Documentation ¶
Index ¶
- Constants
- func AddRouter(rf ApiRouter)
- func GetRequestContextFromHttpContext(r *http.Request) (*response.RequestContext, error)
- func NewAuthQueryExtJwt(signer *model.ExternalJwtSigner) *rest_model.AuthQueryDetail
- func NewAuthQueryZitiMfa() *rest_model.AuthQueryDetail
- func NewRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
- func ProcessAuthQueries(ae *AppEnv, rc *response.RequestContext)
- func ServeError(rw http.ResponseWriter, r *http.Request, inErr error)
- type AddRouterFunc
- type ApiRouter
- type AppEnv
- func (ae *AppEnv) AddRouterPresenceHandler(h model.RouterPresenceHandler)
- func (ae *AppEnv) ControllersKeyFunc(token *jwt.Token) (interface{}, error)
- func (ae *AppEnv) CreateRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
- func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error
- func (ae *AppEnv) GetApiAddresses() (map[string][]event.ApiAddress, []byte)
- func (ae *AppEnv) GetApiClientCsrSigner() cert.Signer
- func (ae *AppEnv) GetApiServerCsrSigner() cert.Signer
- func (ae *AppEnv) GetAuthRegistry() model.AuthRegistry
- func (ae *AppEnv) GetCloseNotifyChannel() <-chan struct{}
- func (ae *AppEnv) GetCommandDispatcher() command.Dispatcher
- func (ae *AppEnv) GetConfig() *config.Config
- func (ae *AppEnv) GetControlClientCsrSigner() cert.Signer
- func (ae *AppEnv) GetControllerPublicKey(kid string) crypto.PublicKey
- func (ae *AppEnv) GetDb() boltz.Db
- func (ae *AppEnv) GetEnrollRegistry() model.EnrollmentRegistry
- func (ae *AppEnv) GetEnrollmentJwtSigner() (jwtsigner.Signer, error)
- func (ae *AppEnv) GetEventDispatcher() event.Dispatcher
- func (ae *AppEnv) GetFingerprintGenerator() cert.FingerprintGenerator
- func (ae *AppEnv) GetHostController() HostController
- func (ae *AppEnv) GetId() string
- func (ae *AppEnv) GetManagers() *model.Managers
- func (ae *AppEnv) GetMetricsRegistry() metrics.Registry
- func (ae *AppEnv) GetPeerControllerAddresses() []string
- func (ae *AppEnv) GetPeerSigners() []*x509.Certificate
- func (ae *AppEnv) GetRaftInfo() (string, string, string)
- func (ae *AppEnv) GetServerCert() (serverCert *tls.Certificate, kid string, signingMethod jwt.SigningMethod)
- func (ae *AppEnv) GetServerJwtSigner() jwtsigner.Signer
- func (ae *AppEnv) GetStores() *db.Stores
- func (ae *AppEnv) HandleServiceEvent(event *db.ServiceEvent)
- func (ae *AppEnv) HandleServiceUpdatedEventForIdentityId(identityId string)
- func (ae *AppEnv) InitPersistence() error
- func (ae *AppEnv) IsAllowed(responderFunc func(ae *AppEnv, rc *response.RequestContext), ...) openApiMiddleware.Responder
- func (ae *AppEnv) IsEdgeRouterOnline(id string) bool
- func (ae *AppEnv) JwtSignerKeyFunc(token *jwt.Token) (interface{}, error)
- func (ae *AppEnv) OidcIssuer() string
- func (ae *AppEnv) ProcessJwt(rc *response.RequestContext, token *jwt.Token) error
- func (ae *AppEnv) ProcessZtSession(rc *response.RequestContext, ztSession string) error
- func (ae *AppEnv) RootIssuer() string
- func (ae *AppEnv) SetServerCert(serverCert *tls.Certificate)
- func (ae *AppEnv) ValidateAccessToken(token string) (*common.AccessClaims, error)
- func (ae *AppEnv) ValidateServiceAccessToken(token string, apiSessionId *string) (*common.ServiceAccessClaims, error)
- type AppHandler
- type AppMiddleware
- type BasicEntitySchema
- type Broker
- func (broker *Broker) AcceptClusterEvent(clusterEvent *event.ClusterEvent)
- func (broker *Broker) GetEdgeRouterState(id string) RouterStateValues
- func (broker *Broker) GetPublicKeys() map[string]crypto.PublicKey
- func (broker *Broker) GetReceiveHandlers() []channel.TypedReceiveHandler
- func (broker *Broker) IsEdgeRouterOnline(id string) bool
- func (broker *Broker) RouterConnected(router *model.Router)
- func (broker *Broker) RouterDisconnected(r *model.Router)
- func (broker *Broker) Stop()
- func (broker *Broker) ValidateRouterDataModel() []error
- type HostController
- type IdentityEntitySchema
- type LockingRouterState
- func (r *LockingRouterState) GetVersionInfo() versions.VersionInfo
- func (r *LockingRouterState) Hostname() string
- func (r *LockingRouterState) IsOnline() bool
- func (r *LockingRouterState) Protocols() map[string]string
- func (r *LockingRouterState) SetHostname(hostname string)
- func (r *LockingRouterState) SetIsOnline(isOnline bool)
- func (r *LockingRouterState) SetProtocols(protocols map[string]string)
- func (r *LockingRouterState) SetSyncStatus(syncStatus RouterSyncStatus)
- func (r *LockingRouterState) SetVersionInfo(versionInfo versions.VersionInfo)
- func (r *LockingRouterState) SyncStatus() RouterSyncStatus
- func (r *LockingRouterState) Values() RouterStateValues
- type PemProducer
- type RouterConnectionHandler
- type RouterState
- type RouterStateValues
- type RouterSyncCache
- type RouterSyncStatus
- type RouterSyncStrategy
- type RouterSyncStrategyType
- type RouterSynchronizerEventHandler
- type Schemes
- type TraceManager
- type TraceSpec
- type YamlProducer
Constants ¶
const ( ZitiSession = "zt-session" ClientApiBinding = "edge-client" JwtAudEnrollment = "openziti-enroller" )
const ( SessionRemovedType = int32(edge_ctrl_pb.ContentType_SessionRemovedType) ApiSessionHeartbeatType = int32(edge_ctrl_pb.ContentType_ApiSessionHeartbeatType) ApiSessionRemovedType = int32(edge_ctrl_pb.ContentType_ApiSessionRemovedType) ApiSessionAddedType = int32(edge_ctrl_pb.ContentType_ApiSessionAddedType) ApiSessionUpdatedType = int32(edge_ctrl_pb.ContentType_ApiSessionUpdatedType) RequestClientReSyncType = int32(edge_ctrl_pb.ContentType_RequestClientReSyncType) DataStateType = int32(edge_ctrl_pb.ContentType_DataStateType) DataStateChangeSetType = int32(edge_ctrl_pb.ContentType_DataStateChangeSetType) ServerHelloType = int32(edge_ctrl_pb.ContentType_ServerHelloType) ClientHelloType = int32(edge_ctrl_pb.ContentType_ClientHelloType) EnrollmentCertsResponseType = int32(edge_ctrl_pb.ContentType_EnrollmentCertsResponseType) EnrollmentExtendRouterRequestType = int32(edge_ctrl_pb.ContentType_EnrollmentExtendRouterRequestType) EnrollmentExtendRouterVerifyRequestType = int32(edge_ctrl_pb.ContentType_EnrollmentExtendRouterVerifyRequestType) )
const (
EventualEventsGauge = "eventual.events"
)
Variables ¶
This section is empty.
Functions ¶
func GetRequestContextFromHttpContext ¶
func GetRequestContextFromHttpContext(r *http.Request) (*response.RequestContext, error)
func NewAuthQueryExtJwt ¶
func NewAuthQueryExtJwt(signer *model.ExternalJwtSigner) *rest_model.AuthQueryDetail
func NewAuthQueryZitiMfa ¶
func NewAuthQueryZitiMfa() *rest_model.AuthQueryDetail
func NewRequestContext ¶
func NewRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
func ProcessAuthQueries ¶
func ProcessAuthQueries(ae *AppEnv, rc *response.RequestContext)
ProcessAuthQueries will inspect a response.RequestContext and set the AuthQueries with the current outstanding authentication queries.
func ServeError ¶
func ServeError(rw http.ResponseWriter, r *http.Request, inErr error)
ServeError is a wrapper for the OpenAPI REST server to allow the Edge API Error message responses to be used when errors are raised from the OpenAPI internal runtimes. This includes input validation methods, unsupported media types, etc.
Types ¶
type AddRouterFunc ¶
type AddRouterFunc func(ae *AppEnv)
func GetRouters ¶
func GetRouters() []AddRouterFunc
type AppEnv ¶
type AppEnv struct { Stores *db.Stores Managers *model.Managers Versions *ziti.Versions ApiServerCsrSigner cert.Signer ApiClientCsrSigner cert.Signer ControlClientCsrSigner cert.Signer FingerprintGenerator cert.FingerprintGenerator AuthRegistry model.AuthRegistry EnrollRegistry model.EnrollmentRegistry Broker *Broker HostController HostController ManagementApi *managementOperations.ZitiEdgeManagementAPI ClientApi *clientOperations.ZitiEdgeClientAPI IdentityRefreshMap cmap.ConcurrentMap[string, time.Time] StartupTime time.Time InstanceId string AuthRateLimiter rate.AdaptiveRateLimiter ServerCert *tls.Certificate TraceManager *TraceManager // contains filtered or unexported fields }
func NewAppEnv ¶
func NewAppEnv(host HostController) (*AppEnv, error)
func (*AppEnv) AddRouterPresenceHandler ¶ added in v1.2.0
func (ae *AppEnv) AddRouterPresenceHandler(h model.RouterPresenceHandler)
func (*AppEnv) ControllersKeyFunc ¶
func (*AppEnv) CreateRequestContext ¶
func (ae *AppEnv) CreateRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext
func (*AppEnv) FillRequestContext ¶
func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error
func (*AppEnv) GetApiAddresses ¶ added in v1.1.6
func (ae *AppEnv) GetApiAddresses() (map[string][]event.ApiAddress, []byte)
func (*AppEnv) GetApiClientCsrSigner ¶
func (*AppEnv) GetApiServerCsrSigner ¶
func (*AppEnv) GetAuthRegistry ¶
func (ae *AppEnv) GetAuthRegistry() model.AuthRegistry
func (*AppEnv) GetCloseNotifyChannel ¶ added in v1.1.6
func (ae *AppEnv) GetCloseNotifyChannel() <-chan struct{}
func (*AppEnv) GetCommandDispatcher ¶ added in v1.1.6
func (ae *AppEnv) GetCommandDispatcher() command.Dispatcher
func (*AppEnv) GetControlClientCsrSigner ¶
func (*AppEnv) GetControllerPublicKey ¶
func (*AppEnv) GetEnrollRegistry ¶
func (ae *AppEnv) GetEnrollRegistry() model.EnrollmentRegistry
func (*AppEnv) GetEnrollmentJwtSigner ¶ added in v1.2.0
GetEnrollmentJwtSigner returns as Signer to use for enrollments based on the edge.api.address hostname or an error if one cannot be located that matches. Hostname matching is done across all identity server certificates, including alternate server certificates.
func (*AppEnv) GetEventDispatcher ¶ added in v1.1.14
func (ae *AppEnv) GetEventDispatcher() event.Dispatcher
func (*AppEnv) GetFingerprintGenerator ¶
func (ae *AppEnv) GetFingerprintGenerator() cert.FingerprintGenerator
func (*AppEnv) GetHostController ¶
func (ae *AppEnv) GetHostController() HostController
func (*AppEnv) GetManagers ¶
func (*AppEnv) GetMetricsRegistry ¶
func (*AppEnv) GetPeerControllerAddresses ¶ added in v0.34.0
func (*AppEnv) GetPeerSigners ¶ added in v1.1.6
func (ae *AppEnv) GetPeerSigners() []*x509.Certificate
func (*AppEnv) GetRaftInfo ¶ added in v1.1.6
func (*AppEnv) GetServerCert ¶
func (ae *AppEnv) GetServerCert() (serverCert *tls.Certificate, kid string, signingMethod jwt.SigningMethod)
func (*AppEnv) GetServerJwtSigner ¶ added in v0.34.0
func (*AppEnv) HandleServiceEvent ¶
func (ae *AppEnv) HandleServiceEvent(event *db.ServiceEvent)
func (*AppEnv) HandleServiceUpdatedEventForIdentityId ¶
func (*AppEnv) InitPersistence ¶
func (*AppEnv) IsAllowed ¶
func (ae *AppEnv) IsAllowed(responderFunc func(ae *AppEnv, rc *response.RequestContext), request *http.Request, entityId string, entitySubId string, permissions ...permissions.Resolver) openApiMiddleware.Responder
func (*AppEnv) IsEdgeRouterOnline ¶
func (*AppEnv) JwtSignerKeyFunc ¶
JwtSignerKeyFunc is used in combination with jwt.Parse or jwt.ParseWithClaims to facilitate verifying JWTs from the current controller or any peer controllers.
func (*AppEnv) OidcIssuer ¶ added in v0.34.0
func (*AppEnv) ProcessJwt ¶
func (ae *AppEnv) ProcessJwt(rc *response.RequestContext, token *jwt.Token) error
func (*AppEnv) ProcessZtSession ¶
func (ae *AppEnv) ProcessZtSession(rc *response.RequestContext, ztSession string) error
func (*AppEnv) RootIssuer ¶ added in v0.34.0
func (*AppEnv) SetServerCert ¶ added in v0.34.0
func (ae *AppEnv) SetServerCert(serverCert *tls.Certificate)
func (*AppEnv) ValidateAccessToken ¶ added in v0.34.0
func (ae *AppEnv) ValidateAccessToken(token string) (*common.AccessClaims, error)
func (*AppEnv) ValidateServiceAccessToken ¶ added in v0.34.0
type AppHandler ¶
type AppHandler func(ae *AppEnv, rc *response.RequestContext)
type BasicEntitySchema ¶
type BasicEntitySchema struct { Post *gojsonschema.Schema Patch *gojsonschema.Schema Put *gojsonschema.Schema }
type Broker ¶
type Broker struct {
// contains filtered or unexported fields
}
The Broker delegates Ziti Edge events to a RouterSyncStrategy. Handling the details of which events to watch and dealing with casting arguments to their proper concrete types.
func NewBroker ¶
func NewBroker(ae *AppEnv, synchronizer RouterSyncStrategy) *Broker
func (*Broker) AcceptClusterEvent ¶
func (broker *Broker) AcceptClusterEvent(clusterEvent *event.ClusterEvent)
func (*Broker) GetEdgeRouterState ¶
func (broker *Broker) GetEdgeRouterState(id string) RouterStateValues
func (*Broker) GetPublicKeys ¶ added in v0.34.2
func (*Broker) GetReceiveHandlers ¶
func (broker *Broker) GetReceiveHandlers() []channel.TypedReceiveHandler
func (*Broker) IsEdgeRouterOnline ¶
func (*Broker) RouterConnected ¶
func (*Broker) RouterDisconnected ¶
func (*Broker) ValidateRouterDataModel ¶ added in v1.1.8
type HostController ¶
type HostController interface { GetConfig() *config.Config GetEnv() *AppEnv RegisterAgentBindHandler(bindHandler channel.BindHandler) RegisterXctrl(x xctrl.Xctrl) error RegisterXmgmt(x xmgmt.Xmgmt) error GetXWebInstance() xweb.Instance GetNetwork() *network.Network GetCloseNotifyChannel() <-chan struct{} Shutdown() Identity() identity.Identity IsRaftEnabled() bool IsRaftLeader() bool GetDb() boltz.Db GetCommandDispatcher() command.Dispatcher GetPeerSigners() []*x509.Certificate GetEventDispatcher() event.Dispatcher GetRaftIndex() uint64 GetPeerAddresses() []string GetRaftInfo() (string, string, string) GetApiAddresses() (map[string][]event.ApiAddress, []byte) GetMetricsRegistry() metrics.Registry }
type IdentityEntitySchema ¶
type IdentityEntitySchema struct { Post *gojsonschema.Schema Patch *gojsonschema.Schema Put *gojsonschema.Schema ServiceConfigs *gojsonschema.Schema }
type LockingRouterState ¶
type LockingRouterState struct {
// contains filtered or unexported fields
}
func NewLockingRouterStatus ¶
func NewLockingRouterStatus() *LockingRouterState
func (*LockingRouterState) GetVersionInfo ¶
func (r *LockingRouterState) GetVersionInfo() versions.VersionInfo
func (*LockingRouterState) Hostname ¶
func (r *LockingRouterState) Hostname() string
func (*LockingRouterState) IsOnline ¶
func (r *LockingRouterState) IsOnline() bool
func (*LockingRouterState) Protocols ¶
func (r *LockingRouterState) Protocols() map[string]string
func (*LockingRouterState) SetHostname ¶
func (r *LockingRouterState) SetHostname(hostname string)
func (*LockingRouterState) SetIsOnline ¶
func (r *LockingRouterState) SetIsOnline(isOnline bool)
func (*LockingRouterState) SetProtocols ¶
func (r *LockingRouterState) SetProtocols(protocols map[string]string)
func (*LockingRouterState) SetSyncStatus ¶
func (r *LockingRouterState) SetSyncStatus(syncStatus RouterSyncStatus)
func (*LockingRouterState) SetVersionInfo ¶
func (r *LockingRouterState) SetVersionInfo(versionInfo versions.VersionInfo)
func (*LockingRouterState) SyncStatus ¶
func (r *LockingRouterState) SyncStatus() RouterSyncStatus
func (*LockingRouterState) Values ¶
func (r *LockingRouterState) Values() RouterStateValues
type PemProducer ¶
type PemProducer struct{}
type RouterConnectionHandler ¶
type RouterConnectionHandler interface { RouterConnected(edgeRouter *model.EdgeRouter, router *model.Router) RouterDisconnected(router *model.Router) GetReceiveHandlers() []channel.TypedReceiveHandler }
RouterConnectionHandler is responsible for handling router connect/disconnect for synchronizing state. This is intended for API Session but additional state is possible. Implementations may bind additional handlers to the channel.
type RouterState ¶
type RouterState interface { SetIsOnline(isOnline bool) IsOnline() bool SetHostname(hostname string) Hostname() string SetProtocols(protocols map[string]string) Protocols() map[string]string SetSyncStatus(status RouterSyncStatus) SyncStatus() RouterSyncStatus SetVersionInfo(versionInfo versions.VersionInfo) GetVersionInfo() versions.VersionInfo Values() RouterStateValues }
RouterState provides a thread save mechanism to access and set router status information that may be influx due to reouter connection/disconnection.
type RouterStateValues ¶
type RouterStateValues struct { IsOnline bool Hostname string Protocols map[string]string SyncStatus RouterSyncStatus VersionInfo versions.VersionInfo }
func NewRouterStatusValues ¶
func NewRouterStatusValues() RouterStateValues
type RouterSyncCache ¶ added in v0.34.0
type RouterSyncCache struct { }
type RouterSyncStatus ¶
type RouterSyncStatus string
RouterSyncStatus aliased type for router sync status
const ( RouterSyncNew RouterSyncStatus = "SYNC_NEW" //connection accepted but no strategy actions have been taken RouterSyncQueued RouterSyncStatus = "SYNC_QUEUED" //connection handed to strategy, but not processed RouterSyncHello RouterSyncStatus = "SYNC_HELLO" //connection is beginning hello cycle RouterSyncHelloWait RouterSyncStatus = "SYNC_HELLO_WAIT" //hello received from router, but there are too many synchronizing routers RouterSyncResyncWait RouterSyncStatus = "SYNC_RESYNC_WAIT" //router requested a resync, in queue RouterSynInProgress RouterSyncStatus = "SYNC_IN_PROGRESS" //hello finished, starting to send state RouterSyncDone RouterSyncStatus = "SYNC_DONE" //initial state sent //Error states RouterSyncUnknown RouterSyncStatus = "SYNC_UNKNOWN" //the router is currently unknown RouterSyncDisconnected RouterSyncStatus = "SYNC_DISCONNECTED" //strategy was disconnected before finishing RouterSyncHelloTimeout RouterSyncStatus = "SYNC_HELLO_TIMEOUT" //sync failed due to a hello timeout. RouterSyncError RouterSyncStatus = "SYNC_ERROR" //sync failed due to an unexpected error //msg headers SyncStrategyTypeHeader = 1013 SyncStrategyStateHeader = 1014 SyncStrategyLastIndex = 1015 )
type RouterSyncStrategy ¶
type RouterSyncStrategy interface { Type() RouterSyncStrategyType GetEdgeRouterState(id string) RouterStateValues Stop() GetPublicKeys() map[string]crypto.PublicKey RouterConnectionHandler RouterSynchronizerEventHandler Validate() []error }
RouterSyncStrategy handles the life cycle of an Edge Router connecting to the controller, synchronizing any upfront state and then maintaining state after that.
type RouterSyncStrategyType ¶
type RouterSyncStrategyType string
RouterSyncStrategyType aliased type for router strategies
type RouterSynchronizerEventHandler ¶
type RouterSynchronizerEventHandler interface { ApiSessionAdded(apiSession *db.ApiSession) ApiSessionUpdated(apiSession *db.ApiSession, apiSessionCert *db.ApiSessionCertificate) ApiSessionDeleted(apiSession *db.ApiSession) SessionDeleted(session *db.Session) }
RouterSynchronizerEventHandler is responsible for keeping Edge Routers up to date on API Sessions
type Schemes ¶
type Schemes struct { Association *BasicEntitySchema Authenticator *BasicEntitySchema AuthenticatorSelf *BasicEntitySchema Ca *BasicEntitySchema Config *BasicEntitySchema ConfigType *BasicEntitySchema Enroller *BasicEntitySchema EnrollEr *BasicEntitySchema EnrollUpdb *BasicEntitySchema EdgeRouter *BasicEntitySchema EdgeRouterPolicy *BasicEntitySchema TransitRouter *BasicEntitySchema Identity *IdentityEntitySchema Service *BasicEntitySchema ServiceEdgeRouterPolicy *BasicEntitySchema ServicePolicy *BasicEntitySchema Session *BasicEntitySchema Terminator *BasicEntitySchema }
func (Schemes) GetEnrollErPost ¶
func (s Schemes) GetEnrollErPost() *gojsonschema.Schema
func (Schemes) GetEnrollUpdbPost ¶
func (s Schemes) GetEnrollUpdbPost() *gojsonschema.Schema
type TraceManager ¶
type TraceManager struct {
// contains filtered or unexported fields
}
func NewTraceManager ¶
func NewTraceManager(shutdownNotify <-chan struct{}) *TraceManager
func (*TraceManager) GetIdentityTrace ¶
func (self *TraceManager) GetIdentityTrace(identityId string) *TraceSpec
func (*TraceManager) RemoveIdentityTrace ¶
func (self *TraceManager) RemoveIdentityTrace(identity string)
func (*TraceManager) TraceIdentity ¶
type YamlProducer ¶
type YamlProducer struct{}