common

package
v1.1.4-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EdgeBinding   = "edge"
	TunnelBinding = "tunnel"
)
View Source 
const (
	ClaimAudienceOpenZiti = "openziti"

	CustomClaimApiSessionId      = "z_asid"
	CustomClaimExternalId        = "z_eid"
	CustomClaimIsAdmin           = "z_ia"
	CustomClaimsConfigTypes      = "z_ct"
	CustomClaimsCertFingerprints = "z_cfs"

	// CustomClaimsTokenType and other constants below may not appear as referenced, but are used in `json: ""` tags. Provided here for external use.
	CustomClaimsTokenType    = "z_t"
	CustomClaimServiceId     = "z_sid"
	CustomClaimIdentityId    = "z_iid"
	CustomClaimServiceType   = "z_st"
	CustomClaimRemoteAddress = "z_ra"

	DefaultAccessTokenDuration  = 30 * time.Minute
	DefaultIdTokenDuration      = 30 * time.Minute
	DefaultRefreshTokenDuration = 24 * time.Hour

	TokenTypeAccess        = "a"
	TokenTypeRefresh       = "r"
	TokenTypeServiceAccess = "s"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AccessClaims added in v0.34.0 

type AccessClaims struct {
	oidc.AccessTokenClaims
	CustomClaims
}

func (*AccessClaims) ConfigTypesAsMap added in v0.34.0 

func (r *AccessClaims) ConfigTypesAsMap() map[string]struct{}

func (*AccessClaims) GetAudience added in v0.34.0 

func (r *AccessClaims) GetAudience() (jwt.ClaimStrings, error)

func (*AccessClaims) GetExpirationTime added in v0.34.0 

func (r *AccessClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*AccessClaims) GetIssuedAt added in v0.34.0 

func (r *AccessClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*AccessClaims) GetIssuer added in v0.34.0 

func (r *AccessClaims) GetIssuer() (string, error)

func (*AccessClaims) GetNotBefore added in v0.34.0 

func (r *AccessClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*AccessClaims) GetSubject added in v0.34.0 

func (r *AccessClaims) GetSubject() (string, error)

func (*AccessClaims) HasAudience added in v0.34.0 

func (c *AccessClaims) HasAudience(targetAud string) bool

func (*AccessClaims) TotpComplete added in v0.34.0 

func (c *AccessClaims) TotpComplete() bool

func (*AccessClaims) UnmarshalJSON added in v0.34.0 

func (r *AccessClaims) UnmarshalJSON(raw []byte) error

type AccessPolicies added in v0.34.0 

type AccessPolicies struct {
	Identity      *Identity
	Service       *edge_ctrl_pb.DataState_Service
	Policies      []*ServicePolicy
	PostureChecks map[string]*edge_ctrl_pb.DataState_PostureCheck
}

AccessPolicies represents the Identity's access to a Service through many Policies. The PostureChecks provided are referenced by the granting Policies. The PostureChecks for each of the Policies may be evaluated to determine a valid policy and posture access path.

type CustomClaims added in v0.34.0 

type CustomClaims struct {
	ApiSessionId     string              `json:"z_asid,omitempty"`
	ExternalId       string              `json:"z_eid,omitempty"`
	IsAdmin          bool                `json:"z_ia,omitempty"`
	ConfigTypes      []string            `json:"z_ct,omitempty"`
	ApplicationId    string              `json:"z_aid,omitempty"`
	Type             string              `json:"z_t"`
	CertFingerprints []string            `json:"z_cfs"`
	Scopes           []string            `json:"scopes,omitempty"`
	SdkInfo          *rest_model.SdkInfo `json:"z_sdk"`
	EnvInfo          *rest_model.EnvInfo `json:"z_env"`
	RemoteAddress    string              `json:"z_ra"`
}

func (*CustomClaims) ToMap added in v0.34.0 

func (c *CustomClaims) ToMap() (map[string]any, error)

type DataStateIdentity added in v1.1.1 

type DataStateIdentity = edge_ctrl_pb.DataState_Identity

type DataStateServicePolicy added in v1.1.1 

type DataStateServicePolicy = edge_ctrl_pb.DataState_ServicePolicy

type EventCache added in v0.34.0 

type EventCache interface {
	// Store allows storage of an event and execution of an onSuccess callback while the event cache remains locked.
	// onSuccess may be nil. This function is blocking.
	Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error

	// CurrentIndex returns the latest event index applied. This function is blocking.
	CurrentIndex() (uint64, bool)

	// ReplayFrom returns an array of events from startIndex and true if the replay may be facilitated.
	// An empty slice and true is returned in cases where the requested startIndex is the current index.
	// An empty slice and false is returned in cases where the replay cannot be facilitated.
	// This function is blocking.
	ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)

	// WhileLocked allows the execution of arbitrary functionality while the event cache is locked. This function
	// is blocking.
	WhileLocked(func(uint64, bool))

	// SetCurrentIndex sets the current index to the supplied value. All event log history may be lost.
	SetCurrentIndex(uint64)
}

type ForgetfulEventCache added in v0.34.0 

type ForgetfulEventCache struct {
	// contains filtered or unexported fields
}

ForgetfulEventCache does not store events or support replaying. It tracks the event index and that is it. It is a stand in for LoggingEventCache when replaying events is not expected (i.e. in routers)

func NewForgetfulEventCache added in v0.34.0 

func NewForgetfulEventCache() *ForgetfulEventCache

func (*ForgetfulEventCache) CurrentIndex added in v0.34.0 

func (cache *ForgetfulEventCache) CurrentIndex() (uint64, bool)

func (*ForgetfulEventCache) ReplayFrom added in v0.34.0 

func (cache *ForgetfulEventCache) ReplayFrom(_ uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)

func (*ForgetfulEventCache) SetCurrentIndex added in v0.34.0 

func (cache *ForgetfulEventCache) SetCurrentIndex(index uint64)

func (*ForgetfulEventCache) Store added in v0.34.0 

func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error

func (*ForgetfulEventCache) WhileLocked added in v0.34.0 

func (cache *ForgetfulEventCache) WhileLocked(callback func(uint64, bool))

type IdTokenClaims added in v0.34.0 

type IdTokenClaims struct {
	oidc.IDTokenClaims
	CustomClaims
}

func (*IdTokenClaims) GetAudience added in v1.1.1 

func (r *IdTokenClaims) GetAudience() (jwt.ClaimStrings, error)

func (*IdTokenClaims) GetExpirationTime added in v1.1.1 

func (r *IdTokenClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*IdTokenClaims) GetIssuedAt added in v1.1.1 

func (r *IdTokenClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*IdTokenClaims) GetIssuer added in v1.1.1 

func (r *IdTokenClaims) GetIssuer() (string, error)

func (*IdTokenClaims) GetNotBefore added in v1.1.1 

func (r *IdTokenClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*IdTokenClaims) GetSubject added in v1.1.1 

func (r *IdTokenClaims) GetSubject() (string, error)

func (*IdTokenClaims) TotpComplete added in v0.34.0 

func (c *IdTokenClaims) TotpComplete() bool

type Identity added in v1.1.1 

type Identity struct {
	*DataStateIdentity
	ServicePolicies map[string]struct{} `json:"servicePolicies"`
}

type LoggingEventCache added in v0.34.0 

type LoggingEventCache struct {
	HeadLogIndex uint64                                       `json:"-"`
	LogSize      uint64                                       `json:"-"`
	Log          []uint64                                     `json:"-"`
	Events       map[uint64]*edge_ctrl_pb.DataState_ChangeSet `json:"-"`
	// contains filtered or unexported fields
}

LoggingEventCache stores events in order to support replaying (i.e. in controllers).

func NewLoggingEventCache added in v0.34.0 

func NewLoggingEventCache(logSize uint64) *LoggingEventCache

func (*LoggingEventCache) CurrentIndex added in v0.34.0 

func (cache *LoggingEventCache) CurrentIndex() (uint64, bool)

func (*LoggingEventCache) ReplayFrom added in v0.34.0 

func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)

func (*LoggingEventCache) SetCurrentIndex added in v0.34.0 

func (cache *LoggingEventCache) SetCurrentIndex(index uint64)

func (*LoggingEventCache) Store added in v0.34.0 

func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error

func (*LoggingEventCache) WhileLocked added in v0.34.0 

func (cache *LoggingEventCache) WhileLocked(callback func(uint64, bool))

type OnStoreSuccess added in v0.34.0 

type OnStoreSuccess func(index uint64, event *edge_ctrl_pb.DataState_ChangeSet)

type RefreshClaims added in v0.34.0 

type RefreshClaims struct {
	oidc.IDTokenClaims
	CustomClaims
}

func (*RefreshClaims) GetAudience added in v0.34.0 

func (r *RefreshClaims) GetAudience() (jwt.ClaimStrings, error)

func (*RefreshClaims) GetExpirationTime added in v0.34.0 

func (r *RefreshClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*RefreshClaims) GetIssuedAt added in v0.34.0 

func (r *RefreshClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*RefreshClaims) GetIssuer added in v0.34.0 

func (r *RefreshClaims) GetIssuer() (string, error)

func (*RefreshClaims) GetNotBefore added in v0.34.0 

func (r *RefreshClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*RefreshClaims) GetSubject added in v0.34.0 

func (r *RefreshClaims) GetSubject() (string, error)

func (*RefreshClaims) MarshalJSON added in v0.34.0 

func (c *RefreshClaims) MarshalJSON() ([]byte, error)

func (*RefreshClaims) UnmarshalJSON added in v0.34.0 

func (c *RefreshClaims) UnmarshalJSON(data []byte) error

type RouterDataModel added in v0.34.0 

type RouterDataModel struct {
	EventCache

	Identities      cmap.ConcurrentMap[string, *Identity]                            `json:"identities"`
	Services        cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_Service]      `json:"services"`
	ServicePolicies cmap.ConcurrentMap[string, *ServicePolicy]                       `json:"servicePolicies"`
	PostureChecks   cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_PostureCheck] `json:"postureChecks"`
	PublicKeys      cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_PublicKey]    `json:"publicKeys"`
	Revocations     cmap.ConcurrentMap[string, *edge_ctrl_pb.DataState_Revocation]   `json:"revocations"`
	// contains filtered or unexported fields
}

RouterDataModel represents a sub-set of a controller's data model. Enough to validate an identities access to dial/bind a service through policies and posture checks. RouterDataModel can operate in two modes: sender (controller) and receiver (router). Sender mode allows a controller support an event cache that supports replays for routers connecting for the first time/after disconnects. Receive mode does not maintain an event cache and does not support replays. It instead is used as a reference data structure for authorization computations.

func NewReceiverRouterDataModel added in v0.34.0 

func NewReceiverRouterDataModel(listenerBufferSize uint) *RouterDataModel

NewReceiverRouterDataModel creates a new RouterDataModel that does not store events. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.

func NewReceiverRouterDataModelFromFile added in v0.34.0 

func NewReceiverRouterDataModelFromFile(path string, listenerBufferSize uint) (*RouterDataModel, error)

NewReceiverRouterDataModelFromFile creates a new RouterDataModel that does not store events and is initialized from a file backup. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.

func NewSenderRouterDataModel added in v0.34.0 

func NewSenderRouterDataModel(logSize uint64, listenerBufferSize uint) *RouterDataModel

NewSenderRouterDataModel creates a new RouterDataModel that will store events in a circular buffer of logSize. listenerBufferSize affects the buffer size of channels returned to listeners of the data model.

func (*RouterDataModel) ApplyChangeSet added in v1.1.1 

func (rdm *RouterDataModel) ApplyChangeSet(change *edge_ctrl_pb.DataState_ChangeSet)

Apply applies the given even to the router data model.

func (*RouterDataModel) GetDataState added in v0.34.0 

func (rdm *RouterDataModel) GetDataState() *edge_ctrl_pb.DataState

func (*RouterDataModel) GetPublicKeys added in v0.34.2 

func (rdm *RouterDataModel) GetPublicKeys() map[string]*edge_ctrl_pb.DataState_PublicKey

func (*RouterDataModel) GetServiceAccessPolicies added in v0.34.0 

func (rdm *RouterDataModel) GetServiceAccessPolicies(identityId string, serviceId string, policyType edge_ctrl_pb.PolicyType) (*AccessPolicies, error)

GetServiceAccessPolicies returns an AccessPolicies instance for an identity attempting to access a service.

func (*RouterDataModel) Handle added in v0.34.0 

func (rdm *RouterDataModel) Handle(event *edge_ctrl_pb.DataState_Event)

func (*RouterDataModel) HandleIdentityEvent added in v0.34.0 

func (rdm *RouterDataModel) HandleIdentityEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Identity)

HandleIdentityEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyIdentityEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) HandlePostureCheckEvent added in v0.34.0 

func (rdm *RouterDataModel) HandlePostureCheckEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_PostureCheck)

HandlePostureCheckEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyPostureCheckEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) HandlePublicKeyEvent added in v0.34.0 

func (rdm *RouterDataModel) HandlePublicKeyEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_PublicKey)

HandlePublicKeyEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyPublicKeyEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) HandleRevocationEvent added in v0.34.0 

func (rdm *RouterDataModel) HandleRevocationEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Revocation)

HandleRevocationEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyRevocationEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) HandleServiceEvent added in v0.34.0 

func (rdm *RouterDataModel) HandleServiceEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_Service)

HandleServiceEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyServiceEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) HandleServicePolicyChange added in v1.1.1 

func (rdm *RouterDataModel) HandleServicePolicyChange(model *edge_ctrl_pb.DataState_ServicePolicyChange)

func (*RouterDataModel) HandleServicePolicyEvent added in v0.34.0 

func (rdm *RouterDataModel) HandleServicePolicyEvent(event *edge_ctrl_pb.DataState_Event, model *edge_ctrl_pb.DataState_Event_ServicePolicy)

HandleServicePolicyEvent will apply the delta event to the router data model. It is not restricted by index calculations. Use ApplyServicePolicyEvent for event logged event handling. This method is generally meant for bulk loading of data during startup.

func (*RouterDataModel) NewListener added in v0.34.0 

func (rdm *RouterDataModel) NewListener() <-chan *edge_ctrl_pb.DataState_ChangeSet

NewListener returns a channel that will receive the events applied to this data model.

func (*RouterDataModel) Save added in v0.34.0 

func (rdm *RouterDataModel) Save(path string)

type ServiceAccessClaims added in v0.34.0 

type ServiceAccessClaims struct {
	jwt.RegisteredClaims
	ApiSessionId string `json:"z_asid"`
	IdentityId   string `json:"z_iid"`
	TokenType    string `json:"z_t"`
	Type         string `json:"z_st"`
}

func (*ServiceAccessClaims) HasAudience added in v0.34.0 

func (c *ServiceAccessClaims) HasAudience(targetAud string) bool

type ServicePolicy added in v1.1.1 

type ServicePolicy struct {
	*DataStateServicePolicy
	Services      map[string]struct{} `json:"services"`
	PostureChecks map[string]struct{} `json:"postureChecks"`
}

Source Files

View all Source files

Directories

Path Synopsis
pb
cmd_pb
ctrl_pb
edge_cmd_pb
edge_ctrl_pb
edge_mgmt_pb
mgmt_pb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.