Documentation ¶
Index ¶
- Constants
- Variables
- func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, ...)
- func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string
- func LoadCurrentRaftIndex(tx *bbolt.Tx) uint64
- func NewStoreDefinition[E boltz.ExtEntity](strategy boltz.EntityStrategy[E]) boltz.StoreDefinition[E]
- func Open(path string) (boltz.Db, error)
- func ProcessEntityPolicyMatched(ctx *roleAttributeChangeContext, entityId, policyId []byte, log *logrus.Entry) bool
- func ProcessEntityPolicyUnmatched(ctx *roleAttributeChangeContext, entityId, policyId []byte, log *logrus.Entry) bool
- func RunMigrations(db boltz.Db, stores *Stores, signingCert *x509.Certificate) error
- func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, ...)
- type ApiAddress
- type ApiSession
- type ApiSessionCertificate
- type ApiSessionCertificateStore
- type ApiSessionCertificateStoreImpl
- func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)
- func (store ApiSessionCertificateStoreImpl) GetName(tx *bbolt.Tx, id string) *string
- func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate
- func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)
- type ApiSessionStore
- type AuthPolicy
- type AuthPolicyCert
- type AuthPolicyExtJwt
- type AuthPolicyPrimary
- type AuthPolicySecondary
- type AuthPolicyStore
- type AuthPolicyStoreImpl
- func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)
- func (store AuthPolicyStoreImpl) GetName(tx *bbolt.Tx, id string) *string
- func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex
- func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy
- func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)
- type AuthPolicyUpdb
- type Authenticator
- type AuthenticatorCert
- type AuthenticatorStore
- type AuthenticatorSubType
- type AuthenticatorUpdb
- type Ca
- type CaStore
- type Config
- type ConfigStore
- type ConfigType
- type ConfigTypeStore
- type Controller
- type ControllerStore
- type DbProvider
- type DbProviderF
- type EdgeRouter
- type EdgeRouterPolicy
- type EdgeRouterPolicyStore
- type EdgeRouterStore
- type EdgeService
- type EdgeServiceStore
- type Enrollment
- type EnrollmentStore
- type EnvInfo
- type EventListenerFunc
- type EventualEvent
- type EventualEventAdded
- type EventualEventProcessingBatchDone
- type EventualEventProcessingBatchStart
- type EventualEventProcessingDone
- type EventualEventProcessingListenerDone
- type EventualEventProcessingListenerStart
- type EventualEventProcessingStart
- type EventualEventRemoved
- type EventualEventStore
- type EventualEventer
- type EventualEventerBbolt
- func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)
- func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)
- func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)
- func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error
- func (a *EventualEventerBbolt) Stop() error
- func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)
- type ExternalIdClaim
- type ExternalJwtSigner
- type ExternalJwtSignerStore
- type FieldCheckerF
- type Identity
- type IdentityServicesCursorProvider
- type IdentityStore
- type IdentityType
- type IdentityTypeStore
- type IdentityTypeStoreImpl
- func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)
- func (store IdentityTypeStoreImpl) GetName(tx *bbolt.Tx, id string) *string
- func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex
- func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType
- func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)
- type Mfa
- type MfaStore
- type MfaStoreImpl
- type Migrations
- type NameIndexed
- type OperatingSystem
- type Policy
- type PolicyType
- type PostureCheck
- type PostureCheckMacAddresses
- type PostureCheckMfa
- type PostureCheckOperatingSystem
- type PostureCheckProcess
- type PostureCheckProcessMulti
- type PostureCheckStore
- type PostureCheckSubType
- type PostureCheckType
- type PostureCheckTypeStore
- type PostureCheckWindowsDomains
- type ProcessMulti
- type Revocation
- type RevocationStore
- type Router
- type RouterStore
- type SdkInfo
- type SecretStore
- type Service
- type ServiceEdgeRouterPolicy
- type ServiceEdgeRouterPolicyStore
- type ServiceEvent
- type ServiceEventHandler
- type ServiceEventType
- type ServiceEventsRegistry
- type ServicePolicy
- type ServicePolicyChangeEventListener
- type ServicePolicyEventsKeyType
- type ServicePolicyStore
- type ServiceStore
- type Session
- type SessionStore
- type Store
- type Stores
- func (store *Stores) AddCheckable(checkable boltz.Checkable)
- func (stores *Stores) CheckIntegrity(db boltz.Db, ctx context.Context, fix bool, errorHandler func(error, bool)) error
- func (stores *Stores) CheckIntegrityInTx(db boltz.Db, ctx boltz.MutateContext, fix bool, errorHandler func(error, bool)) error
- func (stores *Stores) GetEntityCounts(db boltz.Db) (map[string]int64, error)
- func (stores *Stores) GetStoreForEntity(entity boltz.Entity) boltz.Store
- func (stores *Stores) GetStoreList() []boltz.Store
- func (stores *Stores) GetStores() []boltz.Store
- type Terminator
- func (entity *Terminator) GetAddress() string
- func (entity *Terminator) GetBinding() string
- func (entity *Terminator) GetCost() uint16
- func (entity *Terminator) GetEntityType() string
- func (entity *Terminator) GetHostId() string
- func (entity *Terminator) GetInstanceId() string
- func (entity *Terminator) GetInstanceSecret() []byte
- func (entity *Terminator) GetPeerData() xt.PeerData
- func (entity *Terminator) GetPrecedence() xt.Precedence
- func (entity *Terminator) GetRouterId() string
- func (entity *Terminator) GetServiceId() string
- type TerminatorStore
- type TestContext
- func (ctx *TestContext) Cleanup()
- func (ctx *TestContext) CleanupAll()
- func (ctx *TestContext) GetDb() boltz.Db
- func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store
- func (ctx *TestContext) GetStores() *Stores
- func (ctx *TestContext) Init()
- func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity
- func (ctx *TestContext) RequireNewService(name string) *EdgeService
- type TransitRouter
- type TransitRouterStore
- type UpdateLastActivityAtChecker
Constants ¶
const ( FieldApiSessionCertificateApiSession = "apiSession" FieldApiSessionCertificateSubject = "subject" FieldApiSessionCertificateFingerprint = "fingerprint" FieldApiSessionCertificateValidAfter = "validAfter" FieldApiSessionCertificateValidBefore = "validBefore" FieldApiSessionCertificatePem = "pem" )
const ( FieldApiSessionIdentity = "identity" FieldApiSessionToken = "token" FieldApiSessionConfigTypes = "configTypes" FieldApiSessionIPAddress = "ipAddress" FieldApiSessionMfaComplete = "mfaComplete" FieldApiSessionMfaRequired = "mfaRequired" FieldApiSessionLastActivityAt = "lastActivityAt" FieldApiSessionAuthenticator = "authenticator" FieldApiSessionIsCertExtendable = "isCertExtendable" EventFullyAuthenticated events.EventName = "FULLY_AUTHENTICATED" EventualEventApiSessionDelete = "ApiSessionDelete" )
const ( DefaultUpdbMinPasswordLength = int64(5) DefaultUpdbMaxAttempts = int64(5) DefaultAuthPolicyId = "default" UpdbIndefiniteLockout = int64(0) UpdbUnlimitedAttemptsLimit = int64(0) FieldAuthPolicyPrimaryCertAllowed = "primary.cert.allowed" FieldAuthPolicyPrimaryCertAllowExpiredCerts = "primary.cert.allowExpiredCerts" FieldAuthPolicyPrimaryUpdbAllowed = "primary.updb.allowed" FiledAuthPolicyPrimaryUpdbMinPasswordLength = "primary.updb.minPasswordLength" FieldAuthPolicyPrimaryUpdbRequireSpecialChar = "primary.updb.requireSpecialChar" FieldAuthPolicyPrimaryUpdbRequireNumberChar = "primary.updb.requireNumberChar" FieldAuthPolicyPrimaryUpdbRequireMixedCase = "primary.updb.requireMixedCase" FieldAuthPolicyPrimaryUpdbMaxAttempts = "primary.updb.maxAttempts" FieldAuthPolicyPrimaryUpdbLockoutDurationMinutes = "primary.updb.lockoutDurationMinutes" FieldAuthPolicyPrimaryExtJwtAllowed = "primary.extJwt.allowed" FieldAuthPolicyPrimaryExtJwtAllowedSigners = "primary.extJwt.allowedSigners" FieldAuthSecondaryPolicyRequireTotp = "secondary.requireTotp" FieldAuthSecondaryPolicyRequiredExtJwtSigner = "secondary.requireExtJwtSigner" )
const ( FieldAuthenticatorMethod = "method" FieldAuthenticatorIdentity = "identity" FieldAuthenticatorCertFingerprint = "certFingerprint" FieldAuthenticatorCertPem = "certPem" FieldAuthenticatorCertIsIssuedByNetwork = "isIssuedByNetwork" FieldAuthenticatorUnverifiedCertPem = "unverifiedCertPem" FieldAuthenticatorUnverifiedCertFingerprint = "unverifiedCertFingerprint" FieldAuthenticatorUpdbUsername = "updbUsername" FieldAuthenticatorUpdbPassword = "updbPassword" FieldAuthenticatorUpdbSalt = "updbSalt" MethodAuthenticatorUpdb = "updb" MethodAuthenticatorCert = "cert" // MethodAuthenticatorCertCaExternalId represents authentication with a certificate that isn't directly // registered with an authenticator. Instead, it uses `externalId` values on identities and matches them to a // "x509 claim" (custom values stuffed into SANs or other x509 properties). This type will never actually // be stored for persistence and is defined here for as tobe near the other authenticator methods. MethodAuthenticatorCertCaExternalId = "certCaExternalId" )
const ( EntityTypeApiSessions = "apiSessions" EntityTypeApiSessionCertificates = "apiSessionCertificates" EntityTypeAuthPolicies = "authPolicies" EntityTypeEventualEvents = "eventualEvents" EntityTypeCas = "cas" EntityTypeConfigs = "configs" EntityTypeConfigTypes = "configTypes" EntityTypeControllers = "controllers" EntityTypeEdgeRouterPolicies = "edgeRouterPolicies" EntityTypeExternalJwtSigners = "externalJwtSigners" EntityTypeIdentities = "identities" EntityTypeIdentityTypes = "identityTypes" EntityTypeMfas = "mfas" EntityTypeRevocations = "revocations" EntityTypeServicePolicies = "servicePolicies" EntityTypeServiceEdgeRouterPolicies = "serviceEdgeRouterPolicies" EntityTypeSessions = "sessions" EntityTypeSessionCerts = "sessionCerts" EntityTypeEnrollments = "enrollments" EntityTypeAuthenticators = "authenticators" EntityTypePostureChecks = "postureChecks" EntityTypePostureCheckTypes = "postureCheckTypes" EdgeBucket = "edge" FieldName = "name" FieldSemantic = "semantic" FieldRoleAttributes = "roleAttributes" FieldEdgeRouterRoles = "edgeRouterRoles" FieldIdentityRoles = "identityRoles" FieldServiceRoles = "serviceRoles" FieldPostureCheckRoles = "postureCheckRoles" SemanticAllOf = "AllOf" SemanticAnyOf = "AnyOf" )
const ( FieldCaFingerprint = "fingerprint" FieldCaCertPem = "certPem" FieldCaIsVerified = "isVerified" FieldCaVerificationToken = "verificationToken" FieldCaIsAutoCaEnrollmentEnabled = "isAutoCaEnrollmentEnabled" FieldCaIsOttCaEnrollmentEnabled = "isOttCaEnrollmentEnabled" FieldCaIsAuthEnabled = "isAuthEnabled" FieldCaIdentityNameFormat = "identityNameFormat" FieldCaEnrollments = "enrollments" FieldCaExternalIdClaim = "externalIdClaim" FieldCaExternalIdClaimLocation = "externalIdClaim.location" FieldCaExternalIdClaimIndex = "externalIdClaim.index" FieldCaExternalIdClaimMatcher = "externalIdClaim.matcher" FieldCaExternalIdClaimMatcherCriteria = "externalIdClaim.matcherCriteria" FieldCaExternalIdClaimParser = "externalIdClaim.parser" FieldCaExternalIdClaimParserCriteria = "externalIdClaim.parserSeparator" )
const ( ExternalIdClaimLocCommonName = "COMMON_NAME" ExternalIdClaimLocSanUri = "SAN_URI" ExternalIdClaimLocSanEmail = "SAN_EMAIL" ExternalIdClaimMatcherAll = "ALL" ExternalIdClaimMatcherSuffix = "SUFFIX" ExternalIdClaimMatcherPrefix = "PREFIX" ExternalIdClaimMatcherScheme = "SCHEME" ExternalIdClaimParserNone = "NONE" ExternalIdClaimParserSplit = "SPLIT" )
const ( FieldConfigData = "data" FieldConfigType = "type" FieldConfigIdentityService = "identityServices" )
const ( FieldControllerCtrlAddress = "ctrlAddress" FieldControllerCertPem = "certPem" FieldControllerFingerprint = "fingerprint" FieldControllerIsOnline = "isOnline" FieldControllerLastJoinedAt = "lastJoinedAt" FieldControllerApiAddresses = "apiAddresses" FieldControllerApiAddressVersion = "apiAddresses.version" FieldControllerApiAddressUrl = "apiAddresses.url" )
const ( RootBucket = "ziti" MetadataBucket = "metadata" FieldRaftIndex = "raftIndex" )
const ( FieldEdgeRouters = "edgeRouters" FieldEdgeRouterCertPEM = "certPem" FieldEdgeRouterUnverifiedCertPEM = "unverifiedCertPem" FieldEdgeRouterUnverifiedFingerprint = "unverifiedFingerprint" FieldEdgeRouterIsVerified = "isVerified" FieldEdgeRouterIsTunnelerEnabled = "isTunnelerEnabled" FieldEdgeRouterAppData = "appData" )
const ( FieldEdgeServiceDialIdentities = "dialIdentities" FieldEdgeServiceBindIdentities = "bindIdentities" FieldServiceEncryptionRequired = "encryptionRequired" )
const ( FieldEnrollmentToken = "token" FieldEnrollmentMethod = "method" FieldEnrollIdentity = "identity" FieldEnrollEdgeRouter = "edgeRouter" FieldEnrollTransitRouter = "transitRouter" FieldEnrollmentExpiresAt = "expiresAt" FieldEnrollmentIssuedAt = "issuedAt" FieldEnrollmentCaId = "caId" FieldEnrollmentUsername = "username" FieldEnrollmentJwt = "jwt" MethodEnrollOtt = "ott" MethodEnrollOttCa = "ottca" MethodEnrollCa = "ca" MethodEnrollUpdb = "updb" )
const ( FieldEventualEventType = "type" FieldEventualEventData = "data" )
const ( // EventualEventAddedName is emitted when a new event is added via AddEventualEvent(). // // Event arguments: // 0 - an EventualEventAdded struct EventualEventAddedName = events.EventName("EventualEventAdded") // EventualEventRemovedName is emitted when a previously added eventual event is processed // // Event arguments: // 0 - an EventualEventRemoved struct EventualEventRemovedName = events.EventName("EventualEventRemoved") // EventualEventProcessingStartName is emitted as the first action during processing // Event arguments: // 0 - an EventualEventProcessingStart struct EventualEventProcessingStartName = events.EventName("EventualEventProcessingStart") // EventualEventProcessingBatchStartName is emitted as the first set of events are processed // after EventualEventProcessingStartName. It is possible for 0+ batches to be processed. Each // patch should contain 1+ events. // // Event arguments: // 0 - an EventualEventProcessingBatchStart struct EventualEventProcessingBatchStartName = events.EventName("EventualEventProcessingBatchStart") // EventualEventProcessingListenerStartName is emitted for each function listener invoked // on each event. // // Event arguments: // 0 - an EventualEventProcessingListenerStart struct EventualEventProcessingListenerStartName = events.EventName("EventualEventProcessingListenerStart") // EventualEventProcessingListenerDoneName is emitted for each function listener after invocation // // Event arguments: // 0 - an EventualEventProcessingListenerDone struct EventualEventProcessingListenerDoneName = events.EventName("EventualEventProcessingListenerDone") // EventualEventProcessingBatchDoneName is emitted after the last event processed in a batch. // // Event arguments: // 0 - an EventualEventProcessingBatchDone struct EventualEventProcessingBatchDoneName = events.EventName("EventualEventProcessingBatchDone") // EventualEventProcessingDoneName is emitted as the last action during processing after // all events and batches. // // Event arguments: // 0 - an EventualEventProcessingDone struct EventualEventProcessingDoneName = events.EventName("EventualEventProcessingDone") )
const ( FieldExternalJwtSignerFingerprint = "fingerprint" FieldExternalJwtSignerCertPem = "certPem" FieldExternalJwtSignerJwksEndpoint = "jwksEndpoint" FieldExternalJwtSignerCommonName = "commonName" FieldExternalJwtSignerNotAfter = "notAfter" FieldExternalJwtSignerNotBefore = "notBefore" FieldExternalJwtSignerEnabled = "enabled" FieldExternalJwtSignerExternalAuthUrl = "externalAuthUrl" FieldExternalJwtSignerAuthPolicies = "authPolicies" FieldExternalJwtSignerClaimsProperty = "claimsProperty" FieldExternalJwtSignerUseExternalId = "useExternalId" FieldExternalJwtSignerKid = "kid" FieldExternalJwtSignerIssuer = "issuer" FieldExternalJwtSignerAudience = "audience" FieldExternalJwtSignerClientId = "clientId" FieldExternalJwtSignerScopes = "scopes" DefaultClaimsProperty = "sub" )
const ( FieldIdentityType = "type" FieldIdentityIsDefaultAdmin = "isDefaultAdmin" FieldIdentityIsAdmin = "isAdmin" FieldIdentityEnrollments = "enrollments" FieldIdentityAuthenticators = "authenticators" FieldIdentityServiceConfigs = "serviceConfigs" FieldIdentityEnvInfoArch = "envInfoArch" FieldIdentityEnvInfoOs = "envInfoOs" FieldIdentityEnvInfoOsRelease = "envInfoRelease" FieldIdentityEnvInfoOsVersion = "envInfoVersion" FieldIdentityEnvInfoDomain = "envInfoDomain" FieldIdentityEnvInfoHostname = "envInfoHostname" FieldIdentitySdkInfoBranch = "sdkInfoBranch" FieldIdentitySdkInfoRevision = "sdkInfoRevision" FieldIdentitySdkInfoType = "sdkInfoType" FieldIdentitySdkInfoVersion = "sdkInfoVersion" FieldIdentitySdkInfoAppId = "sdkInfoAppId" FieldIdentitySdkInfoAppVersion = "sdkInfoAppVersion" FieldIdentityBindServices = "bindServices" FieldIdentityDialServices = "dialServices" FieldIdentityDefaultHostingPrecedence = "defaultHostingPrecedence" FieldIdentityDefaultHostingCost = "defaultHostingCost" FieldIdentityServiceHostingPrecedences = "serviceHostingPrecedences" FieldIdentityServiceHostingCosts = "serviceHostingCosts" FieldIdentityAppData = "appData" FieldIdentityAuthPolicyId = "authPolicyId" FieldIdentityExternalId = "externalId" FieldIdentityDisabledAt = "disabledAt" FieldIdentityDisabledUntil = "disabledUntil" )
const ( RouterIdentityType = "Router" DefaultIdentityType = "Default" )
const ( FieldMfaIdentity = "identity" FieldMfaIsVerified = "isVerified" FieldMfaRecoveryCodes = "recoveryCodes" FieldMfaSecret = "secret" FieldMfaSalt = "salt" )
const ( CurrentDbVersion = 37 FieldVersion = "version" )
const ( FieldPostureCheckMfaTimeoutSeconds = "timeoutSeconds" FieldPostureCheckMfaPromptOnWake = "promptOnWake" FieldPostureCheckMfaPromptOnUnlock = "promptOnUnlock" FieldPostureCheckMfaIgnoreLegacyEndpoints = "ignoreLegacyEndpoints" )
const ( FieldPostureCheckOsType = "osType" FieldPostureCheckOsVersions = "osVersions" )
const ( FieldPostureCheckProcessOs = "os" FieldPostureCheckProcessPath = "path" FieldPostureCheckProcessHashes = "hashes" FieldPostureCheckProcessFingerprint = "fingerprint" )
const ( FieldPostureCheckProcessMultiOsType = "osType" FieldPostureCheckProcessMultiPath = "path" FieldPostureCheckProcessMultiHashes = "hashes" FieldPostureCheckProcessMultiSignerFingerprints = "signerFingerprints" FieldPostureCheckProcessMultiProcesses = "processes" )
const ( //Fields FieldPostureCheckTypeId = "typeId" FieldPostureCheckVersion = "version" FieldPostureCheckBindServices = "bindServices" FieldPostureCheckDialServices = "dialServices" )
const ( PostureCheckTypeOs = "OS" PostureCheckTypeDomain = "DOMAIN" PostureCheckTypeProcess = "PROCESS" PostureCheckTypeProcessMulti = "PROCESS_MULTI" PostureCheckTypeMAC = "MAC" PostureCheckTypeMFA = "MFA" )
const ( EntityTypeRouters = "routers" FieldRouterFingerprint = "fingerprint" FieldRouterCost = "cost" FieldRouterNoTraversal = "noTraversal" FieldRouterDisabled = "disabled" )
const ( FieldServicePolicyType = "type" PolicyTypeInvalidName = "Invalid" PolicyTypeDialName = "Dial" PolicyTypeBindName = "Bind" PolicyTypeInvalid PolicyType = PolicyTypeInvalidName PolicyTypeDial PolicyType = PolicyTypeDialName PolicyTypeBind PolicyType = PolicyTypeBindName )
const ( EntityTypeServices = "services" FieldServiceTerminatorStrategy = "terminatorStrategy" FieldServiceMaxIdleTime = "maxIdleTime" )
const ( FieldSessionToken = "token" FieldSessionApiSession = "apiSession" FieldSessionService = "service" FieldSessionIdentity = "identity" FieldSessionType = "type" FieldSessionServicePolicies = "servicePolicies" SessionTypeDial = "Dial" SessionTypeBind = "Bind" )
const ( EntityTypeTerminators = "terminators" FieldTerminatorService = "service" FieldTerminatorRouter = "router" FieldTerminatorBinding = "binding" FieldTerminatorAddress = "address" FieldTerminatorInstanceId = "instanceId" FieldTerminatorInstanceSecret = "instanceSecret" FieldTerminatorCost = "cost" FieldTerminatorPrecedence = "precedence" FieldServerPeerData = "peerData" FieldTerminatorHostId = "hostId" FieldTerminatorSavedPrecedence = "savedPrecedence" )
const ( TransitRouterPath = "transitRouter" FieldTransitRouterIsVerified = "isVerified" FieldTransitRouterEnrollments = "enrollments" )
const ( RolePrefix = "#" EntityPrefix = "@" AllRole = "#all" )
const (
FieldConfigTypeSchema = "schema"
)
const (
FieldPostureCheckDomains = "domains"
)
const (
FieldPostureCheckMacAddresses = "macAddresses"
)
const (
FieldPostureCheckTypeOperatingSystems = "operatingSystems"
)
const (
FieldRevocationExpiresAt = "expiresAt"
)
const (
ServicePolicyEventsKey = ServicePolicyEventsKeyType("servicePolicyEvents")
)
Variables ¶
var IdentityTypesV1 = map[string]string{
"Default": "Default",
"Router": "Router",
}
var ServiceEvents = &ServiceEventsRegistry{ handlers: cowslice.NewCowSlice(make([]ServiceEventHandler, 0)), }
Functions ¶
func EvaluatePolicy ¶ added in v0.31.1
func EvaluatePolicy(ctx *roleAttributeChangeContext, policy Policy, roleAttributesSymbol boltz.EntitySetSymbol)
func FieldValuesToIds ¶ added in v0.31.1
func FieldValuesToIds(new []boltz.FieldTypeAndValue) []string
func LoadCurrentRaftIndex ¶
func NewStoreDefinition ¶
func NewStoreDefinition[E boltz.ExtEntity](strategy boltz.EntityStrategy[E]) boltz.StoreDefinition[E]
func ProcessEntityPolicyMatched ¶ added in v0.31.1
func ProcessEntityPolicyUnmatched ¶ added in v0.31.1
func RunMigrations ¶ added in v0.31.1
func UpdateRelatedRoles ¶ added in v0.31.1
func UpdateRelatedRoles(ctx *roleAttributeChangeContext, entityId []byte, newRoleAttributes []boltz.FieldTypeAndValue, semanticSymbol boltz.EntitySymbol)
Types ¶
type ApiAddress ¶ added in v0.34.2
type ApiSession ¶ added in v0.31.1
type ApiSession struct { boltz.BaseExtEntity IdentityId string `json:"identityId"` Token string `json:"-"` IPAddress string `json:"ipAddress"` ConfigTypes []string `json:"configTypes"` MfaComplete bool `json:"mfaComplete"` MfaRequired bool `json:"mfaRequired"` LastActivityAt time.Time `json:"lastActivityAt"` AuthenticatorId string `json:"authenticatorId"` IsCertExtendable bool `json:"isCertExtendable"` }
func NewApiSession ¶ added in v0.31.1
func NewApiSession(identityId string) *ApiSession
func (*ApiSession) GetEntityType ¶ added in v0.31.1
func (entity *ApiSession) GetEntityType() string
type ApiSessionCertificate ¶ added in v0.31.1
type ApiSessionCertificate struct { boltz.BaseExtEntity ApiSessionId string `json:"apiSessionId"` Subject string `json:"subject"` Fingerprint string `json:"fingerprint"` ValidAfter *time.Time `json:"validAfter"` ValidBefore *time.Time `json:"validBefore"` PEM string `json:"pem"` }
func (*ApiSessionCertificate) GetEntityType ¶ added in v0.31.1
func (entity *ApiSessionCertificate) GetEntityType() string
type ApiSessionCertificateStore ¶ added in v0.31.1
type ApiSessionCertificateStore interface { Store[*ApiSessionCertificate] }
type ApiSessionCertificateStoreImpl ¶ added in v0.31.1
type ApiSessionCertificateStoreImpl struct {
// contains filtered or unexported fields
}
func (*ApiSessionCertificateStoreImpl) FillEntity ¶ added in v0.31.1
func (store *ApiSessionCertificateStoreImpl) FillEntity(entity *ApiSessionCertificate, bucket *boltz.TypedBucket)
func (*ApiSessionCertificateStoreImpl) NewEntity ¶ added in v0.31.1
func (store *ApiSessionCertificateStoreImpl) NewEntity() *ApiSessionCertificate
func (*ApiSessionCertificateStoreImpl) PersistEntity ¶ added in v0.31.1
func (store *ApiSessionCertificateStoreImpl) PersistEntity(entity *ApiSessionCertificate, ctx *boltz.PersistContext)
type ApiSessionStore ¶ added in v0.31.1
type AuthPolicy ¶ added in v0.31.1
type AuthPolicy struct { boltz.BaseExtEntity Name string `json:"name"` Primary AuthPolicyPrimary `json:"primary"` Secondary AuthPolicySecondary `json:"secondary"` }
func (*AuthPolicy) GetEntityType ¶ added in v0.31.1
func (entity *AuthPolicy) GetEntityType() string
func (*AuthPolicy) GetName ¶ added in v0.31.1
func (entity *AuthPolicy) GetName() string
type AuthPolicyCert ¶ added in v0.31.1
type AuthPolicyExtJwt ¶ added in v0.31.1
type AuthPolicyPrimary ¶ added in v0.31.1
type AuthPolicyPrimary struct { Cert AuthPolicyCert `json:"cert"` Updb AuthPolicyUpdb `json:"updb"` ExtJwt AuthPolicyExtJwt `json:"extJwt"` }
type AuthPolicySecondary ¶ added in v0.31.1
type AuthPolicyStore ¶ added in v0.31.1
type AuthPolicyStore interface { NameIndexed Store[*AuthPolicy] }
type AuthPolicyStoreImpl ¶ added in v0.31.1
type AuthPolicyStoreImpl struct {
// contains filtered or unexported fields
}
func (*AuthPolicyStoreImpl) FillEntity ¶ added in v0.31.1
func (store *AuthPolicyStoreImpl) FillEntity(entity *AuthPolicy, bucket *boltz.TypedBucket)
func (*AuthPolicyStoreImpl) GetNameIndex ¶ added in v0.31.1
func (store *AuthPolicyStoreImpl) GetNameIndex() boltz.ReadIndex
func (*AuthPolicyStoreImpl) NewEntity ¶ added in v0.31.1
func (store *AuthPolicyStoreImpl) NewEntity() *AuthPolicy
func (*AuthPolicyStoreImpl) PersistEntity ¶ added in v0.31.1
func (store *AuthPolicyStoreImpl) PersistEntity(entity *AuthPolicy, ctx *boltz.PersistContext)
type AuthPolicyUpdb ¶ added in v0.31.1
type AuthPolicyUpdb struct { Allowed bool `json:"allowed"` MinPasswordLength int64 `json:"minPasswordLength"` RequireSpecialChar bool `json:"requireSpecialChar"` RequireNumberChar bool `json:"requireNumberChar"` RequireMixedCase bool `json:"requireMixedCase"` MaxAttempts int64 `json:"maxAttempts"` LockoutDurationMinutes int64 `json:"lockoutDurationMinutes"` }
type Authenticator ¶ added in v0.31.1
type Authenticator struct { boltz.BaseExtEntity Type string `json:"type"` IdentityId string `json:"identityId"` SubType AuthenticatorSubType `json:"subType"` }
func (*Authenticator) GetEntityType ¶ added in v0.31.1
func (entity *Authenticator) GetEntityType() string
func (*Authenticator) ToCert ¶ added in v0.31.1
func (entity *Authenticator) ToCert() *AuthenticatorCert
func (*Authenticator) ToSubType ¶ added in v0.31.1
func (entity *Authenticator) ToSubType() AuthenticatorSubType
func (*Authenticator) ToUpdb ¶ added in v0.31.1
func (entity *Authenticator) ToUpdb() *AuthenticatorUpdb
type AuthenticatorCert ¶ added in v0.31.1
type AuthenticatorCert struct { Authenticator `json:"-"` Fingerprint string `json:"fingerprint"` Pem string `json:"pem"` IsIssuedByNetwork bool `json:"IsIssuedByNetwork"` UnverifiedPem string `json:"unverifiedPem"` UnverifiedFingerprint string `json:"unverifiedFingerprint"` }
func (*AuthenticatorCert) Fingerprints ¶ added in v0.31.1
func (entity *AuthenticatorCert) Fingerprints() []string
type AuthenticatorStore ¶ added in v0.31.1
type AuthenticatorStore interface { Store[*Authenticator] }
type AuthenticatorSubType ¶ added in v0.31.1
type AuthenticatorSubType interface {
Fingerprints() []string
}
type AuthenticatorUpdb ¶ added in v0.31.1
type AuthenticatorUpdb struct { Authenticator `json:"-"` Username string `json:"username"` Password string `json:"password"` Salt string `json:"salt"` }
func (*AuthenticatorUpdb) Fingerprints ¶ added in v0.31.1
func (entity *AuthenticatorUpdb) Fingerprints() []string
type Ca ¶ added in v0.31.1
type Ca struct { boltz.BaseExtEntity Name string `json:"name"` Fingerprint string `json:"fingerprint"` CertPem string `json:"certPem"` IsVerified bool `json:"isVerified"` VerificationToken string `json:"verificationToken"` IsAutoCaEnrollmentEnabled bool `json:"isAutoCaEnrollmentEnabled"` IsOttCaEnrollmentEnabled bool `json:"isOttCaEnrollmentEnabled"` IsAuthEnabled bool `json:"isAuthEnabled"` IdentityRoles []string `json:"identityRoles"` IdentityNameFormat string `json:"identityNameFormat"` ExternalIdClaim *ExternalIdClaim `json:"externalIdClaim"` }
func (*Ca) GetEntityType ¶ added in v0.31.1
type Config ¶ added in v0.31.1
type Config struct { boltz.BaseExtEntity Name string `json:"name"` Type string `json:"type"` Data map[string]interface{} `json:"data"` }
func (*Config) GetEntityType ¶ added in v0.31.1
type ConfigStore ¶ added in v0.31.1
type ConfigStore interface { Store[*Config] NameIndexed }
type ConfigType ¶ added in v0.31.1
type ConfigType struct { boltz.BaseExtEntity Name string `json:"name"` Schema map[string]interface{} `json:"schema"` }
func (*ConfigType) GetEntityType ¶ added in v0.31.1
func (entity *ConfigType) GetEntityType() string
func (*ConfigType) GetName ¶ added in v0.31.1
func (entity *ConfigType) GetName() string
type ConfigTypeStore ¶ added in v0.31.1
type ConfigTypeStore interface { Store[*ConfigType] NameIndexed LoadOneByName(tx *bbolt.Tx, name string) (*ConfigType, error) GetName(tx *bbolt.Tx, id string) *string }
type Controller ¶ added in v0.34.0
type Controller struct { boltz.BaseExtEntity Name string `json:"name"` CtrlAddress string `json:"address"` CertPem string `json:"certPem"` Fingerprint string `json:"fingerprint"` IsOnline bool `json:"isOnline"` LastJoinedAt *time.Time `json:"lastJoinedAt"` ApiAddresses map[string][]ApiAddress }
func (*Controller) GetEntityType ¶ added in v0.34.0
func (entity *Controller) GetEntityType() string
func (*Controller) GetName ¶ added in v0.34.0
func (entity *Controller) GetName() string
type ControllerStore ¶ added in v0.34.0
type ControllerStore interface { Store[*Controller] GetNameIndex() boltz.ReadIndex }
type DbProvider ¶ added in v0.31.1
type DbProviderF ¶ added in v0.31.1
func (DbProviderF) GetDb ¶ added in v0.31.1
func (f DbProviderF) GetDb() boltz.Db
type EdgeRouter ¶ added in v0.31.1
type EdgeRouter struct { Router IsVerified bool `json:"isVerified"` CertPem *string `json:"certPem"` UnverifiedCertPem *string `json:"unverifiedCertPem"` UnverifiedFingerprint *string `json:"unverifiedFingerprint"` RoleAttributes []string `json:"roleAttributes"` IsTunnelerEnabled bool `json:"isTunnelerEnabled"` AppData map[string]interface{} `json:"appData"` }
func (*EdgeRouter) GetName ¶ added in v0.31.1
func (entity *EdgeRouter) GetName() string
type EdgeRouterPolicy ¶ added in v0.31.1
type EdgeRouterPolicy struct { boltz.BaseExtEntity Name string `json:"name"` Semantic string `json:"semantic"` IdentityRoles []string `json:"identityRoles"` EdgeRouterRoles []string `json:"edgeRouterRoles"` }
func (*EdgeRouterPolicy) GetEntityType ¶ added in v0.31.1
func (entity *EdgeRouterPolicy) GetEntityType() string
func (*EdgeRouterPolicy) GetName ¶ added in v0.31.1
func (entity *EdgeRouterPolicy) GetName() string
func (*EdgeRouterPolicy) GetSemantic ¶ added in v0.31.1
func (entity *EdgeRouterPolicy) GetSemantic() string
type EdgeRouterPolicyStore ¶ added in v0.31.1
type EdgeRouterPolicyStore interface { NameIndexed Store[*EdgeRouterPolicy] }
type EdgeRouterStore ¶ added in v0.31.1
type EdgeRouterStore interface { NameIndexed Store[*EdgeRouter] GetRoleAttributesIndex() boltz.SetReadIndex GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error) }
type EdgeService ¶ added in v0.31.1
type EdgeServiceStore ¶ added in v0.31.1
type EdgeServiceStore interface { NameIndexed Store[*EdgeService] IsBindableByIdentity(tx *bbolt.Tx, id string, identityId string) bool IsDialableByIdentity(tx *bbolt.Tx, id string, identityId string) bool GetRoleAttributesIndex() boltz.SetReadIndex GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error) }
type Enrollment ¶ added in v0.31.1
type Enrollment struct { boltz.BaseExtEntity Token string `json:"token"` Method string `json:"method"` IdentityId *string `json:"identityId"` TransitRouterId *string `json:"transitRouterId"` EdgeRouterId *string `json:"edgeRouterId"` ExpiresAt *time.Time `json:"expiresAt"` IssuedAt *time.Time `json:"issuedAt"` CaId *string `json:"caId"` Username *string `json:"username"` Jwt string `json:"-"` }
func (*Enrollment) GetEntityType ¶ added in v0.31.1
func (entity *Enrollment) GetEntityType() string
type EnrollmentStore ¶ added in v0.31.1
type EnrollmentStore interface { Store[*Enrollment] LoadOneByToken(tx *bbolt.Tx, token string) (*Enrollment, error) }
type EventListenerFunc ¶ added in v0.31.1
EventListenerFunc is a function handler that will be triggered asynchronously some point in the future
type EventualEvent ¶ added in v0.31.1
type EventualEvent struct { boltz.BaseExtEntity Type string `json:"type"` Data []byte `json:"data"` }
func (*EventualEvent) GetEntityType ¶ added in v0.31.1
func (entity *EventualEvent) GetEntityType() string
type EventualEventAdded ¶ added in v0.31.1
type EventualEventProcessingBatchDone ¶ added in v0.31.1
type EventualEventProcessingBatchDone struct { // Id is a unique id for the batch Id string // Id is the unique processing run this batch is a member of ProcessId string // Count is the number of events in the current batch Count int // BatchSize is the batch size for the current batch (the maximum value of Count) BatchSize int // StartTime the time the batch was started StartTime time.Time // EndTime the time the batch ended EndTime time.Time }
type EventualEventProcessingBatchStart ¶ added in v0.31.1
type EventualEventProcessingBatchStart struct { // Id is a unique id for the batch Id string // Id is the unique processing run this batch is a member of ProcessId string // Count is the number of events in the current batch Count int // BatchSize is the batch size for the current batch (the maximum value of Count) BatchSize int // StartTime the time when the batch started processing StartTime time.Time }
type EventualEventProcessingDone ¶ added in v0.31.1
type EventualEventProcessingDone struct { // Id is a unique id for processing run Id string // TotalBatches is the total number of batches executed during processing TotalBatches int64 // TotalEvent is the total number of events processed TotalEvents int64 // TotalListenersExecuted is the total number of listeners executed during processing TotalListenersExecuted int64 // StartTime is the time when the processing began StartTime time.Time // EndTime is the time when the processing ended EndTime time.Time }
type EventualEventProcessingListenerDone ¶ added in v0.31.1
type EventualEventProcessingListenerDone struct { // Id is a unique id for the triggering of a listener Id string // BatchId is the unique id of the batch being processed BatchId string // ProcessId is the unique id of the currently executing process ProcessId string // ListenerFunc is the listener that was executed ListenerFunc EventListenerFunc // BatchEventIndex is the zero based offset of the currently executing event BatchEventIndex int64 // TotalEventIndex is the total index across all batches of the currently executing event TotalEventIndex int64 // Error is nil if no error occurred during execution, otherwise an error value Error error // EventType is the typeof the event that triggered the listener EventType string // StartTime is the time when the listener started execution StartTime time.Time // EndTime is the time when the listener ended execution EndTime time.Time }
type EventualEventProcessingListenerStart ¶ added in v0.31.1
type EventualEventProcessingListenerStart struct { // Id is a unique id for the triggering of a listener Id string // BatchId is the unique id of the batch being processed BatchId string // ProcessId is the unique id of the currently executing process ProcessId string // ListenerFunc is the listener that was executed ListenerFunc EventListenerFunc // BatchEventIndex is the zero based offset of the currently executing event BatchEventIndex int64 // TotalEventIndex is the total index across all batches of the currently executing event TotalEventIndex int64 // EventType is the typeof the event that is triggering the listener EventType string // StartTime is the time when the listener was started StartTime time.Time }
type EventualEventProcessingStart ¶ added in v0.31.1
type EventualEventRemoved ¶ added in v0.31.1
type EventualEventStore ¶ added in v0.31.1
type EventualEventStore interface { Store[*EventualEvent] }
type EventualEventer ¶ added in v0.31.1
type EventualEventer interface { // EventEmmiter is used to provide processing event status on processing state, which is useful // for instrumenting an EventualEventer for metric purposes (process runtime, process batch runtime, // event counts, etc.) events.EventEmmiter // AddEventualEvent adds an eventual event with a specific name and byte array data payload. Interpretation // of the event's data payload is upto the event emitter and consumer. AddEventualEvent(eventType string, data []byte) // AddEventualListener adds a function as call back when an eventual event is processed. AddEventualListener(eventType string, handler EventListenerFunc) // Start should be called at the start of the lifetime of the EventualEventer. // A closeNotify channel must be supplied for application shutdown eventing. // // If an EventualEventer has already been started, it will return an error. // Errors may be returned for other reasons causing Start to fail. Start(closeNotify <-chan struct{}) error // Stop may be called to manually end of the lifetime of the EventualEventer outside the // closeNotify signaling provided in the Start call. If not started, an error will be returned. // Errors may be returned for other reasons causing Stop to fail. Stop() error // Trigger forces an EventualEventer to check for work to be processed. Beyond this method, // it is the implementation's responsibility to provide other mechanisms or logic to determine // when work is performed (timers, events, etc.) which may be setup/torn down during Start/Stop. // // If the EventualEventer is not currently running or can't process work and error will // be returned. If it is running a channel will be returned which will be closed after // the current or next iteration of the event processor has completed. Trigger() (<-chan struct{}, error) }
An EventualEventer provides a method for storing events in a persistent manner that will be processed at a later date. Processing may include time intensive processing such as bulk deletion of other entities. Event persistence strategy, processing order, and processing synchronization are up to the implementation to decide.
EventualEventers are also required to emit a series of events via the events.EventEmitter interface. See EventualEventAdded and subsequent events for more details.
type EventualEventerBbolt ¶ added in v0.31.1
type EventualEventerBbolt struct { events.EventEmmiter Interval time.Duration // contains filtered or unexported fields }
EventualEventerBbolt implements EventualEventer with a bbolt back storage mechanism. Work is performed on a configurable basis via the Interval property in FIFO order.
Events are stored in the following format:
id - CUID - a monotonic reference id name - string - an event name, used for log output data - []byte - a string array of arguments
func NewEventualEventerBbolt ¶ added in v0.31.1
func NewEventualEventerBbolt(dbProvider DbProvider, store EventualEventStore, interval time.Duration, batchSize int) *EventualEventerBbolt
NewEventualEventerBbolt creates a new bbolt backed asynchronous eventer that will check for new events at the given interval or when triggered. On each interval/trigger, the number of events processed is determined by batchSize.
func (*EventualEventerBbolt) AddEventualEvent ¶ added in v0.31.1
func (a *EventualEventerBbolt) AddEventualEvent(eventType string, data []byte)
func (*EventualEventerBbolt) AddEventualEventWithCtx ¶ added in v0.31.1
func (a *EventualEventerBbolt) AddEventualEventWithCtx(ctx boltz.MutateContext, eventType string, data []byte)
func (*EventualEventerBbolt) AddEventualListener ¶ added in v0.31.1
func (a *EventualEventerBbolt) AddEventualListener(eventType string, listener EventListenerFunc)
func (*EventualEventerBbolt) Start ¶ added in v0.31.1
func (a *EventualEventerBbolt) Start(closeNotify <-chan struct{}) error
func (*EventualEventerBbolt) Stop ¶ added in v0.31.1
func (a *EventualEventerBbolt) Stop() error
func (*EventualEventerBbolt) Trigger ¶ added in v0.31.1
func (a *EventualEventerBbolt) Trigger() (<-chan struct{}, error)
type ExternalIdClaim ¶ added in v0.31.1
type ExternalJwtSigner ¶ added in v0.31.1
type ExternalJwtSigner struct { boltz.BaseExtEntity Name string `json:"name"` Fingerprint *string `json:"fingerprint"` Kid *string `json:"kid"` CertPem *string `json:"certPem"` JwksEndpoint *string `json:"jwksEndpoint"` CommonName string `json:"commonName"` NotAfter *time.Time `json:"notAfter"` NotBefore *time.Time `json:"notBefore"` Enabled bool `json:"enabled"` ExternalAuthUrl *string `json:"externalAuthUrl"` ClaimsProperty *string `json:"claimsProperty"` UseExternalId bool `json:"useExternalId"` Issuer *string `json:"issuer"` Audience *string `json:"audience"` ClientId *string `json:"clientId"` Scopes []string `json:"scopes"` }
func (*ExternalJwtSigner) GetEntityType ¶ added in v0.31.1
func (entity *ExternalJwtSigner) GetEntityType() string
func (*ExternalJwtSigner) GetName ¶ added in v0.31.1
func (entity *ExternalJwtSigner) GetName() string
type ExternalJwtSignerStore ¶ added in v0.31.1
type ExternalJwtSignerStore interface { NameIndexed Store[*ExternalJwtSigner] }
type FieldCheckerF ¶ added in v1.1.12
func (FieldCheckerF) IsUpdated ¶ added in v1.1.12
func (f FieldCheckerF) IsUpdated(s string) bool
type Identity ¶ added in v0.31.1
type Identity struct { boltz.BaseExtEntity Name string `json:"name"` IdentityTypeId string `json:"identityTypeId"` IsDefaultAdmin bool `json:"isDefaultAdmin"` IsAdmin bool `json:"isAdmin"` Enrollments []string `json:"enrollments"` Authenticators []string `json:"authenticators"` RoleAttributes []string `json:"roleAttributes"` SdkInfo *SdkInfo `json:"sdkInfo"` EnvInfo *EnvInfo `json:"envInfo"` DefaultHostingPrecedence ziti.Precedence `json:"defaultHostingPrecedence"` DefaultHostingCost uint16 `json:"defaultHostingCost"` ServiceHostingPrecedences map[string]ziti.Precedence `json:"serviceHostingPrecedences"` ServiceHostingCosts map[string]uint16 `json:"serviceHostingCosts"` AppData map[string]interface{} `json:"appData"` AuthPolicyId string `json:"authPolicyId"` ExternalId *string `json:"externalId"` DisabledAt *time.Time `json:"disabledAt"` DisabledUntil *time.Time `json:"disabledUntil"` Disabled bool `json:"disabled"` ServiceConfigs map[string]map[string]string `json:"serviceConfigs"` }
func (*Identity) GetEntityType ¶ added in v0.31.1
type IdentityServicesCursorProvider ¶ added in v0.31.1
type IdentityServicesCursorProvider struct {
// contains filtered or unexported fields
}
type IdentityStore ¶ added in v0.31.1
type IdentityStore interface { NameIndexed Store[*Identity] GetRoleAttributesIndex() boltz.SetReadIndex GetRoleAttributesCursorProvider(values []string, semantic string) (ast.SetCursorProvider, error) LoadServiceConfigsByServiceAndType(tx *bbolt.Tx, identityId string, configTypes map[string]struct{}) map[string]map[string]map[string]interface{} GetIdentityServicesCursorProvider(identityId string) ast.SetCursorProvider }
type IdentityType ¶ added in v0.31.1
type IdentityType struct { boltz.BaseExtEntity Name string `json:"name"` }
func (*IdentityType) GetEntityType ¶ added in v0.31.1
func (entity *IdentityType) GetEntityType() string
func (*IdentityType) GetName ¶ added in v0.31.1
func (entity *IdentityType) GetName() string
type IdentityTypeStore ¶ added in v0.31.1
type IdentityTypeStore interface { NameIndexed Store[*IdentityType] }
type IdentityTypeStoreImpl ¶ added in v0.31.1
type IdentityTypeStoreImpl struct {
// contains filtered or unexported fields
}
func (*IdentityTypeStoreImpl) FillEntity ¶ added in v0.31.1
func (store *IdentityTypeStoreImpl) FillEntity(entity *IdentityType, bucket *boltz.TypedBucket)
func (*IdentityTypeStoreImpl) GetNameIndex ¶ added in v0.31.1
func (store *IdentityTypeStoreImpl) GetNameIndex() boltz.ReadIndex
func (*IdentityTypeStoreImpl) NewEntity ¶ added in v0.31.1
func (store *IdentityTypeStoreImpl) NewEntity() *IdentityType
func (*IdentityTypeStoreImpl) PersistEntity ¶ added in v0.31.1
func (store *IdentityTypeStoreImpl) PersistEntity(entity *IdentityType, ctx *boltz.PersistContext)
type Mfa ¶ added in v0.31.1
type Mfa struct { boltz.BaseExtEntity IdentityId string `json:"identityId"` IsVerified bool `json:"isVerified"` Secret string `json:"secret"` Salt string `json:"salt"` RecoveryCodes []string `json:"recoveryCodes"` }
func (*Mfa) GetEntityType ¶ added in v0.31.1
type MfaStoreImpl ¶ added in v0.31.1
type MfaStoreImpl struct {
// contains filtered or unexported fields
}
func (*MfaStoreImpl) FillEntity ¶ added in v0.31.1
func (store *MfaStoreImpl) FillEntity(entity *Mfa, bucket *boltz.TypedBucket)
func (*MfaStoreImpl) NewEntity ¶ added in v0.31.1
func (store *MfaStoreImpl) NewEntity() *Mfa
func (*MfaStoreImpl) PersistEntity ¶ added in v0.31.1
func (store *MfaStoreImpl) PersistEntity(entity *Mfa, ctx *boltz.PersistContext)
type Migrations ¶ added in v0.31.1
type Migrations struct {
// contains filtered or unexported fields
}
type NameIndexed ¶ added in v0.31.1
type OperatingSystem ¶ added in v0.31.1
type Policy ¶ added in v0.31.1
type Policy interface { boltz.NamedExtEntity }
type PolicyType ¶ added in v0.31.1
type PolicyType string
func GetPolicyTypeForId ¶ added in v0.31.1
func GetPolicyTypeForId(policyTypeId int32) PolicyType
func (PolicyType) Id ¶ added in v0.31.1
func (self PolicyType) Id() int32
func (PolicyType) IsBind ¶ added in v1.1.0
func (self PolicyType) IsBind() bool
func (PolicyType) IsDial ¶ added in v1.1.0
func (self PolicyType) IsDial() bool
func (PolicyType) String ¶ added in v0.31.1
func (self PolicyType) String() string
type PostureCheck ¶ added in v0.31.1
type PostureCheck struct { boltz.BaseExtEntity Name string `json:"name"` TypeId string `json:"typeId"` Version int64 `json:"version"` RoleAttributes []string `json:"roleAttributes"` SubType PostureCheckSubType `json:"subType"` }
func (*PostureCheck) GetEntityType ¶ added in v0.31.1
func (entity *PostureCheck) GetEntityType() string
func (*PostureCheck) GetName ¶ added in v0.31.1
func (entity *PostureCheck) GetName() string
type PostureCheckMacAddresses ¶ added in v0.31.1
type PostureCheckMacAddresses struct {
MacAddresses []string `json:"macAddresses"`
}
func (*PostureCheckMacAddresses) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckMacAddresses) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckMacAddresses) SetValues ¶ added in v0.31.1
func (entity *PostureCheckMacAddresses) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type PostureCheckMfa ¶ added in v0.31.1
type PostureCheckMfa struct { TimeoutSeconds int64 `json:"timeoutSeconds"` PromptOnWake bool `json:"promptOnWake"` PromptOnUnlock bool `json:"promptOnUnlock"` IgnoreLegacyEndpoints bool `json:"ignoreLegacyEndpoints"` }
func (*PostureCheckMfa) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckMfa) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckMfa) SetValues ¶ added in v0.31.1
func (entity *PostureCheckMfa) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type PostureCheckOperatingSystem ¶ added in v0.31.1
type PostureCheckOperatingSystem struct {
OperatingSystems []OperatingSystem `json:"operatingSystems"`
}
func (*PostureCheckOperatingSystem) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckOperatingSystem) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckOperatingSystem) SetValues ¶ added in v0.31.1
func (entity *PostureCheckOperatingSystem) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type PostureCheckProcess ¶ added in v0.31.1
type PostureCheckProcess struct { OperatingSystem string `json:"operatingSystem"` Path string `json:"path"` Hashes []string `json:"hashes"` Fingerprint string `json:"fingerprint"` }
func (*PostureCheckProcess) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckProcess) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckProcess) SetValues ¶ added in v0.31.1
func (entity *PostureCheckProcess) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type PostureCheckProcessMulti ¶ added in v0.31.1
type PostureCheckProcessMulti struct { Semantic string `json:"semantic"` Processes []*ProcessMulti `json:"processes"` }
func (*PostureCheckProcessMulti) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckProcessMulti) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckProcessMulti) SetValues ¶ added in v0.31.1
func (entity *PostureCheckProcessMulti) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type PostureCheckStore ¶ added in v0.31.1
type PostureCheckStore interface { Store[*PostureCheck] GetRoleAttributesIndex() boltz.SetReadIndex GetRoleAttributesCursorProvider(filters []string, semantic string) (ast.SetCursorProvider, error) }
type PostureCheckSubType ¶ added in v0.31.1
type PostureCheckSubType interface { LoadValues(bucket *boltz.TypedBucket) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket) }
type PostureCheckType ¶ added in v0.31.1
type PostureCheckType struct { boltz.BaseExtEntity Name string `json:"name"` OperatingSystems []OperatingSystem `json:"operatingSystems"` }
func (*PostureCheckType) GetEntityType ¶ added in v0.31.1
func (entity *PostureCheckType) GetEntityType() string
func (*PostureCheckType) GetName ¶ added in v0.31.1
func (entity *PostureCheckType) GetName() string
type PostureCheckTypeStore ¶ added in v0.31.1
type PostureCheckTypeStore interface { NameIndexed Store[*PostureCheckType] }
type PostureCheckWindowsDomains ¶ added in v0.31.1
type PostureCheckWindowsDomains struct {
Domains []string `json:"domains"`
}
func (*PostureCheckWindowsDomains) LoadValues ¶ added in v0.31.1
func (entity *PostureCheckWindowsDomains) LoadValues(bucket *boltz.TypedBucket)
func (*PostureCheckWindowsDomains) SetValues ¶ added in v0.31.1
func (entity *PostureCheckWindowsDomains) SetValues(ctx *boltz.PersistContext, bucket *boltz.TypedBucket)
type ProcessMulti ¶ added in v0.31.1
type Revocation ¶ added in v0.31.1
type Revocation struct { boltz.BaseExtEntity ExpiresAt time.Time `json:"expiresAt"` }
func (Revocation) GetEntityType ¶ added in v0.31.1
func (r Revocation) GetEntityType() string
type RevocationStore ¶ added in v0.31.1
type RevocationStore interface { Store[*Revocation] }
type Router ¶
type Router struct { boltz.BaseExtEntity Name string `json:"name"` Fingerprint *string `json:"fingerprint"` Cost uint16 `json:"cost"` NoTraversal bool `json:"noTraversal"` Disabled bool `json:"disabled"` }
func (*Router) GetEntityType ¶
type RouterStore ¶
type SecretStore ¶ added in v0.31.1
type SecretStore interface {
GetSecret() []byte
}
type Service ¶
type Service struct { boltz.BaseExtEntity Name string `json:"name"` MaxIdleTime time.Duration `json:"maxIdleTime"` TerminatorStrategy string `json:"terminatorStrategy"` }
func (*Service) GetEntityType ¶
type ServiceEdgeRouterPolicy ¶ added in v0.31.1
type ServiceEdgeRouterPolicy struct { boltz.BaseExtEntity Name string `json:"name"` Semantic string `json:"semantic"` ServiceRoles []string `json:"serviceRoles"` EdgeRouterRoles []string `json:"edgeRouterRoles"` }
func (*ServiceEdgeRouterPolicy) GetEntityType ¶ added in v0.31.1
func (entity *ServiceEdgeRouterPolicy) GetEntityType() string
func (*ServiceEdgeRouterPolicy) GetName ¶ added in v0.31.1
func (entity *ServiceEdgeRouterPolicy) GetName() string
func (*ServiceEdgeRouterPolicy) GetSemantic ¶ added in v0.31.1
func (entity *ServiceEdgeRouterPolicy) GetSemantic() string
type ServiceEdgeRouterPolicyStore ¶ added in v0.31.1
type ServiceEdgeRouterPolicyStore interface { NameIndexed Store[*ServiceEdgeRouterPolicy] }
type ServiceEvent ¶ added in v0.31.1
type ServiceEvent struct { Type ServiceEventType IdentityId string ServiceId string }
func (*ServiceEvent) String ¶ added in v0.31.1
func (self *ServiceEvent) String() string
type ServiceEventHandler ¶ added in v0.31.1
type ServiceEventHandler func(event *ServiceEvent)
type ServiceEventType ¶ added in v0.31.1
type ServiceEventType byte
const ( ServiceDialAccessGained ServiceEventType = 1 ServiceDialAccessLost ServiceEventType = 2 ServiceBindAccessGained ServiceEventType = 3 ServiceBindAccessLost ServiceEventType = 4 ServiceUpdated ServiceEventType = 5 )
func (ServiceEventType) String ¶ added in v0.31.1
func (self ServiceEventType) String() string
type ServiceEventsRegistry ¶ added in v0.31.1
type ServiceEventsRegistry struct {
// contains filtered or unexported fields
}
func (*ServiceEventsRegistry) AddServiceEventHandler ¶ added in v0.31.1
func (self *ServiceEventsRegistry) AddServiceEventHandler(listener ServiceEventHandler)
func (*ServiceEventsRegistry) RemoveServiceEventHandler ¶ added in v0.31.1
func (self *ServiceEventsRegistry) RemoveServiceEventHandler(listener ServiceEventHandler)
type ServicePolicy ¶ added in v0.31.1
type ServicePolicy struct { boltz.BaseExtEntity PolicyType PolicyType `json:"policyType"` Name string `json:"name"` Semantic string `json:"semantic"` IdentityRoles []string `json:"identityRoles"` ServiceRoles []string `json:"serviceRoles"` PostureCheckRoles []string `json:"postureCheckRoles"` }
func (*ServicePolicy) GetEntityType ¶ added in v0.31.1
func (entity *ServicePolicy) GetEntityType() string
func (*ServicePolicy) GetName ¶ added in v0.31.1
func (entity *ServicePolicy) GetName() string
func (*ServicePolicy) GetSemantic ¶ added in v0.31.1
func (entity *ServicePolicy) GetSemantic() string
type ServicePolicyChangeEventListener ¶ added in v1.1.1
type ServicePolicyChangeEventListener func(event *edge_ctrl_pb.DataState_ServicePolicyChange)
type ServicePolicyEventsKeyType ¶ added in v1.1.1
type ServicePolicyEventsKeyType string
type ServicePolicyStore ¶ added in v0.31.1
type ServicePolicyStore interface { NameIndexed Store[*ServicePolicy] }
type ServiceStore ¶
type Session ¶ added in v0.31.1
type Session struct { boltz.BaseExtEntity Token string `json:"-"` IdentityId string `json:"identityId"` ApiSessionId string `json:"apiSessionId"` ServiceId string `json:"serviceId"` Type string `json:"type"` ApiSession *ApiSession `json:"-"` ServicePolicies []string `json:"servicePolicies"` }
func (*Session) GetEntityType ¶ added in v0.31.1
type SessionStore ¶ added in v0.31.1
type Store ¶ added in v0.31.1
type Store[E boltz.ExtEntity] interface { boltz.EntityStore[E] // contains filtered or unexported methods }
type Stores ¶
type Stores struct { EventualEventer EventualEventer Router RouterStore Service ServiceStore Terminator TerminatorStore ApiSession ApiSessionStore ApiSessionCertificate ApiSessionCertificateStore AuthPolicy AuthPolicyStore EventualEvent EventualEventStore ExternalJwtSigner ExternalJwtSignerStore Ca CaStore Config ConfigStore ConfigType ConfigTypeStore Controller ControllerStore EdgeRouter EdgeRouterStore EdgeRouterPolicy EdgeRouterPolicyStore EdgeService EdgeServiceStore Identity IdentityStore IdentityType IdentityTypeStore Index boltz.Store Session SessionStore Revocation RevocationStore ServiceEdgeRouterPolicy ServiceEdgeRouterPolicyStore ServicePolicy ServicePolicyStore TransitRouter TransitRouterStore Enrollment EnrollmentStore Authenticator AuthenticatorStore PostureCheck PostureCheckStore PostureCheckType PostureCheckTypeStore Mfa MfaStore // contains filtered or unexported fields }
func InitStores ¶
func InitStores(db boltz.Db, rateLimiter rate.RateLimiter, signingCert *x509.Certificate) (*Stores, error)
func (*Stores) AddCheckable ¶
func (*Stores) CheckIntegrity ¶
func (*Stores) CheckIntegrityInTx ¶
func (*Stores) GetEntityCounts ¶ added in v0.31.1
func (*Stores) GetStoreForEntity ¶
func (*Stores) GetStoreList ¶
type Terminator ¶
type Terminator struct { boltz.BaseExtEntity Service string `json:"service"` Router string `json:"router"` Binding string `json:"binding"` Address string `json:"address"` InstanceId string `json:"instanceId"` InstanceSecret []byte `json:"instanceSecret"` Cost uint16 `json:"cost"` Precedence string `json:"precedence"` PeerData xt.PeerData `json:"peerData"` HostId string `json:"hostId"` SavedPrecedence *string `json:"savedPrecedence"` }
func (*Terminator) GetAddress ¶
func (entity *Terminator) GetAddress() string
func (*Terminator) GetBinding ¶
func (entity *Terminator) GetBinding() string
func (*Terminator) GetCost ¶
func (entity *Terminator) GetCost() uint16
func (*Terminator) GetEntityType ¶
func (entity *Terminator) GetEntityType() string
func (*Terminator) GetHostId ¶
func (entity *Terminator) GetHostId() string
func (*Terminator) GetInstanceId ¶
func (entity *Terminator) GetInstanceId() string
func (*Terminator) GetInstanceSecret ¶
func (entity *Terminator) GetInstanceSecret() []byte
func (*Terminator) GetPeerData ¶
func (entity *Terminator) GetPeerData() xt.PeerData
func (*Terminator) GetPrecedence ¶
func (entity *Terminator) GetPrecedence() xt.Precedence
func (*Terminator) GetRouterId ¶
func (entity *Terminator) GetRouterId() string
func (*Terminator) GetServiceId ¶
func (entity *Terminator) GetServiceId() string
type TerminatorStore ¶
type TerminatorStore interface { boltz.EntityStore[*Terminator] GetTerminatorsInIdentityGroup(tx *bbolt.Tx, terminatorId string) ([]*Terminator, error) }
type TestContext ¶
type TestContext struct { *boltztest.BaseTestContext // contains filtered or unexported fields }
func NewTestContext ¶
func NewTestContext(t testing.TB) *TestContext
func (*TestContext) Cleanup ¶ added in v0.31.1
func (ctx *TestContext) Cleanup()
func (*TestContext) CleanupAll ¶ added in v0.31.1
func (ctx *TestContext) CleanupAll()
func (*TestContext) GetDb ¶ added in v0.31.1
func (ctx *TestContext) GetDb() boltz.Db
func (*TestContext) GetStoreForEntity ¶
func (ctx *TestContext) GetStoreForEntity(entity boltz.Entity) boltz.Store
func (*TestContext) GetStores ¶ added in v0.31.1
func (ctx *TestContext) GetStores() *Stores
func (*TestContext) Init ¶
func (ctx *TestContext) Init()
func (*TestContext) RequireNewIdentity ¶ added in v0.31.1
func (ctx *TestContext) RequireNewIdentity(name string, isAdmin bool) *Identity
func (*TestContext) RequireNewService ¶ added in v0.31.1
func (ctx *TestContext) RequireNewService(name string) *EdgeService
type TransitRouter ¶ added in v0.31.1
type TransitRouter struct { Router IsVerified bool `json:"isVerified"` Enrollments []string `json:"enrollments"` IsBase bool `json:"-"` UnverifiedCertPem *string `json:"unverifiedCertPem"` UnverifiedFingerprint *string `json:"unverifiedFingerprint"` }
func (*TransitRouter) GetName ¶ added in v0.31.1
func (entity *TransitRouter) GetName() string
type TransitRouterStore ¶ added in v0.31.1
type TransitRouterStore interface { NameIndexed Store[*TransitRouter] }
type UpdateLastActivityAtChecker ¶ added in v0.31.1
type UpdateLastActivityAtChecker struct{}
func (UpdateLastActivityAtChecker) IsUpdated ¶ added in v0.31.1
func (u UpdateLastActivityAtChecker) IsUpdated(field string) bool
Source Files ¶
- api_session_certificate_store.go
- api_session_store.go
- auth_policy_store.go
- authenticator_store.go
- base_entity.go
- base_store.go
- ca_store.go
- config_store.go
- config_type_store.go
- controller_store.go
- db.go
- edge_router_policy_store.go
- edge_router_store.go
- edge_service_store.go
- enrollment_store.go
- eventual_event_store.go
- eventual_eventer.go
- external_jwt_signer_store.go
- identity_store.go
- identity_type_store.go
- mfa_store.go
- migration.go
- migration_initialize.go
- migration_v14.go
- migration_v16.go
- migration_v17.go
- migration_v18.go
- migration_v19.go
- migration_v23.go
- migration_v24.go
- migration_v25.go
- migration_v33.go
- migration_v37.go
- migrations.go
- policy_common.go
- posture_check_mac.go
- posture_check_mfa.go
- posture_check_os.go
- posture_check_process.go
- posture_check_process_multi.go
- posture_check_store.go
- posture_check_type_store.go
- posture_check_windows_domain.go
- revocation_store.go
- router_store.go
- service_edge_router_policy_store.go
- service_events.go
- service_policy_store.go
- service_store.go
- session_store.go
- stores.go
- terminator_store.go
- testing.go
- transit_router_store.go
- util.go