model

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2024 License: Apache-2.0 Imports: 69 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ClientCertHeader       = "X-Client-CertPem"
	EdgeRouterProxyRequest = "X-Edge-Router-Proxy-Request"
)
View Source
const (
	AuthMethodExtJwt    = "ext-jwt"
	ExtJwtInternalClaim = "-internal-ext-jwt"
)
View Source
const (
	FormatSentinelStart       = "["
	FormatSentinelEnd         = "]"
	FormatSymbolCaName        = "caName"
	FormatSymbolCaId          = "caId"
	FormatSymbolCommonName    = "commonName"
	FormatSymbolRequestedName = "requestedName"
	FormatSymbolIdentityId    = "identityId"

	// DefaultCaIdentityNameFormat = "[caName] - [commonName]"
	DefaultCaIdentityNameFormat = FormatSentinelStart + FormatSymbolCaName + FormatSentinelEnd + "-" + FormatSentinelStart + FormatSymbolCommonName + FormatSentinelEnd
)
View Source
const (
	EdgeRouterEnrollmentCommonNameInvalidCode    = "EDGE_ROUTER_ENROLL_COMMON_NAME_INVALID"
	EdgeRouterEnrollmentCommonNameInvalidMessage = "The edge router CSR enrollment must have a common name that matches the edge router's id"
	MethodEnrollEdgeRouterOtt                    = "erott"
)
View Source
const (
	TotpMinLength = 4
	TotpMaxLength = 6
)
View Source
const (
	PostureCheckTypeOs           = "OS"
	PostureCheckTypeDomain       = "DOMAIN"
	PostureCheckTypeProcess      = "PROCESS"
	PostureCheckTypeProcessMulti = "PROCESS_MULTI"
	PostureCheckTypeMAC          = "MAC"
	PostureCheckTypeMFA          = "MFA"
)
View Source
const AuthMethodPassword = "password"
View Source
const (
	ConfigTypeAll = "all"
)
View Source
const (
	EventIdentityPostureDataAltered = "EventIdentityPostureDataAltered"
)
View Source
const (
	IdentityActiveIntervalSeconds = 60
)
View Source
const MaxPostureFailures = 100
View Source
const (
	MethodEnrollTransitRouterOtt = "trott"
)
View Source
const MfaPromptGracePeriod = -5 * time.Minute //5m
View Source
const (
	MfaProviderZiti string = "ziti"
)
View Source
const (
	PostureCheckNoTimeout = int64(-1)
)
View Source
const (
	WindowSizeTOTP int = 5
)
View Source
const ZitiSdkTypeC = "ziti-sdk-c"

Variables

This section is empty.

Functions

func CleanHexString

func CleanHexString(hexString string) string

func ContextToProtobuf

func ContextToProtobuf(context *change.Context) *edge_cmd_pb.ChangeContext

func DecodeSalt

func DecodeSalt(s string) ([]byte, error)

func NewFieldChecker

func NewFieldChecker(fields ...string) boltz.FieldChecker

func ProtobufToContext

func ProtobufToContext(context *edge_cmd_pb.ChangeContext) *change.Context

func RegisterCommand

func RegisterCommand[MT any, CT any, M network.CommandMsg[MT], C decodableCommand[CT, M]](env Env, _ C, _ M)

RegisterCommand register a decoder for the given command and message pair MT is the message type (ex: cmd_pb.CreateServiceCommand) CT is the command type (ex: CreateServiceCommand) M is the CommandMsg/command.TypedMessage implementation (ex: *cmd_pb.CreateServiceCommand) C is the decodableCommand/command.Command implementation (ex: *CreateServiceCommand)

We only have both types specified so that we can enforce that each is a pointer type. If didn't enforce that the instances were pointer types, we couldn't use new to instantiate new instances.

Types

type AdvisorEdgeRouter

type AdvisorEdgeRouter struct {
	Router   *EdgeRouter
	IsOnline bool
}
type AdvisorIdentityEdgeRouterLinks struct {
	Identity   *Identity
	EdgeRouter *EdgeRouter
	Policies   []*EdgeRouterPolicy
}
type AdvisorIdentityServiceLinks struct {
	Identity *Identity
	Service  *Service
	Policies []*ServicePolicy
}
type AdvisorServiceEdgeRouterLinks struct {
	Service    *Service
	EdgeRouter *EdgeRouter
	Policies   []*ServiceEdgeRouterPolicy
}

type AdvisorServiceReachability

type AdvisorServiceReachability struct {
	Identity            *Identity
	Service             *Service
	IsBindAllowed       bool
	IsDialAllowed       bool
	IdentityRouterCount int
	ServiceRouterCount  int
	CommonRouters       []*AdvisorEdgeRouter
}

type AndFieldChecker

type AndFieldChecker struct {
	// contains filtered or unexported fields
}

func (*AndFieldChecker) IsUpdated

func (checker *AndFieldChecker) IsUpdated(field string) bool

type ApiAddress added in v0.34.2

type ApiAddress struct {
	Url     string `json:"url"`
	Version string `json:"version"`
}

type ApiSession

type ApiSession struct {
	models.BaseEntity
	Token              string
	IdentityId         string
	Identity           *Identity
	IPAddress          string
	ConfigTypes        map[string]struct{}
	MfaComplete        bool
	MfaRequired        bool
	ExpiresAt          time.Time
	ExpirationDuration time.Duration
	LastActivityAt     time.Time
	AuthenticatorId    string
}

type ApiSessionCertificate

type ApiSessionCertificate struct {
	models.BaseEntity
	ApiSession   *ApiSession
	ApiSessionId string
	Subject      string
	Fingerprint  string
	ValidAfter   *time.Time
	ValidBefore  *time.Time
	PEM          string
}

func NewApiSessionCertificate

func NewApiSessionCertificate(cert *x509.Certificate) *ApiSessionCertificate

type ApiSessionCertificateListResult

type ApiSessionCertificateListResult struct {
	ApiSessionCertificates []*ApiSessionCertificate
	models.QueryMetaData
	// contains filtered or unexported fields
}

type ApiSessionCertificateManager

type ApiSessionCertificateManager struct {
	// contains filtered or unexported fields
}

func NewApiSessionCertificateManager

func NewApiSessionCertificateManager(env Env) *ApiSessionCertificateManager

func (*ApiSessionCertificateManager) Annotate

func (self *ApiSessionCertificateManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ApiSessionCertificateManager) ApplyDelete

func (self *ApiSessionCertificateManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ApiSessionCertificateManager) BaseList

func (self *ApiSessionCertificateManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ApiSessionCertificateManager) BaseLoad

func (self *ApiSessionCertificateManager) BaseLoad(id string) (ME, error)

func (*ApiSessionCertificateManager) BaseLoadInTx

func (self *ApiSessionCertificateManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ApiSessionCertificateManager) BasePreparedList

func (self *ApiSessionCertificateManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ApiSessionCertificateManager) BasePreparedListIndexed

func (self *ApiSessionCertificateManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ApiSessionCertificateManager) Create

func (*ApiSessionCertificateManager) CreateFromCSR

func (self *ApiSessionCertificateManager) CreateFromCSR(apiSessionId string, lifespan time.Duration, csrPem []byte, ctx *change.Context) (string, error)

func (*ApiSessionCertificateManager) Delete

func (self *ApiSessionCertificateManager) Delete(id string, ctx *change.Context) error

func (*ApiSessionCertificateManager) Dispatch

func (self *ApiSessionCertificateManager) Dispatch(command command.Command) error

func (*ApiSessionCertificateManager) GetAnnotation

func (self *ApiSessionCertificateManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ApiSessionCertificateManager) GetDb

func (self *ApiSessionCertificateManager) GetDb() boltz.Db

func (*ApiSessionCertificateManager) GetEntityTypeId

func (self *ApiSessionCertificateManager) GetEntityTypeId() string

func (*ApiSessionCertificateManager) GetEnv

func (self *ApiSessionCertificateManager) GetEnv() Env

func (*ApiSessionCertificateManager) GetStore

func (self *ApiSessionCertificateManager) GetStore() boltz.EntityStore[PE]

func (*ApiSessionCertificateManager) IsUpdated

func (self *ApiSessionCertificateManager) IsUpdated(_ string) bool

func (*ApiSessionCertificateManager) ListWithHandler

func (self *ApiSessionCertificateManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ApiSessionCertificateManager) PreparedListAssociatedWithHandler

func (self *ApiSessionCertificateManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ApiSessionCertificateManager) PreparedListIndexed

func (self *ApiSessionCertificateManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ApiSessionCertificateManager) PreparedListWithHandler

func (self *ApiSessionCertificateManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ApiSessionCertificateManager) Query

func (*ApiSessionCertificateManager) Read

func (self *ApiSessionCertificateManager) Read(id string) (ME, error)

func (*ApiSessionCertificateManager) ReadByApiSessionId

func (self *ApiSessionCertificateManager) ReadByApiSessionId(tx *bbolt.Tx, apiSessionId string) ([]*ApiSessionCertificate, error)

type ApiSessionListResult

type ApiSessionListResult struct {
	ApiSessions []*ApiSession
	models.QueryMetaData
	// contains filtered or unexported fields
}

type ApiSessionManager

type ApiSessionManager struct {
	HeartbeatCollector *HeartbeatCollector
	// contains filtered or unexported fields
}

func NewApiSessionManager

func NewApiSessionManager(env Env) *ApiSessionManager

func (*ApiSessionManager) Annotate

func (self *ApiSessionManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ApiSessionManager) ApplyDelete

func (self *ApiSessionManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ApiSessionManager) BaseList

func (self *ApiSessionManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ApiSessionManager) BaseLoad

func (self *ApiSessionManager) BaseLoad(id string) (ME, error)

func (*ApiSessionManager) BaseLoadInTx

func (self *ApiSessionManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ApiSessionManager) BasePreparedList

func (self *ApiSessionManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ApiSessionManager) BasePreparedListIndexed

func (self *ApiSessionManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ApiSessionManager) Create

func (self *ApiSessionManager) Create(ctx boltz.MutateContext, entity *ApiSession, sessionCerts []*ApiSessionCertificate) (string, error)

func (*ApiSessionManager) CreateInCtx

func (self *ApiSessionManager) CreateInCtx(ctx boltz.MutateContext, entity *ApiSession, sessionCerts []*ApiSessionCertificate) (string, error)

func (*ApiSessionManager) Delete

func (self *ApiSessionManager) Delete(id string, ctx *change.Context) error

func (*ApiSessionManager) DeleteBatch

func (self *ApiSessionManager) DeleteBatch(id []string, ctx *change.Context) error

func (*ApiSessionManager) DeleteByIdentityId

func (self *ApiSessionManager) DeleteByIdentityId(identityId string, changeCtx *change.Context) error

func (*ApiSessionManager) Dispatch

func (self *ApiSessionManager) Dispatch(command command.Command) error

func (*ApiSessionManager) GetAnnotation

func (self *ApiSessionManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ApiSessionManager) GetDb

func (self *ApiSessionManager) GetDb() boltz.Db

func (*ApiSessionManager) GetEntityTypeId

func (self *ApiSessionManager) GetEntityTypeId() string

func (*ApiSessionManager) GetEnv

func (self *ApiSessionManager) GetEnv() Env

func (*ApiSessionManager) GetStore

func (self *ApiSessionManager) GetStore() boltz.EntityStore[PE]

func (*ApiSessionManager) IsUpdated

func (self *ApiSessionManager) IsUpdated(_ string) bool

func (*ApiSessionManager) ListWithHandler

func (self *ApiSessionManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ApiSessionManager) MarkLastActivityById

func (self *ApiSessionManager) MarkLastActivityById(apiSessionId string)

MarkLastActivityById marks the "last activity" of an API Session. This will store a cached "LastUpdatedAt" value for an API Session. This data will be used to populate information for API Sessions and will be persisted to the data store at a future time in bulk.

func (*ApiSessionManager) MarkLastActivityByTokens

func (self *ApiSessionManager) MarkLastActivityByTokens(tokens ...string) ([]string, []string, error)

MarkLastActivityByTokens returns the ids of identities that were affected, tokens that were not found if any or an error. Marking "last activity" will store a cached "LastUpdatedAt" value for an API Session. This data will be used to populate information for API Sessions and will be persisted to the data store at a future time in bulk.

func (*ApiSessionManager) MfaCompleted

func (self *ApiSessionManager) MfaCompleted(apiSession *ApiSession, ctx *change.Context) error

func (*ApiSessionManager) PreparedListAssociatedWithHandler

func (self *ApiSessionManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ApiSessionManager) PreparedListIndexed

func (self *ApiSessionManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ApiSessionManager) PreparedListWithHandler

func (self *ApiSessionManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ApiSessionManager) Query

func (self *ApiSessionManager) Query(query string) (*ApiSessionListResult, error)

func (*ApiSessionManager) Read

func (self *ApiSessionManager) Read(id string) (*ApiSession, error)

func (*ApiSessionManager) ReadByToken

func (self *ApiSessionManager) ReadByToken(token string) (*ApiSession, error)

func (*ApiSessionManager) ReadInTx

func (self *ApiSessionManager) ReadInTx(tx *bbolt.Tx, id string) (*ApiSession, error)

func (*ApiSessionManager) SetMfaPassed added in v0.34.0

func (self *ApiSessionManager) SetMfaPassed(apiSession *ApiSession, changeCtx *change.Context) error

func (*ApiSessionManager) Stream

func (self *ApiSessionManager) Stream(query string, collect func(*ApiSession, error) error) error

func (*ApiSessionManager) StreamIds

func (self *ApiSessionManager) StreamIds(query string, collect func(string, error) error) error

func (*ApiSessionManager) Update

func (self *ApiSessionManager) Update(apiSession *ApiSession, ctx *change.Context) error

func (*ApiSessionManager) UpdateWithFieldChecker

func (self *ApiSessionManager) UpdateWithFieldChecker(apiSession *ApiSession, fieldChecker boltz.FieldChecker, ctx *change.Context) error

func (*ApiSessionManager) VisitFingerprintsForApiSession

func (self *ApiSessionManager) VisitFingerprintsForApiSession(tx *bbolt.Tx, identityId, apiSessionId string, visitor func(fingerprint string) bool) error

func (*ApiSessionManager) VisitFingerprintsForApiSessionId

func (self *ApiSessionManager) VisitFingerprintsForApiSessionId(apiSessionId string, visitor func(fingerprint string) bool) error

type ApiSessionPostureData

type ApiSessionPostureData struct {
	Mfa           *PostureResponseMfa           `json:"mfa"`
	EndpointState *PostureResponseEndpointState `json:"endpointState"`
	SdkInfo       *SdkInfo
}

func (*ApiSessionPostureData) GetPassedMfaAt

func (self *ApiSessionPostureData) GetPassedMfaAt() *time.Time

type AssociatedIdsResult added in v0.34.0

type AssociatedIdsResult struct {
	ServiceIds      []string
	IdentityIds     []string
	PostureCheckIds []string
}

type AuthContext

type AuthContext interface {
	GetMethod() string
	GetData() map[string]interface{}
	GetCerts() []*x509.Certificate
	GetHeaders() map[string]interface{}
	GetChangeContext() *change.Context
}

func NewAuthContextHttp

func NewAuthContextHttp(request *http.Request, method string, data interface{}, ctx *change.Context) AuthContext

type AuthContextHttp

type AuthContextHttp struct {
	Method        string
	Data          map[string]interface{}
	Certs         []*x509.Certificate
	Headers       map[string]interface{}
	ChangeContext *change.Context
}

func (*AuthContextHttp) GetCerts

func (context *AuthContextHttp) GetCerts() []*x509.Certificate

func (*AuthContextHttp) GetChangeContext

func (context *AuthContextHttp) GetChangeContext() *change.Context

func (*AuthContextHttp) GetData

func (context *AuthContextHttp) GetData() map[string]interface{}

func (*AuthContextHttp) GetHeaders

func (context *AuthContextHttp) GetHeaders() map[string]interface{}

func (*AuthContextHttp) GetMethod

func (context *AuthContextHttp) GetMethod() string

type AuthModuleCert

type AuthModuleCert struct {
	// contains filtered or unexported fields
}

func NewAuthModuleCert

func NewAuthModuleCert(env Env, caChain []byte) *AuthModuleCert

func (*AuthModuleCert) CanHandle

func (module *AuthModuleCert) CanHandle(method string) bool

func (*AuthModuleCert) Process

func (module *AuthModuleCert) Process(context AuthContext) (AuthResult, error)

Process will inspect the provided AuthContext and attempt to verify the client certificates provided during a TLS handshake. Authentication via client certificates follows these steps:

1) obtain client certificates 2) verify client certificates against known CAs 3) link a CA certificate back to a model.Ca if possible 4) obtain the target identity by authenticator (cert fingerprint) or by external id (claims stuffed into a x509.Certificate resolved by model.Ca) 5) verify identity status (disabled) 6) obtain the target identity's auth policy 7) verify according to auth policy

type AuthModuleExtJwt

type AuthModuleExtJwt struct {
	// contains filtered or unexported fields
}

func NewAuthModuleExtJwt

func NewAuthModuleExtJwt(env Env) *AuthModuleExtJwt

func (*AuthModuleExtJwt) CanHandle

func (a *AuthModuleExtJwt) CanHandle(method string) bool

func (*AuthModuleExtJwt) Process

func (a *AuthModuleExtJwt) Process(context AuthContext) (AuthResult, error)

func (*AuthModuleExtJwt) ProcessSecondary

func (a *AuthModuleExtJwt) ProcessSecondary(context AuthContext) (AuthResult, error)

type AuthModuleUpdb

type AuthModuleUpdb struct {
	// contains filtered or unexported fields
}

func NewAuthModuleUpdb

func NewAuthModuleUpdb(env Env) *AuthModuleUpdb

func (*AuthModuleUpdb) CanHandle

func (module *AuthModuleUpdb) CanHandle(method string) bool

func (*AuthModuleUpdb) Process

func (module *AuthModuleUpdb) Process(context AuthContext) (AuthResult, error)

type AuthPolicy

type AuthPolicy struct {
	models.BaseEntity
	Name      string
	Primary   AuthPolicyPrimary
	Secondary AuthPolicySecondary
}

type AuthPolicyCert

type AuthPolicyCert struct {
	Allowed           bool
	AllowExpiredCerts bool
}

type AuthPolicyExtJwt

type AuthPolicyExtJwt struct {
	Allowed              bool
	AllowAllSigners      bool
	AllowedExtJwtSigners []string
}

type AuthPolicyManager

type AuthPolicyManager struct {
	// contains filtered or unexported fields
}

func NewAuthPolicyManager

func NewAuthPolicyManager(env Env) *AuthPolicyManager

func (*AuthPolicyManager) Annotate

func (self *AuthPolicyManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*AuthPolicyManager) ApplyCreate

func (*AuthPolicyManager) ApplyDelete

func (self *AuthPolicyManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*AuthPolicyManager) ApplyUpdate

func (*AuthPolicyManager) BaseList

func (self *AuthPolicyManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*AuthPolicyManager) BaseLoad

func (self *AuthPolicyManager) BaseLoad(id string) (ME, error)

func (*AuthPolicyManager) BaseLoadInTx

func (self *AuthPolicyManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*AuthPolicyManager) BasePreparedList

func (self *AuthPolicyManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*AuthPolicyManager) BasePreparedListIndexed

func (self *AuthPolicyManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*AuthPolicyManager) Create

func (self *AuthPolicyManager) Create(entity *AuthPolicy, ctx *change.Context) error

func (*AuthPolicyManager) Delete

func (self *AuthPolicyManager) Delete(id string, ctx *change.Context) error

func (*AuthPolicyManager) Dispatch

func (self *AuthPolicyManager) Dispatch(command command.Command) error

func (*AuthPolicyManager) GetAnnotation

func (self *AuthPolicyManager) GetAnnotation(entityId string, key string) (*string, error)

func (*AuthPolicyManager) GetDb

func (self *AuthPolicyManager) GetDb() boltz.Db

func (*AuthPolicyManager) GetEntityTypeId

func (self *AuthPolicyManager) GetEntityTypeId() string

func (*AuthPolicyManager) GetEnv

func (self *AuthPolicyManager) GetEnv() Env

func (*AuthPolicyManager) GetStore

func (self *AuthPolicyManager) GetStore() boltz.EntityStore[PE]

func (*AuthPolicyManager) ListWithHandler

func (self *AuthPolicyManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*AuthPolicyManager) Marshall

func (self *AuthPolicyManager) Marshall(entity *AuthPolicy) ([]byte, error)

func (*AuthPolicyManager) PreparedListAssociatedWithHandler

func (self *AuthPolicyManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*AuthPolicyManager) PreparedListIndexed

func (self *AuthPolicyManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*AuthPolicyManager) PreparedListWithHandler

func (self *AuthPolicyManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*AuthPolicyManager) Read

func (self *AuthPolicyManager) Read(id string) (*AuthPolicy, error)

func (*AuthPolicyManager) Unmarshall

func (self *AuthPolicyManager) Unmarshall(bytes []byte) (*AuthPolicy, error)

func (*AuthPolicyManager) Update

func (self *AuthPolicyManager) Update(entity *AuthPolicy, checker fields.UpdatedFields, ctx *change.Context) error

type AuthPolicyPrimary

type AuthPolicyPrimary struct {
	Cert   AuthPolicyCert
	Updb   AuthPolicyUpdb
	ExtJwt AuthPolicyExtJwt
}

type AuthPolicySecondary

type AuthPolicySecondary struct {
	RequireTotp          bool
	RequiredExtJwtSigner *string
}

type AuthPolicyUpdb

type AuthPolicyUpdb struct {
	Allowed                bool
	MinPasswordLength      int64
	RequireSpecialChar     bool
	RequireNumberChar      bool
	RequireMixedCase       bool
	MaxAttempts            int64
	LockoutDurationMinutes int64
}

type AuthProcessor

type AuthProcessor interface {
	CanHandle(method string) bool
	Process(context AuthContext) (AuthResult, error)
}

type AuthProcessorRegistryImpl

type AuthProcessorRegistryImpl struct {
	// contains filtered or unexported fields
}

func (*AuthProcessorRegistryImpl) Add

func (registry *AuthProcessorRegistryImpl) Add(processor AuthProcessor)

func (*AuthProcessorRegistryImpl) GetByMethod

func (registry *AuthProcessorRegistryImpl) GetByMethod(method string) AuthProcessor

type AuthRegistry

type AuthRegistry interface {
	Add(method AuthProcessor)
	GetByMethod(method string) AuthProcessor
}

type AuthResult

type AuthResult interface {
	IdentityId() string
	ExternalId() string
	AuthenticatorId() string
	SessionCerts() []*x509.Certificate
	Identity() *Identity
	Authenticator() *Authenticator
	AuthPolicy() *AuthPolicy
	AuthPolicyId() string
	IsSuccessful() bool
}

type AuthResultBase

type AuthResultBase struct {
	// contains filtered or unexported fields
}

func (*AuthResultBase) AuthPolicy

func (a *AuthResultBase) AuthPolicy() *AuthPolicy

func (*AuthResultBase) AuthPolicyId

func (a *AuthResultBase) AuthPolicyId() string

func (*AuthResultBase) Authenticator

func (a *AuthResultBase) Authenticator() *Authenticator

func (*AuthResultBase) AuthenticatorId

func (a *AuthResultBase) AuthenticatorId() string

func (*AuthResultBase) ExternalId

func (a *AuthResultBase) ExternalId() string

func (*AuthResultBase) Identity

func (a *AuthResultBase) Identity() *Identity

func (*AuthResultBase) IdentityId

func (a *AuthResultBase) IdentityId() string

func (*AuthResultBase) IsSuccessful

func (a *AuthResultBase) IsSuccessful() bool

func (*AuthResultBase) SessionCerts

func (a *AuthResultBase) SessionCerts() []*x509.Certificate

type AuthResultJwt

type AuthResultJwt struct {
	AuthResultBase
	// contains filtered or unexported fields
}

func (*AuthResultJwt) AuthenticatorId

func (a *AuthResultJwt) AuthenticatorId() string

func (*AuthResultJwt) IsSuccessful

func (a *AuthResultJwt) IsSuccessful() bool

type Authenticator

type Authenticator struct {
	models.BaseEntity
	Method     string
	IdentityId string
	SubType    interface{}
}

func (*Authenticator) Fingerprints

func (entity *Authenticator) Fingerprints() []string

func (*Authenticator) ToCert

func (entity *Authenticator) ToCert() *AuthenticatorCert

func (*Authenticator) ToUpdb

func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb

type AuthenticatorCert

type AuthenticatorCert struct {
	*Authenticator
	Fingerprint string
	Pem         string

	UnverifiedFingerprint string
	UnverifiedPem         string
}

type AuthenticatorListQueryResult

type AuthenticatorListQueryResult struct {
	*models.EntityListResult[*Authenticator]
	Authenticators []*Authenticator
}

type AuthenticatorManager

type AuthenticatorManager struct {
	// contains filtered or unexported fields
}

func NewAuthenticatorManager

func NewAuthenticatorManager(env Env) *AuthenticatorManager

func (*AuthenticatorManager) Annotate

func (self *AuthenticatorManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*AuthenticatorManager) ApplyCreate

func (*AuthenticatorManager) ApplyDelete

func (self *AuthenticatorManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*AuthenticatorManager) ApplyUpdate

func (*AuthenticatorManager) AuthenticatorToProtobuf

func (self *AuthenticatorManager) AuthenticatorToProtobuf(entity *Authenticator) (*edge_cmd_pb.Authenticator, error)

func (*AuthenticatorManager) Authorize

func (self *AuthenticatorManager) Authorize(authContext AuthContext) (AuthResult, error)

func (*AuthenticatorManager) BaseList

func (self *AuthenticatorManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*AuthenticatorManager) BaseLoad

func (self *AuthenticatorManager) BaseLoad(id string) (ME, error)

func (*AuthenticatorManager) BaseLoadInTx

func (self *AuthenticatorManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*AuthenticatorManager) BasePreparedList

func (self *AuthenticatorManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*AuthenticatorManager) BasePreparedListIndexed

func (self *AuthenticatorManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*AuthenticatorManager) Create

func (self *AuthenticatorManager) Create(entity *Authenticator, ctx *change.Context) error

func (*AuthenticatorManager) DecodeSalt

func (self *AuthenticatorManager) DecodeSalt(salt string) []byte

func (*AuthenticatorManager) Delete

func (self *AuthenticatorManager) Delete(id string, ctx *change.Context) error

func (*AuthenticatorManager) Dispatch

func (self *AuthenticatorManager) Dispatch(command command.Command) error

func (*AuthenticatorManager) ExtendCertForIdentity

func (self *AuthenticatorManager) ExtendCertForIdentity(identityId string, authenticatorId string, peerCerts []*x509.Certificate, csrPem string, ctx *change.Context) ([]byte, error)

func (*AuthenticatorManager) GetAnnotation

func (self *AuthenticatorManager) GetAnnotation(entityId string, key string) (*string, error)

func (*AuthenticatorManager) GetDb

func (self *AuthenticatorManager) GetDb() boltz.Db

func (*AuthenticatorManager) GetEntityTypeId

func (self *AuthenticatorManager) GetEntityTypeId() string

func (*AuthenticatorManager) GetEnv

func (self *AuthenticatorManager) GetEnv() Env

func (*AuthenticatorManager) GetStore

func (self *AuthenticatorManager) GetStore() boltz.EntityStore[PE]

func (*AuthenticatorManager) HashPassword

func (self *AuthenticatorManager) HashPassword(password string) *HashedPassword

func (*AuthenticatorManager) IsUpdated

func (self *AuthenticatorManager) IsUpdated(field string) bool

func (*AuthenticatorManager) ListForIdentity

func (self *AuthenticatorManager) ListForIdentity(identityId string, query ast.Query) (*models.EntityListResult[*Authenticator], error)

func (*AuthenticatorManager) ListWithHandler

func (self *AuthenticatorManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*AuthenticatorManager) Marshall

func (self *AuthenticatorManager) Marshall(entity *Authenticator) ([]byte, error)

func (*AuthenticatorManager) PatchSelf

func (self *AuthenticatorManager) PatchSelf(authenticatorSelf *AuthenticatorSelf, checker fields.UpdatedFields, ctx *change.Context) error

func (*AuthenticatorManager) PreparedListAssociatedWithHandler

func (self *AuthenticatorManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*AuthenticatorManager) PreparedListIndexed

func (self *AuthenticatorManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*AuthenticatorManager) PreparedListWithHandler

func (self *AuthenticatorManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*AuthenticatorManager) ProtobufToAuthenticator

func (self *AuthenticatorManager) ProtobufToAuthenticator(msg *edge_cmd_pb.Authenticator) (*Authenticator, error)

func (*AuthenticatorManager) ReEnroll

func (self *AuthenticatorManager) ReEnroll(id string, expiresAt time.Time, ctx *change.Context) (string, error)

ReEnroll converts the given authenticator `id` back to an enrollment of the same type with the same constraints that expires at the time specified by `expiresAt`. The result is a string id of the new enrollment or an error.

func (*AuthenticatorManager) ReHashPassword

func (self *AuthenticatorManager) ReHashPassword(password string, salt []byte) *HashedPassword

func (*AuthenticatorManager) Read

func (self *AuthenticatorManager) Read(id string) (*Authenticator, error)

func (*AuthenticatorManager) ReadByFingerprint

func (self *AuthenticatorManager) ReadByFingerprint(fingerprint string) (*Authenticator, error)

func (*AuthenticatorManager) ReadByUsername

func (self *AuthenticatorManager) ReadByUsername(username string) (*Authenticator, error)

func (*AuthenticatorManager) ReadFingerprints

func (self *AuthenticatorManager) ReadFingerprints(authenticatorId string) ([]string, error)

func (*AuthenticatorManager) ReadForIdentity

func (self *AuthenticatorManager) ReadForIdentity(identityId string, authenticatorId string) (*Authenticator, error)

func (*AuthenticatorManager) Unmarshall

func (self *AuthenticatorManager) Unmarshall(bytes []byte) (*Authenticator, error)

func (*AuthenticatorManager) Update

func (self *AuthenticatorManager) Update(entity *Authenticator, unrestricted bool, checker fields.UpdatedFields, ctx *change.Context) error

func (*AuthenticatorManager) UpdateSelf

func (self *AuthenticatorManager) UpdateSelf(authenticatorSelf *AuthenticatorSelf, ctx *change.Context) error

func (*AuthenticatorManager) VerifyExtendCertForIdentity

func (self *AuthenticatorManager) VerifyExtendCertForIdentity(apiSessionId, identityId, authenticatorId string, verifyCertPem string, ctx *change.Context) error

type AuthenticatorSelf

type AuthenticatorSelf struct {
	models.BaseEntity
	CurrentPassword string
	NewPassword     string
	IdentityId      string
	Username        string
}

type AuthenticatorUpdb

type AuthenticatorUpdb struct {
	*Authenticator
	Username string
	Password string
	Salt     string
}

func (*AuthenticatorUpdb) DecodedSalt

func (au *AuthenticatorUpdb) DecodedSalt() []byte

type Ca

type Ca struct {
	models.BaseEntity
	Name                      string
	Fingerprint               string
	CertPem                   string
	IsVerified                bool
	VerificationToken         string
	IsAutoCaEnrollmentEnabled bool
	IsOttCaEnrollmentEnabled  bool
	IsAuthEnabled             bool
	IdentityRoles             []string
	IdentityNameFormat        string
	ExternalIdClaim           *ExternalIdClaim
}

func (*Ca) GetExternalId

func (entity *Ca) GetExternalId(cert *x509.Certificate) (string, error)

GetExternalId will attempt to retrieve a string claim from a x509 Certificate based on location, matching, and parsing of various x509 Certificate fields.

type CaListResult

type CaListResult struct {
	Cas []*Ca
	models.QueryMetaData
	// contains filtered or unexported fields
}

type CaManager

type CaManager struct {
	// contains filtered or unexported fields
}

func NewCaManager

func NewCaManager(env Env) *CaManager

func (*CaManager) Annotate

func (self *CaManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*CaManager) ApplyCreate

func (self *CaManager) ApplyCreate(cmd *command.CreateEntityCommand[*Ca], ctx boltz.MutateContext) error

func (*CaManager) ApplyDelete

func (self *CaManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*CaManager) ApplyUpdate

func (self *CaManager) ApplyUpdate(cmd *command.UpdateEntityCommand[*Ca], ctx boltz.MutateContext) error

func (*CaManager) BaseList

func (self *CaManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*CaManager) BaseLoad

func (self *CaManager) BaseLoad(id string) (ME, error)

func (*CaManager) BaseLoadInTx

func (self *CaManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*CaManager) BasePreparedList

func (self *CaManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*CaManager) BasePreparedListIndexed

func (self *CaManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*CaManager) Create

func (self *CaManager) Create(entity *Ca, ctx *change.Context) error

func (*CaManager) Delete

func (self *CaManager) Delete(id string, ctx *change.Context) error

func (*CaManager) Dispatch

func (self *CaManager) Dispatch(command command.Command) error

func (*CaManager) GetAnnotation

func (self *CaManager) GetAnnotation(entityId string, key string) (*string, error)

func (*CaManager) GetDb

func (self *CaManager) GetDb() boltz.Db

func (*CaManager) GetEntityTypeId

func (self *CaManager) GetEntityTypeId() string

func (*CaManager) GetEnv

func (self *CaManager) GetEnv() Env

func (*CaManager) GetStore

func (self *CaManager) GetStore() boltz.EntityStore[PE]

func (*CaManager) IsUpdated

func (self *CaManager) IsUpdated(field string) bool

func (*CaManager) ListWithHandler

func (self *CaManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*CaManager) Marshall

func (self *CaManager) Marshall(entity *Ca) ([]byte, error)

func (*CaManager) PreparedListAssociatedWithHandler

func (self *CaManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*CaManager) PreparedListIndexed

func (self *CaManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*CaManager) PreparedListWithHandler

func (self *CaManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*CaManager) Query

func (self *CaManager) Query(query string) (*CaListResult, error)

func (*CaManager) Read

func (self *CaManager) Read(id string) (*Ca, error)

func (*CaManager) Stream

func (self *CaManager) Stream(query string, collect func(*Ca, error) error) error

func (*CaManager) Unmarshall

func (self *CaManager) Unmarshall(bytes []byte) (*Ca, error)

func (*CaManager) Update

func (self *CaManager) Update(entity *Ca, checker fields.UpdatedFields, ctx *change.Context) error

func (*CaManager) Verified

func (self *CaManager) Verified(ca *Ca, ctx *change.Context) error

type Config

type Config struct {
	models.BaseEntity
	Name   string
	TypeId string
	Data   map[string]interface{}
}

type ConfigManager

type ConfigManager struct {
	// contains filtered or unexported fields
}

func NewConfigManager

func NewConfigManager(env Env) *ConfigManager

func (*ConfigManager) Annotate

func (self *ConfigManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ConfigManager) ApplyCreate

func (self *ConfigManager) ApplyCreate(cmd *command.CreateEntityCommand[*Config], ctx boltz.MutateContext) error

func (*ConfigManager) ApplyDelete

func (self *ConfigManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ConfigManager) ApplyUpdate

func (self *ConfigManager) ApplyUpdate(cmd *command.UpdateEntityCommand[*Config], ctx boltz.MutateContext) error

func (*ConfigManager) BaseList

func (self *ConfigManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ConfigManager) BaseLoad

func (self *ConfigManager) BaseLoad(id string) (ME, error)

func (*ConfigManager) BaseLoadInTx

func (self *ConfigManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ConfigManager) BasePreparedList

func (self *ConfigManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ConfigManager) BasePreparedListIndexed

func (self *ConfigManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ConfigManager) Create

func (self *ConfigManager) Create(entity *Config, ctx *change.Context) error

func (*ConfigManager) Delete

func (self *ConfigManager) Delete(id string, ctx *change.Context) error

func (*ConfigManager) Dispatch

func (self *ConfigManager) Dispatch(command command.Command) error

func (*ConfigManager) GetAnnotation

func (self *ConfigManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ConfigManager) GetDb

func (self *ConfigManager) GetDb() boltz.Db

func (*ConfigManager) GetEntityTypeId

func (self *ConfigManager) GetEntityTypeId() string

func (*ConfigManager) GetEnv

func (self *ConfigManager) GetEnv() Env

func (*ConfigManager) GetStore

func (self *ConfigManager) GetStore() boltz.EntityStore[PE]

func (*ConfigManager) IsUpdated

func (self *ConfigManager) IsUpdated(field string) bool

func (*ConfigManager) ListWithHandler

func (self *ConfigManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ConfigManager) Marshall

func (self *ConfigManager) Marshall(entity *Config) ([]byte, error)

func (*ConfigManager) PreparedListAssociatedWithHandler

func (self *ConfigManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ConfigManager) PreparedListIndexed

func (self *ConfigManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ConfigManager) PreparedListWithHandler

func (self *ConfigManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ConfigManager) Read

func (self *ConfigManager) Read(id string) (*Config, error)

func (*ConfigManager) Unmarshall

func (self *ConfigManager) Unmarshall(bytes []byte) (*Config, error)

func (*ConfigManager) Update

func (self *ConfigManager) Update(entity *Config, checker fields.UpdatedFields, ctx *change.Context) error

type ConfigType

type ConfigType struct {
	models.BaseEntity
	Name   string
	Schema map[string]interface{}
}

func (*ConfigType) GetCompiledSchema

func (entity *ConfigType) GetCompiledSchema() (*gojsonschema.Schema, error)

type ConfigTypeManager

type ConfigTypeManager struct {
	// contains filtered or unexported fields
}

func NewConfigTypeManager

func NewConfigTypeManager(env Env) *ConfigTypeManager

func (*ConfigTypeManager) Annotate

func (self *ConfigTypeManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ConfigTypeManager) ApplyCreate

func (*ConfigTypeManager) ApplyDelete

func (self *ConfigTypeManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ConfigTypeManager) ApplyUpdate

func (*ConfigTypeManager) BaseList

func (self *ConfigTypeManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ConfigTypeManager) BaseLoad

func (self *ConfigTypeManager) BaseLoad(id string) (ME, error)

func (*ConfigTypeManager) BaseLoadInTx

func (self *ConfigTypeManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ConfigTypeManager) BasePreparedList

func (self *ConfigTypeManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ConfigTypeManager) BasePreparedListIndexed

func (self *ConfigTypeManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ConfigTypeManager) Create

func (self *ConfigTypeManager) Create(entity *ConfigType, ctx *change.Context) error

func (*ConfigTypeManager) Delete

func (self *ConfigTypeManager) Delete(id string, ctx *change.Context) error

func (*ConfigTypeManager) Dispatch

func (self *ConfigTypeManager) Dispatch(command command.Command) error

func (*ConfigTypeManager) GetAnnotation

func (self *ConfigTypeManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ConfigTypeManager) GetDb

func (self *ConfigTypeManager) GetDb() boltz.Db

func (*ConfigTypeManager) GetEntityTypeId

func (self *ConfigTypeManager) GetEntityTypeId() string

func (*ConfigTypeManager) GetEnv

func (self *ConfigTypeManager) GetEnv() Env

func (*ConfigTypeManager) GetStore

func (self *ConfigTypeManager) GetStore() boltz.EntityStore[PE]

func (*ConfigTypeManager) ListWithHandler

func (self *ConfigTypeManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ConfigTypeManager) MapConfigTypeNamesToIds

func (self *ConfigTypeManager) MapConfigTypeNamesToIds(values []string, identityId string) map[string]struct{}

func (*ConfigTypeManager) Marshall

func (self *ConfigTypeManager) Marshall(entity *ConfigType) ([]byte, error)

func (*ConfigTypeManager) PreparedListAssociatedWithHandler

func (self *ConfigTypeManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ConfigTypeManager) PreparedListIndexed

func (self *ConfigTypeManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ConfigTypeManager) PreparedListWithHandler

func (self *ConfigTypeManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ConfigTypeManager) Read

func (self *ConfigTypeManager) Read(id string) (*ConfigType, error)

func (*ConfigTypeManager) ReadByName

func (self *ConfigTypeManager) ReadByName(name string) (*ConfigType, error)

func (*ConfigTypeManager) Unmarshall

func (self *ConfigTypeManager) Unmarshall(bytes []byte) (*ConfigType, error)

func (*ConfigTypeManager) Update

func (self *ConfigTypeManager) Update(entity *ConfigType, checker fields.UpdatedFields, ctx *change.Context) error

type Controller added in v0.34.0

type Controller struct {
	models.BaseEntity
	Name         string
	CtrlAddress  string
	CertPem      string
	Fingerprint  string
	IsOnline     bool
	LastJoinedAt *time.Time
	ApiAddresses map[string][]ApiAddress
}

type ControllerManager added in v0.34.0

type ControllerManager struct {
	// contains filtered or unexported fields
}

func NewControllerManager added in v0.34.0

func NewControllerManager(env Env) *ControllerManager

func (*ControllerManager) Annotate added in v0.34.0

func (self *ControllerManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ControllerManager) ApplyCreate added in v0.34.0

func (*ControllerManager) ApplyDelete added in v0.34.0

func (self *ControllerManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ControllerManager) ApplyUpdate added in v0.34.0

func (*ControllerManager) BaseList added in v0.34.0

func (self *ControllerManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ControllerManager) BaseLoad added in v0.34.0

func (self *ControllerManager) BaseLoad(id string) (ME, error)

func (*ControllerManager) BaseLoadInTx added in v0.34.0

func (self *ControllerManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ControllerManager) BasePreparedList added in v0.34.0

func (self *ControllerManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ControllerManager) BasePreparedListIndexed added in v0.34.0

func (self *ControllerManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ControllerManager) Create added in v0.34.0

func (self *ControllerManager) Create(entity *Controller, ctx *change.Context) error

func (*ControllerManager) Delete added in v0.34.0

func (self *ControllerManager) Delete(id string, ctx *change.Context) error

func (*ControllerManager) Dispatch added in v0.34.0

func (self *ControllerManager) Dispatch(command command.Command) error

func (*ControllerManager) GetAnnotation added in v0.34.0

func (self *ControllerManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ControllerManager) GetDb added in v0.34.0

func (self *ControllerManager) GetDb() boltz.Db

func (*ControllerManager) GetEntityTypeId added in v0.34.0

func (self *ControllerManager) GetEntityTypeId() string

func (*ControllerManager) GetEnv added in v0.34.0

func (self *ControllerManager) GetEnv() Env

func (*ControllerManager) GetStore added in v0.34.0

func (self *ControllerManager) GetStore() boltz.EntityStore[PE]

func (*ControllerManager) ListWithHandler added in v0.34.0

func (self *ControllerManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ControllerManager) MapControllerNamesToIds added in v0.34.0

func (self *ControllerManager) MapControllerNamesToIds(values []string, identityId string) map[string]struct{}

func (*ControllerManager) Marshall added in v0.34.0

func (self *ControllerManager) Marshall(entity *Controller) ([]byte, error)

func (*ControllerManager) PeersConnected added in v0.34.0

func (self *ControllerManager) PeersConnected(peers []*event.ClusterPeer)

func (*ControllerManager) PeersDisconnected added in v0.34.0

func (self *ControllerManager) PeersDisconnected(peers []*event.ClusterPeer)

func (*ControllerManager) PreparedListAssociatedWithHandler added in v0.34.0

func (self *ControllerManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ControllerManager) PreparedListIndexed added in v0.34.0

func (self *ControllerManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ControllerManager) PreparedListWithHandler added in v0.34.0

func (self *ControllerManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ControllerManager) Read added in v0.34.0

func (self *ControllerManager) Read(id string) (*Controller, error)

func (*ControllerManager) ReadByName added in v0.34.0

func (self *ControllerManager) ReadByName(name string) (*Controller, error)

func (*ControllerManager) Unmarshall added in v0.34.0

func (self *ControllerManager) Unmarshall(bytes []byte) (*Controller, error)

func (*ControllerManager) Update added in v0.34.0

func (self *ControllerManager) Update(entity *Controller, checker fields.UpdatedFields, ctx *change.Context) error

type CreateEdgeRouterCmd

type CreateEdgeRouterCmd struct {
	// contains filtered or unexported fields
}

func (*CreateEdgeRouterCmd) Apply

func (self *CreateEdgeRouterCmd) Apply(ctx boltz.MutateContext) error

func (*CreateEdgeRouterCmd) Decode

func (*CreateEdgeRouterCmd) Encode

func (self *CreateEdgeRouterCmd) Encode() ([]byte, error)

func (*CreateEdgeRouterCmd) GetChangeContext

func (self *CreateEdgeRouterCmd) GetChangeContext() *change.Context

type CreateEdgeTerminatorCmd

type CreateEdgeTerminatorCmd struct {
	Env     Env
	Entity  *network.Terminator
	Context *change.Context
}

func (*CreateEdgeTerminatorCmd) Apply

func (*CreateEdgeTerminatorCmd) Decode

func (*CreateEdgeTerminatorCmd) Encode

func (self *CreateEdgeTerminatorCmd) Encode() ([]byte, error)

func (*CreateEdgeTerminatorCmd) GetChangeContext

func (self *CreateEdgeTerminatorCmd) GetChangeContext() *change.Context

type CreateIdentityWithEnrollmentsCmd

type CreateIdentityWithEnrollmentsCmd struct {
	// contains filtered or unexported fields
}

func (*CreateIdentityWithEnrollmentsCmd) Apply

func (*CreateIdentityWithEnrollmentsCmd) Decode

func (*CreateIdentityWithEnrollmentsCmd) Encode

func (self *CreateIdentityWithEnrollmentsCmd) Encode() ([]byte, error)

func (*CreateIdentityWithEnrollmentsCmd) GetChangeContext

func (self *CreateIdentityWithEnrollmentsCmd) GetChangeContext() *change.Context

type CreateTransitRouterCmd

type CreateTransitRouterCmd struct {
	// contains filtered or unexported fields
}

func (*CreateTransitRouterCmd) Apply

func (*CreateTransitRouterCmd) Decode

func (*CreateTransitRouterCmd) Encode

func (self *CreateTransitRouterCmd) Encode() ([]byte, error)

func (*CreateTransitRouterCmd) GetChangeContext

func (self *CreateTransitRouterCmd) GetChangeContext() *change.Context

type EdgeRouter

type EdgeRouter struct {
	models.BaseEntity
	Name                  string
	RoleAttributes        []string
	IsVerified            bool
	Fingerprint           *string
	CertPem               *string
	Hostname              *string
	VersionInfo           *versions.VersionInfo
	IsTunnelerEnabled     bool
	AppData               map[string]interface{}
	UnverifiedFingerprint *string
	UnverifiedCertPem     *string
	Cost                  uint16
	NoTraversal           bool
	Disabled              bool
}

func (*EdgeRouter) GetName

func (self *EdgeRouter) GetName() string

type EdgeRouterListResult

type EdgeRouterListResult struct {
	EdgeRouters []*EdgeRouter
	models.QueryMetaData
	// contains filtered or unexported fields
}

type EdgeRouterManager

type EdgeRouterManager struct {
	// contains filtered or unexported fields
}

func NewEdgeRouterManager

func NewEdgeRouterManager(env Env) *EdgeRouterManager

func (*EdgeRouterManager) Annotate

func (self *EdgeRouterManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*EdgeRouterManager) ApplyCreate

func (self *EdgeRouterManager) ApplyCreate(cmd *CreateEdgeRouterCmd, ctx boltz.MutateContext) error

func (*EdgeRouterManager) ApplyDelete

func (self *EdgeRouterManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*EdgeRouterManager) ApplyUpdate

func (*EdgeRouterManager) BaseList

func (self *EdgeRouterManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*EdgeRouterManager) BaseLoad

func (self *EdgeRouterManager) BaseLoad(id string) (ME, error)

func (*EdgeRouterManager) BaseLoadInTx

func (self *EdgeRouterManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*EdgeRouterManager) BasePreparedList

func (self *EdgeRouterManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeRouterManager) BasePreparedListIndexed

func (self *EdgeRouterManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeRouterManager) CollectEnrollments

func (self *EdgeRouterManager) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*EdgeRouterManager) Create

func (self *EdgeRouterManager) Create(edgeRouter *EdgeRouter, ctx *change.Context) error

func (*EdgeRouterManager) Delete

func (self *EdgeRouterManager) Delete(id string, ctx *change.Context) error

func (*EdgeRouterManager) Dispatch

func (self *EdgeRouterManager) Dispatch(command command.Command) error

func (*EdgeRouterManager) EdgeRouterToProtobuf

func (self *EdgeRouterManager) EdgeRouterToProtobuf(entity *EdgeRouter) (*edge_cmd_pb.EdgeRouter, error)

func (*EdgeRouterManager) ExtendEnrollment

func (self *EdgeRouterManager) ExtendEnrollment(router *EdgeRouter, clientCsrPem []byte, serverCertCsrPem []byte, ctx *change.Context) (*ExtendedCerts, error)

func (*EdgeRouterManager) ExtendEnrollmentVerify

func (self *EdgeRouterManager) ExtendEnrollmentVerify(router *EdgeRouter, ctx *change.Context) error

func (*EdgeRouterManager) ExtendEnrollmentWithVerify

func (self *EdgeRouterManager) ExtendEnrollmentWithVerify(router *EdgeRouter, clientCsrPem []byte, serverCertCsrPem []byte, ctx *change.Context) (*ExtendedCerts, error)

func (*EdgeRouterManager) GetAnnotation

func (self *EdgeRouterManager) GetAnnotation(entityId string, key string) (*string, error)

func (*EdgeRouterManager) GetDb

func (self *EdgeRouterManager) GetDb() boltz.Db

func (*EdgeRouterManager) GetEntityTypeId

func (self *EdgeRouterManager) GetEntityTypeId() string

func (*EdgeRouterManager) GetEnv

func (self *EdgeRouterManager) GetEnv() Env

func (*EdgeRouterManager) GetStore

func (self *EdgeRouterManager) GetStore() boltz.EntityStore[PE]

func (*EdgeRouterManager) IsAccessToEdgeRouterAllowed

func (self *EdgeRouterManager) IsAccessToEdgeRouterAllowed(identityId, serviceId, edgeRouterId string) (bool, error)

func (*EdgeRouterManager) IsSharedEdgeRouterPresent

func (self *EdgeRouterManager) IsSharedEdgeRouterPresent(identityId, serviceId string) (bool, error)

func (*EdgeRouterManager) ListForIdentityAndService

func (self *EdgeRouterManager) ListForIdentityAndService(identityId, serviceId string, limit *int) (*EdgeRouterListResult, error)

func (*EdgeRouterManager) ListForIdentityAndServiceWithTx

func (self *EdgeRouterManager) ListForIdentityAndServiceWithTx(tx *bbolt.Tx, identityId, serviceId string, limit *int) (*EdgeRouterListResult, error)

func (*EdgeRouterManager) ListWithHandler

func (self *EdgeRouterManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*EdgeRouterManager) Marshall

func (self *EdgeRouterManager) Marshall(entity *EdgeRouter) ([]byte, error)

func (*EdgeRouterManager) PreparedListAssociatedWithHandler

func (self *EdgeRouterManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*EdgeRouterManager) PreparedListIndexed

func (self *EdgeRouterManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeRouterManager) PreparedListWithHandler

func (self *EdgeRouterManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeRouterManager) ProtobufToEdgeRouter

func (self *EdgeRouterManager) ProtobufToEdgeRouter(msg *edge_cmd_pb.EdgeRouter) (*EdgeRouter, error)

func (*EdgeRouterManager) Query

func (self *EdgeRouterManager) Query(query string) (*EdgeRouterListResult, error)

func (*EdgeRouterManager) QueryRoleAttributes

func (self *EdgeRouterManager) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*EdgeRouterManager) ReEnroll

func (self *EdgeRouterManager) ReEnroll(router *EdgeRouter, ctx *change.Context) error

ReEnroll creates a new JWT enrollment for an existing edge router. If the edge router already exists with a JWT, a new JWT is created. If the edge router was already enrolled, all record of the enrollment is reset and the edge router is disconnected forcing the edge router to complete enrollment before connecting.

func (*EdgeRouterManager) Read

func (self *EdgeRouterManager) Read(id string) (*EdgeRouter, error)

func (*EdgeRouterManager) ReadOneByFingerprint

func (self *EdgeRouterManager) ReadOneByFingerprint(fingerprint string) (*EdgeRouter, error)

func (*EdgeRouterManager) ReadOneByQuery

func (self *EdgeRouterManager) ReadOneByQuery(query string) (*EdgeRouter, error)

func (*EdgeRouterManager) ReadOneByUnverifiedFingerprint

func (self *EdgeRouterManager) ReadOneByUnverifiedFingerprint(fingerprint string) (*EdgeRouter, error)

func (*EdgeRouterManager) Unmarshall

func (self *EdgeRouterManager) Unmarshall(bytes []byte) (*EdgeRouter, error)

func (*EdgeRouterManager) Update

func (self *EdgeRouterManager) Update(entity *EdgeRouter, unrestricted bool, checker fields.UpdatedFields, ctx *change.Context) error

type EdgeRouterPolicy

type EdgeRouterPolicy struct {
	models.BaseEntity
	Name            string
	Semantic        string
	IdentityRoles   []string
	EdgeRouterRoles []string
}

type EdgeRouterPolicyManager

type EdgeRouterPolicyManager struct {
	// contains filtered or unexported fields
}

func NewEdgeRouterPolicyManager

func NewEdgeRouterPolicyManager(env Env) *EdgeRouterPolicyManager

func (*EdgeRouterPolicyManager) Annotate

func (self *EdgeRouterPolicyManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*EdgeRouterPolicyManager) ApplyCreate

func (*EdgeRouterPolicyManager) ApplyDelete

func (self *EdgeRouterPolicyManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*EdgeRouterPolicyManager) ApplyUpdate

func (*EdgeRouterPolicyManager) BaseList

func (self *EdgeRouterPolicyManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*EdgeRouterPolicyManager) BaseLoad

func (self *EdgeRouterPolicyManager) BaseLoad(id string) (ME, error)

func (*EdgeRouterPolicyManager) BaseLoadInTx

func (self *EdgeRouterPolicyManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*EdgeRouterPolicyManager) BasePreparedList

func (self *EdgeRouterPolicyManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeRouterPolicyManager) BasePreparedListIndexed

func (self *EdgeRouterPolicyManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeRouterPolicyManager) Create

func (self *EdgeRouterPolicyManager) Create(entity *EdgeRouterPolicy, ctx *change.Context) error

func (*EdgeRouterPolicyManager) Delete

func (self *EdgeRouterPolicyManager) Delete(id string, ctx *change.Context) error

func (*EdgeRouterPolicyManager) Dispatch

func (self *EdgeRouterPolicyManager) Dispatch(command command.Command) error

func (*EdgeRouterPolicyManager) GetAnnotation

func (self *EdgeRouterPolicyManager) GetAnnotation(entityId string, key string) (*string, error)

func (*EdgeRouterPolicyManager) GetDb

func (self *EdgeRouterPolicyManager) GetDb() boltz.Db

func (*EdgeRouterPolicyManager) GetEntityTypeId

func (self *EdgeRouterPolicyManager) GetEntityTypeId() string

func (*EdgeRouterPolicyManager) GetEnv

func (self *EdgeRouterPolicyManager) GetEnv() Env

func (*EdgeRouterPolicyManager) GetStore

func (self *EdgeRouterPolicyManager) GetStore() boltz.EntityStore[PE]

func (*EdgeRouterPolicyManager) ListWithHandler

func (self *EdgeRouterPolicyManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*EdgeRouterPolicyManager) Marshall

func (self *EdgeRouterPolicyManager) Marshall(entity *EdgeRouterPolicy) ([]byte, error)

func (*EdgeRouterPolicyManager) PreparedListAssociatedWithHandler

func (self *EdgeRouterPolicyManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*EdgeRouterPolicyManager) PreparedListIndexed

func (self *EdgeRouterPolicyManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeRouterPolicyManager) PreparedListWithHandler

func (self *EdgeRouterPolicyManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeRouterPolicyManager) Read

func (self *EdgeRouterPolicyManager) Read(id string) (ME, error)

func (*EdgeRouterPolicyManager) Unmarshall

func (self *EdgeRouterPolicyManager) Unmarshall(bytes []byte) (*EdgeRouterPolicy, error)

func (*EdgeRouterPolicyManager) Update

func (self *EdgeRouterPolicyManager) Update(entity *EdgeRouterPolicy, checker fields.UpdatedFields, ctx *change.Context) error

type EdgeServiceManager

type EdgeServiceManager struct {
	// contains filtered or unexported fields
}

func NewEdgeServiceManager

func NewEdgeServiceManager(env Env) *EdgeServiceManager

func (*EdgeServiceManager) Annotate

func (self *EdgeServiceManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*EdgeServiceManager) ApplyCreate

func (*EdgeServiceManager) ApplyDelete

func (self *EdgeServiceManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*EdgeServiceManager) ApplyUpdate

func (*EdgeServiceManager) BaseList

func (self *EdgeServiceManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*EdgeServiceManager) BaseLoad

func (self *EdgeServiceManager) BaseLoad(id string) (ME, error)

func (*EdgeServiceManager) BaseLoadInTx

func (self *EdgeServiceManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*EdgeServiceManager) BasePreparedList

func (self *EdgeServiceManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeServiceManager) BasePreparedListIndexed

func (self *EdgeServiceManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*EdgeServiceManager) Create

func (self *EdgeServiceManager) Create(entity *Service, ctx *change.Context) error

func (*EdgeServiceManager) Delete

func (self *EdgeServiceManager) Delete(id string, ctx *change.Context) error

func (*EdgeServiceManager) Dispatch

func (self *EdgeServiceManager) Dispatch(command command.Command) error

func (*EdgeServiceManager) GetAnnotation

func (self *EdgeServiceManager) GetAnnotation(entityId string, key string) (*string, error)

func (*EdgeServiceManager) GetDb

func (self *EdgeServiceManager) GetDb() boltz.Db

func (*EdgeServiceManager) GetDetailLister

func (self *EdgeServiceManager) GetDetailLister() *ServiceDetailLister

func (*EdgeServiceManager) GetEntityTypeId

func (self *EdgeServiceManager) GetEntityTypeId() string

func (*EdgeServiceManager) GetEnv

func (self *EdgeServiceManager) GetEnv() Env

func (*EdgeServiceManager) GetPolicyPostureChecks

func (self *EdgeServiceManager) GetPolicyPostureChecks(identityId, serviceId string) map[string]*PolicyPostureChecks

func (*EdgeServiceManager) GetStore

func (self *EdgeServiceManager) GetStore() boltz.EntityStore[PE]

func (*EdgeServiceManager) ListWithHandler

func (self *EdgeServiceManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*EdgeServiceManager) Marshall

func (self *EdgeServiceManager) Marshall(entity *Service) ([]byte, error)

func (*EdgeServiceManager) PreparedListAssociatedWithHandler

func (self *EdgeServiceManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*EdgeServiceManager) PreparedListIndexed

func (self *EdgeServiceManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeServiceManager) PreparedListWithHandler

func (self *EdgeServiceManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*EdgeServiceManager) PublicQueryForIdentity

func (self *EdgeServiceManager) PublicQueryForIdentity(sessionIdentity *Identity, configTypes map[string]struct{}, query ast.Query) (*ServiceListResult, error)

func (*EdgeServiceManager) QueryForIdentity

func (self *EdgeServiceManager) QueryForIdentity(identityId string, configTypes map[string]struct{}, query ast.Query) (*ServiceListResult, error)

func (*EdgeServiceManager) QueryRoleAttributes

func (self *EdgeServiceManager) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*EdgeServiceManager) Read

func (self *EdgeServiceManager) Read(id string) (ME, error)

func (*EdgeServiceManager) ReadByName

func (self *EdgeServiceManager) ReadByName(name string) (*Service, error)

func (*EdgeServiceManager) ReadForIdentity

func (self *EdgeServiceManager) ReadForIdentity(id string, identityId string, configTypes map[string]struct{}) (*ServiceDetail, error)

func (*EdgeServiceManager) ReadForIdentityInTx

func (self *EdgeServiceManager) ReadForIdentityInTx(tx *bbolt.Tx, id string, identityId string, configTypes map[string]struct{}) (*ServiceDetail, error)

func (*EdgeServiceManager) Unmarshall

func (self *EdgeServiceManager) Unmarshall(bytes []byte) (*Service, error)

func (*EdgeServiceManager) Update

func (self *EdgeServiceManager) Update(entity *Service, checker fields.UpdatedFields, ctx *change.Context) error

type EnrollModuleCa

type EnrollModuleCa struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleCa

func NewEnrollModuleCa(env Env) *EnrollModuleCa

func (*EnrollModuleCa) CanHandle

func (module *EnrollModuleCa) CanHandle(method string) bool

func (*EnrollModuleCa) Process

func (module *EnrollModuleCa) Process(context EnrollmentContext) (*EnrollmentResult, error)

Process will attempt to verify a client certificate bundle (supplied via the TLS handshake) with known CAs. The first certificate must be the client certificate and all subsequent certificates are treated as untrusted intermediates. If a verifying CA has `externalIdClaim` configuration present, the claim will be searched for. If it resolves, the values will be used as the `externalId` for the resulting identity. Subsequent authentications will match the certificate `externalId`. If not present, a certificate authenticator will be created where the fingerprint of the certificate will be matched on subsequent authentications.

type EnrollModuleEr

type EnrollModuleEr struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleEdgeRouterOtt

func NewEnrollModuleEdgeRouterOtt(env Env) *EnrollModuleEr

func (*EnrollModuleEr) CanHandle

func (module *EnrollModuleEr) CanHandle(method string) bool

func (*EnrollModuleEr) Process

func (module *EnrollModuleEr) Process(context EnrollmentContext) (*EnrollmentResult, error)

func (*EnrollModuleEr) ProcessClientCsrPem

func (module *EnrollModuleEr) ProcessClientCsrPem(clientCertCsrPem []byte, edgeRouterId string) ([]byte, error)

func (*EnrollModuleEr) ProcessServerCsrPem

func (module *EnrollModuleEr) ProcessServerCsrPem(serverCertCsrPem []byte) ([]byte, error)

type EnrollModuleOtt

type EnrollModuleOtt struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleOtt

func NewEnrollModuleOtt(env Env) *EnrollModuleOtt

func (*EnrollModuleOtt) CanHandle

func (module *EnrollModuleOtt) CanHandle(method string) bool

func (*EnrollModuleOtt) Process

func (module *EnrollModuleOtt) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleOttCa

type EnrollModuleOttCa struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleOttCa

func NewEnrollModuleOttCa(env Env) *EnrollModuleOttCa

func (*EnrollModuleOttCa) CanHandle

func (module *EnrollModuleOttCa) CanHandle(method string) bool

func (*EnrollModuleOttCa) Process

func (module *EnrollModuleOttCa) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleRouterOtt

type EnrollModuleRouterOtt struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleTransitRouterOtt

func NewEnrollModuleTransitRouterOtt(env Env) *EnrollModuleRouterOtt

func (*EnrollModuleRouterOtt) CanHandle

func (module *EnrollModuleRouterOtt) CanHandle(method string) bool

func (*EnrollModuleRouterOtt) Process

func (module *EnrollModuleRouterOtt) Process(context EnrollmentContext) (*EnrollmentResult, error)

type EnrollModuleUpdb

type EnrollModuleUpdb struct {
	// contains filtered or unexported fields
}

func NewEnrollModuleUpdb

func NewEnrollModuleUpdb(env Env) *EnrollModuleUpdb

func (*EnrollModuleUpdb) CanHandle

func (module *EnrollModuleUpdb) CanHandle(method string) bool

func (*EnrollModuleUpdb) Process

func (module *EnrollModuleUpdb) Process(ctx EnrollmentContext) (*EnrollmentResult, error)

type Enrollment

type Enrollment struct {
	models.BaseEntity
	Method          string
	IdentityId      *string
	TransitRouterId *string
	EdgeRouterId    *string
	Token           string
	IssuedAt        *time.Time
	ExpiresAt       *time.Time
	Jwt             string
	CaId            *string
	Username        *string
}

func (*Enrollment) FillJwtInfo

func (entity *Enrollment) FillJwtInfo(env Env, subject string) error

func (*Enrollment) FillJwtInfoWithExpiresAt

func (entity *Enrollment) FillJwtInfoWithExpiresAt(env Env, subject string, expiresAt time.Time) error

type EnrollmentContext

type EnrollmentContext interface {
	GetParameters() map[string]interface{}
	GetToken() string
	GetData() interface{}
	GetDataAsMap() map[string]interface{}
	GetDataAsByteArray() []byte
	GetCerts() []*x509.Certificate
	GetHeaders() map[string]interface{}
	GetMethod() string
	GetChangeContext() *change.Context
}

type EnrollmentContextHttp

type EnrollmentContextHttp struct {
	Headers       map[string]interface{}
	Parameters    map[string]interface{}
	Data          interface{}
	Certs         []*x509.Certificate
	Token         string
	Method        string
	ChangeContext *change.Context
}

func (*EnrollmentContextHttp) FillFromHttpRequest

func (context *EnrollmentContextHttp) FillFromHttpRequest(request *http.Request, changeCtx *change.Context) error

func (*EnrollmentContextHttp) GetCerts

func (context *EnrollmentContextHttp) GetCerts() []*x509.Certificate

func (*EnrollmentContextHttp) GetChangeContext

func (context *EnrollmentContextHttp) GetChangeContext() *change.Context

func (*EnrollmentContextHttp) GetData

func (context *EnrollmentContextHttp) GetData() interface{}

func (*EnrollmentContextHttp) GetDataAsByteArray

func (context *EnrollmentContextHttp) GetDataAsByteArray() []byte

func (*EnrollmentContextHttp) GetDataAsMap

func (context *EnrollmentContextHttp) GetDataAsMap() map[string]interface{}

func (*EnrollmentContextHttp) GetHeaders

func (context *EnrollmentContextHttp) GetHeaders() map[string]interface{}

func (*EnrollmentContextHttp) GetMethod

func (context *EnrollmentContextHttp) GetMethod() string

func (*EnrollmentContextHttp) GetParameters

func (context *EnrollmentContextHttp) GetParameters() map[string]interface{}

func (*EnrollmentContextHttp) GetToken

func (context *EnrollmentContextHttp) GetToken() string

type EnrollmentManager

type EnrollmentManager struct {
	// contains filtered or unexported fields
}

func NewEnrollmentManager

func NewEnrollmentManager(env Env) *EnrollmentManager

func (*EnrollmentManager) Annotate

func (self *EnrollmentManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*EnrollmentManager) ApplyCreate

func (*EnrollmentManager) ApplyDelete

func (self *EnrollmentManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*EnrollmentManager) ApplyReEnrollEdgeRouter added in v0.32.1

func (self *EnrollmentManager) ApplyReEnrollEdgeRouter(cmd *ReEnrollEdgeRouterCmd, ctx boltz.MutateContext) error

func (*EnrollmentManager) ApplyReplaceEncoderWithAuthenticatorCommand

func (self *EnrollmentManager) ApplyReplaceEncoderWithAuthenticatorCommand(cmd *ReplaceEnrollmentWithAuthenticatorCmd, ctx boltz.MutateContext) error

func (*EnrollmentManager) ApplyUpdate

func (*EnrollmentManager) BaseList

func (self *EnrollmentManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*EnrollmentManager) BaseLoad

func (self *EnrollmentManager) BaseLoad(id string) (ME, error)

func (*EnrollmentManager) BaseLoadInTx

func (self *EnrollmentManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*EnrollmentManager) BasePreparedList

func (self *EnrollmentManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*EnrollmentManager) BasePreparedListIndexed

func (self *EnrollmentManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*EnrollmentManager) Create

func (self *EnrollmentManager) Create(entity *Enrollment, ctx *change.Context) error

func (*EnrollmentManager) Delete

func (self *EnrollmentManager) Delete(id string, ctx *change.Context) error

func (*EnrollmentManager) Dispatch

func (self *EnrollmentManager) Dispatch(command command.Command) error

func (*EnrollmentManager) Enroll

func (*EnrollmentManager) EnrollmentToProtobuf

func (self *EnrollmentManager) EnrollmentToProtobuf(entity *Enrollment) (*edge_cmd_pb.Enrollment, error)

func (*EnrollmentManager) GetAnnotation

func (self *EnrollmentManager) GetAnnotation(entityId string, key string) (*string, error)

func (*EnrollmentManager) GetCertChainPem added in v1.1.1

func (self *EnrollmentManager) GetCertChainPem(certRaw []byte) (string, error)

GetCertChainPem parses a given certificate in raw DER and attempt to provide string in PEM format of the original certificate followed by each signing intermediate up to but not including the root CA.

func (*EnrollmentManager) GetDb

func (self *EnrollmentManager) GetDb() boltz.Db

func (*EnrollmentManager) GetEntityTypeId

func (self *EnrollmentManager) GetEntityTypeId() string

func (*EnrollmentManager) GetEnv

func (self *EnrollmentManager) GetEnv() Env

func (*EnrollmentManager) GetStore

func (self *EnrollmentManager) GetStore() boltz.EntityStore[PE]

func (*EnrollmentManager) ListWithHandler

func (self *EnrollmentManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*EnrollmentManager) Marshall

func (self *EnrollmentManager) Marshall(entity *Enrollment) ([]byte, error)

func (*EnrollmentManager) PreparedListAssociatedWithHandler

func (self *EnrollmentManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*EnrollmentManager) PreparedListIndexed

func (self *EnrollmentManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*EnrollmentManager) PreparedListWithHandler

func (self *EnrollmentManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*EnrollmentManager) ProtobufToEnrollment

func (self *EnrollmentManager) ProtobufToEnrollment(msg *edge_cmd_pb.Enrollment) (*Enrollment, error)

func (*EnrollmentManager) Query

func (self *EnrollmentManager) Query(query string) ([]*Enrollment, error)

func (*EnrollmentManager) Read

func (self *EnrollmentManager) Read(id string) (*Enrollment, error)

func (*EnrollmentManager) ReadByToken

func (self *EnrollmentManager) ReadByToken(token string) (*Enrollment, error)

func (*EnrollmentManager) RefreshJwt

func (self *EnrollmentManager) RefreshJwt(id string, expiresAt time.Time, ctx *change.Context) error

func (*EnrollmentManager) ReplaceWithAuthenticator

func (self *EnrollmentManager) ReplaceWithAuthenticator(enrollmentId string, authenticator *Authenticator, ctx *change.Context) error

func (*EnrollmentManager) Unmarshall

func (self *EnrollmentManager) Unmarshall(bytes []byte) (*Enrollment, error)

func (*EnrollmentManager) Update

func (self *EnrollmentManager) Update(entity *Enrollment, checker fields.UpdatedFields, ctx *change.Context) error

type EnrollmentProcessor

type EnrollmentProcessor interface {
	CanHandle(method string) bool
	Process(context EnrollmentContext) (*EnrollmentResult, error)
}

type EnrollmentRegistry

type EnrollmentRegistry interface {
	Add(method EnrollmentProcessor)
	GetByMethod(method string) EnrollmentProcessor
}

type EnrollmentRegistryImpl

type EnrollmentRegistryImpl struct {
	// contains filtered or unexported fields
}

func (*EnrollmentRegistryImpl) Add

func (registry *EnrollmentRegistryImpl) Add(processor EnrollmentProcessor)

func (*EnrollmentRegistryImpl) GetByMethod

func (registry *EnrollmentRegistryImpl) GetByMethod(method string) EnrollmentProcessor

type EnrollmentResult

type EnrollmentResult struct {
	Identity      *Identity
	Authenticator *Authenticator
	Content       interface{}
	TextContent   []byte
	Producer      runtime.Producer
	Status        int
}

type EntityManager

type EntityManager[E models.Entity] interface {
	models.EntityRetriever[E]
	command.EntityDeleter
	GetEnv() Env
	// contains filtered or unexported methods
}

type Env

type Env interface {
	GetManagers() *Managers
	GetConfig() *config.Config
	GetDbProvider() network.DbProvider
	GetStores() *db.Stores
	GetAuthRegistry() AuthRegistry
	GetEnrollRegistry() EnrollmentRegistry
	GetApiClientCsrSigner() cert.Signer
	GetApiServerCsrSigner() cert.Signer
	GetControlClientCsrSigner() cert.Signer
	GetHostController() HostController
	IsEdgeRouterOnline(id string) bool
	GetMetricsRegistry() metrics.Registry
	GetFingerprintGenerator() cert.FingerprintGenerator
	HandleServiceUpdatedEventForIdentityId(identityId string)

	GetServerJwtSigner() jwtsigner.Signer
	GetServerCert() (*tls.Certificate, string, jwt.SigningMethod)
	JwtSignerKeyFunc(token *jwt.Token) (interface{}, error)
	GetPeerControllerAddresses() []string

	ValidateAccessToken(token string) (*common.AccessClaims, error)
	ValidateServiceAccessToken(token string, apiSessionId *string) (*common.ServiceAccessClaims, error)

	OidcIssuer() string
	RootIssuer() string
}

type EnvInfo

type EnvInfo struct {
	Arch      string
	Os        string
	OsRelease string
	OsVersion string
	Domain    string
	Hostname  string
}

func (*EnvInfo) Equals

func (self *EnvInfo) Equals(other *EnvInfo) bool

type ExtendedCerts

type ExtendedCerts struct {
	RawClientCert []byte
	RawServerCert []byte
}

type ExternalIdClaim

type ExternalIdClaim struct {
	Location        string
	Matcher         string
	MatcherCriteria string
	Parser          string
	ParserCriteria  string
	Index           int64
}

type ExternalIdFieldType

type ExternalIdFieldType string

type ExternalJwtSigner

type ExternalJwtSigner struct {
	models.BaseEntity
	Name            string
	CertPem         *string
	JwksEndpoint    *string
	Kid             *string
	Enabled         bool
	ExternalAuthUrl *string
	UseExternalId   bool
	ClaimsProperty  *string
	Issuer          *string
	Audience        *string

	CommonName  string
	Fingerprint *string
	NotAfter    time.Time
	NotBefore   time.Time
}

type ExternalJwtSignerManager

type ExternalJwtSignerManager struct {
	// contains filtered or unexported fields
}

func NewExternalJwtSignerManager

func NewExternalJwtSignerManager(env Env) *ExternalJwtSignerManager

func (*ExternalJwtSignerManager) Annotate

func (self *ExternalJwtSignerManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ExternalJwtSignerManager) ApplyCreate

func (*ExternalJwtSignerManager) ApplyDelete

func (self *ExternalJwtSignerManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ExternalJwtSignerManager) ApplyUpdate

func (*ExternalJwtSignerManager) BaseList

func (self *ExternalJwtSignerManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ExternalJwtSignerManager) BaseLoad

func (self *ExternalJwtSignerManager) BaseLoad(id string) (ME, error)

func (*ExternalJwtSignerManager) BaseLoadInTx

func (self *ExternalJwtSignerManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ExternalJwtSignerManager) BasePreparedList

func (self *ExternalJwtSignerManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ExternalJwtSignerManager) BasePreparedListIndexed

func (self *ExternalJwtSignerManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ExternalJwtSignerManager) Create

func (self *ExternalJwtSignerManager) Create(entity *ExternalJwtSigner, ctx *change.Context) error

func (*ExternalJwtSignerManager) Delete

func (self *ExternalJwtSignerManager) Delete(id string, ctx *change.Context) error

func (*ExternalJwtSignerManager) Dispatch

func (self *ExternalJwtSignerManager) Dispatch(command command.Command) error

func (*ExternalJwtSignerManager) GetAnnotation

func (self *ExternalJwtSignerManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ExternalJwtSignerManager) GetDb

func (self *ExternalJwtSignerManager) GetDb() boltz.Db

func (*ExternalJwtSignerManager) GetEntityTypeId

func (self *ExternalJwtSignerManager) GetEntityTypeId() string

func (*ExternalJwtSignerManager) GetEnv

func (self *ExternalJwtSignerManager) GetEnv() Env

func (*ExternalJwtSignerManager) GetStore

func (self *ExternalJwtSignerManager) GetStore() boltz.EntityStore[PE]

func (*ExternalJwtSignerManager) ListWithHandler

func (self *ExternalJwtSignerManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ExternalJwtSignerManager) Marshall

func (self *ExternalJwtSignerManager) Marshall(entity *ExternalJwtSigner) ([]byte, error)

func (*ExternalJwtSignerManager) PreparedListAssociatedWithHandler

func (self *ExternalJwtSignerManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ExternalJwtSignerManager) PreparedListIndexed

func (self *ExternalJwtSignerManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ExternalJwtSignerManager) PreparedListWithHandler

func (self *ExternalJwtSignerManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ExternalJwtSignerManager) PublicQuery

func (self *ExternalJwtSignerManager) PublicQuery(query ast.Query) (*ListExtJwtSignerResult, error)

func (*ExternalJwtSignerManager) Read

func (self *ExternalJwtSignerManager) Read(id string) (ME, error)

func (*ExternalJwtSignerManager) Unmarshall

func (self *ExternalJwtSignerManager) Unmarshall(bytes []byte) (*ExternalJwtSigner, error)

func (*ExternalJwtSignerManager) Update

func (self *ExternalJwtSignerManager) Update(entity *ExternalJwtSigner, checker fields.UpdatedFields, ctx *change.Context) error

type Formatter

type Formatter struct {
	// contains filtered or unexported fields
}

func NewFormatter

func NewFormatter(symbols map[string]string) *Formatter

func NewIdentityNameFormatter

func NewIdentityNameFormatter(ca *Ca, clientCert *x509.Certificate, identityName, identityId string) *Formatter

func (*Formatter) Format

func (formatter *Formatter) Format(name string) string

type HashResult

type HashResult struct {
	Hash []byte
	Salt []byte
}

func Hash

func Hash(password string) *HashResult

func ReHash

func ReHash(password string, s []byte) *HashResult

type HashedPassword

type HashedPassword struct {
	RawResult *HashResult //raw byte hash results
	Salt      string      //base64 encoded hash
	Password  string      //base64 encoded hash
}

type Heartbeat

type Heartbeat struct {
	ApiSessionId   string
	LastActivityAt time.Time
}

type HeartbeatCollector

type HeartbeatCollector struct {
	// contains filtered or unexported fields
}

func NewHeartbeatCollector

func NewHeartbeatCollector(env Env, batchSize int, updateInterval time.Duration, action func([]*Heartbeat)) *HeartbeatCollector

NewHeartbeatCollector creates a HeartbeatCollector which is used to manage situations where an SDK is connecting to multiple Edge Routers and making API calls that all update their last updated at and trigger writes. The heartbeat collector aggregates all of those calls into a single write and acts as an in memory buffer for last update times.

func (*HeartbeatCollector) LastAccessedAt

func (self *HeartbeatCollector) LastAccessedAt(apiSessionId string) (*time.Time, bool)

LastAccessedAt will return the last time an API Sessions was either connected to an Edge Router or made a REST API call and true. If no such action has happened or the API Session no longer exists nil and false will be returned.

func (*HeartbeatCollector) Mark

func (self *HeartbeatCollector) Mark(apiSessionId string)

func (*HeartbeatCollector) Remove

func (self *HeartbeatCollector) Remove(id string)

func (*HeartbeatCollector) Start

func (self *HeartbeatCollector) Start()

func (*HeartbeatCollector) Stop

func (self *HeartbeatCollector) Stop()

type HeartbeatStatus

type HeartbeatStatus struct {
	// contains filtered or unexported fields
}

type HostController

type HostController interface {
	GetNetwork() *network.Network
	Shutdown()
	GetCloseNotifyChannel() <-chan struct{}
	IsRaftEnabled() bool
	Identity() identity.Identity
	GetPeerSigners() []*x509.Certificate
	GetRaftIndex() uint64
	GetRaftInfo() (string, string, string)
	GetApiAddresses() (map[string][]event.ApiAddress, []byte)
}

type Identity

type Identity struct {
	models.BaseEntity
	Name                      string
	IdentityTypeId            string
	IsDefaultAdmin            bool
	IsAdmin                   bool
	RoleAttributes            []string
	EnvInfo                   *EnvInfo
	SdkInfo                   *SdkInfo
	HasErConnection           bool
	DefaultHostingPrecedence  ziti.Precedence
	DefaultHostingCost        uint16
	ServiceHostingPrecedences map[string]ziti.Precedence
	ServiceHostingCosts       map[string]uint16
	AppData                   map[string]interface{}
	AuthPolicyId              string
	ExternalId                *string
	Disabled                  bool
	DisabledAt                *time.Time
	DisabledUntil             *time.Time
}

type IdentityManager

type IdentityManager struct {
	// contains filtered or unexported fields
}

func NewIdentityManager

func NewIdentityManager(env Env) *IdentityManager

func (*IdentityManager) Annotate

func (self *IdentityManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*IdentityManager) ApplyCreate

func (*IdentityManager) ApplyCreateWithEnrollments

func (self *IdentityManager) ApplyCreateWithEnrollments(cmd *CreateIdentityWithEnrollmentsCmd, ctx boltz.MutateContext) error

func (*IdentityManager) ApplyDelete

func (self *IdentityManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*IdentityManager) ApplyUpdate

func (*IdentityManager) ApplyUpdateServiceConfigs

func (self *IdentityManager) ApplyUpdateServiceConfigs(cmd *UpdateServiceConfigsCmd, ctx boltz.MutateContext) error

func (*IdentityManager) AssignServiceConfigs

func (self *IdentityManager) AssignServiceConfigs(id string, serviceConfigs []ServiceConfig, ctx *change.Context) error

func (*IdentityManager) BaseList

func (self *IdentityManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*IdentityManager) BaseLoad

func (self *IdentityManager) BaseLoad(id string) (ME, error)

func (*IdentityManager) BaseLoadInTx

func (self *IdentityManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*IdentityManager) BasePreparedList

func (self *IdentityManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*IdentityManager) BasePreparedListIndexed

func (self *IdentityManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*IdentityManager) CollectAuthenticators

func (self *IdentityManager) CollectAuthenticators(id string, collector func(entity *Authenticator) error) error

func (*IdentityManager) CollectEnrollments

func (self *IdentityManager) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*IdentityManager) Create

func (self *IdentityManager) Create(entity *Identity, ctx *change.Context) error

func (*IdentityManager) CreateWithAuthenticator

func (self *IdentityManager) CreateWithAuthenticator(identity *Identity, authenticator *Authenticator, ctx *change.Context) (string, string, error)

func (*IdentityManager) CreateWithEnrollments

func (self *IdentityManager) CreateWithEnrollments(identityModel *Identity, enrollmentsModels []*Enrollment, ctx *change.Context) error

func (*IdentityManager) Delete

func (self *IdentityManager) Delete(id string, ctx *change.Context) error

func (*IdentityManager) Disable

func (self *IdentityManager) Disable(identityId string, duration time.Duration, ctx *change.Context) error

func (*IdentityManager) Dispatch

func (self *IdentityManager) Dispatch(command command.Command) error

func (*IdentityManager) Enable

func (self *IdentityManager) Enable(identityId string, ctx *change.Context) error

func (*IdentityManager) GetAnnotation

func (self *IdentityManager) GetAnnotation(entityId string, key string) (*string, error)

func (*IdentityManager) GetDb

func (self *IdentityManager) GetDb() boltz.Db

func (*IdentityManager) GetEntityTypeId

func (self *IdentityManager) GetEntityTypeId() string

func (*IdentityManager) GetEnv

func (self *IdentityManager) GetEnv() Env

func (*IdentityManager) GetServiceConfigs

func (self *IdentityManager) GetServiceConfigs(id string) ([]ServiceConfig, error)

func (*IdentityManager) GetStore

func (self *IdentityManager) GetStore() boltz.EntityStore[PE]

func (*IdentityManager) HasErConnection

func (self *IdentityManager) HasErConnection(id string) bool

HasErConnection will return true if the supplied identity id has a current an active ER connection registered.

func (*IdentityManager) IdentityToProtobuf

func (self *IdentityManager) IdentityToProtobuf(entity *Identity) (*edge_cmd_pb.Identity, error)

func (*IdentityManager) InitializeDefaultAdmin

func (self *IdentityManager) InitializeDefaultAdmin(username, password, name string) error

func (*IdentityManager) IsUpdated

func (self *IdentityManager) IsUpdated(field string) bool

func (*IdentityManager) ListWithHandler

func (self *IdentityManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*IdentityManager) Marshall

func (self *IdentityManager) Marshall(entity *Identity) ([]byte, error)

func (*IdentityManager) PatchInfo

func (self *IdentityManager) PatchInfo(identity *Identity, changeCtx *change.Context) error

func (*IdentityManager) PreparedListAssociatedWithHandler

func (self *IdentityManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*IdentityManager) PreparedListIndexed

func (self *IdentityManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*IdentityManager) PreparedListWithHandler

func (self *IdentityManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*IdentityManager) ProtobufToIdentity

func (self *IdentityManager) ProtobufToIdentity(msg *edge_cmd_pb.Identity) (*Identity, error)

func (*IdentityManager) QueryRoleAttributes

func (self *IdentityManager) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error)

func (*IdentityManager) Read

func (self *IdentityManager) Read(id string) (ME, error)

func (*IdentityManager) ReadByExternalId

func (self *IdentityManager) ReadByExternalId(externalId string) (*Identity, error)

func (*IdentityManager) ReadByName

func (self *IdentityManager) ReadByName(name string) (*Identity, error)

func (*IdentityManager) ReadDefaultAdmin

func (self *IdentityManager) ReadDefaultAdmin() (*Identity, error)

func (*IdentityManager) ReadOneByQuery

func (self *IdentityManager) ReadOneByQuery(query string) (*Identity, error)

func (*IdentityManager) RemoveServiceConfigs

func (self *IdentityManager) RemoveServiceConfigs(id string, serviceConfigs []ServiceConfig, ctx *change.Context) error

func (*IdentityManager) SetHasErConnection

func (self *IdentityManager) SetHasErConnection(identityId string)

SetHasErConnection will register an identity as having an ER connection. The registration has a TTL depending on how the status map was configured.

func (*IdentityManager) Unmarshall

func (self *IdentityManager) Unmarshall(bytes []byte) (*Identity, error)

func (*IdentityManager) Update

func (self *IdentityManager) Update(entity *Identity, checker fields.UpdatedFields, ctx *change.Context) error

func (*IdentityManager) VisitIdentityAuthenticatorFingerprints

func (self *IdentityManager) VisitIdentityAuthenticatorFingerprints(tx *bbolt.Tx, identityId string, visitor func(string) bool) (bool, error)

type IdentityType

type IdentityType struct {
	models.BaseEntity
	Name string `json:"name"`
}

type IdentityTypeManager

type IdentityTypeManager struct {
	// contains filtered or unexported fields
}

func NewIdentityTypeManager

func NewIdentityTypeManager(env Env) *IdentityTypeManager

func (*IdentityTypeManager) Annotate

func (self *IdentityTypeManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*IdentityTypeManager) ApplyDelete

func (self *IdentityTypeManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*IdentityTypeManager) BaseList

func (self *IdentityTypeManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*IdentityTypeManager) BaseLoad

func (self *IdentityTypeManager) BaseLoad(id string) (ME, error)

func (*IdentityTypeManager) BaseLoadInTx

func (self *IdentityTypeManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*IdentityTypeManager) BasePreparedList

func (self *IdentityTypeManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*IdentityTypeManager) BasePreparedListIndexed

func (self *IdentityTypeManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*IdentityTypeManager) Delete

func (self *IdentityTypeManager) Delete(id string, ctx *change.Context) error

func (*IdentityTypeManager) Dispatch

func (self *IdentityTypeManager) Dispatch(command command.Command) error

func (*IdentityTypeManager) GetAnnotation

func (self *IdentityTypeManager) GetAnnotation(entityId string, key string) (*string, error)

func (*IdentityTypeManager) GetDb

func (self *IdentityTypeManager) GetDb() boltz.Db

func (*IdentityTypeManager) GetEntityTypeId

func (self *IdentityTypeManager) GetEntityTypeId() string

func (*IdentityTypeManager) GetEnv

func (self *IdentityTypeManager) GetEnv() Env

func (*IdentityTypeManager) GetStore

func (self *IdentityTypeManager) GetStore() boltz.EntityStore[PE]

func (*IdentityTypeManager) ListWithHandler

func (self *IdentityTypeManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*IdentityTypeManager) PreparedListAssociatedWithHandler

func (self *IdentityTypeManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*IdentityTypeManager) PreparedListIndexed

func (self *IdentityTypeManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*IdentityTypeManager) PreparedListWithHandler

func (self *IdentityTypeManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*IdentityTypeManager) Read

func (self *IdentityTypeManager) Read(id string) (ME, error)

func (*IdentityTypeManager) ReadByIdOrName

func (self *IdentityTypeManager) ReadByIdOrName(idOrName string) (*IdentityType, error)

func (*IdentityTypeManager) ReadByName

func (self *IdentityTypeManager) ReadByName(name string) (*IdentityType, error)

type ListExtJwtSignerResult

type ListExtJwtSignerResult struct {
	QueryMetaData models.QueryMetaData
	ExtJwtSigners []*ExternalJwtSigner
	// contains filtered or unexported fields
}

type Managers

type Managers struct {
	// fabric
	Router     *network.RouterManager
	Service    *network.ServiceManager
	Terminator *network.TerminatorManager
	Command    *network.CommandManager

	// edge
	ApiSession              *ApiSessionManager
	ApiSessionCertificate   *ApiSessionCertificateManager
	Ca                      *CaManager
	Config                  *ConfigManager
	ConfigType              *ConfigTypeManager
	Controller              *ControllerManager
	EdgeRouter              *EdgeRouterManager
	EdgeRouterPolicy        *EdgeRouterPolicyManager
	EdgeService             *EdgeServiceManager
	ExternalJwtSigner       *ExternalJwtSignerManager
	Identity                *IdentityManager
	IdentityType            *IdentityTypeManager
	PolicyAdvisor           *PolicyAdvisor
	ServiceEdgeRouterPolicy *ServiceEdgeRouterPolicyManager
	ServicePolicy           *ServicePolicyManager
	Revocation              *RevocationManager
	TransitRouter           *TransitRouterManager
	Session                 *SessionManager
	Authenticator           *AuthenticatorManager
	Enrollment              *EnrollmentManager
	PostureCheck            *PostureCheckManager
	PostureCheckType        *PostureCheckTypeManager
	PostureResponse         *PostureResponseManager
	Mfa                     *MfaManager
	AuthPolicy              *AuthPolicyManager
}

func InitEntityManagers

func InitEntityManagers(env Env) *Managers

type Mfa

type Mfa struct {
	models.BaseEntity
	IsVerified    bool
	IdentityId    string
	Identity      *Identity
	Secret        string
	RecoveryCodes []string
}

type MfaListResult

type MfaListResult struct {
	Mfas []*Mfa
	models.QueryMetaData
	// contains filtered or unexported fields
}

type MfaManager

type MfaManager struct {
	// contains filtered or unexported fields
}

func NewMfaManager

func NewMfaManager(env Env) *MfaManager

func (*MfaManager) Annotate

func (self *MfaManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*MfaManager) ApplyCreate

func (self *MfaManager) ApplyCreate(cmd *command.CreateEntityCommand[*Mfa], ctx boltz.MutateContext) error

func (*MfaManager) ApplyDelete

func (self *MfaManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*MfaManager) ApplyUpdate

func (self *MfaManager) ApplyUpdate(cmd *command.UpdateEntityCommand[*Mfa], ctx boltz.MutateContext) error

func (*MfaManager) BaseList

func (self *MfaManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*MfaManager) BaseLoad

func (self *MfaManager) BaseLoad(id string) (ME, error)

func (*MfaManager) BaseLoadInTx

func (self *MfaManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*MfaManager) BasePreparedList

func (self *MfaManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*MfaManager) BasePreparedListIndexed

func (self *MfaManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*MfaManager) CompleteTotpEnrollment added in v0.34.0

func (self *MfaManager) CompleteTotpEnrollment(identityId string, code string, changeCtx *change.Context) error

func (*MfaManager) Create

func (self *MfaManager) Create(entity *Mfa, ctx *change.Context) error

func (*MfaManager) CreateForIdentity

func (self *MfaManager) CreateForIdentity(identity *Identity, ctx *change.Context) (string, error)

func (*MfaManager) CreateForIdentityId added in v0.34.0

func (self *MfaManager) CreateForIdentityId(identityId string, ctx *change.Context) (string, error)

func (*MfaManager) Delete

func (self *MfaManager) Delete(id string, ctx *change.Context) error

func (*MfaManager) DeleteAllForIdentity

func (self *MfaManager) DeleteAllForIdentity(id string, ctx *change.Context) error

DeleteAllForIdentity is meant for administrators to remove all MFAs (enrolled or not) from an identity

func (*MfaManager) DeleteForIdentity

func (self *MfaManager) DeleteForIdentity(identity *Identity, code string, ctx *change.Context) error

func (*MfaManager) Dispatch

func (self *MfaManager) Dispatch(command command.Command) error

func (*MfaManager) GetAnnotation

func (self *MfaManager) GetAnnotation(entityId string, key string) (*string, error)

func (*MfaManager) GetDb

func (self *MfaManager) GetDb() boltz.Db

func (*MfaManager) GetEntityTypeId

func (self *MfaManager) GetEntityTypeId() string

func (*MfaManager) GetEnv

func (self *MfaManager) GetEnv() Env

func (*MfaManager) GetProvisioningUrl

func (self *MfaManager) GetProvisioningUrl(mfa *Mfa) string

func (*MfaManager) GetStore

func (self *MfaManager) GetStore() boltz.EntityStore[PE]

func (*MfaManager) IsUpdated

func (self *MfaManager) IsUpdated(field string) bool

func (*MfaManager) ListWithHandler

func (self *MfaManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*MfaManager) Marshall

func (self *MfaManager) Marshall(entity *Mfa) ([]byte, error)

func (*MfaManager) PreparedListAssociatedWithHandler

func (self *MfaManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*MfaManager) PreparedListIndexed

func (self *MfaManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*MfaManager) PreparedListWithHandler

func (self *MfaManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*MfaManager) QrCodePng

func (self *MfaManager) QrCodePng(mfa *Mfa) ([]byte, error)

func (*MfaManager) Query

func (self *MfaManager) Query(query string) (*MfaListResult, error)

func (*MfaManager) Read

func (self *MfaManager) Read(id string) (ME, error)

func (*MfaManager) ReadOneByIdentityId

func (self *MfaManager) ReadOneByIdentityId(identityId string) (*Mfa, error)

func (*MfaManager) RecreateRecoveryCodes

func (self *MfaManager) RecreateRecoveryCodes(mfa *Mfa, ctx *change.Context) error

func (*MfaManager) Unmarshall

func (self *MfaManager) Unmarshall(bytes []byte) (*Mfa, error)

func (*MfaManager) Update

func (self *MfaManager) Update(entity *Mfa, checker fields.UpdatedFields, ctx *change.Context) error

func (*MfaManager) Verify

func (self *MfaManager) Verify(mfa *Mfa, code string, ctx *change.Context) (bool, error)

func (*MfaManager) VerifyTOTP

func (self *MfaManager) VerifyTOTP(mfa *Mfa, code string) (bool, error)

VerifyTOTP verifies TOTP values only, not recovery codes

type OperatingSystem

type OperatingSystem struct {
	OsType     string
	OsVersions []string
}

type OrFieldChecker

type OrFieldChecker struct {
	// contains filtered or unexported fields
}

func NewOrFieldChecker

func NewOrFieldChecker(checker boltz.FieldChecker, fields ...string) *OrFieldChecker

func (*OrFieldChecker) IsUpdated

func (checker *OrFieldChecker) IsUpdated(field string) bool

type PolicyAdvisor

type PolicyAdvisor struct {
	// contains filtered or unexported fields
}

func NewPolicyAdvisor

func NewPolicyAdvisor(env Env) *PolicyAdvisor

func (*PolicyAdvisor) AnalyzeServiceReachability

func (advisor *PolicyAdvisor) AnalyzeServiceReachability(identityId, serviceId string) (*AdvisorServiceReachability, error)
func (advisor *PolicyAdvisor) InspectIdentityEdgeRouterLinks(identityId, edgeRouterId string) (*AdvisorIdentityEdgeRouterLinks, error)
func (advisor *PolicyAdvisor) InspectIdentityServiceLinks(identityId, serviceId string) (*AdvisorIdentityServiceLinks, error)
func (advisor *PolicyAdvisor) InspectServiceEdgeRouterLinks(serviceId, edgeRouterId string) (*AdvisorServiceEdgeRouterLinks, error)

type PolicyPostureChecks

type PolicyPostureChecks struct {
	PostureChecks []*PostureCheck
	PolicyType    db.PolicyType
	PolicyName    string
}

type PostureCache

type PostureCache struct {
	events.EventEmmiter
	// contains filtered or unexported fields
}

func (*PostureCache) Add

func (pc *PostureCache) Add(identityId string, postureResponses []*PostureResponse)

func (*PostureCache) AddSessionRequestFailure

func (pc *PostureCache) AddSessionRequestFailure(identityId string, failure *PostureSessionRequestFailure)

func (*PostureCache) ApiSessionCreated

func (pc *PostureCache) ApiSessionCreated(apiSession *db.ApiSession)

func (*PostureCache) ApiSessionDeleted

func (pc *PostureCache) ApiSessionDeleted(apiSession *db.ApiSession)

func (*PostureCache) Evaluate

func (pc *PostureCache) Evaluate(identityId, apiSessionId string, postureChecks []*PostureCheck) (bool, []*PostureCheckFailure)

func (*PostureCache) IdentityDeleted

func (pc *PostureCache) IdentityDeleted(identity *db.Identity)

func (*PostureCache) PostureCheckChanged

func (pc *PostureCache) PostureCheckChanged(entity boltz.Entity)

PostureCheckChanged notifies all associated identities that posture configuration has changed and that endpoints may need to reevaluate posture queries.

func (*PostureCache) PostureData

func (pc *PostureCache) PostureData(identityId string) *PostureData

PostureData returns a copy of the current posture data for an identity. Suitable for read only rendering. To alter/update posture data see Upsert.

func (*PostureCache) Upsert

func (pc *PostureCache) Upsert(identityId string, emitDataAltered bool, cb func(exist bool, valueInMap *PostureData, newValue *PostureData) *PostureData)

Upsert is a convenience function to alter the existing PostureData for an identity. If emitDataAltered is true, posture data listeners will be alerted: this will trigger service update notifications and posture check evaluation.

func (*PostureCache) WithPostureData

func (pc *PostureCache) WithPostureData(identityId string, f func(data *PostureData))

type PostureCheck

type PostureCheck struct {
	models.BaseEntity
	Name           string
	TypeId         string
	Version        int64
	RoleAttributes []string
	SubType        PostureCheckSubType
}

func (*PostureCheck) Evaluate

func (entity *PostureCheck) Evaluate(apiSessionId string, pd *PostureData) (bool, *PostureCheckFailure)

func (*PostureCheck) LastUpdatedAt

func (entity *PostureCheck) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

LastUpdatedAt returns the last time posture state changed for a specific posture check. If the posture state does not report changes, nil is returned.

func (*PostureCheck) TimeoutRemainingSeconds

func (entity *PostureCheck) TimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

func (*PostureCheck) TimeoutSeconds

func (entity *PostureCheck) TimeoutSeconds() int64

type PostureCheckDomains

type PostureCheckDomains struct {
	Domains []string
}

func (*PostureCheckDomains) ActualValue

func (p *PostureCheckDomains) ActualValue(_ string, pd *PostureData) interface{}

func (*PostureCheckDomains) Evaluate

func (p *PostureCheckDomains) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckDomains) ExpectedValue

func (p *PostureCheckDomains) ExpectedValue() interface{}

func (*PostureCheckDomains) FailureValues

func (*PostureCheckDomains) GetTimeoutRemainingSeconds

func (p *PostureCheckDomains) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckDomains) GetTimeoutSeconds

func (p *PostureCheckDomains) GetTimeoutSeconds() int64

func (*PostureCheckDomains) LastUpdatedAt

func (p *PostureCheckDomains) LastUpdatedAt(string, *PostureData) *time.Time

func (*PostureCheckDomains) TypeId

func (p *PostureCheckDomains) TypeId() string

type PostureCheckFailure

type PostureCheckFailure struct {
	PostureCheckId   string `json:"postureCheckId"`
	PostureCheckName string `json:"postureCheckName"`
	PostureCheckType string `json:"postureCheckType"`
	PostureCheckFailureValues
}

func (PostureCheckFailure) ToClientErrorData

func (self PostureCheckFailure) ToClientErrorData() interface{}

type PostureCheckFailureSubType

type PostureCheckFailureSubType interface {
	Value() interface{}
	Expected() interface{}
}

type PostureCheckFailureValues

type PostureCheckFailureValues interface {
	Expected() interface{}
	Actual() interface{}
}

type PostureCheckFailureValuesDomain

type PostureCheckFailureValuesDomain struct {
	ActualValue   string
	ExpectedValue []string
}

func (PostureCheckFailureValuesDomain) Actual

func (p PostureCheckFailureValuesDomain) Actual() interface{}

func (PostureCheckFailureValuesDomain) Expected

func (p PostureCheckFailureValuesDomain) Expected() interface{}

type PostureCheckFailureValuesMac

type PostureCheckFailureValuesMac struct {
	ActualValue   []string
	ExpectedValue []string
}

func (PostureCheckFailureValuesMac) Actual

func (p PostureCheckFailureValuesMac) Actual() interface{}

func (PostureCheckFailureValuesMac) Expected

func (p PostureCheckFailureValuesMac) Expected() interface{}

type PostureCheckFailureValuesMfa

type PostureCheckFailureValuesMfa struct {
	ActualValue   PostureCheckMfaValues
	ExpectedValue PostureCheckMfaValues
	Criteria      PostureCheckMfaCriteria
}

func (PostureCheckFailureValuesMfa) Actual

func (p PostureCheckFailureValuesMfa) Actual() interface{}

func (PostureCheckFailureValuesMfa) Expected

func (p PostureCheckFailureValuesMfa) Expected() interface{}

type PostureCheckFailureValuesOperatingSystem

type PostureCheckFailureValuesOperatingSystem struct {
	ActualValue   PostureResponseOs
	ExpectedValue []OperatingSystem
}

func (PostureCheckFailureValuesOperatingSystem) Actual

func (p PostureCheckFailureValuesOperatingSystem) Actual() interface{}

func (PostureCheckFailureValuesOperatingSystem) Expected

func (p PostureCheckFailureValuesOperatingSystem) Expected() interface{}

type PostureCheckFailureValuesProcess

type PostureCheckFailureValuesProcess struct {
	ActualValue   PostureResponseProcess
	ExpectedValue PostureCheckProcess
}

func (PostureCheckFailureValuesProcess) Actual

func (p PostureCheckFailureValuesProcess) Actual() interface{}

func (PostureCheckFailureValuesProcess) Expected

func (p PostureCheckFailureValuesProcess) Expected() interface{}

type PostureCheckFailureValuesProcessMulti

type PostureCheckFailureValuesProcessMulti struct {
	ActualValue   []PostureResponseProcess
	ExpectedValue PostureCheckProcessMulti
}

func (PostureCheckFailureValuesProcessMulti) Actual

func (p PostureCheckFailureValuesProcessMulti) Actual() interface{}

func (PostureCheckFailureValuesProcessMulti) Expected

func (p PostureCheckFailureValuesProcessMulti) Expected() interface{}

type PostureCheckListResult

type PostureCheckListResult struct {
	PostureChecks []*PostureCheck
	models.QueryMetaData
	// contains filtered or unexported fields
}

type PostureCheckMacAddresses

type PostureCheckMacAddresses struct {
	MacAddresses []string
}

func (*PostureCheckMacAddresses) Evaluate

func (p *PostureCheckMacAddresses) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckMacAddresses) FailureValues

func (*PostureCheckMacAddresses) GetTimeoutRemainingSeconds

func (p *PostureCheckMacAddresses) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckMacAddresses) GetTimeoutSeconds

func (p *PostureCheckMacAddresses) GetTimeoutSeconds() int64

func (*PostureCheckMacAddresses) LastUpdatedAt

func (p *PostureCheckMacAddresses) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

func (*PostureCheckMacAddresses) TypeId

func (p *PostureCheckMacAddresses) TypeId() string

type PostureCheckManager

type PostureCheckManager struct {
	// contains filtered or unexported fields
}

func NewPostureCheckManager

func NewPostureCheckManager(env Env) *PostureCheckManager

func (*PostureCheckManager) Annotate

func (self *PostureCheckManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*PostureCheckManager) ApplyCreate

func (*PostureCheckManager) ApplyDelete

func (self *PostureCheckManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*PostureCheckManager) ApplyUpdate

func (*PostureCheckManager) BaseList

func (self *PostureCheckManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*PostureCheckManager) BaseLoad

func (self *PostureCheckManager) BaseLoad(id string) (ME, error)

func (*PostureCheckManager) BaseLoadInTx

func (self *PostureCheckManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*PostureCheckManager) BasePreparedList

func (self *PostureCheckManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*PostureCheckManager) BasePreparedListIndexed

func (self *PostureCheckManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*PostureCheckManager) Create

func (self *PostureCheckManager) Create(entity *PostureCheck, ctx *change.Context) error

func (*PostureCheckManager) Delete

func (self *PostureCheckManager) Delete(id string, ctx *change.Context) error

func (*PostureCheckManager) Dispatch

func (self *PostureCheckManager) Dispatch(command command.Command) error

func (*PostureCheckManager) GetAnnotation

func (self *PostureCheckManager) GetAnnotation(entityId string, key string) (*string, error)

func (*PostureCheckManager) GetDb

func (self *PostureCheckManager) GetDb() boltz.Db

func (*PostureCheckManager) GetEntityTypeId

func (self *PostureCheckManager) GetEntityTypeId() string

func (*PostureCheckManager) GetEnv

func (self *PostureCheckManager) GetEnv() Env

func (*PostureCheckManager) GetStore

func (self *PostureCheckManager) GetStore() boltz.EntityStore[PE]

func (*PostureCheckManager) IsUpdated

func (self *PostureCheckManager) IsUpdated(field string) bool

func (*PostureCheckManager) ListWithHandler

func (self *PostureCheckManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*PostureCheckManager) Marshall

func (self *PostureCheckManager) Marshall(entity *PostureCheck) ([]byte, error)

func (*PostureCheckManager) PreparedListAssociatedWithHandler

func (self *PostureCheckManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*PostureCheckManager) PreparedListIndexed

func (self *PostureCheckManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*PostureCheckManager) PreparedListWithHandler

func (self *PostureCheckManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*PostureCheckManager) Query

func (self *PostureCheckManager) Query(query string) (*PostureCheckListResult, error)

func (*PostureCheckManager) QueryPostureChecks

func (self *PostureCheckManager) QueryPostureChecks(query ast.Query) (*PostureCheckListResult, error)

func (*PostureCheckManager) Read

func (self *PostureCheckManager) Read(id string) (*PostureCheck, error)

func (*PostureCheckManager) Unmarshall

func (self *PostureCheckManager) Unmarshall(bytes []byte) (*PostureCheck, error)

func (*PostureCheckManager) Update

func (self *PostureCheckManager) Update(entity *PostureCheck, checker fields.UpdatedFields, ctx *change.Context) error

type PostureCheckMfa

type PostureCheckMfa struct {
	TimeoutSeconds        int64
	PromptOnWake          bool
	PromptOnUnlock        bool
	IgnoreLegacyEndpoints bool
}

func (*PostureCheckMfa) Evaluate

func (p *PostureCheckMfa) Evaluate(apiSessionId string, pd *PostureData) bool

func (*PostureCheckMfa) FailureValues

func (p *PostureCheckMfa) FailureValues(apiSessionId string, pd *PostureData) PostureCheckFailureValues

func (*PostureCheckMfa) GetTimeoutRemainingSeconds

func (p *PostureCheckMfa) GetTimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

func (*PostureCheckMfa) GetTimeoutSeconds

func (p *PostureCheckMfa) GetTimeoutSeconds() int64

func (*PostureCheckMfa) IsLegacyClient

func (p *PostureCheckMfa) IsLegacyClient(apiSessionData *ApiSessionPostureData) bool

func (*PostureCheckMfa) LastUpdatedAt

func (p *PostureCheckMfa) LastUpdatedAt(apiSessionId string, pd *PostureData) *time.Time

func (*PostureCheckMfa) PassedOnUnlock

func (p *PostureCheckMfa) PassedOnUnlock(apiSessionData *ApiSessionPostureData, now time.Time) bool

func (*PostureCheckMfa) PassedOnWake

func (p *PostureCheckMfa) PassedOnWake(apiSessionData *ApiSessionPostureData, now time.Time) bool

func (*PostureCheckMfa) TypeId

func (p *PostureCheckMfa) TypeId() string

type PostureCheckMfaCriteria

type PostureCheckMfaCriteria struct {
	PassedMfaAt             *time.Time
	WokenAt                 *time.Time
	UnlockedAt              *time.Time
	TimeoutSeconds          int64
	TimeoutRemainingSeconds int64
}

type PostureCheckMfaValues

type PostureCheckMfaValues struct {
	TimedOutSeconds       bool
	PassedMfa             bool
	PassedOnWake          bool
	PassedOnUnlock        bool
	IgnoreLegacyEndpoints bool
}

type PostureCheckOperatingSystem

type PostureCheckOperatingSystem struct {
	OperatingSystems []OperatingSystem
}

func (*PostureCheckOperatingSystem) Evaluate

func (p *PostureCheckOperatingSystem) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckOperatingSystem) FailureValues

func (*PostureCheckOperatingSystem) GetTimeoutRemainingSeconds

func (p *PostureCheckOperatingSystem) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckOperatingSystem) GetTimeoutSeconds

func (p *PostureCheckOperatingSystem) GetTimeoutSeconds() int64

func (*PostureCheckOperatingSystem) LastUpdatedAt

func (p *PostureCheckOperatingSystem) LastUpdatedAt(id string, pd *PostureData) *time.Time

func (*PostureCheckOperatingSystem) TypeId

func (p *PostureCheckOperatingSystem) TypeId() string

type PostureCheckProcess

type PostureCheckProcess struct {
	PostureCheckId string
	OsType         string
	Path           string
	Hashes         []string
	Fingerprint    string
}

func (*PostureCheckProcess) Evaluate

func (p *PostureCheckProcess) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckProcess) FailureValues

func (*PostureCheckProcess) GetTimeoutRemainingSeconds

func (p *PostureCheckProcess) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckProcess) GetTimeoutSeconds

func (p *PostureCheckProcess) GetTimeoutSeconds() int64

func (*PostureCheckProcess) LastUpdatedAt

func (p *PostureCheckProcess) LastUpdatedAt(id string, pd *PostureData) *time.Time

func (*PostureCheckProcess) TypeId

func (p *PostureCheckProcess) TypeId() string

type PostureCheckProcessMulti

type PostureCheckProcessMulti struct {
	PostureCheckId string
	Semantic       string
	Processes      []*ProcessMulti
}

func (*PostureCheckProcessMulti) Evaluate

func (p *PostureCheckProcessMulti) Evaluate(_ string, pd *PostureData) bool

func (*PostureCheckProcessMulti) FailureValues

func (*PostureCheckProcessMulti) GetTimeoutRemainingSeconds

func (p *PostureCheckProcessMulti) GetTimeoutRemainingSeconds(_ string, _ *PostureData) int64

func (*PostureCheckProcessMulti) GetTimeoutSeconds

func (p *PostureCheckProcessMulti) GetTimeoutSeconds() int64

func (*PostureCheckProcessMulti) LastUpdatedAt

func (p *PostureCheckProcessMulti) LastUpdatedAt(string, *PostureData) *time.Time

func (*PostureCheckProcessMulti) TypeId

func (p *PostureCheckProcessMulti) TypeId() string

type PostureCheckSubType

type PostureCheckSubType interface {
	TypeId() string

	Evaluate(apiSessionId string, pd *PostureData) bool
	FailureValues(_ string, pd *PostureData) PostureCheckFailureValues
	GetTimeoutSeconds() int64
	GetTimeoutRemainingSeconds(apiSessionId string, pd *PostureData) int64

	// LastUpdatedAt returns the last time the posture state changed or nil if not supported.
	LastUpdatedAt(id string, pd *PostureData) *time.Time
	// contains filtered or unexported methods
}

type PostureCheckType

type PostureCheckType struct {
	models.BaseEntity
	Name             string
	OperatingSystems []OperatingSystem
}

type PostureCheckTypeManager

type PostureCheckTypeManager struct {
	// contains filtered or unexported fields
}

func NewPostureCheckTypeManager

func NewPostureCheckTypeManager(env Env) *PostureCheckTypeManager

func (*PostureCheckTypeManager) Annotate

func (self *PostureCheckTypeManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*PostureCheckTypeManager) ApplyDelete

func (self *PostureCheckTypeManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*PostureCheckTypeManager) BaseList

func (self *PostureCheckTypeManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*PostureCheckTypeManager) BaseLoad

func (self *PostureCheckTypeManager) BaseLoad(id string) (ME, error)

func (*PostureCheckTypeManager) BaseLoadInTx

func (self *PostureCheckTypeManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*PostureCheckTypeManager) BasePreparedList

func (self *PostureCheckTypeManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*PostureCheckTypeManager) BasePreparedListIndexed

func (self *PostureCheckTypeManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*PostureCheckTypeManager) Delete

func (self *PostureCheckTypeManager) Delete(id string, ctx *change.Context) error

func (*PostureCheckTypeManager) Dispatch

func (self *PostureCheckTypeManager) Dispatch(command command.Command) error

func (*PostureCheckTypeManager) GetAnnotation

func (self *PostureCheckTypeManager) GetAnnotation(entityId string, key string) (*string, error)

func (*PostureCheckTypeManager) GetDb

func (self *PostureCheckTypeManager) GetDb() boltz.Db

func (*PostureCheckTypeManager) GetEntityTypeId

func (self *PostureCheckTypeManager) GetEntityTypeId() string

func (*PostureCheckTypeManager) GetEnv

func (self *PostureCheckTypeManager) GetEnv() Env

func (*PostureCheckTypeManager) GetStore

func (self *PostureCheckTypeManager) GetStore() boltz.EntityStore[PE]

func (*PostureCheckTypeManager) ListWithHandler

func (self *PostureCheckTypeManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*PostureCheckTypeManager) PreparedListAssociatedWithHandler

func (self *PostureCheckTypeManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*PostureCheckTypeManager) PreparedListIndexed

func (self *PostureCheckTypeManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*PostureCheckTypeManager) PreparedListWithHandler

func (self *PostureCheckTypeManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*PostureCheckTypeManager) Read

func (self *PostureCheckTypeManager) Read(id string) (ME, error)

type PostureData

type PostureData struct {
	Mac                    PostureResponseMac
	Domain                 PostureResponseDomain
	Os                     PostureResponseOs
	Processes              []*PostureResponseProcess
	ProcessPathMap         map[string]*PostureResponseProcess
	ApiSessions            map[string]*ApiSessionPostureData
	SessionRequestFailures []*PostureSessionRequestFailure
}

func (*PostureData) Copy

func (pd *PostureData) Copy() *PostureData

func (*PostureData) Evaluate

func (pd *PostureData) Evaluate(apiSessionId string, checks []*PostureCheck) (bool, []*PostureCheckFailure)

type PosturePolicyFailure

type PosturePolicyFailure struct {
	PolicyId   string
	PolicyName string
	Checks     []*PostureCheckFailure
}

type PostureResponse

type PostureResponse struct {
	PostureCheckId string
	TypeId         string
	TimedOut       bool
	LastUpdatedAt  time.Time
	SubType        PostureResponseSubType
}

func (*PostureResponse) Apply

func (pr *PostureResponse) Apply(postureData *PostureData)

type PostureResponseDomain

type PostureResponseDomain struct {
	*PostureResponse
	Name string `json:"name"`
}

func (*PostureResponseDomain) Apply

func (pr *PostureResponseDomain) Apply(postureData *PostureData)

type PostureResponseEndpointState

type PostureResponseEndpointState struct {
	*PostureResponse
	ApiSessionId string
	WokenAt      *time.Time
	UnlockedAt   *time.Time
}

func (*PostureResponseEndpointState) Apply

func (pr *PostureResponseEndpointState) Apply(postureData *PostureData)

type PostureResponseMac

type PostureResponseMac struct {
	*PostureResponse
	Addresses []string `json:"addresses"`
}

func (*PostureResponseMac) Apply

func (pr *PostureResponseMac) Apply(postureData *PostureData)

type PostureResponseManager

type PostureResponseManager struct {
	// contains filtered or unexported fields
}

func NewPostureResponseManager

func NewPostureResponseManager(env Env) *PostureResponseManager

func (*PostureResponseManager) AddPostureDataListener

func (self *PostureResponseManager) AddPostureDataListener(cb func(env Env, identityId string))

func (*PostureResponseManager) Create

func (self *PostureResponseManager) Create(identityId string, postureResponses []*PostureResponse)

func (*PostureResponseManager) Evaluate

func (self *PostureResponseManager) Evaluate(identityId, apiSessionId string, check *PostureCheck) (bool, *PostureCheckFailure)

func (*PostureResponseManager) GetEndpointStateChangeAffectedServices

func (self *PostureResponseManager) GetEndpointStateChangeAffectedServices(timeSinceLastMfa, gracePeriod time.Duration, onWake bool, onUnlock bool) []*ServiceWithTimeout

func (*PostureResponseManager) PostureData

func (self *PostureResponseManager) PostureData(id string) *PostureData

func (*PostureResponseManager) SetMfaPosture

func (self *PostureResponseManager) SetMfaPosture(identityId string, apiSessionId string, isPassed bool)

SetMfaPosture sets the MFA passing status a specific API Session owned by an identity

func (*PostureResponseManager) SetMfaPostureForIdentity

func (self *PostureResponseManager) SetMfaPostureForIdentity(identityId string, isPassed bool)

SetMfaPostureForIdentity sets the MFA passing status for all API Sessions associated to an identity

func (*PostureResponseManager) SetSdkInfo

func (self *PostureResponseManager) SetSdkInfo(identityId, apiSessionId string, sdkInfo *SdkInfo)

func (*PostureResponseManager) WithPostureData

func (self *PostureResponseManager) WithPostureData(id string, f func(data *PostureData))

type PostureResponseMfa

type PostureResponseMfa struct {
	*PostureResponse
	ApiSessionId string     `json:"-"`
	PassedMfaAt  *time.Time `json:"passedMfaAt"`
}

func (*PostureResponseMfa) Apply

func (pr *PostureResponseMfa) Apply(postureData *PostureData)

type PostureResponseOs

type PostureResponseOs struct {
	*PostureResponse
	Type    string `json:"type"`
	Version string `json:"version"`
	Build   string `json:"build"`
}

func (*PostureResponseOs) Apply

func (pr *PostureResponseOs) Apply(postureData *PostureData)

type PostureResponseProcess

type PostureResponseProcess struct {
	*PostureResponse
	Path               string
	IsRunning          bool
	BinaryHash         string
	SignerFingerprints []string
}

func (*PostureResponseProcess) Apply

func (pr *PostureResponseProcess) Apply(postureData *PostureData)

func (*PostureResponseProcess) VerifyMultiCriteria

func (pr *PostureResponseProcess) VerifyMultiCriteria(process *ProcessMulti) bool

type PostureResponseSubType

type PostureResponseSubType interface {
	Apply(postureData *PostureData)
}

type PostureSessionData

type PostureSessionData struct {
	MfaTimeout int64
}

type PostureSessionRequestFailure

type PostureSessionRequestFailure struct {
	When           time.Time
	ServiceId      string
	ServiceName    string
	SessionType    string
	PolicyFailures []*PosturePolicyFailure
	ApiSessionId   string
}

type ProcessMulti

type ProcessMulti struct {
	OsType             string
	Path               string
	Hashes             []string
	SignerFingerprints []string
}

type ReEnrollEdgeRouterCmd added in v0.32.1

type ReEnrollEdgeRouterCmd struct {
	// contains filtered or unexported fields
}

func (*ReEnrollEdgeRouterCmd) Apply added in v0.32.1

func (*ReEnrollEdgeRouterCmd) Decode added in v0.32.1

func (*ReEnrollEdgeRouterCmd) Encode added in v0.32.1

func (d *ReEnrollEdgeRouterCmd) Encode() ([]byte, error)

func (*ReEnrollEdgeRouterCmd) GetChangeContext added in v0.32.1

func (d *ReEnrollEdgeRouterCmd) GetChangeContext() *change.Context

type ReplaceEnrollmentWithAuthenticatorCmd

type ReplaceEnrollmentWithAuthenticatorCmd struct {
	// contains filtered or unexported fields
}

func (*ReplaceEnrollmentWithAuthenticatorCmd) Apply

func (*ReplaceEnrollmentWithAuthenticatorCmd) Decode

func (*ReplaceEnrollmentWithAuthenticatorCmd) Encode

func (self *ReplaceEnrollmentWithAuthenticatorCmd) Encode() ([]byte, error)

func (*ReplaceEnrollmentWithAuthenticatorCmd) GetChangeContext

func (self *ReplaceEnrollmentWithAuthenticatorCmd) GetChangeContext() *change.Context

type Revocation

type Revocation struct {
	models.BaseEntity
	ExpiresAt time.Time
}

type RevocationManager

type RevocationManager struct {
	// contains filtered or unexported fields
}

func NewRevocationManager

func NewRevocationManager(env Env) *RevocationManager

func (*RevocationManager) Annotate

func (self *RevocationManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*RevocationManager) ApplyCreate

func (*RevocationManager) ApplyDelete

func (self *RevocationManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*RevocationManager) ApplyUpdate

func (*RevocationManager) BaseList

func (self *RevocationManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*RevocationManager) BaseLoad

func (self *RevocationManager) BaseLoad(id string) (ME, error)

func (*RevocationManager) BaseLoadInTx

func (self *RevocationManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*RevocationManager) BasePreparedList

func (self *RevocationManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*RevocationManager) BasePreparedListIndexed

func (self *RevocationManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*RevocationManager) Create

func (self *RevocationManager) Create(entity *Revocation, ctx *change.Context) error

func (*RevocationManager) Delete

func (self *RevocationManager) Delete(id string, ctx *change.Context) error

func (*RevocationManager) Dispatch

func (self *RevocationManager) Dispatch(command command.Command) error

func (*RevocationManager) GetAnnotation

func (self *RevocationManager) GetAnnotation(entityId string, key string) (*string, error)

func (*RevocationManager) GetDb

func (self *RevocationManager) GetDb() boltz.Db

func (*RevocationManager) GetEntityTypeId

func (self *RevocationManager) GetEntityTypeId() string

func (*RevocationManager) GetEnv

func (self *RevocationManager) GetEnv() Env

func (*RevocationManager) GetStore

func (self *RevocationManager) GetStore() boltz.EntityStore[PE]

func (*RevocationManager) ListWithHandler

func (self *RevocationManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*RevocationManager) Marshall

func (self *RevocationManager) Marshall(entity *Revocation) ([]byte, error)

func (*RevocationManager) PreparedListAssociatedWithHandler

func (self *RevocationManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*RevocationManager) PreparedListIndexed

func (self *RevocationManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*RevocationManager) PreparedListWithHandler

func (self *RevocationManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*RevocationManager) Read

func (self *RevocationManager) Read(id string) (*Revocation, error)

func (*RevocationManager) Unmarshall

func (self *RevocationManager) Unmarshall(bytes []byte) (*Revocation, error)

type Schemas

type Schemas interface {
	GetEnrollErPost() *gojsonschema.Schema
	GetEnrollUpdbPost() *gojsonschema.Schema
}

type SdkInfo

type SdkInfo struct {
	AppId      string
	AppVersion string
	Branch     string
	Revision   string
	Type       string
	Version    string
}

func (*SdkInfo) Equals

func (self *SdkInfo) Equals(other *SdkInfo) bool

type Service

type Service struct {
	models.BaseEntity
	Name               string        `json:"name"`
	MaxIdleTime        time.Duration `json:"maxIdleTime"`
	TerminatorStrategy string        `json:"terminatorStrategy"`
	RoleAttributes     []string      `json:"roleAttributes"`
	Configs            []string      `json:"configs"`
	EncryptionRequired bool          `json:"encryptionRequired"`
}

type ServiceConfig

type ServiceConfig struct {
	Service string
	Config  string
}

type ServiceDetail

type ServiceDetail struct {
	models.BaseEntity
	Name               string                            `json:"name"`
	MaxIdleTime        time.Duration                     `json:"maxIdleTime"`
	TerminatorStrategy string                            `json:"terminatorStrategy"`
	RoleAttributes     []string                          `json:"roleAttributes"`
	Permissions        []string                          `json:"permissions"`
	Configs            []string                          `json:"configs"`
	Config             map[string]map[string]interface{} `json:"config"`
	EncryptionRequired bool                              `json:"encryptionRequired"`
}

type ServiceDetailLister

type ServiceDetailLister struct {
	// contains filtered or unexported fields
}

func (*ServiceDetailLister) BaseLoadInTx

func (self *ServiceDetailLister) BaseLoadInTx(tx *bbolt.Tx, id string) (*ServiceDetail, error)

func (*ServiceDetailLister) BasePreparedList

func (self *ServiceDetailLister) BasePreparedList(query ast.Query) (*models.EntityListResult[*ServiceDetail], error)

func (*ServiceDetailLister) BasePreparedListIndexed

func (self *ServiceDetailLister) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[*ServiceDetail], error)

func (*ServiceDetailLister) GetListStore

func (self *ServiceDetailLister) GetListStore() boltz.Store

type ServiceEdgeRouterPolicy

type ServiceEdgeRouterPolicy struct {
	models.BaseEntity
	Name            string
	Semantic        string
	ServiceRoles    []string
	EdgeRouterRoles []string
}

type ServiceEdgeRouterPolicyManager

type ServiceEdgeRouterPolicyManager struct {
	// contains filtered or unexported fields
}

func NewServiceEdgeRouterPolicyManager

func NewServiceEdgeRouterPolicyManager(env Env) *ServiceEdgeRouterPolicyManager

func (*ServiceEdgeRouterPolicyManager) Annotate

func (self *ServiceEdgeRouterPolicyManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ServiceEdgeRouterPolicyManager) ApplyCreate

func (*ServiceEdgeRouterPolicyManager) ApplyDelete

func (self *ServiceEdgeRouterPolicyManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ServiceEdgeRouterPolicyManager) ApplyUpdate

func (*ServiceEdgeRouterPolicyManager) BaseList

func (self *ServiceEdgeRouterPolicyManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ServiceEdgeRouterPolicyManager) BaseLoad

func (self *ServiceEdgeRouterPolicyManager) BaseLoad(id string) (ME, error)

func (*ServiceEdgeRouterPolicyManager) BaseLoadInTx

func (self *ServiceEdgeRouterPolicyManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ServiceEdgeRouterPolicyManager) BasePreparedList

func (self *ServiceEdgeRouterPolicyManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ServiceEdgeRouterPolicyManager) BasePreparedListIndexed

func (self *ServiceEdgeRouterPolicyManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ServiceEdgeRouterPolicyManager) Create

func (*ServiceEdgeRouterPolicyManager) Delete

func (self *ServiceEdgeRouterPolicyManager) Delete(id string, ctx *change.Context) error

func (*ServiceEdgeRouterPolicyManager) Dispatch

func (self *ServiceEdgeRouterPolicyManager) Dispatch(command command.Command) error

func (*ServiceEdgeRouterPolicyManager) GetAnnotation

func (self *ServiceEdgeRouterPolicyManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ServiceEdgeRouterPolicyManager) GetDb

func (self *ServiceEdgeRouterPolicyManager) GetDb() boltz.Db

func (*ServiceEdgeRouterPolicyManager) GetEntityTypeId

func (self *ServiceEdgeRouterPolicyManager) GetEntityTypeId() string

func (*ServiceEdgeRouterPolicyManager) GetEnv

func (self *ServiceEdgeRouterPolicyManager) GetEnv() Env

func (*ServiceEdgeRouterPolicyManager) GetStore

func (self *ServiceEdgeRouterPolicyManager) GetStore() boltz.EntityStore[PE]

func (*ServiceEdgeRouterPolicyManager) ListWithHandler

func (self *ServiceEdgeRouterPolicyManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ServiceEdgeRouterPolicyManager) Marshall

func (*ServiceEdgeRouterPolicyManager) PreparedListAssociatedWithHandler

func (self *ServiceEdgeRouterPolicyManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ServiceEdgeRouterPolicyManager) PreparedListIndexed

func (self *ServiceEdgeRouterPolicyManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ServiceEdgeRouterPolicyManager) PreparedListWithHandler

func (self *ServiceEdgeRouterPolicyManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ServiceEdgeRouterPolicyManager) Read

func (self *ServiceEdgeRouterPolicyManager) Read(id string) (ME, error)

func (*ServiceEdgeRouterPolicyManager) Unmarshall

func (self *ServiceEdgeRouterPolicyManager) Unmarshall(bytes []byte) (*ServiceEdgeRouterPolicy, error)

func (*ServiceEdgeRouterPolicyManager) Update

type ServiceListResult

type ServiceListResult struct {
	Services []*ServiceDetail

	models.QueryMetaData
	// contains filtered or unexported fields
}

type ServicePolicy

type ServicePolicy struct {
	models.BaseEntity
	Name              string
	PolicyType        string
	Semantic          string
	IdentityRoles     []string
	ServiceRoles      []string
	PostureCheckRoles []string
}

type ServicePolicyManager

type ServicePolicyManager struct {
	// contains filtered or unexported fields
}

func NewServicePolicyManager

func NewServicePolicyManager(env Env) *ServicePolicyManager

func (*ServicePolicyManager) Annotate

func (self *ServicePolicyManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*ServicePolicyManager) ApplyCreate

func (*ServicePolicyManager) ApplyDelete

func (self *ServicePolicyManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*ServicePolicyManager) ApplyUpdate

func (*ServicePolicyManager) BaseList

func (self *ServicePolicyManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*ServicePolicyManager) BaseLoad

func (self *ServicePolicyManager) BaseLoad(id string) (ME, error)

func (*ServicePolicyManager) BaseLoadInTx

func (self *ServicePolicyManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*ServicePolicyManager) BasePreparedList

func (self *ServicePolicyManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*ServicePolicyManager) BasePreparedListIndexed

func (self *ServicePolicyManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*ServicePolicyManager) Create

func (self *ServicePolicyManager) Create(entity *ServicePolicy, ctx *change.Context) error

func (*ServicePolicyManager) Delete

func (self *ServicePolicyManager) Delete(id string, ctx *change.Context) error

func (*ServicePolicyManager) Dispatch

func (self *ServicePolicyManager) Dispatch(command command.Command) error

func (*ServicePolicyManager) GetAnnotation

func (self *ServicePolicyManager) GetAnnotation(entityId string, key string) (*string, error)

func (*ServicePolicyManager) GetDb

func (self *ServicePolicyManager) GetDb() boltz.Db

func (*ServicePolicyManager) GetEntityTypeId

func (self *ServicePolicyManager) GetEntityTypeId() string

func (*ServicePolicyManager) GetEnv

func (self *ServicePolicyManager) GetEnv() Env

func (*ServicePolicyManager) GetStore

func (self *ServicePolicyManager) GetStore() boltz.EntityStore[PE]

func (*ServicePolicyManager) ListAssociatedIds added in v0.34.0

func (self *ServicePolicyManager) ListAssociatedIds(tx *bbolt.Tx, id string) *AssociatedIdsResult

func (*ServicePolicyManager) ListWithHandler

func (self *ServicePolicyManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*ServicePolicyManager) Marshall

func (self *ServicePolicyManager) Marshall(entity *ServicePolicy) ([]byte, error)

func (*ServicePolicyManager) PreparedListAssociatedWithHandler

func (self *ServicePolicyManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*ServicePolicyManager) PreparedListIndexed

func (self *ServicePolicyManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*ServicePolicyManager) PreparedListWithHandler

func (self *ServicePolicyManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*ServicePolicyManager) Read

func (self *ServicePolicyManager) Read(id string) (ME, error)

func (*ServicePolicyManager) Unmarshall

func (self *ServicePolicyManager) Unmarshall(bytes []byte) (*ServicePolicy, error)

func (*ServicePolicyManager) Update

func (self *ServicePolicyManager) Update(entity *ServicePolicy, checker fields.UpdatedFields, ctx *change.Context) error

type ServiceWithTimeout

type ServiceWithTimeout struct {
	Service *Service
	Timeout int64
}

type Session

type Session struct {
	models.BaseEntity
	Token           string
	IdentityId      string
	ApiSessionId    string
	ServiceId       string
	Type            string
	ServicePolicies []string
}

type SessionListResult

type SessionListResult struct {
	Sessions []*Session
	models.QueryMetaData
	// contains filtered or unexported fields
}

type SessionManager

type SessionManager struct {
	// contains filtered or unexported fields
}

func NewSessionManager

func NewSessionManager(env Env) *SessionManager

func (*SessionManager) Annotate

func (self *SessionManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*SessionManager) ApplyDelete

func (self *SessionManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*SessionManager) BaseList

func (self *SessionManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*SessionManager) BaseLoad

func (self *SessionManager) BaseLoad(id string) (ME, error)

func (*SessionManager) BaseLoadInTx

func (self *SessionManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*SessionManager) BasePreparedList

func (self *SessionManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*SessionManager) BasePreparedListIndexed

func (self *SessionManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*SessionManager) Create

func (self *SessionManager) Create(entity *Session, ctx *change.Context) (string, error)

func (*SessionManager) CreateJwt added in v0.34.0

func (self *SessionManager) CreateJwt(entity *Session, ctx *change.Context) (string, error)

func (*SessionManager) Delete

func (self *SessionManager) Delete(id string, ctx *change.Context) error

func (*SessionManager) DeleteForIdentity

func (self *SessionManager) DeleteForIdentity(id, identityId string, ctx *change.Context) error

func (*SessionManager) Dispatch

func (self *SessionManager) Dispatch(command command.Command) error

func (*SessionManager) EvaluatePostureForService

func (self *SessionManager) EvaluatePostureForService(identityId, apiSessionId, sessionType, serviceId, serviceName string) *SessionPostureResult

func (*SessionManager) GetAnnotation

func (self *SessionManager) GetAnnotation(entityId string, key string) (*string, error)

func (*SessionManager) GetDb

func (self *SessionManager) GetDb() boltz.Db

func (*SessionManager) GetEntityTypeId

func (self *SessionManager) GetEntityTypeId() string

func (*SessionManager) GetEnv

func (self *SessionManager) GetEnv() Env

func (*SessionManager) GetStore

func (self *SessionManager) GetStore() boltz.EntityStore[PE]

func (*SessionManager) ListSessionsForEdgeRouter

func (self *SessionManager) ListSessionsForEdgeRouter(edgeRouterId string) (*SessionListResult, error)

func (*SessionManager) ListWithHandler

func (self *SessionManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*SessionManager) PreparedListAssociatedWithHandler

func (self *SessionManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*SessionManager) PreparedListIndexed

func (self *SessionManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*SessionManager) PreparedListWithHandler

func (self *SessionManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*SessionManager) PublicQueryForIdentity

func (self *SessionManager) PublicQueryForIdentity(sessionIdentity *Identity, query ast.Query) (*SessionListResult, error)

func (*SessionManager) Query

func (self *SessionManager) Query(query string) (*SessionListResult, error)

func (*SessionManager) Read

func (self *SessionManager) Read(id string) (*Session, error)

func (*SessionManager) ReadByToken

func (self *SessionManager) ReadByToken(token string) (*Session, error)

func (*SessionManager) ReadForIdentity

func (self *SessionManager) ReadForIdentity(id string, identityId string) (*Session, error)

type SessionPostureResult

type SessionPostureResult struct {
	Passed           bool
	Failure          *PostureSessionRequestFailure
	PassingPolicyIds []string
	Cause            *fabricApiError.GenericCauseError
}

type TestContext

type TestContext struct {
	*db.TestContext
	// contains filtered or unexported fields
}

func NewTestContext

func NewTestContext(t *testing.T) *TestContext

func (*TestContext) Cleanup

func (ctx *TestContext) Cleanup()

func (*TestContext) Generate

func (ctx *TestContext) Generate(jwt.Claims) (string, error)

func (*TestContext) GetApiClientCsrSigner

func (ctx *TestContext) GetApiClientCsrSigner() cert.Signer

func (*TestContext) GetApiServerCsrSigner

func (ctx *TestContext) GetApiServerCsrSigner() cert.Signer

func (*TestContext) GetAuthRegistry

func (ctx *TestContext) GetAuthRegistry() AuthRegistry

func (*TestContext) GetConfig

func (ctx *TestContext) GetConfig() *edgeconfig.Config

func (*TestContext) GetControlClientCsrSigner

func (ctx *TestContext) GetControlClientCsrSigner() cert.Signer

func (*TestContext) GetDbProvider added in v0.31.1

func (ctx *TestContext) GetDbProvider() network.DbProvider

func (*TestContext) GetEnrollRegistry

func (ctx *TestContext) GetEnrollRegistry() EnrollmentRegistry

func (*TestContext) GetFingerprintGenerator

func (ctx *TestContext) GetFingerprintGenerator() cert.FingerprintGenerator

func (*TestContext) GetHostController

func (ctx *TestContext) GetHostController() HostController

func (*TestContext) GetManagers

func (ctx *TestContext) GetManagers() *Managers

func (*TestContext) GetMetricsRegistry

func (ctx *TestContext) GetMetricsRegistry() metrics.Registry

func (*TestContext) GetPeerControllerAddresses added in v0.34.0

func (ctx *TestContext) GetPeerControllerAddresses() []string

func (*TestContext) GetSchemas

func (ctx *TestContext) GetSchemas() Schemas

func (*TestContext) GetServerCert

func (ctx *TestContext) GetServerCert() (*tls.Certificate, string, jwt.SigningMethod)

func (*TestContext) GetServerJwtSigner added in v0.34.0

func (ctx *TestContext) GetServerJwtSigner() jwtsigner.Signer

func (*TestContext) HandleServiceUpdatedEventForIdentityId

func (ctx *TestContext) HandleServiceUpdatedEventForIdentityId(string)

func (*TestContext) Init

func (ctx *TestContext) Init()

func (*TestContext) IsEdgeRouterOnline

func (ctx *TestContext) IsEdgeRouterOnline(string) bool

func (*TestContext) JwtSignerKeyFunc

func (ctx *TestContext) JwtSignerKeyFunc(*jwt.Token) (interface{}, error)

func (*TestContext) KeyId added in v0.34.0

func (ctx *TestContext) KeyId() string

func (*TestContext) OidcIssuer added in v0.34.0

func (ctx *TestContext) OidcIssuer() string

func (*TestContext) RootIssuer added in v0.34.0

func (ctx *TestContext) RootIssuer() string

func (*TestContext) SigningMethod added in v0.34.0

func (ctx *TestContext) SigningMethod() jwt.SigningMethod

func (*TestContext) ValidateAccessToken added in v0.34.0

func (ctx *TestContext) ValidateAccessToken(token string) (*common.AccessClaims, error)

func (*TestContext) ValidateServiceAccessToken added in v0.34.0

func (ctx *TestContext) ValidateServiceAccessToken(token string, apiSessionId *string) (*common.ServiceAccessClaims, error)

type TransitRouter

type TransitRouter struct {
	models.BaseEntity
	Name                  string
	Fingerprint           *string
	IsVerified            bool
	IsBase                bool
	UnverifiedFingerprint *string
	UnverifiedCertPem     *string
	Cost                  uint16
	NoTraversal           bool
	Disabled              bool
}

func (*TransitRouter) GetName

func (self *TransitRouter) GetName() string

type TransitRouterManager

type TransitRouterManager struct {
	// contains filtered or unexported fields
}

func NewTransitRouterManager

func NewTransitRouterManager(env Env) *TransitRouterManager

func (*TransitRouterManager) Annotate

func (self *TransitRouterManager) Annotate(ctx boltz.MutateContext, entityId string, key, value string) error

func (*TransitRouterManager) ApplyCreate

func (*TransitRouterManager) ApplyDelete

func (self *TransitRouterManager) ApplyDelete(cmd *command.DeleteEntityCommand, ctx boltz.MutateContext) error

func (*TransitRouterManager) ApplyUpdate

func (*TransitRouterManager) BaseList

func (self *TransitRouterManager) BaseList(query string) (*models.EntityListResult[ME], error)

func (*TransitRouterManager) BaseLoad

func (self *TransitRouterManager) BaseLoad(id string) (ME, error)

func (*TransitRouterManager) BaseLoadInTx

func (self *TransitRouterManager) BaseLoadInTx(tx *bbolt.Tx, id string) (ME, error)

func (*TransitRouterManager) BasePreparedList

func (self *TransitRouterManager) BasePreparedList(query ast.Query) (*models.EntityListResult[ME], error)

func (*TransitRouterManager) BasePreparedListIndexed

func (self *TransitRouterManager) BasePreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query) (*models.EntityListResult[ME], error)

func (*TransitRouterManager) CollectEnrollments

func (self *TransitRouterManager) CollectEnrollments(id string, collector func(entity *Enrollment) error) error

func (*TransitRouterManager) Create

func (self *TransitRouterManager) Create(txRouter *TransitRouter, ctx *change.Context) error

func (*TransitRouterManager) Delete

func (self *TransitRouterManager) Delete(id string, ctx *change.Context) error

func (*TransitRouterManager) Dispatch

func (self *TransitRouterManager) Dispatch(command command.Command) error

func (*TransitRouterManager) ExtendEnrollment

func (self *TransitRouterManager) ExtendEnrollment(router *TransitRouter, clientCsrPem []byte, serverCertCsrPem []byte, ctx *change.Context) (*ExtendedCerts, error)

func (*TransitRouterManager) ExtendEnrollmentVerify

func (self *TransitRouterManager) ExtendEnrollmentVerify(router *TransitRouter, ctx *change.Context) error

func (*TransitRouterManager) ExtendEnrollmentWithVerify

func (self *TransitRouterManager) ExtendEnrollmentWithVerify(router *TransitRouter, clientCsrPem []byte, serverCertCsrPem []byte, ctx *change.Context) (*ExtendedCerts, error)

func (*TransitRouterManager) GetAnnotation

func (self *TransitRouterManager) GetAnnotation(entityId string, key string) (*string, error)

func (*TransitRouterManager) GetDb

func (self *TransitRouterManager) GetDb() boltz.Db

func (*TransitRouterManager) GetEntityTypeId

func (self *TransitRouterManager) GetEntityTypeId() string

func (*TransitRouterManager) GetEnv

func (self *TransitRouterManager) GetEnv() Env

func (*TransitRouterManager) GetStore

func (self *TransitRouterManager) GetStore() boltz.EntityStore[PE]

func (*TransitRouterManager) ListWithHandler

func (self *TransitRouterManager) ListWithHandler(queryString string, resultHandler models.ListResultHandler) error

func (*TransitRouterManager) Marshall

func (self *TransitRouterManager) Marshall(entity *TransitRouter) ([]byte, error)

func (*TransitRouterManager) PreparedListAssociatedWithHandler

func (self *TransitRouterManager) PreparedListAssociatedWithHandler(id string, association string, query ast.Query, handler models.ListResultHandler) error

func (*TransitRouterManager) PreparedListIndexed

func (self *TransitRouterManager) PreparedListIndexed(cursorProvider ast.SetCursorProvider, query ast.Query, resultHandler models.ListResultHandler) error

func (*TransitRouterManager) PreparedListWithHandler

func (self *TransitRouterManager) PreparedListWithHandler(query ast.Query, resultHandler models.ListResultHandler) error

func (*TransitRouterManager) ProtobufToTransitRouter

func (self *TransitRouterManager) ProtobufToTransitRouter(msg *edge_cmd_pb.TransitRouter) (*TransitRouter, error)

func (*TransitRouterManager) Read

func (self *TransitRouterManager) Read(id string) (ME, error)

func (*TransitRouterManager) ReadOneByFingerprint

func (self *TransitRouterManager) ReadOneByFingerprint(fingerprint string) (*TransitRouter, error)

func (*TransitRouterManager) ReadOneByQuery

func (self *TransitRouterManager) ReadOneByQuery(query string) (*TransitRouter, error)

func (*TransitRouterManager) ReadOneByUnverifiedFingerprint

func (self *TransitRouterManager) ReadOneByUnverifiedFingerprint(fingerprint string) (*TransitRouter, error)

func (*TransitRouterManager) TransitRouterToProtobuf

func (self *TransitRouterManager) TransitRouterToProtobuf(entity *TransitRouter) (*edge_cmd_pb.TransitRouter, error)

func (*TransitRouterManager) Unmarshall

func (self *TransitRouterManager) Unmarshall(bytes []byte) (*TransitRouter, error)

func (*TransitRouterManager) Update

func (self *TransitRouterManager) Update(entity *TransitRouter, unrestricted bool, checker fields.UpdatedFields, ctx *change.Context) error

type UpdateServiceConfigsCmd

type UpdateServiceConfigsCmd struct {
	// contains filtered or unexported fields
}

func (*UpdateServiceConfigsCmd) Apply

func (*UpdateServiceConfigsCmd) Decode

func (*UpdateServiceConfigsCmd) Encode

func (self *UpdateServiceConfigsCmd) Encode() ([]byte, error)

func (*UpdateServiceConfigsCmd) GetChangeContext

func (self *UpdateServiceConfigsCmd) GetChangeContext() *change.Context

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL