db

package
v0.33.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 13, 2024 License: Apache-2.0 Imports: 38 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	FieldApiSessionCertificateApiSession  = "apiSession"
	FieldApiSessionCertificateSubject     = "subject"
	FieldApiSessionCertificateFingerprint = "fingerprint"
	FieldApiSessionCertificateValidAfter  = "validAfter"
	FieldApiSessionCertificateValidBefore = "validBefore"
	FieldApiSessionCertificatePem         = "pem"
)
View Source 
const (
	FieldApiSessionIdentity       = "identity"
	FieldApiSessionToken          = "token"
	FieldApiSessionConfigTypes    = "configTypes"
	FieldApiSessionIPAddress      = "ipAddress"
	FieldApiSessionMfaComplete    = "mfaComplete"
	FieldApiSessionMfaRequired    = "mfaRequired"
	FieldApiSessionLastActivityAt = "lastActivityAt"
	FieldApiSessionAuthenticator  = "authenticator"

	EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED"

	EventualEventApiSessionDelete = "ApiSessionDelete"
)
View Source 
const (
	DefaultUpdbMinPasswordLength = int64(5)
	DefaultUpdbMaxAttempts       = int64(5)
	DefaultAuthPolicyId          = "default"

	UpdbIndefiniteLockout      = int64(0)
	UpdbUnlimitedAttemptsLimit = int64(0)

	FieldAuthPolicyPrimaryCertAllowed           = "primary.cert.allowed"
	FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts"

	FieldAuthPolicyPrimaryUpdbAllowed                = "primary.updb.allowed"
	FiledAuthPolicyPrimaryUpdbMinPasswordLength      = "primary.updb.minPasswordLength"
	FieldAuthPolicyPrimaryUpdbRequireSpecialChar     = "primary.updb.requireSpecialChar"
	FieldAuthPolicyPrimaryUpdbRequireNumberChar      = "primary.updb.requireNumberChar"
	FieldAuthPolicyPrimaryUpdbRequireMixedCase       = "primary.updb.requireMixedCase"
	FieldAuthPolicyPrimaryUpdbMaxAttempts            = "primary.updb.maxAttempts"
	FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes"

	FieldAuthPolicyPrimaryExtJwtAllowed        = "primary.extJwt.allowed"
	FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners"

	FieldAuthSecondaryPolicyRequireTotp          = "secondary.requireTotp"
	FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner"
)
View Source 
const (
	FieldAuthenticatorMethod   = "method"
	FieldAuthenticatorIdentity = "identity"

	FieldAuthenticatorCertFingerprint = "certFingerprint"
	FieldAuthenticatorCertPem         = "certPem"

	FieldAuthenticatorUnverifiedCertPem         = "unverifiedCertPem"
	FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint"

	FieldAuthenticatorUpdbUsername = "updbUsername"
	FieldAuthenticatorUpdbPassword = "updbPassword"
	FieldAuthenticatorUpdbSalt     = "updbSalt"

	MethodAuthenticatorUpdb = "updb"
	MethodAuthenticatorCert = "cert"
	// MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly
	// registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a
	// "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually
	// be stored for persistence and is defined here for as tobe near the other authenticator methods.
	MethodAuthenticatorCertCaExternalId = "certCaExternalId"
)
View Source 
const (
	EntityTypeApiSessions               = "apiSessions"
	EntityTypeApiSessionCertificates    = "apiSessionCertificates"
	EntityTypeAuthPolicies              = "authPolicies"
	EntityTypeEventualEvents            = "eventualEvents"
	EntityTypeCas                       = "cas"
	EntityTypeConfigs                   = "configs"
	EntityTypeConfigTypes               = "configTypes"
	EntityTypeEdgeRouterPolicies        = "edgeRouterPolicies"
	EntityTypeExternalJwtSigners        = "externalJwtSigners"
	EntityTypeIdentities                = "identities"
	EntityTypeIdentityTypes             = "identityTypes"
	EntityTypeMfas                      = "mfas"
	EntityTypeRevocations               = "revocations"
	EntityTypeServicePolicies           = "servicePolicies"
	EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies"
	EntityTypeSessions                  = "sessions"
	EntityTypeSessionCerts              = "sessionCerts"
	EntityTypeEnrollments               = "enrollments"
	EntityTypeAuthenticators            = "authenticators"
	EntityTypePostureChecks             = "postureChecks"
	EntityTypePostureCheckTypes         = "postureCheckTypes"
	EdgeBucket                          = "edge"

	FieldName           = "name"
	FieldSemantic       = "semantic"
	FieldRoleAttributes = "roleAttributes"

	FieldEdgeRouterRoles   = "edgeRouterRoles"
	FieldIdentityRoles     = "identityRoles"
	FieldServiceRoles      = "serviceRoles"
	FieldPostureCheckRoles = "postureCheckRoles"

	SemanticAllOf = "AllOf"
	SemanticAnyOf = "AnyOf"
)
View Source 
const (
	FieldCaFingerprint                    = "fingerprint"
	FieldCaCertPem                        = "certPem"
	FieldCaIsVerified                     = "isVerified"
	FieldCaVerificationToken              = "verificationToken"
	FieldCaIsAutoCaEnrollmentEnabled      = "isAutoCaEnrollmentEnabled"
	FieldCaIsOttCaEnrollmentEnabled       = "isOttCaEnrollmentEnabled"
	FieldCaIsAuthEnabled                  = "isAuthEnabled"
	FieldCaIdentityNameFormat             = "identityNameFormat"
	FieldCaEnrollments                    = "enrollments"
	FieldCaExternalIdClaim                = "externalIdClaim"
	FieldCaExternalIdClaimLocation        = "externalIdClaim.location"
	FieldCaExternalIdClaimIndex           = "externalIdClaim.index"
	FieldCaExternalIdClaimMatcher         = "externalIdClaim.matcher"
	FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria"
	FieldCaExternalIdClaimParser          = "externalIdClaim.parser"
	FieldCaExternalIdClaimParserCriteria  = "externalIdClaim.parserSeparator"
)
View Source 
const (
	ExternalIdClaimLocCommonName = "COMMON_NAME"
	ExternalIdClaimLocSanUri     = "SAN_URI"
	ExternalIdClaimLocSanEmail   = "SAN_EMAIL"

	ExternalIdClaimMatcherAll    = "ALL"
	ExternalIdClaimMatcherSuffix = "SUFFIX"
	ExternalIdClaimMatcherPrefix = "PREFIX"
	ExternalIdClaimMatcherScheme = "SCHEME"

	ExternalIdClaimParserNone  = "NONE"
	ExternalIdClaimParserSplit = "SPLIT"
)
View Source 
const (
	FieldConfigData            = "data"
	FieldConfigType            = "type"
	FieldConfigIdentityService = "identityServices"
)
View Source 
const (
	RootBucket     = "ziti"
	MetadataBucket = "metadata"
	FieldRaftIndex = "raftIndex"
)
View Source 
const (
	FieldEdgeRouters                     = "edgeRouters"
	FieldEdgeRouterCertPEM               = "certPem"
	FieldEdgeRouterUnverifiedCertPEM     = "unverifiedCertPem"
	FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint"
	FieldEdgeRouterIsVerified            = "isVerified"
	FieldEdgeRouterIsTunnelerEnabled     = "isTunnelerEnabled"
	FieldEdgeRouterAppData               = "appData"
)
View Source 
const (
	FieldEdgeServiceDialIdentities = "dialIdentities"
	FieldEdgeServiceBindIdentities = "bindIdentities"
	FieldServiceEncryptionRequired = "encryptionRequired"
)
View Source 
const (
	FieldEnrollmentToken     = "token"
	FieldEnrollmentMethod    = "method"
	FieldEnrollIdentity      = "identity"
	FieldEnrollEdgeRouter    = "edgeRouter"
	FieldEnrollTransitRouter = "transitRouter"
	FieldEnrollmentExpiresAt = "expiresAt"
	FieldEnrollmentIssuedAt  = "issuedAt"
	FieldEnrollmentCaId      = "caId"
	FieldEnrollmentUsername  = "username"
	FieldEnrollmentJwt       = "jwt"

	MethodEnrollOtt   = "ott"
	MethodEnrollOttCa = "ottca"
	MethodEnrollCa    = "ca"
	MethodEnrollUpdb  = "updb"
)
View Source 
const (
	FieldEventualEventType = "type"
	FieldEventualEventData = "data"
)
View Source 
const (
	// EventualEventAddedName is emitted when a new event is added via AddEventualEvent().
	//
	// Event arguments:
	//	0 - an EventualEventAdded struct
	EventualEventAddedName = events.EventName("EventualEventAdded")

	// EventualEventRemovedName is emitted when a previously added eventual event is processed
	//
	// Event arguments:
	//	0 - an EventualEventRemoved struct
	EventualEventRemovedName = events.EventName("EventualEventRemoved")

	// EventualEventProcessingStartName is emitted as the first action during processing
	// Event arguments:
	//	0 - an EventualEventProcessingStart struct
	EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart")

	// EventualEventProcessingBatchStartName is emitted as the first set of events are processed
	// after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each
	// patch should contain 1+ events.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchStart struct
	EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart")

	// EventualEventProcessingListenerStartName is emitted for each function listener invoked
	// on each event.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerStart struct
	EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart")

	// EventualEventProcessingListenerDoneName is emitted for each function listener after invocation
	//
	// Event arguments:
	//	0 - an EventualEventProcessingListenerDone struct
	EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone")

	// EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingBatchDone struct
	EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone")

	// EventualEventProcessingDoneName is emitted as the last action during processing after
	// all events and batches.
	//
	// Event arguments:
	//	0 - an EventualEventProcessingDone struct
	EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone")
)
View Source 
const (
	FieldExternalJwtSignerFingerprint     = "fingerprint"
	FieldExternalJwtSignerCertPem         = "certPem"
	FieldExternalJwtSignerJwksEndpoint    = "jwksEndpoint"
	FieldExternalJwtSignerCommonName      = "commonName"
	FieldExternalJwtSignerNotAfter        = "notAfter"
	FieldExternalJwtSignerNotBefore       = "notBefore"
	FieldExternalJwtSignerEnabled         = "enabled"
	FieldExternalJwtSignerExternalAuthUrl = "externalAuthUrl"
	FieldExternalJwtSignerAuthPolicies    = "authPolicies"
	FieldExternalJwtSignerClaimsProperty  = "claimsProperty"
	FieldExternalJwtSignerUseExternalId   = "useExternalId"
	FieldExternalJwtSignerKid             = "kid"
	FieldExternalJwtSignerIssuer          = "issuer"
	FieldExternalJwtSignerAudience        = "audience"

	DefaultClaimsProperty = "sub"
)
View Source 
const (
	FieldIdentityType           = "type"
	FieldIdentityIsDefaultAdmin = "isDefaultAdmin"
	FieldIdentityIsAdmin        = "isAdmin"
	FieldIdentityEnrollments    = "enrollments"
	FieldIdentityAuthenticators = "authenticators"
	FieldIdentityServiceConfigs = "serviceConfigs"

	FieldIdentityEnvInfoArch       = "envInfoArch"
	FieldIdentityEnvInfoOs         = "envInfoOs"
	FieldIdentityEnvInfoOsRelease  = "envInfoRelease"
	FieldIdentityEnvInfoOsVersion  = "envInfoVersion"
	FieldIdentityEnvInfoDomain     = "envInfoDomain"
	FieldIdentityEnvInfoHostname   = "envInfoHostname"
	FieldIdentitySdkInfoBranch     = "sdkInfoBranch"
	FieldIdentitySdkInfoRevision   = "sdkInfoRevision"
	FieldIdentitySdkInfoType       = "sdkInfoType"
	FieldIdentitySdkInfoVersion    = "sdkInfoVersion"
	FieldIdentitySdkInfoAppId      = "sdkInfoAppId"
	FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion"

	FieldIdentityBindServices              = "bindServices"
	FieldIdentityDialServices              = "dialServices"
	FieldIdentityDefaultHostingPrecedence  = "defaultHostingPrecedence"
	FieldIdentityDefaultHostingCost        = "defaultHostingCost"
	FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences"
	FieldIdentityServiceHostingCosts       = "serviceHostingCosts"
	FieldIdentityAppData                   = "appData"
	FieldIdentityAuthPolicyId              = "authPolicyId"
	FieldIdentityExternalId                = "externalId"
	FieldIdentityDisabledAt                = "disabledAt"
	FieldIdentityDisabledUntil             = "disabledUntil"
)
View Source 
const (
	RouterIdentityType  = "Router"
	DefaultIdentityType = "Default"
)
View Source 
const (
	FieldMfaIdentity      = "identity"
	FieldMfaIsVerified    = "isVerified"
	FieldMfaRecoveryCodes = "recoveryCodes"
	FieldMfaSecret        = "secret"
	FieldMfaSalt          = "salt"
)
View Source 
const (
	CurrentDbVersion = 35
	FieldVersion     = "version"
)
View Source 
const (
	FieldPostureCheckMfaTimeoutSeconds        = "timeoutSeconds"
	FieldPostureCheckMfaPromptOnWake          = "promptOnWake"
	FieldPostureCheckMfaPromptOnUnlock        = "promptOnUnlock"
	FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints"
)
View Source 
const (
	FieldPostureCheckOsType     = "osType"
	FieldPostureCheckOsVersions = "osVersions"
)
View Source 
const (
	FieldPostureCheckProcessOs          = "os"
	FieldPostureCheckProcessPath        = "path"
	FieldPostureCheckProcessHashes      = "hashes"
	FieldPostureCheckProcessFingerprint = "fingerprint"
)
View Source 
const (
	FieldPostureCheckProcessMultiOsType             = "osType"
	FieldPostureCheckProcessMultiPath               = "path"
	FieldPostureCheckProcessMultiHashes             = "hashes"
	FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints"
	FieldPostureCheckProcessMultiProcesses          = "processes"
)
View Source 
const (
	//Fields
	FieldPostureCheckTypeId       = "typeId"
	FieldPostureCheckVersion      = "version"
	FieldPostureCheckBindServices = "bindServices"
	FieldPostureCheckDialServices = "dialServices"
)
View Source 
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source 
const (
	EntityTypeRouters      = "routers"
	FieldRouterFingerprint = "fingerprint"
	FieldRouterCost        = "cost"
	FieldRouterNoTraversal = "noTraversal"
	FieldRouterDisabled    = "disabled"
)
View Source 
const (
	FieldServicePolicyType = "type"

	PolicyTypeInvalidName = "Invalid"
	PolicyTypeDialName    = "Dial"
	PolicyTypeBindName    = "Bind"

	PolicyTypeInvalid PolicyType = PolicyTypeInvalidName
	PolicyTypeDial    PolicyType = PolicyTypeDialName
	PolicyTypeBind    PolicyType = PolicyTypeBindName
)
View Source 
const (
	EntityTypeServices             = "services"
	FieldServiceTerminatorStrategy = "terminatorStrategy"
	FieldServiceMaxIdleTime        = "maxIdleTime"
)
View Source 
const (
	FieldSessionToken           = "token"
	FieldSessionApiSession      = "apiSession"
	FieldSessionService         = "service"
	FieldSessionIdentity        = "identity"
	FieldSessionType            = "type"
	FieldSessionServicePolicies = "servicePolicies"

	SessionTypeDial = "Dial"
	SessionTypeBind = "Bind"
)
View Source 
const (
	EntityTypeTerminators          = "terminators"
	FieldTerminatorService         = "service"
	FieldTerminatorRouter          = "router"
	FieldTerminatorBinding         = "binding"
	FieldTerminatorAddress         = "address"
	FieldTerminatorInstanceId      = "instanceId"
	FieldTerminatorInstanceSecret  = "instanceSecret"
	FieldTerminatorCost            = "cost"
	FieldTerminatorPrecedence      = "precedence"
	FieldServerPeerData            = "peerData"
	FieldTerminatorHostId          = "hostId"
	FieldTerminatorSavedPrecedence = "savedPrecedence"
)
View Source 
const (
	TransitRouterPath             = "transitRouter"
	FieldTransitRouterIsVerified  = "isVerified"
	FieldTransitRouterEnrollments = "enrollments"
)
View Source 
const (
	RolePrefix   = "#"
	EntityPrefix = "@"
	AllRole      = "#all"
)
View Source 
const (
	FieldConfigTypeSchema = "schema"
)
View Source 
const (
	FieldPostureCheckDomains = "domains"
)
View Source 
const (
	FieldPostureCheckMacAddresses = "macAddresses"
)
View Source 
const (
	FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)
View Source 
const (
	FieldRevocationExpiresAt = "expiresAt"
)

Variables

View Source 
var IdentityTypesV1 = map[string]string{
	"Default": "Default",
	"Router":  "Router",
}
View Source 
var ServiceEvents = &ServiceEventsRegistry{
	handlers: cowslice.NewCowSlice(make([]ServiceEventHandler, 0)),
}

Functions

func EvaluatePolicy added in v0.31.1 

func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)

func FieldValuesToIds added in v0.31.1 

func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string

func LoadCurrentRaftIndex 

func LoadCurrentRaftIndex(tx *bbolt.Tx) uint64

func NewStoreDefinition 

func NewStoreDefinition[E boltz.ExtEntity](strategy boltz.EntityStrategy[E]) boltz.StoreDefinition[E]

func Open 

func Open(path string) (boltz.Db, error)

func ProcessEntityPolicyMatched added in v0.31.1 

func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func ProcessEntityPolicyUnmatched added in v0.31.1 

func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte) bool

func RunMigrations added in v0.31.1 

func RunMigrations(db boltz.Db, stores *Stores) error

func UpdateRelatedRoles added in v0.31.1 

func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)

Types

type ApiSession added in v0.31.1 

type ApiSession struct {
	boltz.BaseExtEntity
	IdentityId      string    `json:"identityId"`
	Token           string    `json:"-"`
	IPAddress       string    `json:"ipAddress"`
	ConfigTypes     []string  `json:"configTypes"`
	MfaComplete     bool      `json:"mfaComplete"`
	MfaRequired     bool      `json:"mfaRequired"`
	LastActivityAt  time.Time `json:"lastActivityAt"`
	AuthenticatorId string    `json:"authenticatorId"`
}

func NewApiSession added in v0.31.1 

func NewApiSession(identityId string) *ApiSession

func (*ApiSession) GetEntityType added in v0.31.1 

func (entity *ApiSession) GetEntityType() string

type ApiSessionCertificate added in v0.31.1 

type ApiSessionCertificate struct {
	boltz.BaseExtEntity
	ApiSessionId string     `json:"apiSessionId"`
	Subject      string     `json:"subject"`
	Fingerprint  string     `json:"fingerprint"`
	ValidAfter   *time.Time `json:"validAfter"`
	ValidBefore  *time.Time `json:"validBefore"`
	PEM          string     `json:"pem"`
}

func (*ApiSessionCertificate) GetEntityType added in v0.31.1 

func (entity *ApiSessionCertificate) GetEntityType() string

type ApiSessionCertificateStore added in v0.31.1 

type ApiSessionCertificateStore interface {
	Store[*ApiSessionCertificate]
}

type ApiSessionCertificateStoreImpl added in v0.31.1 

type ApiSessionCertificateStoreImpl struct {
	// contains filtered or unexported fields
}

func (*ApiSessionCertificateStoreImpl) FillEntity added in v0.31.1 

func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)

func (ApiSessionCertificateStoreImpl) GetName added in v0.31.1 

func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (ApiSessionCertificateStoreImpl) LoadOneById added in v0.31.1 

func (store ApiSessionCertificateStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*ApiSessionCertificateStoreImpl) NewEntity added in v0.31.1 

func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate

func (*ApiSessionCertificateStoreImpl) PersistEntity added in v0.31.1 

func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)

type ApiSessionStore added in v0.31.1 

type ApiSessionStore interface {
	Store[*ApiSession]
	LoadOneByToken(tx *bbolt.Tx, token string) (*ApiSession, error)
	GetTokenIndex() boltz.ReadIndex
	GetCachedSessionId(tx *bbolt.Tx, apiSessionId, sessionType, serviceId string) *string
	GetEventsEmitter() events.EventEmmiter
}

type AuthPolicy added in v0.31.1 

type AuthPolicy struct {
	boltz.BaseExtEntity
	Name string `json:"name"`

	Primary   AuthPolicyPrimary   `json:"primary"`
	Secondary AuthPolicySecondary `json:"secondary"`
}

func (*AuthPolicy) GetEntityType added in v0.31.1 

func (entity *AuthPolicy) GetEntityType() string

func (*AuthPolicy) GetName added in v0.31.1 

func (entity *AuthPolicy) GetName() string

type AuthPolicyCert added in v0.31.1 

type AuthPolicyCert struct {
	Allowed           bool `json:"allowed"`
	AllowExpiredCerts bool `json:"allowExpiredCerts"`
}

type AuthPolicyExtJwt added in v0.31.1 

type AuthPolicyExtJwt struct {
	Allowed              bool     `json:"allowed"`
	AllowedExtJwtSigners []string `json:"allowedExtJwtSigners"`
}

type AuthPolicyPrimary added in v0.31.1 

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert   `json:"cert"`
	Updb   AuthPolicyUpdb   `json:"updb"`
	ExtJwt AuthPolicyExtJwt `json:"extJwt"`
}

type AuthPolicySecondary added in v0.31.1 

type AuthPolicySecondary struct {
	RequireTotp          bool    `json:"requireTotp"`
	RequiredExtJwtSigner *string `json:"requiredExtJwtSigner"`
}

type AuthPolicyStore added in v0.31.1 

type AuthPolicyStore interface {
	NameIndexed
	Store[*AuthPolicy]
}

type AuthPolicyStoreImpl added in v0.31.1 

type AuthPolicyStoreImpl struct {
	// contains filtered or unexported fields
}

func (*AuthPolicyStoreImpl) FillEntity added in v0.31.1 

func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)

func (AuthPolicyStoreImpl) GetName added in v0.31.1 

func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*AuthPolicyStoreImpl) GetNameIndex added in v0.31.1 

func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex

func (AuthPolicyStoreImpl) LoadOneById added in v0.31.1 

func (store AuthPolicyStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*AuthPolicyStoreImpl) NewEntity added in v0.31.1 

func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy

func (*AuthPolicyStoreImpl) PersistEntity added in v0.31.1 

func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)

type AuthPolicyUpdb added in v0.31.1 

type AuthPolicyUpdb struct {
	Allowed                bool  `json:"allowed"`
	MinPasswordLength      int64 `json:"minPasswordLength"`
	RequireSpecialChar     bool  `json:"requireSpecialChar"`
	RequireNumberChar      bool  `json:"requireNumberChar"`
	RequireMixedCase       bool  `json:"requireMixedCase"`
	MaxAttempts            int64 `json:"maxAttempts"`
	LockoutDurationMinutes int64 `json:"lockoutDurationMinutes"`
}

type Authenticator added in v0.31.1 

type Authenticator struct {
	boltz.BaseExtEntity
	Type       string               `json:"type"`
	IdentityId string               `json:"identityId"`
	SubType    AuthenticatorSubType `json:"subType"`
}

func (*Authenticator) GetEntityType added in v0.31.1 

func (entity *Authenticator) GetEntityType() string

func (*Authenticator) ToCert added in v0.31.1 

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToSubType added in v0.31.1 

func (entity *Authenticator) ToSubType() AuthenticatorSubType

func (*Authenticator) ToUpdb added in v0.31.1 

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert added in v0.31.1 

type AuthenticatorCert struct {
	Authenticator `json:"-"`
	Fingerprint   string `json:"fingerprint"`
	Pem           string `json:"pem"`

	UnverifiedPem         string `json:"unverifiedPem"`
	UnverifiedFingerprint string `json:"unverifiedFingerprint"`
}

func (*AuthenticatorCert) Fingerprints added in v0.31.1 

func (entity *AuthenticatorCert) Fingerprints() []string

type AuthenticatorStore added in v0.31.1 

type AuthenticatorStore interface {
	Store[*Authenticator]
}

type AuthenticatorSubType added in v0.31.1 

type AuthenticatorSubType interface {
	Fingerprints() []string
}

type AuthenticatorUpdb added in v0.31.1 

type AuthenticatorUpdb struct {
	Authenticator `json:"-"`
	Username      string `json:"username"`
	Password      string `json:"password"`
	Salt          string `json:"salt"`
}

func (*AuthenticatorUpdb) Fingerprints added in v0.31.1 

func (entity *AuthenticatorUpdb) Fingerprints() []string

type Ca added in v0.31.1 

type Ca struct {
	boltz.BaseExtEntity
	Name                      string           `json:"name"`
	Fingerprint               string           `json:"fingerprint"`
	CertPem                   string           `json:"certPem"`
	IsVerified                bool             `json:"isVerified"`
	VerificationToken         string           `json:"verificationToken"`
	IsAutoCaEnrollmentEnabled bool             `json:"isAutoCaEnrollmentEnabled"`
	IsOttCaEnrollmentEnabled  bool             `json:"isOttCaEnrollmentEnabled"`
	IsAuthEnabled             bool             `json:"isAuthEnabled"`
	IdentityRoles             []string         `json:"identityRoles"`
	IdentityNameFormat        string           `json:"identityNameFormat"`
	ExternalIdClaim           *ExternalIdClaim `json:"externalIdClaim"`
}

func (*Ca) GetEntityType added in v0.31.1 

func (entity *Ca) GetEntityType() string

func (*Ca) GetName added in v0.31.1 

func (entity *Ca) GetName() string

type CaStore added in v0.31.1 

type CaStore interface {
	Store[*Ca]
}

type Config added in v0.31.1 

type Config struct {
	boltz.BaseExtEntity
	Name string                 `json:"name"`
	Type string                 `json:"type"`
	Data map[string]interface{} `json:"data"`
}

func (*Config) GetEntityType added in v0.31.1 

func (entity *Config) GetEntityType() string

func (*Config) GetName added in v0.31.1 

func (entity *Config) GetName() string

type ConfigStore added in v0.31.1 

type ConfigStore interface {
	Store[*Config]
	NameIndexed
}

type ConfigType added in v0.31.1 

type ConfigType struct {
	boltz.BaseExtEntity
	Name   string                 `json:"name"`
	Schema map[string]interface{} `json:"schema"`
}

func (*ConfigType) GetEntityType added in v0.31.1 

func (entity *ConfigType) GetEntityType() string

func (*ConfigType) GetName added in v0.31.1 

func (entity *ConfigType) GetName() string

type ConfigTypeStore added in v0.31.1 

type ConfigTypeStore interface {
	Store[*ConfigType]
	NameIndexed
	LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error)
	GetName(tx *bbolt.Tx, id string) *string
}

type DbProvider added in v0.31.1 

type DbProvider interface {
	GetDb() boltz.Db
}

type DbProviderF added in v0.31.1 

type DbProviderF func() boltz.Db

func (DbProviderF) GetDb added in v0.31.1 

func (f DbProviderF) GetDb() boltz.Db

type EdgeRouter added in v0.31.1 

type EdgeRouter struct {
	Router
	IsVerified            bool                   `json:"isVerified"`
	CertPem               *string                `json:"certPem"`
	UnverifiedCertPem     *string                `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string                `json:"unverifiedFingerprint"`
	RoleAttributes        []string               `json:"roleAttributes"`
	IsTunnelerEnabled     bool                   `json:"isTunnelerEnabled"`
	AppData               map[string]interface{} `json:"appData"`
}

func (*EdgeRouter) GetName added in v0.31.1 

func (entity *EdgeRouter) GetName() string

type EdgeRouterPolicy added in v0.31.1 

type EdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	IdentityRoles   []string `json:"identityRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*EdgeRouterPolicy) GetEntityType added in v0.31.1 

func (entity *EdgeRouterPolicy) GetEntityType() string

func (*EdgeRouterPolicy) GetName added in v0.31.1 

func (entity *EdgeRouterPolicy) GetName() string

func (*EdgeRouterPolicy) GetSemantic added in v0.31.1 

func (entity *EdgeRouterPolicy) GetSemantic() string

type EdgeRouterPolicyStore added in v0.31.1 

type EdgeRouterPolicyStore interface {
	NameIndexed
	Store[*EdgeRouterPolicy]
}

type EdgeRouterStore added in v0.31.1 

type EdgeRouterStore interface {
	NameIndexed
	Store[*EdgeRouter]
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type EdgeService added in v0.31.1 

type EdgeService struct {
	Service
	RoleAttributes     []string `json:"roleAttributes"`
	Configs            []string `json:"configs"`
	EncryptionRequired bool     `json:"encryptionRequired"`
}

type EdgeServiceStore added in v0.31.1 

type EdgeServiceStore interface {
	NameIndexed
	Store[*EdgeService]

	IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)
}

type Enrollment added in v0.31.1 

type Enrollment struct {
	boltz.BaseExtEntity
	Token           string     `json:"token"`
	Method          string     `json:"method"`
	IdentityId      *string    `json:"identityId"`
	TransitRouterId *string    `json:"transitRouterId"`
	EdgeRouterId    *string    `json:"edgeRouterId"`
	ExpiresAt       *time.Time `json:"expiresAt"`
	IssuedAt        *time.Time `json:"issuedAt"`
	CaId            *string    `json:"caId"`
	Username        *string    `json:"username"`
	Jwt             string     `json:"-"`
}

func (*Enrollment) GetEntityType added in v0.31.1 

func (entity *Enrollment) GetEntityType() string

type EnrollmentStore added in v0.31.1 

type EnrollmentStore interface {
	Store[*Enrollment]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error)
}

type EnvInfo added in v0.31.1 

type EnvInfo struct {
	Arch      string `json:"arch"`
	Os        string `json:"os"`
	OsRelease string `json:"osRelease"`
	OsVersion string `json:"osVersion"`
	Domain    string `json:"domain"`
	Hostname  string `json:"hostname"`
}

type EventListenerFunc added in v0.31.1 

type EventListenerFunc func(db boltz.Db, name string, data []byte)

EventListenerFunc is a function handler that will be triggered asynchronously some point in the future

type EventualEvent added in v0.31.1 

type EventualEvent struct {
	boltz.BaseExtEntity
	Type string `json:"type"`
	Data []byte `json:"data"`
}

func (*EventualEvent) GetEntityType added in v0.31.1 

func (entity *EventualEvent) GetEntityType() string

type EventualEventAdded added in v0.31.1 

type EventualEventAdded struct {
	// Id is a unique id for the event created
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventProcessingBatchDone added in v0.31.1 

type EventualEventProcessingBatchDone struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time the batch was started
	StartTime time.Time

	// EndTime the time the batch ended
	EndTime time.Time
}

type EventualEventProcessingBatchStart added in v0.31.1 

type EventualEventProcessingBatchStart struct {
	// Id is a unique id for the batch
	Id string

	// Id is the unique processing run this batch is a member of
	ProcessId string

	// Count is the number of events in the current batch
	Count int

	// BatchSize is the batch size for the current batch (the maximum value of Count)
	BatchSize int

	// StartTime the time when the batch started processing
	StartTime time.Time
}

type EventualEventProcessingDone added in v0.31.1 

type EventualEventProcessingDone struct {
	// Id is a unique id for processing run
	Id string

	// TotalBatches is the total number of batches executed during processing
	TotalBatches int64

	// TotalEvent is the total number of events processed
	TotalEvents int64

	// TotalListenersExecuted is the total number of listeners executed during processing
	TotalListenersExecuted int64

	// StartTime is the time when the processing began
	StartTime time.Time

	// EndTime is the time when the processing ended
	EndTime time.Time
}

type EventualEventProcessingListenerDone added in v0.31.1 

type EventualEventProcessingListenerDone struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// Error is nil if no error occurred during execution, otherwise an error value
	Error error

	// EventType is the typeof the event that triggered the listener
	EventType string

	// StartTime is the time when the listener started execution
	StartTime time.Time

	// EndTime is the time when the listener ended execution
	EndTime time.Time
}

type EventualEventProcessingListenerStart added in v0.31.1 

type EventualEventProcessingListenerStart struct {
	// Id is a unique id for the triggering of a listener
	Id string

	// BatchId is the unique id of the batch being processed
	BatchId string

	// ProcessId is the unique id of the currently executing process
	ProcessId string

	// ListenerFunc is the listener that was executed
	ListenerFunc EventListenerFunc

	// BatchEventIndex is the zero based offset of the currently executing event
	BatchEventIndex int64

	// TotalEventIndex is the total index across all batches of the currently executing event
	TotalEventIndex int64

	// EventType is the typeof the event that is triggering the listener
	EventType string

	// StartTime is the time when the listener was started
	StartTime time.Time
}

type EventualEventProcessingStart added in v0.31.1 

type EventualEventProcessingStart struct {
	// Id is a unique id for processing run
	Id string

	// StartTime is the time the processing began
	StartTime time.Time
}

type EventualEventRemoved added in v0.31.1 

type EventualEventRemoved struct {
	// Id is a unique id for the event deleted
	Id string

	// Total is the total number of eventual events awaiting processing
	Total int64
}

type EventualEventStore added in v0.31.1 

type EventualEventStore interface {
	Store[*EventualEvent]
}

type EventualEventer added in v0.31.1 

type EventualEventer interface {
	// EventEmmiter is used to provide processing event status on processing state, which is useful
	// for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime,
	// event counts, etc.)
	events.EventEmmiter

	// AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation
	// of the event's data payload is upto the event emitter and consumer.
	AddEventualEvent(eventType string, data []byte)

	// AddEventualListener adds a function as call back when an eventual event is processed.
	AddEventualListener(eventType string, handler EventListenerFunc)

	// Start should be called at the start of the lifetime of the EventualEventer.
	// A closeNotify channel must be supplied for application shutdown eventing.
	//
	// If an EventualEventer has already been started, it will return an error.
	// Errors may be returned for other reasons causing Start to fail.
	Start(closeNotify <-chan struct{}) error

	// Stop may be called to manually end of the lifetime of the EventualEventer outside the
	// closeNotify signaling provided in the Start call. If not started, an error will be returned.
	// Errors may be returned for other reasons causing Stop to fail.
	Stop() error

	// Trigger forces an EventualEventer to check for work to be processed. Beyond this method,
	// it is the implementation's responsibility to provide other mechanisms or logic to determine
	// when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop.
	//
	// If the EventualEventer is not currently running or can't process work and error will
	// be returned. If it is running a channel will be returned which will be closed after
	// the current or next iteration of the event processor has completed.
	Trigger() (<-chan struct{}, error)
}

An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.

EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.

type EventualEventerBbolt added in v0.31.1 

type EventualEventerBbolt struct {
	events.EventEmmiter

	Interval time.Duration
	// contains filtered or unexported fields
}

EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.

Events are stored in the following format: 

		id   - CUID   - a monotonic reference id
     name - string - an event name, used for log output
     data - []byte - a string array of arguments

func NewEventualEventerBbolt added in v0.31.1 

func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt

NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.

func (*EventualEventerBbolt) AddEventualEvent added in v0.31.1 

func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualEventWithCtx added in v0.31.1 

func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)

func (*EventualEventerBbolt) AddEventualListener added in v0.31.1 

func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)

func (*EventualEventerBbolt) Start added in v0.31.1 

func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error

func (*EventualEventerBbolt) Stop added in v0.31.1 

func (a *EventualEventerBbolt) Stop() error

func (*EventualEventerBbolt) Trigger added in v0.31.1 

func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)

type ExternalIdClaim added in v0.31.1 

type ExternalIdClaim struct {
	Location        string `json:"location"`
	Matcher         string `json:"matcher"`
	MatcherCriteria string `json:"matcherCriteria"`
	Parser          string `json:"parser"`
	ParserCriteria  string `json:"parserCriteria"`
	Index           int64  `json:"index"`
}

type ExternalJwtSigner added in v0.31.1 

type ExternalJwtSigner struct {
	boltz.BaseExtEntity
	Name            string     `json:"name"`
	Fingerprint     *string    `json:"fingerprint"`
	Kid             *string    `json:"kid"`
	CertPem         *string    `json:"certPem"`
	JwksEndpoint    *string    `json:"jwksEndpoint"`
	CommonName      string     `json:"commonName"`
	NotAfter        *time.Time `json:"notAfter"`
	NotBefore       *time.Time `json:"notBefore"`
	Enabled         bool       `json:"enabled"`
	ExternalAuthUrl *string    `json:"externalAuthUrl"`
	ClaimsProperty  *string    `json:"claimsProperty"`
	UseExternalId   bool       `json:"useExternalId"`
	Issuer          *string    `json:"issuer"`
	Audience        *string    `json:"audience"`
}

func (*ExternalJwtSigner) GetEntityType added in v0.31.1 

func (entity *ExternalJwtSigner) GetEntityType() string

func (*ExternalJwtSigner) GetName added in v0.31.1 

func (entity *ExternalJwtSigner) GetName() string

type ExternalJwtSignerStore added in v0.31.1 

type ExternalJwtSignerStore interface {
	Store[*ExternalJwtSigner]
}

type Identity added in v0.31.1 

type Identity struct {
	boltz.BaseExtEntity
	Name                      string                     `json:"name"`
	IdentityTypeId            string                     `json:"identityTypeId"`
	IsDefaultAdmin            bool                       `json:"isDefaultAdmin"`
	IsAdmin                   bool                       `json:"isAdmin"`
	Enrollments               []string                   `json:"enrollments"`
	Authenticators            []string                   `json:"authenticators"`
	RoleAttributes            []string                   `json:"roleAttributes"`
	SdkInfo                   *SdkInfo                   `json:"sdkInfo"`
	EnvInfo                   *EnvInfo                   `json:"envInfo"`
	DefaultHostingPrecedence  ziti.Precedence            `json:"defaultHostingPrecedence"`
	DefaultHostingCost        uint16                     `json:"defaultHostingCost"`
	ServiceHostingPrecedences map[string]ziti.Precedence `json:"serviceHostingPrecedences"`
	ServiceHostingCosts       map[string]uint16          `json:"serviceHostingCosts"`
	AppData                   map[string]interface{}     `json:"appData"`
	AuthPolicyId              string                     `json:"authPolicyId"`
	ExternalId                *string                    `json:"externalId"`
	DisabledAt                *time.Time                 `json:"disabledAt"`
	DisabledUntil             *time.Time                 `json:"disabledUntil"`
	Disabled                  bool                       `json:"disabled"`
}

func (*Identity) GetEntityType added in v0.31.1 

func (entity *Identity) GetEntityType() string

func (*Identity) GetName added in v0.31.1 

func (entity *Identity) GetName() string

type IdentityServicesCursorProvider added in v0.31.1 

type IdentityServicesCursorProvider struct {
	// contains filtered or unexported fields
}

func (*IdentityServicesCursorProvider) Cursor added in v0.31.1 

func (self *IdentityServicesCursorProvider) Cursor(tx *bbolt.Tx, forward bool) ast.SetCursor

type IdentityStore added in v0.31.1 

type IdentityStore interface {
	NameIndexed
	Store[*Identity]

	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error)

	AssignServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	RemoveServiceConfigs(tx *bbolt.Tx, identityId string, serviceConfigs ...ServiceConfig) error
	GetServiceConfigs(tx *bbolt.Tx, identityId string) ([]ServiceConfig, error)
	LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{}
	GetIdentityServicesCursorProvider(identityId string) ast.SetCursorProvider
}

type IdentityType added in v0.31.1 

type IdentityType struct {
	boltz.BaseExtEntity
	Name string `json:"name"`
}

func (*IdentityType) GetEntityType added in v0.31.1 

func (entity *IdentityType) GetEntityType() string

func (*IdentityType) GetName added in v0.31.1 

func (entity *IdentityType) GetName() string

type IdentityTypeStore added in v0.31.1 

type IdentityTypeStore interface {
	NameIndexed
	Store[*IdentityType]
}

type IdentityTypeStoreImpl added in v0.31.1 

type IdentityTypeStoreImpl struct {
	// contains filtered or unexported fields
}

func (*IdentityTypeStoreImpl) FillEntity added in v0.31.1 

func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)

func (IdentityTypeStoreImpl) GetName added in v0.31.1 

func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (*IdentityTypeStoreImpl) GetNameIndex added in v0.31.1 

func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex

func (IdentityTypeStoreImpl) LoadOneById added in v0.31.1 

func (store IdentityTypeStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*IdentityTypeStoreImpl) NewEntity added in v0.31.1 

func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType

func (*IdentityTypeStoreImpl) PersistEntity added in v0.31.1 

func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)

type Mfa added in v0.31.1 

type Mfa struct {
	boltz.BaseExtEntity
	IdentityId    string   `json:"identityId"`
	IsVerified    bool     `json:"isVerified"`
	Secret        string   `json:"secret"`
	Salt          string   `json:"salt"`
	RecoveryCodes []string `json:"recoveryCodes"`
}

func NewMfa added in v0.31.1 

func NewMfa(identityId string) *Mfa

func (*Mfa) GetEntityType added in v0.31.1 

func (entity *Mfa) GetEntityType() string

type MfaStore added in v0.31.1 

type MfaStore interface {
	Store[*Mfa]
}

type MfaStoreImpl added in v0.31.1 

type MfaStoreImpl struct {
	// contains filtered or unexported fields
}

func (*MfaStoreImpl) FillEntity added in v0.31.1 

func (store *MfaStoreImpl) FillEntity(entity *Mfa, bucket *boltz.TypedBucket)

func (MfaStoreImpl) GetName added in v0.31.1 

func (store MfaStoreImpl) GetName(tx *bbolt.Tx, id string) *string

func (MfaStoreImpl) LoadOneById added in v0.31.1 

func (store MfaStoreImpl) LoadOneById(tx *bbolt.Tx, id string) (E, error)

func (*MfaStoreImpl) NewEntity added in v0.31.1 

func (store *MfaStoreImpl) NewEntity() *Mfa

func (*MfaStoreImpl) PersistEntity added in v0.31.1 

func (store *MfaStoreImpl) PersistEntity(entity *Mfa, ctx *boltz.PersistContext)

type Migrations added in v0.31.1 

type Migrations struct {
	// contains filtered or unexported fields
}

type NameIndexed added in v0.31.1 

type NameIndexed interface {
	GetNameIndex() boltz.ReadIndex
}

type OperatingSystem added in v0.31.1 

type OperatingSystem struct {
	OsType     string   `json:"osType"`
	OsVersions []string `json:"osVersions"`
}

type Policy added in v0.31.1 

type Policy interface {
	boltz.NamedExtEntity
}

type PolicyType added in v0.31.1 

type PolicyType string

func GetPolicyTypeForId added in v0.31.1 

func GetPolicyTypeForId(policyTypeId int32) PolicyType

func (PolicyType) Id added in v0.31.1 

func (self PolicyType) Id() int32

func (PolicyType) String added in v0.31.1 

func (self PolicyType) String() string

type PostureCheck added in v0.31.1 

type PostureCheck struct {
	boltz.BaseExtEntity
	Name           string              `json:"name"`
	TypeId         string              `json:"typeId"`
	Version        int64               `json:"version"`
	RoleAttributes []string            `json:"roleAttributes"`
	SubType        PostureCheckSubType `json:"subType"`
}

func (*PostureCheck) GetEntityType added in v0.31.1 

func (entity *PostureCheck) GetEntityType() string

func (*PostureCheck) GetName added in v0.31.1 

func (entity *PostureCheck) GetName() string

type PostureCheckMacAddresses added in v0.31.1 

type PostureCheckMacAddresses struct {
	MacAddresses []string `json:"macAddresses"`
}

func (*PostureCheckMacAddresses) LoadValues added in v0.31.1 

func (entity *PostureCheckMacAddresses) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMacAddresses) SetValues added in v0.31.1 

func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckMfa added in v0.31.1 

type PostureCheckMfa struct {
	TimeoutSeconds        int64 `json:"timeoutSeconds"`
	PromptOnWake          bool  `json:"promptOnWake"`
	PromptOnUnlock        bool  `json:"promptOnUnlock"`
	IgnoreLegacyEndpoints bool  `json:"ignoreLegacyEndpoints"`
}

func (*PostureCheckMfa) LoadValues added in v0.31.1 

func (entity *PostureCheckMfa) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckMfa) SetValues added in v0.31.1 

func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckOperatingSystem added in v0.31.1 

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckOperatingSystem) LoadValues added in v0.31.1 

func (entity *PostureCheckOperatingSystem) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckOperatingSystem) SetValues added in v0.31.1 

func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcess added in v0.31.1 

type PostureCheckProcess struct {
	OperatingSystem string   `json:"operatingSystem"`
	Path            string   `json:"path"`
	Hashes          []string `json:"hashes"`
	Fingerprint     string   `json:"fingerprint"`
}

func (*PostureCheckProcess) LoadValues added in v0.31.1 

func (entity *PostureCheckProcess) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcess) SetValues added in v0.31.1 

func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckProcessMulti added in v0.31.1 

type PostureCheckProcessMulti struct {
	Semantic  string          `json:"semantic"`
	Processes []*ProcessMulti `json:"processes"`
}

func (*PostureCheckProcessMulti) LoadValues added in v0.31.1 

func (entity *PostureCheckProcessMulti) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckProcessMulti) SetValues added in v0.31.1 

func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type PostureCheckStore added in v0.31.1 

type PostureCheckStore interface {
	Store[*PostureCheck]
	LoadOneById(tx *bbolt.Tx, id string) (*PostureCheck, error)
	GetRoleAttributesIndex() boltz.SetReadIndex
	GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error)
}

type PostureCheckSubType added in v0.31.1 

type PostureCheckSubType interface {
	LoadValues(bucket *boltz.TypedBucket)
	SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
}

type PostureCheckType added in v0.31.1 

type PostureCheckType struct {
	boltz.BaseExtEntity
	Name             string            `json:"name"`
	OperatingSystems []OperatingSystem `json:"operatingSystems"`
}

func (*PostureCheckType) GetEntityType added in v0.31.1 

func (entity *PostureCheckType) GetEntityType() string

func (*PostureCheckType) GetName added in v0.31.1 

func (entity *PostureCheckType) GetName() string

type PostureCheckTypeStore added in v0.31.1 

type PostureCheckTypeStore interface {
	NameIndexed
	Store[*PostureCheckType]
}

type PostureCheckWindowsDomains added in v0.31.1 

type PostureCheckWindowsDomains struct {
	Domains []string `json:"domains"`
}

func (*PostureCheckWindowsDomains) LoadValues added in v0.31.1 

func (entity *PostureCheckWindowsDomains) LoadValues(bucket *boltz.TypedBucket)

func (*PostureCheckWindowsDomains) SetValues added in v0.31.1 

func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)

type ProcessMulti added in v0.31.1 

type ProcessMulti struct {
	OsType             string   `json:"osType"`
	Path               string   `json:"path"`
	Hashes             []string `json:"hashes"`
	SignerFingerprints []string `json:"signerFingerprints"`
}

type Revocation added in v0.31.1 

type Revocation struct {
	boltz.BaseExtEntity
	ExpiresAt time.Time `json:"expiresAt"`
}

func (Revocation) GetEntityType added in v0.31.1 

func (r Revocation) GetEntityType() string

type RevocationStore added in v0.31.1 

type RevocationStore interface {
	Store[*Revocation]
}

type Router 

type Router struct {
	boltz.BaseExtEntity
	Name        string  `json:"name"`
	Fingerprint *string `json:"fingerprint"`
	Cost        uint16  `json:"cost"`
	NoTraversal bool    `json:"noTraversal"`
	Disabled    bool    `json:"disabled"`
}

func (*Router) GetEntityType 

func (entity *Router) GetEntityType() string

type RouterStore 

type RouterStore interface {
	boltz.EntityStore[*Router]
	boltz.EntityStrategy[*Router]
	GetNameIndex() boltz.ReadIndex
	FindByName(tx *bbolt.Tx, id string) (*Router, error)
}

type SdkInfo added in v0.31.1 

type SdkInfo struct {
	Branch     string `json:"branch"`
	Revision   string `json:"revision"`
	Type       string `json:"type"`
	Version    string `json:"version"`
	AppId      string `json:"appId"`
	AppVersion string `json:"appVersion"`
}

type SecretStore added in v0.31.1 

type SecretStore interface {
	GetSecret() []byte
}

type Service 

type Service struct {
	boltz.BaseExtEntity
	Name               string        `json:"name"`
	MaxIdleTime        time.Duration `json:"maxIdleTime"`
	TerminatorStrategy string        `json:"terminatorStrategy"`
}

func (*Service) GetEntityType 

func (entity *Service) GetEntityType() string

func (*Service) GetName 

func (entity *Service) GetName() string

type ServiceConfig added in v0.31.1 

type ServiceConfig struct {
	ServiceId string
	ConfigId  string
}

type ServiceEdgeRouterPolicy added in v0.31.1 

type ServiceEdgeRouterPolicy struct {
	boltz.BaseExtEntity
	Name            string   `json:"name"`
	Semantic        string   `json:"semantic"`
	ServiceRoles    []string `json:"serviceRoles"`
	EdgeRouterRoles []string `json:"edgeRouterRoles"`
}

func (*ServiceEdgeRouterPolicy) GetEntityType added in v0.31.1 

func (entity *ServiceEdgeRouterPolicy) GetEntityType() string

func (*ServiceEdgeRouterPolicy) GetName added in v0.31.1 

func (entity *ServiceEdgeRouterPolicy) GetName() string

func (*ServiceEdgeRouterPolicy) GetSemantic added in v0.31.1 

func (entity *ServiceEdgeRouterPolicy) GetSemantic() string

type ServiceEdgeRouterPolicyStore added in v0.31.1 

type ServiceEdgeRouterPolicyStore interface {
	NameIndexed
	Store[*ServiceEdgeRouterPolicy]
}

type ServiceEvent added in v0.31.1 

type ServiceEvent struct {
	Type       ServiceEventType
	IdentityId string
	ServiceId  string
}

func (*ServiceEvent) String added in v0.31.1 

func (self *ServiceEvent) String() string

type ServiceEventHandler added in v0.31.1 

type ServiceEventHandler func(event *ServiceEvent)

type ServiceEventType added in v0.31.1 

type ServiceEventType byte
const (
	ServiceDialAccessGained ServiceEventType = 1
	ServiceDialAccessLost   ServiceEventType = 2
	ServiceBindAccessGained ServiceEventType = 3
	ServiceBindAccessLost   ServiceEventType = 4
	ServiceUpdated          ServiceEventType = 5
)

func (ServiceEventType) String added in v0.31.1 

func (self ServiceEventType) String() string

type ServiceEventsRegistry added in v0.31.1 

type ServiceEventsRegistry struct {
	// contains filtered or unexported fields
}

func (*ServiceEventsRegistry) AddServiceEventHandler added in v0.31.1 

func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)

func (*ServiceEventsRegistry) RemoveServiceEventHandler added in v0.31.1 

func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)

type ServicePolicy added in v0.31.1 

type ServicePolicy struct {
	boltz.BaseExtEntity
	PolicyType        PolicyType `json:"policyType"`
	Name              string     `json:"name"`
	Semantic          string     `json:"semantic"`
	IdentityRoles     []string   `json:"identityRoles"`
	ServiceRoles      []string   `json:"serviceRoles"`
	PostureCheckRoles []string   `json:"postureCheckRoles"`
}

func (*ServicePolicy) GetEntityType added in v0.31.1 

func (entity *ServicePolicy) GetEntityType() string

func (*ServicePolicy) GetName added in v0.31.1 

func (entity *ServicePolicy) GetName() string

func (*ServicePolicy) GetSemantic added in v0.31.1 

func (entity *ServicePolicy) GetSemantic() string

type ServicePolicyStore added in v0.31.1 

type ServicePolicyStore interface {
	NameIndexed
	Store[*ServicePolicy]
}

type ServiceStore 

type ServiceStore interface {
	boltz.EntityStore[*Service]
	boltz.EntityStrategy[*Service]
	GetNameIndex() boltz.ReadIndex
	FindByName(tx *bbolt.Tx, name string) (*Service, error)
}

type Session added in v0.31.1 

type Session struct {
	boltz.BaseExtEntity
	Token           string      `json:"-"`
	IdentityId      string      `json:"identityId"`
	ApiSessionId    string      `json:"apiSessionId"`
	ServiceId       string      `json:"serviceId"`
	Type            string      `json:"type"`
	ApiSession      *ApiSession `json:"-"`
	ServicePolicies []string    `json:"servicePolicies"`
}

func (*Session) GetEntityType added in v0.31.1 

func (entity *Session) GetEntityType() string

type SessionStore added in v0.31.1 

type SessionStore interface {
	Store[*Session]
	LoadOneByToken(tx *bbolt.Tx, token string) (*Session, error)
	GetTokenIndex() boltz.ReadIndex
}

type Store added in v0.31.1 

type Store[E boltz.ExtEntity] interface {
	boltz.EntityStore[E]

	LoadOneById(tx *bbolt.Tx, id string) (E, error)
	// contains filtered or unexported methods
}

type Stores 

type Stores struct {
	EventualEventer EventualEventer

	Router                  RouterStore
	Service                 ServiceStore
	Terminator              TerminatorStore
	ApiSession              ApiSessionStore
	ApiSessionCertificate   ApiSessionCertificateStore
	AuthPolicy              AuthPolicyStore
	EventualEvent           EventualEventStore
	ExternalJwtSigner       ExternalJwtSignerStore
	Ca                      CaStore
	Config                  ConfigStore
	ConfigType              ConfigTypeStore
	EdgeRouter              EdgeRouterStore
	EdgeRouterPolicy        EdgeRouterPolicyStore
	EdgeService             EdgeServiceStore
	Identity                IdentityStore
	IdentityType            IdentityTypeStore
	Index                   boltz.Store
	Session                 SessionStore
	Revocation              RevocationStore
	ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore
	ServicePolicy           ServicePolicyStore
	TransitRouter           TransitRouterStore
	Enrollment              EnrollmentStore
	Authenticator           AuthenticatorStore
	PostureCheck            PostureCheckStore
	PostureCheckType        PostureCheckTypeStore
	Mfa                     MfaStore
	// contains filtered or unexported fields
}

func InitStores 

func InitStores(db boltz.Db, rateLimiter command.RateLimiter) (*Stores, error)

func (*Stores) AddCheckable 

func (store *Stores) AddCheckable(checkable boltz.Checkable)

func (*Stores) CheckIntegrity 

func (stores *Stores) CheckIntegrity(db boltz.Db, ctx context.Context, fix bool, errorHandler func(error, bool)) error

func (*Stores) CheckIntegrityInTx 

func (stores *Stores) CheckIntegrityInTx(db boltz.Db, ctx boltz.MutateContext, fix bool, errorHandler func(error, bool)) error

func (*Stores) GetEntityCounts added in v0.31.1 

func (stores *Stores) GetEntityCounts(db boltz.Db) (map[string]int64, error)

func (*Stores) GetStoreForEntity 

func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*Stores) GetStoreList 

func (stores *Stores) GetStoreList() []boltz.Store

func (*Stores) GetStores added in v0.31.1 

func (stores *Stores) GetStores() []boltz.Store

type Terminator 

type Terminator struct {
	boltz.BaseExtEntity
	Service         string      `json:"service"`
	Router          string      `json:"router"`
	Binding         string      `json:"binding"`
	Address         string      `json:"address"`
	InstanceId      string      `json:"instanceId"`
	InstanceSecret  []byte      `json:"instanceSecret"`
	Cost            uint16      `json:"cost"`
	Precedence      string      `json:"precedence"`
	PeerData        xt.PeerData `json:"peerData"`
	HostId          string      `json:"hostId"`
	SavedPrecedence *string     `json:"savedPrecedence"`
}

func (*Terminator) GetAddress 

func (entity *Terminator) GetAddress() string

func (*Terminator) GetBinding 

func (entity *Terminator) GetBinding() string

func (*Terminator) GetCost 

func (entity *Terminator) GetCost() uint16

func (*Terminator) GetEntityType 

func (entity *Terminator) GetEntityType() string

func (*Terminator) GetHostId 

func (entity *Terminator) GetHostId() string

func (*Terminator) GetInstanceId 

func (entity *Terminator) GetInstanceId() string

func (*Terminator) GetInstanceSecret 

func (entity *Terminator) GetInstanceSecret() []byte

func (*Terminator) GetPeerData 

func (entity *Terminator) GetPeerData() xt.PeerData

func (*Terminator) GetPrecedence 

func (entity *Terminator) GetPrecedence() xt.Precedence

func (*Terminator) GetRouterId 

func (entity *Terminator) GetRouterId() string

func (*Terminator) GetServiceId 

func (entity *Terminator) GetServiceId() string

type TerminatorStore 

type TerminatorStore interface {
	boltz.EntityStore[*Terminator]
	GetTerminatorsInIdentityGroup(tx *bbolt.Tx, terminatorId string) ([]*Terminator, error)
}

type TestContext 

type TestContext struct {
	*boltztest.BaseTestContext
	// contains filtered or unexported fields
}

func NewTestContext 

func NewTestContext(t testing.TB) *TestContext

func (*TestContext) Cleanup added in v0.31.1 

func (ctx *TestContext) Cleanup()

func (*TestContext) CleanupAll added in v0.31.1 

func (ctx *TestContext) CleanupAll()

func (*TestContext) GetDb added in v0.31.1 

func (ctx *TestContext) GetDb() boltz.Db

func (*TestContext) GetStoreForEntity 

func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store

func (*TestContext) GetStores added in v0.31.1 

func (ctx *TestContext) GetStores() *Stores

func (*TestContext) Init 

func (ctx *TestContext) Init()

func (*TestContext) RequireNewIdentity added in v0.31.1 

func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity

func (*TestContext) RequireNewService added in v0.31.1 

func (ctx *TestContext) RequireNewService(name string) *EdgeService

type TransitRouter added in v0.31.1 

type TransitRouter struct {
	Router
	IsVerified            bool     `json:"isVerified"`
	Enrollments           []string `json:"enrollments"`
	IsBase                bool     `json:"-"`
	UnverifiedCertPem     *string  `json:"unverifiedCertPem"`
	UnverifiedFingerprint *string  `json:"unverifiedFingerprint"`
}

func (*TransitRouter) GetName added in v0.31.1 

func (entity *TransitRouter) GetName() string

type TransitRouterStore added in v0.31.1 

type TransitRouterStore interface {
	NameIndexed
	Store[*TransitRouter]
}

type UpdateLastActivityAtChecker added in v0.31.1 

type UpdateLastActivityAtChecker struct{}

func (UpdateLastActivityAtChecker) IsUpdated added in v0.31.1 

func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.