Documentation ¶
Index ¶
- Constants
- func CloneMap[V any](m cmap.ConcurrentMap[string, V]) cmap.ConcurrentMap[string, V]
- type AccessClaims
- func (r *AccessClaims) ConfigTypesAsMap() map[string]struct{}
- func (r *AccessClaims) GetAudience() (jwt.ClaimStrings, error)
- func (r *AccessClaims) GetExpirationTime() (*jwt.NumericDate, error)
- func (r *AccessClaims) GetIssuedAt() (*jwt.NumericDate, error)
- func (r *AccessClaims) GetIssuer() (string, error)
- func (r *AccessClaims) GetNotBefore() (*jwt.NumericDate, error)
- func (r *AccessClaims) GetSubject() (string, error)
- func (c *AccessClaims) HasAudience(targetAud string) bool
- func (c *AccessClaims) TotpComplete() bool
- func (r *AccessClaims) UnmarshalJSON(raw []byte) error
- type AccessPolicies
- type Config
- type ConfigType
- type CustomClaims
- type DataStateConfig
- type DataStateConfigType
- type DataStateIdentity
- type DataStatePostureCheck
- type DataStateService
- type DataStateServicePolicy
- type EventCache
- type ForgetfulEventCache
- func (cache *ForgetfulEventCache) CurrentIndex() (uint64, bool)
- func (cache *ForgetfulEventCache) ReplayFrom(_ uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)
- func (cache *ForgetfulEventCache) SetCurrentIndex(index uint64)
- func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error
- func (cache *ForgetfulEventCache) WhileLocked(callback func(uint64, bool))
- type IdTokenClaims
- func (r *IdTokenClaims) GetAudience() (jwt.ClaimStrings, error)
- func (r *IdTokenClaims) GetExpirationTime() (*jwt.NumericDate, error)
- func (r *IdTokenClaims) GetIssuedAt() (*jwt.NumericDate, error)
- func (r *IdTokenClaims) GetIssuer() (string, error)
- func (r *IdTokenClaims) GetNotBefore() (*jwt.NumericDate, error)
- func (r *IdTokenClaims) GetSubject() (string, error)
- func (c *IdTokenClaims) TotpComplete() bool
- type Identity
- type IdentityConfig
- type IdentityEventSubscriber
- type IdentityEventType
- type IdentityService
- type IdentityState
- type IdentitySubscription
- type LoggingEventCache
- func (cache *LoggingEventCache) CurrentIndex() (uint64, bool)
- func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)
- func (cache *LoggingEventCache) SetCurrentIndex(index uint64)
- func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error
- func (cache *LoggingEventCache) WhileLocked(callback func(uint64, bool))
- type OnStoreSuccess
- type PostureCheck
- type RefreshClaims
- func (r *RefreshClaims) GetAudience() (jwt.ClaimStrings, error)
- func (r *RefreshClaims) GetExpirationTime() (*jwt.NumericDate, error)
- func (r *RefreshClaims) GetIssuedAt() (*jwt.NumericDate, error)
- func (r *RefreshClaims) GetIssuer() (string, error)
- func (r *RefreshClaims) GetNotBefore() (*jwt.NumericDate, error)
- func (r *RefreshClaims) GetSubject() (string, error)
- func (c *RefreshClaims) MarshalJSON() ([]byte, error)
- func (c *RefreshClaims) UnmarshalJSON(data []byte) error
- type RouterDataModel
- func NewReceiverRouterDataModel(listenerBufferSize uint, closeNotify <-chan struct{}) *RouterDataModel
- func NewReceiverRouterDataModelFromFile(path string, listenerBufferSize uint, closeNotify <-chan struct{}) (*RouterDataModel, error)
- func NewSenderRouterDataModel(logSize uint64, listenerBufferSize uint) *RouterDataModel
- func (rdm *RouterDataModel) ApplyChangeSet(change *edge_ctrl_pb.DataState_ChangeSet)
- func (rdm *RouterDataModel) GetDataState() *edge_ctrl_pb.DataState
- func (rdm *RouterDataModel) GetPublicKeys() map[string]crypto.PublicKey
- func (rdm *RouterDataModel) GetServiceAccessPolicies(identityId string, serviceId string, policyType edge_ctrl_pb.PolicyType) (*AccessPolicies, error)
- func (rdm *RouterDataModel) Handle(index uint64, event *edge_ctrl_pb.DataState_Event) bool
- func (rdm *RouterDataModel) HandleConfigEvent(index uint64, event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandleConfigTypeEvent(index uint64, event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandleIdentityEvent(index uint64, event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandlePostureCheckEvent(index uint64, event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandlePublicKeyEvent(event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandleRevocationEvent(event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandleServiceEvent(index uint64, event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) HandleServicePolicyChange(index uint64, model *edge_ctrl_pb.DataState_ServicePolicyChange)
- func (rdm *RouterDataModel) HandleServicePolicyEvent(event *edge_ctrl_pb.DataState_Event, ...)
- func (rdm *RouterDataModel) InheritSubscribers(other *RouterDataModel)
- func (rdm *RouterDataModel) NewListener() <-chan *edge_ctrl_pb.DataState_ChangeSet
- func (rdm *RouterDataModel) Save(path string)
- func (rdm *RouterDataModel) Stop()
- func (rdm *RouterDataModel) SubscribeToIdentityChanges(identityId string, subscriber IdentityEventSubscriber, isRouterIdentity bool) error
- func (rdm *RouterDataModel) SyncAllSubscribers()
- type Service
- type ServiceAccessClaims
- type ServiceEventType
- type ServicePolicy
Constants ¶
const ( EdgeBinding = "edge" TunnelBinding = "tunnel" )
const ( ClaimClientIdOpenZiti = "openziti" ClaimAudienceOpenZiti = "openziti" //ClaimLegacyNative - to remove after SDKs stop using this as a client id ClaimLegacyNative = "native" CustomClaimApiSessionId = "z_asid" CustomClaimExternalId = "z_eid" CustomClaimIsAdmin = "z_ia" CustomClaimsConfigTypes = "z_ct" CustomClaimsCertFingerprints = "z_cfs" // CustomClaimsTokenType and other constants below may not appear as referenced, but are used in `json: ""` tags. Provided here for external use. CustomClaimsTokenType = "z_t" CustomClaimServiceId = "z_sid" CustomClaimIdentityId = "z_iid" CustomClaimServiceType = "z_st" CustomClaimRemoteAddress = "z_ra" CustomClaimIsCertExtendable = "z_ice" DefaultAccessTokenDuration = 30 * time.Minute DefaultIdTokenDuration = 30 * time.Minute DefaultRefreshTokenDuration = 24 * time.Hour TokenTypeAccess = "a" TokenTypeRefresh = "r" TokenTypeServiceAccess = "s" )
const ( EventAccessGained ServiceEventType = 1 EventUpdated ServiceEventType = 2 EventAccessRemoved ServiceEventType = 3 EventFullState IdentityEventType = 4 EventIdentityUpdated IdentityEventType = 5 EventPostureChecksUpdated IdentityEventType = 6 EventIdentityDeleted IdentityEventType = 7 )
Variables ¶
This section is empty.
Functions ¶
func CloneMap ¶ added in v1.1.8
func CloneMap[V any](m cmap.ConcurrentMap[string, V]) cmap.ConcurrentMap[string, V]
Types ¶
type AccessClaims ¶ added in v0.34.0
type AccessClaims struct { oidc.AccessTokenClaims CustomClaims }
func (*AccessClaims) ConfigTypesAsMap ¶ added in v0.34.0
func (r *AccessClaims) ConfigTypesAsMap() map[string]struct{}
func (*AccessClaims) GetAudience ¶ added in v0.34.0
func (r *AccessClaims) GetAudience() (jwt.ClaimStrings, error)
func (*AccessClaims) GetExpirationTime ¶ added in v0.34.0
func (r *AccessClaims) GetExpirationTime() (*jwt.NumericDate, error)
func (*AccessClaims) GetIssuedAt ¶ added in v0.34.0
func (r *AccessClaims) GetIssuedAt() (*jwt.NumericDate, error)
func (*AccessClaims) GetIssuer ¶ added in v0.34.0
func (r *AccessClaims) GetIssuer() (string, error)
func (*AccessClaims) GetNotBefore ¶ added in v0.34.0
func (r *AccessClaims) GetNotBefore() (*jwt.NumericDate, error)
func (*AccessClaims) GetSubject ¶ added in v0.34.0
func (r *AccessClaims) GetSubject() (string, error)
func (*AccessClaims) HasAudience ¶ added in v0.34.0
func (c *AccessClaims) HasAudience(targetAud string) bool
func (*AccessClaims) TotpComplete ¶ added in v0.34.0
func (c *AccessClaims) TotpComplete() bool
func (*AccessClaims) UnmarshalJSON ¶ added in v0.34.0
func (r *AccessClaims) UnmarshalJSON(raw []byte) error
type AccessPolicies ¶ added in v0.34.0
type AccessPolicies struct { Identity *Identity Service *Service Policies []*ServicePolicy PostureChecks map[string]*edge_ctrl_pb.DataState_PostureCheck }
AccessPolicies represents the Identity's access to a Service through many Policies. The PostureChecks provided are referenced by the granting Policies. The PostureChecks for each of the Policies may be evaluated to determine a valid policy and posture access path.
type Config ¶ added in v1.1.8
type Config struct { *DataStateConfig Index uint64 }
type ConfigType ¶ added in v1.1.8
type ConfigType struct { *DataStateConfigType Index uint64 }
type CustomClaims ¶ added in v0.34.0
type CustomClaims struct { ApiSessionId string `json:"z_asid,omitempty"` ExternalId string `json:"z_eid,omitempty"` IsAdmin bool `json:"z_ia,omitempty"` ConfigTypes []string `json:"z_ct,omitempty"` ApplicationId string `json:"z_aid,omitempty"` Type string `json:"z_t"` CertFingerprints []string `json:"z_cfs"` Scopes []string `json:"scopes,omitempty"` SdkInfo *rest_model.SdkInfo `json:"z_sdk"` EnvInfo *rest_model.EnvInfo `json:"z_env"` RemoteAddress string `json:"z_ra"` IsCertExtendable bool `json:"z_ice"` }
type DataStateConfig ¶ added in v1.1.8
type DataStateConfig = edge_ctrl_pb.DataState_Config
type DataStateConfigType ¶ added in v1.1.8
type DataStateConfigType = edge_ctrl_pb.DataState_ConfigType
type DataStateIdentity ¶ added in v1.1.1
type DataStateIdentity = edge_ctrl_pb.DataState_Identity
type DataStatePostureCheck ¶ added in v1.1.8
type DataStatePostureCheck = edge_ctrl_pb.DataState_PostureCheck
type DataStateService ¶ added in v1.1.8
type DataStateService = edge_ctrl_pb.DataState_Service
type DataStateServicePolicy ¶ added in v1.1.1
type DataStateServicePolicy = edge_ctrl_pb.DataState_ServicePolicy
type EventCache ¶ added in v0.34.0
type EventCache interface { // Store allows storage of an event and execution of an onSuccess callback while the event cache remains locked. // onSuccess may be nil. This function is blocking. Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error // CurrentIndex returns the latest event index applied. This function is blocking. CurrentIndex() (uint64, bool) // ReplayFrom returns an array of events from startIndex and true if the replay may be facilitated. // An empty slice and true is returned in cases where the requested startIndex is the current index. // An empty slice and false is returned in cases where the replay cannot be facilitated. // This function is blocking. ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool) // WhileLocked allows the execution of arbitrary functionality while the event cache is locked. This function // is blocking. WhileLocked(func(uint64, bool)) // SetCurrentIndex sets the current index to the supplied value. All event log history may be lost. SetCurrentIndex(uint64) }
type ForgetfulEventCache ¶ added in v0.34.0
type ForgetfulEventCache struct {
// contains filtered or unexported fields
}
ForgetfulEventCache does not store events or support replaying. It tracks the event index and that is it. It is a stand in for LoggingEventCache when replaying events is not expected (i.e. in routers)
func NewForgetfulEventCache ¶ added in v0.34.0
func NewForgetfulEventCache() *ForgetfulEventCache
func (*ForgetfulEventCache) CurrentIndex ¶ added in v0.34.0
func (cache *ForgetfulEventCache) CurrentIndex() (uint64, bool)
func (*ForgetfulEventCache) ReplayFrom ¶ added in v0.34.0
func (cache *ForgetfulEventCache) ReplayFrom(_ uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)
func (*ForgetfulEventCache) SetCurrentIndex ¶ added in v0.34.0
func (cache *ForgetfulEventCache) SetCurrentIndex(index uint64)
func (*ForgetfulEventCache) Store ¶ added in v0.34.0
func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error
func (*ForgetfulEventCache) WhileLocked ¶ added in v0.34.0
func (cache *ForgetfulEventCache) WhileLocked(callback func(uint64, bool))
type IdTokenClaims ¶ added in v0.34.0
type IdTokenClaims struct { oidc.IDTokenClaims CustomClaims }
func (*IdTokenClaims) GetAudience ¶ added in v1.1.1
func (r *IdTokenClaims) GetAudience() (jwt.ClaimStrings, error)
func (*IdTokenClaims) GetExpirationTime ¶ added in v1.1.1
func (r *IdTokenClaims) GetExpirationTime() (*jwt.NumericDate, error)
func (*IdTokenClaims) GetIssuedAt ¶ added in v1.1.1
func (r *IdTokenClaims) GetIssuedAt() (*jwt.NumericDate, error)
func (*IdTokenClaims) GetIssuer ¶ added in v1.1.1
func (r *IdTokenClaims) GetIssuer() (string, error)
func (*IdTokenClaims) GetNotBefore ¶ added in v1.1.1
func (r *IdTokenClaims) GetNotBefore() (*jwt.NumericDate, error)
func (*IdTokenClaims) GetSubject ¶ added in v1.1.1
func (r *IdTokenClaims) GetSubject() (string, error)
func (*IdTokenClaims) TotpComplete ¶ added in v0.34.0
func (c *IdTokenClaims) TotpComplete() bool
type Identity ¶ added in v1.1.1
type Identity struct { *DataStateIdentity ServicePolicies map[string]struct{} `json:"servicePolicies"` IdentityIndex uint64 ServiceSetIndex uint64 }
type IdentityConfig ¶ added in v1.1.8
type IdentityConfig struct { Config *Config ConfigType *ConfigType }
type IdentityEventSubscriber ¶ added in v1.1.8
type IdentityEventSubscriber interface { NotifyIdentityEvent(state *IdentityState, eventType IdentityEventType) NotifyServiceChange(state *IdentityState, service *IdentityService, eventType ServiceEventType) }
type IdentityEventType ¶ added in v1.1.8
type IdentityEventType byte
type IdentityService ¶ added in v1.1.8
type IdentityService struct { Service *Service Checks map[string]struct{} Configs map[string]*IdentityConfig DialAllowed bool BindAllowed bool }
func (*IdentityService) Equals ¶ added in v1.1.8
func (self *IdentityService) Equals(other *IdentityService) bool
type IdentityState ¶ added in v1.1.8
type IdentityState struct { Identity *Identity PostureChecks map[string]*PostureCheck Services map[string]*IdentityService }
type IdentitySubscription ¶ added in v1.1.8
type IdentitySubscription struct { IdentityId string Identity *Identity Services map[string]*IdentityService Listeners concurrenz.CopyOnWriteSlice[IdentityEventSubscriber] Checks map[string]*PostureCheck sync.Mutex }
type LoggingEventCache ¶ added in v0.34.0
type LoggingEventCache struct { HeadLogIndex uint64 `json:"-"` LogSize uint64 `json:"-"` Log []uint64 `json:"-"` Events map[uint64]*edge_ctrl_pb.DataState_ChangeSet `json:"-"` // contains filtered or unexported fields }
LoggingEventCache stores events in order to support replaying (i.e. in controllers).
func NewLoggingEventCache ¶ added in v0.34.0
func NewLoggingEventCache(logSize uint64) *LoggingEventCache
func (*LoggingEventCache) CurrentIndex ¶ added in v0.34.0
func (cache *LoggingEventCache) CurrentIndex() (uint64, bool)
func (*LoggingEventCache) ReplayFrom ¶ added in v0.34.0
func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)
func (*LoggingEventCache) SetCurrentIndex ¶ added in v0.34.0
func (cache *LoggingEventCache) SetCurrentIndex(index uint64)
func (*LoggingEventCache) Store ¶ added in v0.34.0
func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error
func (*LoggingEventCache) WhileLocked ¶ added in v0.34.0
func (cache *LoggingEventCache) WhileLocked(callback func(uint64, bool))
type OnStoreSuccess ¶ added in v0.34.0
type OnStoreSuccess func(index uint64, event *edge_ctrl_pb.DataState_ChangeSet)
type PostureCheck ¶ added in v1.1.8
type PostureCheck struct { *DataStatePostureCheck Index uint64 }
type RefreshClaims ¶ added in v0.34.0
type RefreshClaims struct { oidc.IDTokenClaims CustomClaims }
func (*RefreshClaims) GetAudience ¶ added in v0.34.0
func (r *RefreshClaims) GetAudience() (jwt.ClaimStrings, error)
func (*RefreshClaims) GetExpirationTime ¶ added in v0.34.0
func (r *RefreshClaims) GetExpirationTime() (*jwt.NumericDate, error)
func (*RefreshClaims) GetIssuedAt ¶ added in v0.34.0
func (r *RefreshClaims) GetIssuedAt() (*jwt.NumericDate, error)
func (*RefreshClaims) GetIssuer ¶ added in v0.34.0
func (r *RefreshClaims) GetIssuer() (string, error)
func (*RefreshClaims) GetNotBefore ¶ added in v0.34.0
func (r *RefreshClaims) GetNotBefore() (*jwt.NumericDate, error)
func (*RefreshClaims) GetSubject ¶ added in v0.34.0
func (r *RefreshClaims) GetSubject() (string, error)
func (*RefreshClaims) MarshalJSON ¶ added in v0.34.0
func (c *RefreshClaims) MarshalJSON() ([]byte, error)
func (*RefreshClaims) UnmarshalJSON ¶ added in v0.34.0
func (c *RefreshClaims) UnmarshalJSON(data []byte) error
type RouterDataModel ¶ added in v0.34.0
type RouterDataModel struct { EventCache ConfigTypes cmap.ConcurrentMap[string, *ConfigType] `json:"configTypes"` Configs cmap.ConcurrentMap[string, *Config] `json:"configs"` Identities cmap.ConcurrentMap[string, *Identity] `json:"identities"` Services cmap.ConcurrentMap[string, *Service] `json:"services"` ServicePolicies cmap.ConcurrentMap[string, *ServicePolicy] `json:"servicePolicies"` PostureChecks cmap.ConcurrentMap[string, *PostureCheck] `json:"postureChecks"` PublicKeys cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_PublicKey] `json:"publicKeys"` Revocations cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_Revocation] `json:"revocations"` CachedPublicKeys concurrenz.AtomicValue[map[string]crypto.PublicKey] // contains filtered or unexported fields }
RouterDataModel represents a sub-set of a controller's data model. Enough to validate an identities access to dial/bind a service through policies and posture checks. RouterDataModel can operate in two modes: sender (controller) and receiver (router). Sender mode allows a controller support an event cache that supports replays for routers connecting for the first time/after disconnects. Receive mode does not maintain an event cache and does not support replays. It instead is used as a reference data structure for authorization computations.
func NewReceiverRouterDataModel ¶ added in v0.34.0
func NewReceiverRouterDataModel(listenerBufferSize uint, closeNotify <-chan struct{}) *RouterDataModel
NewReceiverRouterDataModel creates a new RouterDataModel that does not store events. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.
func NewReceiverRouterDataModelFromFile ¶ added in v0.34.0
func NewReceiverRouterDataModelFromFile(path string, listenerBufferSize uint, closeNotify <-chan struct{}) (*RouterDataModel, error)
NewReceiverRouterDataModelFromFile creates a new RouterDataModel that does not store events and is initialized from a file backup. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.
func NewSenderRouterDataModel ¶ added in v0.34.0
func NewSenderRouterDataModel(logSize uint64, listenerBufferSize uint) *RouterDataModel
NewSenderRouterDataModel creates a new RouterDataModel that will store events in a circular buffer of logSize. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.
func (*RouterDataModel) ApplyChangeSet ¶ added in v1.1.1
func (rdm *RouterDataModel) ApplyChangeSet(change *edge_ctrl_pb.DataState_ChangeSet)
ApplyChangeSet applies the given even to the router data model.
func (*RouterDataModel) GetDataState ¶ added in v0.34.0
func (rdm *RouterDataModel) GetDataState() *edge_ctrl_pb.DataState
func (*RouterDataModel) GetPublicKeys ¶ added in v0.34.2
func (rdm *RouterDataModel) GetPublicKeys() map[string]crypto.PublicKey
func (*RouterDataModel) GetServiceAccessPolicies ¶ added in v0.34.0
func (rdm *RouterDataModel) GetServiceAccessPolicies(identityId string, serviceId string, policyType edge_ctrl_pb.PolicyType) (*AccessPolicies, error)
GetServiceAccessPolicies returns an AccessPolicies instance for an identity attempting to access a service.
func (*RouterDataModel) Handle ¶ added in v0.34.0
func (rdm *RouterDataModel) Handle(index uint64, event *edge_ctrl_pb.DataState_Event) bool
func (*RouterDataModel) HandleConfigEvent ¶ added in v1.1.8
func (rdm *RouterDataModel) HandleConfigEvent(index uint64, event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Config)
HandleConfigEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyConfigEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandleConfigTypeEvent ¶ added in v1.1.8
func (rdm *RouterDataModel) HandleConfigTypeEvent(index uint64, event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_ConfigType)
HandleConfigTypeEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyConfigTypeEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandleIdentityEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandleIdentityEvent(index uint64, event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Identity)
HandleIdentityEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyIdentityEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandlePostureCheckEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandlePostureCheckEvent(index uint64, event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_PostureCheck)
HandlePostureCheckEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyPostureCheckEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandlePublicKeyEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandlePublicKeyEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_PublicKey)
HandlePublicKeyEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyPublicKeyEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandleRevocationEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandleRevocationEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Revocation)
HandleRevocationEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyRevocationEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandleServiceEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandleServiceEvent(index uint64, event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Service)
HandleServiceEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyServiceEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) HandleServicePolicyChange ¶ added in v1.1.1
func (rdm *RouterDataModel) HandleServicePolicyChange(index uint64, model *edge_ctrl_pb.DataState_ServicePolicyChange)
func (*RouterDataModel) HandleServicePolicyEvent ¶ added in v0.34.0
func (rdm *RouterDataModel) HandleServicePolicyEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_ServicePolicy)
HandleServicePolicyEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyServicePolicyEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.
func (*RouterDataModel) InheritSubscribers ¶ added in v1.1.8
func (rdm *RouterDataModel) InheritSubscribers(other *RouterDataModel)
func (*RouterDataModel) NewListener ¶ added in v0.34.0
func (rdm *RouterDataModel) NewListener() <-chan *edge_ctrl_pb.DataState_ChangeSet
NewListener returns a channel that will receive the events applied to this data model.
func (*RouterDataModel) Save ¶ added in v0.34.0
func (rdm *RouterDataModel) Save(path string)
func (*RouterDataModel) Stop ¶ added in v1.1.8
func (rdm *RouterDataModel) Stop()
func (*RouterDataModel) SubscribeToIdentityChanges ¶ added in v1.1.8
func (rdm *RouterDataModel) SubscribeToIdentityChanges(identityId string, subscriber IdentityEventSubscriber, isRouterIdentity bool) error
func (*RouterDataModel) SyncAllSubscribers ¶ added in v1.1.8
func (rdm *RouterDataModel) SyncAllSubscribers()
type Service ¶ added in v1.1.8
type Service struct { *DataStateService Index uint64 }
type ServiceAccessClaims ¶ added in v0.34.0
type ServiceAccessClaims struct { jwt.RegisteredClaims ApiSessionId string `json:"z_asid"` IdentityId string `json:"z_iid"` TokenType string `json:"z_t"` Type string `json:"z_st"` }
func (*ServiceAccessClaims) HasAudience ¶ added in v0.34.0
func (c *ServiceAccessClaims) HasAudience(targetAud string) bool
type ServiceEventType ¶ added in v1.1.8
type ServiceEventType byte
type ServicePolicy ¶ added in v1.1.1
type ServicePolicy struct { *DataStateServicePolicy Services map[string]struct{} `json:"services"` PostureChecks map[string]struct{} `json:"postureChecks"` }