type EventualEventer interface {
	// EventEmmiter is used to provide processing event status on processing state, which is useful
	// for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime,
	// event counts, etc.)
	events.EventEmmiter

	// AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation
	// of the event's data payload is upto the event emitter and consumer.
	AddEventualEvent(eventType string, data []byte)

	// AddEventualListener adds a function as call back when an eventual event is processed.
	AddEventualListener(eventType string, handler EventListenerFunc)

	// Start should be called at the start of the lifetime of the EventualEventer.
	// A closeNotify channel must be supplied for application shutdown eventing.
	//
	// If an EventualEventer has already been started, it will return an error.
	// Errors may be returned for other reasons causing Start to fail.
	Start(closeNotify <-chan struct{}) error

	// Stop may be called to manually end of the lifetime of the EventualEventer outside the
	// closeNotify signaling provided in the Start call. If not started, an error will be returned.
	// Errors may be returned for other reasons causing Stop to fail.
	Stop() error

	// Trigger forces an EventualEventer to check for work to be processed. Beyond this method,
	// it is the implementation's responsibility to provide other mechanisms or logic to determine
	// when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop.
	//
	// If the EventualEventer is not currently running or can't process work and error will
	// be returned. If it is running a channel will be returned which will be closed after
	// the current or next iteration of the event processor has completed.
	Trigger() (<-chan struct{}, error)
}

An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.

EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.

type EventualEventerBbolt added in v0.21.45

type EventualEventerBbolt struct {
	events.EventEmmiter

	Interval time.Duration
	// contains filtered or unexported fields
}

EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.

Events are stored in the following format:

		id   - CUID   - a monotonic reference id
     name - string - an event name, used for log output
     data - []byte - a string array of arguments

func NewEventualEventerBbolt added in v0.21.45

func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt

NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.

func (*EventualEventerBbolt) AddEventualEvent added in v0.21.45

func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualEventWithCtx added in v0.21.45

func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualListener added in v0.21.45

func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)

func (*EventualEventerBbolt) Start added in v0.21.45

func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error

func (*EventualEventerBbolt) Stop added in v0.21.45

func (a *EventualEventerBbolt) Stop() error

func (*EventualEventerBbolt) Trigger added in v0.21.45

func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)

type ExternalIdClaim added in v0.21.221

type ExternalIdClaim struct {
	Location        string
	Matcher         string
	MatcherCriteria string
	Parser          string
	ParserCriteria  string
	Index           int64
}

type ExternalJwtSigner added in v0.21.148

type ExternalJwtSigner struct {
	boltz.BaseExtEntity
	Name            string
	Fingerprint     *string
	Kid             *string
	CertPem         *string
	JwksEndpoint    *string
	CommonName      string
	NotAfter        *time.Time
	NotBefore       *time.Time
	Enabled         bool
	ExternalAuthUrl *string
	ClaimsProperty  *string
	UseExternalId   bool
	Issuer          *string
	Audience        *string
}

func (*ExternalJwtSigner) GetEntityType added in v0.21.148

func (entity *ExternalJwtSigner) GetEntityType() string

func (*ExternalJwtSigner) GetName added in v0.21.148

func (entity *ExternalJwtSigner) GetName() string

func (*ExternalJwtSigner) LoadValues added in v0.21.148

func (entity *ExternalJwtSigner) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ExternalJwtSigner) SetValues added in v0.21.148

func (entity *ExternalJwtSigner) SetValues(ctx *boltz.PersistContext)

type ExternalJwtSignerStore added in v0.21.148

type ExternalJwtSignerStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*ExternalJwtSigner, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*ExternalJwtSigner, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*ExternalJwtSigner, error)
}

type Identity

type Identity struct {
	boltz.BaseExtEntity
	Name                      string
	IdentityTypeId            string
	IsDefaultAdmin            bool
	IsAdmin                   bool
	Enrollments               []string
	Authenticators            []string
	RoleAttributes            []string
	SdkInfo                   *SdkInfo
	EnvInfo                   *EnvInfo
	DefaultHostingPrecedence  ziti.Precedence
	DefaultHostingCost        uint16
	ServiceHostingPrecedences map[string]ziti.Precedence
	ServiceHostingCosts       map[string]uint16
	AppData                   map[string]interface{}
	AuthPolicyId              string
	ExternalId                *string
	DisabledAt                *time.Time
	DisabledUntil             *time.Time
	Disabled                  bool
}

func (*Identity) GetEntityType

func (entity *Identity) GetEntityType() string

func (*Identity) GetName

func (entity *Identity) GetName() string

func (*Identity) LoadValues

func (entity *Identity) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Identity) SetValues

func (entity *Identity) SetValues(ctx *boltz.PersistContext)

type IdentityStore

type IdentityStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*Identity, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*Identity, error)

	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)

	AssignServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	RemoveServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	GetServiceConfigs(tx *bbolt.Tx, identityId string) ([]ServiceConfig, error)
	LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{}
}

type IdentityType

type IdentityType struct {
	boltz.BaseExtEntity
	Name string
}

func (*IdentityType) GetEntityType

func (entity *IdentityType) GetEntityType() string

func (*IdentityType) GetName

func (entity *IdentityType) GetName() string

func (*IdentityType) LoadValues

func (entity *IdentityType) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*IdentityType) SetValues

func (entity *IdentityType) SetValues(ctx *boltz.PersistContext)

type IdentityTypeStore

type IdentityTypeStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*IdentityType, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*IdentityType, error)
}

type IdentityTypeStoreImpl

type IdentityTypeStoreImpl struct {
	// contains filtered or unexported fields
}

func (IdentityTypeStoreImpl) GetName

func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*IdentityTypeStoreImpl) GetNameIndex

func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex

func (*IdentityTypeStoreImpl) LoadOneById

func (store *IdentityTypeStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (*IdentityType, error)

func (*IdentityTypeStoreImpl) LoadOneByName

func (store *IdentityTypeStoreImpl) LoadOneByName(tx *bbolt.Tx, name string) (*IdentityType, error)

func (*IdentityTypeStoreImpl) LoadOneByQuery

func (store *IdentityTypeStoreImpl) LoadOneByQuery(tx *bbolt.Tx, query string) (*IdentityType, error)

func (*IdentityTypeStoreImpl) NewStoreEntity

func (store *IdentityTypeStoreImpl) NewStoreEntity() boltz.Entity

type Mfa added in v0.17.52

type Mfa struct {
	boltz.BaseExtEntity
	IdentityId    string
	IsVerified    bool
	Secret        string
	Salt          string
	RecoveryCodes []string
}

func NewMfa added in v0.17.52

func NewMfa(identityId string) *Mfa

func (*Mfa) GetEntityType added in v0.17.52

func (entity *Mfa) GetEntityType() string

func (*Mfa) LoadValues added in v0.17.52

func (entity *Mfa) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Mfa) SetValues added in v0.17.52

func (entity *Mfa) SetValues(ctx *boltz.PersistContext)

type MfaStore added in v0.17.52

type MfaStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*Mfa, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*Mfa, error)
}

type MfaStoreImpl added in v0.17.52

type MfaStoreImpl struct {
	// contains filtered or unexported fields
}

func (MfaStoreImpl) GetName added in v0.17.52

func (store MfaStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*MfaStoreImpl) LoadOneById added in v0.17.52

func (store *MfaStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (*Mfa, error)

func (*MfaStoreImpl) LoadOneByQuery added in v0.17.52

func (store *MfaStoreImpl) LoadOneByQuery(tx *bbolt.Tx, query string) (*Mfa, error)

func (*MfaStoreImpl) NewStoreEntity added in v0.17.52

func (store *MfaStoreImpl) NewStoreEntity() boltz.Entity

type Migrations

type Migrations struct {
	// contains filtered or unexported fields
}

type NameIndexedStore

type NameIndexedStore interface {
	Store
	GetNameIndex() boltz.ReadIndex
}

type OperatingSystem added in v0.16.48

type OperatingSystem struct {
	OsType     string
	OsVersions []string
}

type Policy added in v0.15.27

type Policy interface {
	boltz.NamedExtEntity
}

type PolicyType added in v0.17.36

type PolicyType int32

func (PolicyType) String added in v0.17.36

func (self PolicyType) String() string

type PostureCheck added in v0.16.46

type PostureCheck struct {
	boltz.BaseExtEntity
	Name           string
	TypeId         string
	Version        int64
	RoleAttributes []string
	SubType        PostureCheckSubType
}

func (*PostureCheck) GetEntityType added in v0.16.46

func (entity *PostureCheck) GetEntityType() string

func (*PostureCheck) GetName added in v0.16.46

func (entity *PostureCheck) GetName() string

func (*PostureCheck) LoadValues added in v0.16.46

func (entity *PostureCheck) LoadValues(store boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheck) SetValues added in v0.16.46

func (entity *PostureCheck) SetValues(ctx *boltz.PersistContext)

type PostureCheckMacAddresses added in v0.16.48

type PostureCheckMacAddresses struct {
	MacAddresses []string
}

func (*PostureCheckMacAddresses) LoadValues added in v0.16.48

func (entity *PostureCheckMacAddresses) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckMacAddresses) SetValues added in v0.16.48

func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckMfa added in v0.17.52

type PostureCheckMfa struct {
	TimeoutSeconds        int64
	PromptOnWake          bool
	PromptOnUnlock        bool
	IgnoreLegacyEndpoints bool
}

func (*PostureCheckMfa) LoadValues added in v0.17.52

func (entity *PostureCheckMfa) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckMfa) SetValues added in v0.17.52

func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOperatingSystem added in v0.16.48

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem
}

func (*PostureCheckOperatingSystem) LoadValues added in v0.16.48

func (entity *PostureCheckOperatingSystem) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckOperatingSystem) SetValues added in v0.16.48

func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOs added in v0.20.35

type PostureCheckOs struct {
	boltz.BaseExtEntity
	Name             string
	OperatingSystems []OperatingSystem
}

func (*PostureCheckOs) GetEntityType added in v0.20.35

func (entity *PostureCheckOs) GetEntityType() string

func (*PostureCheckOs) GetName added in v0.20.35

func (entity *PostureCheckOs) GetName() string

func (*PostureCheckOs) LoadValues added in v0.20.35

func (entity *PostureCheckOs) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckOs) SetValues added in v0.20.35

func (entity *PostureCheckOs) SetValues(ctx *boltz.PersistContext)

type PostureCheckProcess added in v0.16.48

type PostureCheckProcess struct {
	OperatingSystem string
	Path            string
	Hashes          []string
	Fingerprint     string
}

func (*PostureCheckProcess) LoadValues added in v0.16.48

func (entity *PostureCheckProcess) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckProcess) SetValues added in v0.16.48

func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcessMulti added in v0.19.93

type PostureCheckProcessMulti struct {
	Semantic  string
	Processes []*ProcessMulti
}

func (*PostureCheckProcessMulti) LoadValues added in v0.19.93

func (entity *PostureCheckProcessMulti) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckProcessMulti) SetValues added in v0.19.93

func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckStore added in v0.16.46

type PostureCheckStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*PostureCheck, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*PostureCheck, error)
	LoadOneByQuery(tx *bbolt.Tx, query string) (*PostureCheck, error)
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error)
}

type PostureCheckSubType added in v0.16.48

type PostureCheckSubType interface {
	LoadValues(store boltz.CrudStore, bucket *boltz.TypedBucket)
	SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
}

type PostureCheckTypeStore added in v0.16.48

type PostureCheckTypeStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*PostureCheckOs, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*PostureCheckOs, error)
}

type PostureCheckWindowsDomains added in v0.16.48

type PostureCheckWindowsDomains struct {
	Domains []string
}

func (*PostureCheckWindowsDomains) LoadValues added in v0.16.48

func (entity *PostureCheckWindowsDomains) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*PostureCheckWindowsDomains) SetValues added in v0.16.48

func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type ProcessMulti added in v0.19.93

type ProcessMulti struct {
	OsType             string
	Path               string
	Hashes             []string
	SignerFingerprints []string
}

type SdkInfo

type SdkInfo struct {
	Branch     string
	Revision   string
	Type       string
	Version    string
	AppId      string
	AppVersion string
}

type SecretStore added in v0.17.52

type SecretStore interface {
	GetSecret() []byte
}

type ServiceConfig

type ServiceConfig struct {
	ServiceId string
	ConfigId  string
}

type ServiceEdgeRouterPolicy

type ServiceEdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string
	Semantic        string
	ServiceRoles    []string
	EdgeRouterRoles []string
}

func (*ServiceEdgeRouterPolicy) GetEntityType

func (entity *ServiceEdgeRouterPolicy) GetEntityType() string

func (*ServiceEdgeRouterPolicy) GetName

func (entity *ServiceEdgeRouterPolicy) GetName() string

func (*ServiceEdgeRouterPolicy) GetSemantic added in v0.15.27

func (entity *ServiceEdgeRouterPolicy) GetSemantic() string

func (*ServiceEdgeRouterPolicy) LoadValues

func (entity *ServiceEdgeRouterPolicy) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ServiceEdgeRouterPolicy) SetValues

func (entity *ServiceEdgeRouterPolicy) SetValues(ctx *boltz.PersistContext)

type ServiceEdgeRouterPolicyStore

type ServiceEdgeRouterPolicyStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*ServiceEdgeRouterPolicy, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*ServiceEdgeRouterPolicy, error)
}

type ServiceEvent added in v0.17.36

type ServiceEvent struct {
	Type       ServiceEventType
	IdentityId string
	ServiceId  string
}

func (*ServiceEvent) String added in v0.17.36

func (self *ServiceEvent) String() string

type ServiceEventHandler added in v0.17.36

type ServiceEventHandler func(event *ServiceEvent)

type ServiceEventType added in v0.17.36

type ServiceEventType byte
const (
	ServiceDialAccessGained ServiceEventType = 1
	ServiceDialAccessLost   ServiceEventType = 2
	ServiceBindAccessGained ServiceEventType = 3
	ServiceBindAccessLost   ServiceEventType = 4
	ServiceUpdated          ServiceEventType = 5
)

func (ServiceEventType) String added in v0.17.36

func (self ServiceEventType) String() string

type ServiceEventsRegistry added in v0.17.36

type ServiceEventsRegistry struct {
	// contains filtered or unexported fields
}

func (*ServiceEventsRegistry) AddServiceEventHandler added in v0.17.36

func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)

func (*ServiceEventsRegistry) RemoveServiceEventHandler added in v0.17.36

func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)

type ServicePolicy

type ServicePolicy struct {
	boltz.BaseExtEntity
	PolicyType        PolicyType
	Name              string
	Semantic          string
	IdentityRoles     []string
	ServiceRoles      []string
	PostureCheckRoles []string
}

func (*ServicePolicy) GetEntityType

func (entity *ServicePolicy) GetEntityType() string

func (*ServicePolicy) GetName

func (entity *ServicePolicy) GetName() string

func (*ServicePolicy) GetPolicyTypeName

func (entity *ServicePolicy) GetPolicyTypeName() string

func (*ServicePolicy) GetSemantic added in v0.15.27

func (entity *ServicePolicy) GetSemantic() string

func (*ServicePolicy) LoadValues

func (entity *ServicePolicy) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*ServicePolicy) SetValues

func (entity *ServicePolicy) SetValues(ctx *boltz.PersistContext)

type ServicePolicyStore

type ServicePolicyStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*ServicePolicy, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*ServicePolicy, error)
}

type Session

type Session struct {
	boltz.BaseExtEntity
	Token           string
	IdentityId      string
	ApiSessionId    string
	ServiceId       string
	Type            string
	Certs           []*SessionCert
	ApiSession      *ApiSession
	ServicePolicies []string
}

func (*Session) GetEntityType

func (entity *Session) GetEntityType() string

func (*Session) LoadValues

func (entity *Session) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*Session) SetValues

func (entity *Session) SetValues(ctx *boltz.PersistContext)

type SessionCert

type SessionCert struct {
	Id          string
	Cert        string
	Fingerprint string
	ValidFrom   time.Time
	ValidTo     time.Time
}

func (*SessionCert) GetEntityType

func (entity *SessionCert) GetEntityType() string

func (*SessionCert) GetId

func (entity *SessionCert) GetId() string

func (*SessionCert) LoadValues

func (entity *SessionCert) LoadValues(_ boltz.CrudStore, bucket *boltz.TypedBucket)

func (*SessionCert) SetId

func (entity *SessionCert) SetId(id string)

func (*SessionCert) SetValues

func (entity *SessionCert) SetValues(ctx *boltz.PersistContext)

type SessionStore

type SessionStore interface {
	Store
	LoadOneById(tx *bbolt.Tx, id string) (*Session, error)
	LoadOneByToken(tx *bbolt.Tx, token string) (*Session, error)
	LoadCerts(tx *bbolt.Tx, id string) ([]*SessionCert, error)
	GetTokenIndex() boltz.ReadIndex
}

type Store

type Store interface {
	boltz.CrudStore
	// contains filtered or unexported methods
}

type Stores

type Stores struct {
	DbProvider      DbProvider
	EventualEventer EventualEventer

	// fabric stores
	Router     db.RouterStore
	Service    db.ServiceStore
	Terminator db.TerminatorStore

	ApiSession              ApiSessionStore
	ApiSessionCertificate   ApiSessionCertificateStore
	AuthPolicy              AuthPolicyStore
	EventualEvent           EventualEventStore
	ExternalJwtSigner       ExternalJwtSignerStore
	Ca                      CaStore
	Config                  ConfigStore
	ConfigType              ConfigTypeStore
	EdgeRouter              EdgeRouterStore
	EdgeRouterPolicy        EdgeRouterPolicyStore
	EdgeService             EdgeServiceStore
	Identity                IdentityStore
	IdentityType            IdentityTypeStore
	Index                   boltz.ListStore
	Session                 SessionStore
	ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore
	ServicePolicy           ServicePolicyStore
	TransitRouter           TransitRouterStore
	Enrollment              EnrollmentStore
	Authenticator           AuthenticatorStore
	PostureCheck            PostureCheckStore
	PostureCheckType        PostureCheckTypeStore
	Mfa                     MfaStore
	// contains filtered or unexported fields
}

func NewBoltStores

func NewBoltStores(dbProvider DbProvider) (*Stores, error)

func (*Stores) GetEntityCounts added in v0.21.97

func (stores *Stores) GetEntityCounts(dbProvider DbProvider) (map[string]int64, error)

func (*Stores) GetStoreForEntity

func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.CrudStore

type TestContext

type TestContext struct {
	boltz.BaseTestContext
	// contains filtered or unexported fields
}

func NewTestContext

func NewTestContext(t *testing.T) *TestContext

func (*TestContext) Cleanup added in v0.21.45

func (ctx *TestContext) Cleanup()

func (*TestContext) CleanupAll added in v0.20.36

func (ctx *TestContext) CleanupAll()

func (*TestContext) GetDb

func (ctx *TestContext) GetDb() boltz.Db

func (*TestContext) GetDbProvider

func (ctx *TestContext) GetDbProvider() DbProvider

func (*TestContext) GetNetwork added in v0.21.235

func (ctx *TestContext) GetNetwork() *network.Network

func (*TestContext) GetStoreForEntity

func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.CrudStore

func (*TestContext) GetStores

func (ctx *TestContext) GetStores() *Stores

func (*TestContext) Init

func (ctx *TestContext) Init()

func (*TestContext) InitWithDbFile added in v0.20.110

func (ctx *TestContext) InitWithDbFile(path string)

func (*TestContext) RequireNewIdentity added in v0.20.36

func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity

func (*TestContext) RequireNewService added in v0.20.36

func (ctx *TestContext) RequireNewService(name string) *EdgeService

type TransitRouter

type TransitRouter struct {
	db.Router
	IsVerified            bool
	Enrollments           []string
	IsBase                bool
	UnverifiedCertPem     *string
	UnverifiedFingerprint *string
}

func (*TransitRouter) GetEntityType

func (entity *TransitRouter) GetEntityType() string

func (*TransitRouter) GetName

func (entity *TransitRouter) GetName() string

func (*TransitRouter) LoadValues

func (entity *TransitRouter) LoadValues(store boltz.CrudStore, bucket *boltz.TypedBucket)

func (*TransitRouter) SetValues

func (entity *TransitRouter) SetValues(ctx *boltz.PersistContext)

type TransitRouterStore

type TransitRouterStore interface {
	NameIndexedStore
	LoadOneById(tx *bbolt.Tx, id string) (*TransitRouter, error)
	LoadOneByName(tx *bbolt.Tx, id string) (*TransitRouter, error)
}

type UpdateLastActivityAtChecker added in v0.19.39

type UpdateLastActivityAtChecker struct{}

func (UpdateLastActivityAtChecker) IsUpdated added in v0.19.39

func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL