env

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2024 License: Apache-2.0 Imports: 61 Imported by: 1

Documentation

Index

Constants

View Source
const (
	ZitiSession      = "zt-session"
	ClientApiBinding = "edge-client"

	JwtAudEnrollment = "openziti-enroller"
)
View Source
const (
	EventualEventsGauge = "eventual.events"
)

Variables

This section is empty.

Functions

func AddRouter

func AddRouter(rf ApiRouter)

func GetRequestContextFromHttpContext

func GetRequestContextFromHttpContext(r *http.Request) (*response.RequestContext, error)

func NewAuthQueryExtJwt

func NewAuthQueryExtJwt(signer *model.ExternalJwtSigner) *rest_model.AuthQueryDetail

func NewAuthQueryZitiMfa

func NewAuthQueryZitiMfa() *rest_model.AuthQueryDetail

func ProcessAuthQueries

func ProcessAuthQueries(ae *AppEnv, rc *response.RequestContext)

ProcessAuthQueries will inspect a response.RequestContext and set the AuthQueries with the current outstanding authentication queries.

func ServeError

func ServeError(rw http.ResponseWriter, r *http.Request, inErr error)

ServeError is a wrapper for the OpenAPI REST server to allow the Edge API Error message responses to be used when errors are raised from the OpenAPI internal runtimes. This includes input validation methods, unsupported media types, etc.

Types

type AddRouterFunc

type AddRouterFunc func(ae *AppEnv)

func GetRouters

func GetRouters() []AddRouterFunc

type ApiRouter

type ApiRouter interface {
	Register(ae *AppEnv)
}

type AppEnv

type AppEnv struct {
	Stores   *db.Stores
	Managers *model.Managers

	Versions *ziti.Versions

	ApiServerCsrSigner     cert.Signer
	ApiClientCsrSigner     cert.Signer
	ControlClientCsrSigner cert.Signer

	FingerprintGenerator cert.FingerprintGenerator
	AuthRegistry         model.AuthRegistry
	EnrollRegistry       model.EnrollmentRegistry
	Broker               *Broker
	HostController       HostController
	ManagementApi        *managementOperations.ZitiEdgeManagementAPI
	ClientApi            *clientOperations.ZitiEdgeClientAPI
	IdentityRefreshMap   cmap.ConcurrentMap[string, time.Time]

	StartupTime     time.Time
	InstanceId      string
	AuthRateLimiter rate.AdaptiveRateLimiter

	ServerCert *tls.Certificate

	TraceManager *TraceManager
	// contains filtered or unexported fields
}

func NewAppEnv

func NewAppEnv(host HostController) (*AppEnv, error)

func (*AppEnv) AddRouterPresenceHandler added in v1.2.0

func (ae *AppEnv) AddRouterPresenceHandler(h model.RouterPresenceHandler)

func (*AppEnv) ControllersKeyFunc

func (ae *AppEnv) ControllersKeyFunc(token *jwt.Token) (interface{}, error)

func (*AppEnv) CreateRequestContext

func (ae *AppEnv) CreateRequestContext(rw http.ResponseWriter, r *http.Request) *response.RequestContext

func (*AppEnv) FillRequestContext

func (ae *AppEnv) FillRequestContext(rc *response.RequestContext) error

func (*AppEnv) GetApiAddresses added in v1.1.6

func (ae *AppEnv) GetApiAddresses() (map[string][]event.ApiAddress, []byte)

func (*AppEnv) GetApiClientCsrSigner

func (ae *AppEnv) GetApiClientCsrSigner() cert.Signer

func (*AppEnv) GetApiServerCsrSigner

func (ae *AppEnv) GetApiServerCsrSigner() cert.Signer

func (*AppEnv) GetAuthRegistry

func (ae *AppEnv) GetAuthRegistry() model.AuthRegistry

func (*AppEnv) GetCloseNotifyChannel added in v1.1.6

func (ae *AppEnv) GetCloseNotifyChannel() <-chan struct{}

func (*AppEnv) GetCommandDispatcher added in v1.1.6

func (ae *AppEnv) GetCommandDispatcher() command.Dispatcher

func (*AppEnv) GetConfig

func (ae *AppEnv) GetConfig() *config.Config

func (*AppEnv) GetControlClientCsrSigner

func (ae *AppEnv) GetControlClientCsrSigner() cert.Signer

func (*AppEnv) GetControllerPublicKey

func (ae *AppEnv) GetControllerPublicKey(kid string) crypto.PublicKey

func (*AppEnv) GetDb added in v1.1.6

func (ae *AppEnv) GetDb() boltz.Db

func (*AppEnv) GetEnrollRegistry

func (ae *AppEnv) GetEnrollRegistry() model.EnrollmentRegistry

func (*AppEnv) GetEnrollmentJwtSigner added in v1.2.0

func (ae *AppEnv) GetEnrollmentJwtSigner() (jwtsigner.Signer, error)

GetEnrollmentJwtSigner returns as Signer to use for enrollments based on the edge.api.address hostname or an error if one cannot be located that matches. Hostname matching is done across all identity server certificates, including alternate server certificates.

func (*AppEnv) GetEventDispatcher added in v1.1.14

func (ae *AppEnv) GetEventDispatcher() event.Dispatcher

func (*AppEnv) GetFingerprintGenerator

func (ae *AppEnv) GetFingerprintGenerator() cert.FingerprintGenerator

func (*AppEnv) GetHostController

func (ae *AppEnv) GetHostController() HostController

func (*AppEnv) GetId added in v1.2.1

func (ae *AppEnv) GetId() string

func (*AppEnv) GetManagers

func (ae *AppEnv) GetManagers() *model.Managers

func (*AppEnv) GetMetricsRegistry

func (ae *AppEnv) GetMetricsRegistry() metrics.Registry

func (*AppEnv) GetPeerControllerAddresses added in v0.34.0

func (ae *AppEnv) GetPeerControllerAddresses() []string

func (*AppEnv) GetPeerSigners added in v1.1.6

func (ae *AppEnv) GetPeerSigners() []*x509.Certificate

func (*AppEnv) GetRaftInfo added in v1.1.6

func (ae *AppEnv) GetRaftInfo() (string, string, string)

func (*AppEnv) GetServerCert

func (ae *AppEnv) GetServerCert() (serverCert *tls.Certificate, kid string, signingMethod jwt.SigningMethod)

func (*AppEnv) GetServerJwtSigner added in v0.34.0

func (ae *AppEnv) GetServerJwtSigner() jwtsigner.Signer

func (*AppEnv) GetStores

func (ae *AppEnv) GetStores() *db.Stores

func (*AppEnv) HandleServiceEvent

func (ae *AppEnv) HandleServiceEvent(event *db.ServiceEvent)

func (*AppEnv) HandleServiceUpdatedEventForIdentityId

func (ae *AppEnv) HandleServiceUpdatedEventForIdentityId(identityId string)

func (*AppEnv) InitPersistence

func (ae *AppEnv) InitPersistence() error

func (*AppEnv) IsAllowed

func (ae *AppEnv) IsAllowed(responderFunc func(ae *AppEnv, rc *response.RequestContext), request *http.Request, entityId string, entitySubId string, permissions ...permissions.Resolver) openApiMiddleware.Responder

func (*AppEnv) IsEdgeRouterOnline

func (ae *AppEnv) IsEdgeRouterOnline(id string) bool

func (*AppEnv) JwtSignerKeyFunc

func (ae *AppEnv) JwtSignerKeyFunc(token *jwt.Token) (interface{}, error)

JwtSignerKeyFunc is used in combination with jwt.Parse or jwt.ParseWithClaims to facilitate verifying JWTs from the current controller or any peer controllers.

func (*AppEnv) OidcIssuer added in v0.34.0

func (ae *AppEnv) OidcIssuer() string

func (*AppEnv) ProcessJwt

func (ae *AppEnv) ProcessJwt(rc *response.RequestContext, token *jwt.Token) error

func (*AppEnv) ProcessZtSession

func (ae *AppEnv) ProcessZtSession(rc *response.RequestContext, ztSession string) error

func (*AppEnv) RootIssuer added in v0.34.0

func (ae *AppEnv) RootIssuer() string

func (*AppEnv) SetServerCert added in v0.34.0

func (ae *AppEnv) SetServerCert(serverCert *tls.Certificate)

func (*AppEnv) ValidateAccessToken added in v0.34.0

func (ae *AppEnv) ValidateAccessToken(token string) (*common.AccessClaims, error)

func (*AppEnv) ValidateServiceAccessToken added in v0.34.0

func (ae *AppEnv) ValidateServiceAccessToken(token string, apiSessionId *string) (*common.ServiceAccessClaims, error)

type AppHandler

type AppHandler func(ae *AppEnv, rc *response.RequestContext)

type AppMiddleware

type AppMiddleware func(*AppEnv, http.Handler) http.Handler

type BasicEntitySchema

type BasicEntitySchema struct {
	Post  *gojsonschema.Schema
	Patch *gojsonschema.Schema
	Put   *gojsonschema.Schema
}

type Broker

type Broker struct {
	// contains filtered or unexported fields
}

The Broker delegates Ziti Edge events to a RouterSyncStrategy. Handling the details of which events to watch and dealing with casting arguments to their proper concrete types.

func NewBroker

func NewBroker(ae *AppEnv, synchronizer RouterSyncStrategy) *Broker

func (*Broker) AcceptClusterEvent

func (broker *Broker) AcceptClusterEvent(clusterEvent *event.ClusterEvent)

func (*Broker) GetEdgeRouterState

func (broker *Broker) GetEdgeRouterState(id string) RouterStateValues

func (*Broker) GetPublicKeys added in v0.34.2

func (broker *Broker) GetPublicKeys() map[string]crypto.PublicKey

func (*Broker) GetReceiveHandlers

func (broker *Broker) GetReceiveHandlers() []channel.TypedReceiveHandler

func (*Broker) IsEdgeRouterOnline

func (broker *Broker) IsEdgeRouterOnline(id string) bool

func (*Broker) RouterConnected

func (broker *Broker) RouterConnected(router *model.Router)

func (*Broker) RouterDisconnected

func (broker *Broker) RouterDisconnected(r *model.Router)

func (*Broker) Stop

func (broker *Broker) Stop()

func (*Broker) ValidateRouterDataModel added in v1.1.8

func (broker *Broker) ValidateRouterDataModel() []error

type HostController

type HostController interface {
	GetConfig() *config.Config
	GetEnv() *AppEnv
	RegisterAgentBindHandler(bindHandler channel.BindHandler)
	RegisterXctrl(x xctrl.Xctrl) error
	RegisterXmgmt(x xmgmt.Xmgmt) error
	GetXWebInstance() xweb.Instance
	GetNetwork() *network.Network
	GetCloseNotifyChannel() <-chan struct{}
	Shutdown()
	Identity() identity.Identity
	IsRaftEnabled() bool
	IsRaftLeader() bool
	GetDb() boltz.Db
	GetCommandDispatcher() command.Dispatcher
	GetPeerSigners() []*x509.Certificate
	GetEventDispatcher() event.Dispatcher
	GetRaftIndex() uint64
	GetPeerAddresses() []string
	GetRaftInfo() (string, string, string)
	GetApiAddresses() (map[string][]event.ApiAddress, []byte)
	GetMetricsRegistry() metrics.Registry
}

type IdentityEntitySchema

type IdentityEntitySchema struct {
	Post           *gojsonschema.Schema
	Patch          *gojsonschema.Schema
	Put            *gojsonschema.Schema
	ServiceConfigs *gojsonschema.Schema
}

type LockingRouterState

type LockingRouterState struct {
	// contains filtered or unexported fields
}

func NewLockingRouterStatus

func NewLockingRouterStatus() *LockingRouterState

func (*LockingRouterState) GetVersionInfo

func (r *LockingRouterState) GetVersionInfo() versions.VersionInfo

func (*LockingRouterState) Hostname

func (r *LockingRouterState) Hostname() string

func (*LockingRouterState) IsOnline

func (r *LockingRouterState) IsOnline() bool

func (*LockingRouterState) Protocols

func (r *LockingRouterState) Protocols() map[string]string

func (*LockingRouterState) SetHostname

func (r *LockingRouterState) SetHostname(hostname string)

func (*LockingRouterState) SetIsOnline

func (r *LockingRouterState) SetIsOnline(isOnline bool)

func (*LockingRouterState) SetProtocols

func (r *LockingRouterState) SetProtocols(protocols map[string]string)

func (*LockingRouterState) SetSyncStatus

func (r *LockingRouterState) SetSyncStatus(syncStatus RouterSyncStatus)

func (*LockingRouterState) SetVersionInfo

func (r *LockingRouterState) SetVersionInfo(versionInfo versions.VersionInfo)

func (*LockingRouterState) SyncStatus

func (r *LockingRouterState) SyncStatus() RouterSyncStatus

func (*LockingRouterState) Values

type PemProducer

type PemProducer struct{}

func (PemProducer) Produce

func (p PemProducer) Produce(writer io.Writer, i interface{}) error

type RouterConnectionHandler

type RouterConnectionHandler interface {
	RouterConnected(edgeRouter *model.EdgeRouter, router *model.Router)
	RouterDisconnected(router *model.Router)
	GetReceiveHandlers() []channel.TypedReceiveHandler
}

RouterConnectionHandler is responsible for handling router connect/disconnect for synchronizing state. This is intended for API Session but additional state is possible. Implementations may bind additional handlers to the channel.

type RouterState

type RouterState interface {
	SetIsOnline(isOnline bool)
	IsOnline() bool

	SetHostname(hostname string)
	Hostname() string

	SetProtocols(protocols map[string]string)
	Protocols() map[string]string

	SetSyncStatus(status RouterSyncStatus)
	SyncStatus() RouterSyncStatus

	SetVersionInfo(versionInfo versions.VersionInfo)
	GetVersionInfo() versions.VersionInfo

	Values() RouterStateValues
}

RouterState provides a thread save mechanism to access and set router status information that may be influx due to reouter connection/disconnection.

type RouterStateValues

type RouterStateValues struct {
	IsOnline    bool
	Hostname    string
	Protocols   map[string]string
	SyncStatus  RouterSyncStatus
	VersionInfo versions.VersionInfo
}

func NewRouterStatusValues

func NewRouterStatusValues() RouterStateValues

type RouterSyncCache added in v0.34.0

type RouterSyncCache struct {
}

type RouterSyncStatus

type RouterSyncStatus string

RouterSyncStatus aliased type for router sync status

const (
	RouterSyncNew        RouterSyncStatus = "SYNC_NEW"         //connection accepted but no strategy actions have been taken
	RouterSyncQueued     RouterSyncStatus = "SYNC_QUEUED"      //connection handed to strategy, but not processed
	RouterSyncHello      RouterSyncStatus = "SYNC_HELLO"       //connection is beginning hello cycle
	RouterSyncHelloWait  RouterSyncStatus = "SYNC_HELLO_WAIT"  //hello received from router, but there are too many synchronizing routers
	RouterSyncResyncWait RouterSyncStatus = "SYNC_RESYNC_WAIT" //router requested a resync, in queue
	RouterSynInProgress  RouterSyncStatus = "SYNC_IN_PROGRESS" //hello finished, starting to send state
	RouterSyncDone       RouterSyncStatus = "SYNC_DONE"        //initial state sent

	//Error states
	RouterSyncUnknown      RouterSyncStatus = "SYNC_UNKNOWN"       //the router is currently unknown
	RouterSyncDisconnected RouterSyncStatus = "SYNC_DISCONNECTED"  //strategy was disconnected before finishing
	RouterSyncHelloTimeout RouterSyncStatus = "SYNC_HELLO_TIMEOUT" //sync failed due to a hello timeout.
	RouterSyncError        RouterSyncStatus = "SYNC_ERROR"         //sync failed due to an unexpected error

	//msg headers
	SyncStrategyTypeHeader  = 1013
	SyncStrategyStateHeader = 1014
	SyncStrategyLastIndex   = 1015
)

type RouterSyncStrategy

type RouterSyncStrategy interface {
	Type() RouterSyncStrategyType
	GetEdgeRouterState(id string) RouterStateValues
	Stop()
	GetPublicKeys() map[string]crypto.PublicKey
	RouterConnectionHandler
	RouterSynchronizerEventHandler
	Validate() []error
}

RouterSyncStrategy handles the life cycle of an Edge Router connecting to the controller, synchronizing any upfront state and then maintaining state after that.

type RouterSyncStrategyType

type RouterSyncStrategyType string

RouterSyncStrategyType aliased type for router strategies

type RouterSynchronizerEventHandler

type RouterSynchronizerEventHandler interface {
	ApiSessionAdded(apiSession *db.ApiSession)
	ApiSessionUpdated(apiSession *db.ApiSession, apiSessionCert *db.ApiSessionCertificate)
	ApiSessionDeleted(apiSession *db.ApiSession)
	SessionDeleted(session *db.Session)
}

RouterSynchronizerEventHandler is responsible for keeping Edge Routers up to date on API Sessions

type Schemes

type Schemes struct {
	Association             *BasicEntitySchema
	Authenticator           *BasicEntitySchema
	AuthenticatorSelf       *BasicEntitySchema
	Ca                      *BasicEntitySchema
	Config                  *BasicEntitySchema
	ConfigType              *BasicEntitySchema
	Enroller                *BasicEntitySchema
	EnrollEr                *BasicEntitySchema
	EnrollUpdb              *BasicEntitySchema
	EdgeRouter              *BasicEntitySchema
	EdgeRouterPolicy        *BasicEntitySchema
	TransitRouter           *BasicEntitySchema
	Identity                *IdentityEntitySchema
	Service                 *BasicEntitySchema
	ServiceEdgeRouterPolicy *BasicEntitySchema
	ServicePolicy           *BasicEntitySchema
	Session                 *BasicEntitySchema
	Terminator              *BasicEntitySchema
}

func (Schemes) GetEnrollErPost

func (s Schemes) GetEnrollErPost() *gojsonschema.Schema

func (Schemes) GetEnrollUpdbPost

func (s Schemes) GetEnrollUpdbPost() *gojsonschema.Schema

type TraceManager

type TraceManager struct {
	// contains filtered or unexported fields
}

func NewTraceManager

func NewTraceManager(shutdownNotify <-chan struct{}) *TraceManager

func (*TraceManager) GetIdentityTrace

func (self *TraceManager) GetIdentityTrace(identityId string) *TraceSpec

func (*TraceManager) RemoveIdentityTrace

func (self *TraceManager) RemoveIdentityTrace(identity string)

func (*TraceManager) TraceIdentity

func (self *TraceManager) TraceIdentity(identity string, duration time.Duration, id string, channelMask uint32) *TraceSpec

type TraceSpec

type TraceSpec struct {
	Until       time.Time
	TraceId     string
	ChannelMask uint32
}

func (*TraceSpec) String

func (self *TraceSpec) String() string

type YamlProducer

type YamlProducer struct{}

func (YamlProducer) Produce

func (p YamlProducer) Produce(writer io.Writer, i interface{}) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL