edge_apis

package
v0.20.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2023 License: Apache-2.0 Imports: 20 Imported by: 9

Documentation

Overview

Package edge_apis_2 edge_apis_2 provides a wrapper around the generated Edge Client and Management APIs improve ease of use.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ApiType 

type ApiType interface {
	ZitiEdgeManagement | ZitiEdgeClient
}

ApiType is an interface constraint for generics. The underlying go-swagger types only have fields, which are insufficient to attempt to make a generic type from. Instead, this constraint is used that points at the aliased types.

type AuthEnabledApi 

type AuthEnabledApi interface {
	//Authenticate will attempt to issue an authentication request using the provided credentials and http client.
	//These functions act as abstraction around the underlying go-swagger generated client and will use the default
	//http client if not provided.
	Authenticate(credentials Credentials, configTypes []string, httpClient *http.Client) (*rest_model.CurrentAPISessionDetail, error)
}

AuthEnabledApi is used as a sentinel interface to detect APIs that support authentication and to work around a golang limitation dealing with accessing field of generically typed fields.

type BaseClient 

type BaseClient[A ApiType] struct {
	API *A
	Components
	AuthInfoWriter          runtime.ClientAuthInfoWriter
	CurrentAPISessionDetail *rest_model.CurrentAPISessionDetail
	Credentials             Credentials
}

BaseClient implements the Client interface specifically for the types specified in the ApiType constraint. It provides shared functionality that all ApiType types require.

func (*BaseClient[A]) Authenticate 

func (self *BaseClient[A]) Authenticate(credentials Credentials, configTypes []string) (*rest_model.CurrentAPISessionDetail, error)

Authenticate will attempt to use the provided credentials to authenticate via the underlying ApiType. On success the API Session details will be returned and the current client will make authenticated requests on future calls. On an error the API Session in use will be cleared and subsequent requests will become/continue to be made in an unauthenticated fashion.

func (*BaseClient[A]) AuthenticateRequest 

func (self *BaseClient[A]) AuthenticateRequest(request runtime.ClientRequest, registry strfmt.Registry) error

AuthenticateRequest implements the openapi runtime.ClientAuthInfoWriter interface from the OpenAPI libraries. It is used to authenticate outgoing requests.

func (*BaseClient[A]) GetCurrentApiSession 

func (self *BaseClient[A]) GetCurrentApiSession() *rest_model.CurrentAPISessionDetail

GetCurrentApiSession returns the ApiSession that is being used to authenticate requests.

type BaseCredentials 

type BaseCredentials struct {
	//ConfigTypes is used to set the configuration types for services during authentication
	ConfigTypes []string

	//EnvInfo is provided during authentication to set environmental information about the client.
	EnvInfo *rest_model.EnvInfo

	//SdkInfo is provided during authentication to set SDK information about the client.
	SdkInfo *rest_model.SdkInfo

	//CaPool will override the client's default certificate pool if set to a non-nil value.
	CaPool *x509.CertPool
}

BaseCredentials is a shared struct of information all Credentials implementations require.

func (*BaseCredentials) AuthenticateRequest 

func (c *BaseCredentials) AuthenticateRequest(_ runtime.ClientRequest, _ strfmt.Registry) error

AuthenticateRequest provides a base implementation to authenticate an outgoing request. This is provided here for authentication methods such as `cert` which do not have to provide any more request level information.

func (*BaseCredentials) GetCaPool 

func (c *BaseCredentials) GetCaPool() *x509.CertPool

GetCaPool provides a base implementation to return the certificate pool of a Credentials instance.

func (*BaseCredentials) Payload 

func (self *BaseCredentials) Payload() *rest_model.Authenticate

Payload will produce the object used to construct the body of an authentication requests. The base version sets shared information available in BaseCredentials.

func (*BaseCredentials) TlsCerts 

func (self *BaseCredentials) TlsCerts() []tls.Certificate

TlsCerts provides a base implementation of returning the tls.Certificate array that will be used to setup mTLS connections. This is provided here for authentication methods that do not initially require mTLS (e.g. JWTs).

type CertCredentials 

type CertCredentials struct {
	BaseCredentials
	Certs []*x509.Certificate
	Key   crypto.PrivateKey
}

CertCredentials represents authentication using certificates that are not from an Identity configuration file.

func NewCertCredentials 

func NewCertCredentials(certs []*x509.Certificate, key crypto.PrivateKey) *CertCredentials

NewCertCredentials creates Credentials instance based upon an array of certificates. At least one certificate must be provided and the certificate at index zero is assumed to be the leaf client certificate that pairs with the provided private key. All other certificates are assumed to support the leaf client certificate as a chain.

func (*CertCredentials) GetIdentity 

func (c *CertCredentials) GetIdentity() identity.Identity

func (*CertCredentials) Method 

func (c *CertCredentials) Method() string

func (*CertCredentials) TlsCerts 

func (c *CertCredentials) TlsCerts() []tls.Certificate

type ClientApiClient 

type ClientApiClient struct {
	BaseClient[ZitiEdgeClient]
}

func NewClientApiClient 

func NewClientApiClient(apiUrl *url.URL, caPool *x509.CertPool) *ClientApiClient

NewClientApiClient will assemble a ClientApiClient. The apiUrl should be the full URL to the Edge Client API (e.g. `https://example.com/edge/client/v1`).

The `caPool` argument should be a list of trusted root CAs. If provided as `nil` here unauthenticated requests will use the system certificate pool. If authentication occurs, and a certificate pool is set on the Credentials the certificate pool from the Credentials will be used from that point forward. Credentials implementations based on an identity.Identity are likely to provide a certificate pool.

For OpenZiti instances not using publicly signed certificates, `ziti.GetControllerWellKnownCaPool()` can be used to obtain and verify the target controllers CAs. Tools should allow users to verify and accept new controllers that have not been verified from an outside secret (such as an enrollment token).

type Components 

type Components struct {
	Runtime       *openapiclient.Runtime
	HttpClient    *http.Client
	HttpTransport *http.Transport
	CaPool        *x509.CertPool
}

Components provides the basic shared lower level pieces used to assemble go-swagger/openapi clients. These components are interconnected and have references to each other. This struct is used to set, move, and manage them as a set.

func NewComponents 

func NewComponents(api *url.URL, schemes []string) *Components

NewComponents assembles a new set of components with reasonable production defaults.

type Credentials 

type Credentials interface {
	//Payload constructs the objects that represent the JSON authentication payload for this set of credentials.
	Payload() *rest_model.Authenticate

	//TlsCerts returns zero or more tls.Certificates used for client authentication.
	TlsCerts() []tls.Certificate

	//GetCaPool will return the CA pool that this credential was configured to trust.
	GetCaPool() *x509.CertPool

	//Method return the authentication necessary to complete an authentication request.
	Method() string

	//ClientAuthInfoWriter is used to pass a Credentials instance to the openapi runtime to authenticate outgoing
	//requests.
	runtime.ClientAuthInfoWriter
}

Credentials represents the minimal information needed across all authentication mechanisms to authenticate an identity to an OpenZiti network.

type IdentityCredentials 

type IdentityCredentials struct {
	BaseCredentials
	Identity identity.Identity
}

func NewIdentityCredentials 

func NewIdentityCredentials(identity identity.Identity) *IdentityCredentials

NewIdentityCredentials creates a Credentials instance based upon and Identity.

func NewIdentityCredentialsFromConfig 

func NewIdentityCredentialsFromConfig(config identity.Config) *IdentityCredentials

NewIdentityCredentialsFromConfig creates a Credentials instance based upon and Identity configuration.

func (*IdentityCredentials) GetCaPool 

func (c *IdentityCredentials) GetCaPool() *x509.CertPool

func (*IdentityCredentials) GetIdentity 

func (c *IdentityCredentials) GetIdentity() identity.Identity

func (*IdentityCredentials) Method 

func (c *IdentityCredentials) Method() string

func (*IdentityCredentials) TlsCerts 

func (c *IdentityCredentials) TlsCerts() []tls.Certificate

type IdentityProvider 

type IdentityProvider interface {
	GetIdentity() identity.Identity
}

IdentityProvider is a sentinel interface used to determine whether the backing Credentials instance can provide an Identity that can provide a certificate and private key used to initiate mTLS connections.

type JwtCredentials 

type JwtCredentials struct {
	BaseCredentials
	JWT                string
	SendOnEveryRequest bool
}

func NewJwtCredentials 

func NewJwtCredentials(jwt string) *JwtCredentials

NewJwtCredentials creates a Credentials instance based on a JWT obtained from an outside system.

func (*JwtCredentials) AuthenticateRequest 

func (c *JwtCredentials) AuthenticateRequest(request runtime.ClientRequest, _ strfmt.Registry) error

func (*JwtCredentials) Method 

func (c *JwtCredentials) Method() string

type ManagementApiClient 

type ManagementApiClient struct {
	BaseClient[ZitiEdgeManagement]
}

ManagementApiClient provides the ability to authenticate and interact with the Edge Management API.

func NewManagementApiClient 

func NewManagementApiClient(apiUrl *url.URL, caPool *x509.CertPool) *ManagementApiClient

NewManagementApiClient will assemble an ManagementApiClient. The apiUrl should be the full URL to the Edge Management API (e.g. `https://example.com/edge/management/v1`).

The `caPool` argument should be a list of trusted root CAs. If provided as `nil` here unauthenticated requests will use the system certificate pool. If authentication occurs, and a certificate pool is set on the Credentials the certificate pool from the Credentials will be used from that point forward. Credentials implementations based on an identity.Identity are likely to provide a certificate pool.

For OpenZiti instances not using publicly signed certificates, `ziti.GetControllerWellKnownCaPool()` can be used to obtain and verify the target controllers CAs. Tools should allow users to verify and accept new controllers that have not been verified from an outside secret (such as an enrollment token).

type UpdbCredentials 

type UpdbCredentials struct {
	BaseCredentials
	Username string
	Password string
}

func NewUpdbCredentials 

func NewUpdbCredentials(username string, password string) *UpdbCredentials

NewUpdbCredentials creates a Credentials instance based on a username/passwords combination.

func (*UpdbCredentials) Method 

func (self *UpdbCredentials) Method() string

func (*UpdbCredentials) Payload 

func (self *UpdbCredentials) Payload() *rest_model.Authenticate

type ZitiEdgeClient 

type ZitiEdgeClient rest_client_api_client.ZitiEdgeClient

ZitiEdgeClient is an alias of the go-swagger generated client that allows this package to add additional functionality to the alias type to implement the AuthEnabledApi interface.

func (ZitiEdgeClient) Authenticate 

func (self ZitiEdgeClient) Authenticate(credentials Credentials, configTypes []string, httpClient *http.Client) (*rest_model.CurrentAPISessionDetail, error)

type ZitiEdgeManagement 

type ZitiEdgeManagement rest_management_api_client.ZitiEdgeManagement

ZitiEdgeManagement is an alias of the go-swagger generated client that allows this package to add additional functionality to the alias type to implement the AuthEnabledApi interface.

func (ZitiEdgeManagement) Authenticate 

func (self ZitiEdgeManagement) Authenticate(credentials Credentials, configTypes []string, httpClient *http.Client) (*rest_model.CurrentAPISessionDetail, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.