Documentation
¶
Index ¶
- Constants
- Variables
- func AddDefaultAccess(a *knox.Access)
- func AddHeader(k, v string) func(http.HandlerFunc) http.HandlerFunc
- func AddPrincipalValidator(validator knox.PrincipalValidator)
- func Authentication(providers []auth.Provider) func(http.HandlerFunc) http.HandlerFunc
- func CanAccess(principal knox.Principal, m KeyManager, acl knox.ACL, at knox.AccessType, ...) bool
- func GetParams(r *http.Request) map[string]string
- func GetPrincipal(r *http.Request) knox.Principal
- func GetRouteID(r *http.Request) string
- func GetRouter(cryptor keydb.Cryptor, db keydb.DB, authzType authorizationType, ...) (*mux.Router, error)
- func Logger(logger *log.Logger) func(http.HandlerFunc) http.HandlerFunc
- type HTTPError
- type KeyManager
- type Parameter
- type PostParameter
- type ProviderType
- type QueryParameter
- type RawQueryParameter
- type Route
- type UrlParameter
Constants ¶
const ( AclAuthorization authorizationType = iota OpaAuthorization )
Variables ¶
var HTTPErrMap = map[int]*httpErrResp{ knox.NoKeyIDCode: {http.StatusBadRequest, "Missing Key ID"}, knox.InternalServerErrorCode: {http.StatusInternalServerError, "Internal Server Error"}, knox.KeyIdentifierExistsCode: {http.StatusBadRequest, "Key identifer exists"}, knox.KeyVersionDoesNotExistCode: {http.StatusNotFound, "Key version does not exist"}, knox.KeyIdentifierDoesNotExistCode: {http.StatusNotFound, "Key identifer does not exist"}, knox.UnauthenticatedCode: {http.StatusUnauthorized, "User or machine is not authenticated"}, knox.UnauthorizedCode: {http.StatusForbidden, "User or machine not authorized"}, knox.NotYetImplementedCode: {http.StatusNotImplemented, "Not yet implemented"}, knox.NotFoundCode: {http.StatusNotFound, "Route not found"}, knox.NoKeyDataCode: {http.StatusBadRequest, "Missing Key Data"}, knox.BadRequestDataCode: {http.StatusBadRequest, "Bad request format"}, knox.BadKeyFormatCode: {http.StatusBadRequest, "Key ID contains unsupported characters"}, knox.BadPrincipalIdentifier: {http.StatusBadRequest, "Invalid principal identifier"}, }
HTTPErrMap is a mapping from err subcodes to the http err response that will be returned.
Functions ¶
func AddDefaultAccess ¶
AddDefaultAccess adds an access to every created key.
func AddHeader ¶
func AddHeader(k, v string) func(http.HandlerFunc) http.HandlerFunc
AddHeader adds a HTTP header to the response
func AddPrincipalValidator ¶
func AddPrincipalValidator(validator knox.PrincipalValidator)
AddPrincipalValidator applies additional, custom validation on principals submitted to Knox for adding into ACLs. Can be used to set custom business logic for e.g. what kind of machine or service prefixes are acceptable.
func Authentication ¶
func Authentication(providers []auth.Provider) func(http.HandlerFunc) http.HandlerFunc
Authentication sets the principal or returns an error if the principal cannot be authenticated.
func CanAccess ¶
func CanAccess(principal knox.Principal, m KeyManager, acl knox.ACL, at knox.AccessType, keyID, action, partition, service string) bool
func GetPrincipal ¶
GetPrincipal gets the principal authenticated through the authentication decorator
func GetRouteID ¶
GetRouteID gets the short form function name for the route being called. Used for logging/metrics.
func GetRouter ¶
func GetRouter( cryptor keydb.Cryptor, db keydb.DB, authzType authorizationType, decorators [](func(http.HandlerFunc) http.HandlerFunc), additionalRoutes []Route) (*mux.Router, error)
GetRouter creates the mux router that serves knox routes. All routes are declared in this file. Each handler itself takes in the db and auth provider interfaces and returns a handler that the is processed through the API Middleware.
func Logger ¶
func Logger(logger *log.Logger) func(http.HandlerFunc) http.HandlerFunc
Logger logs the request and response information in json format to the logger given.
Types ¶
type HTTPError ¶
HTTPError is the error type with knox err subcode and message for logging purposes
func GetAPIError ¶
GetAPIError gets the HTTP error that will be returned from the server.
type KeyManager ¶
type KeyManager interface {
GetAllKeyIDs() ([]string, error)
GetUpdatedKeyIDs(map[string]string) ([]string, error)
GetKey(id string, status knox.VersionStatus) (*knox.Key, error)
AddNewKey(*knox.Key) error
DeleteKey(id string) error
UpdateAccess(string, ...knox.Access) error
AddVersion(string, *knox.KeyVersion) error
UpdateVersion(keyID string, versionID uint64, s knox.VersionStatus) error
GetAuthenticator() *authz_utils.Authenticator
GetAuthorizationType() authorizationType
}
KeyManager is the interface for logic related to managing keys.
func NewKeyManager ¶
func NewKeyManager(c keydb.Cryptor, db keydb.DB, authzType authorizationType) KeyManager
NewKeyManager builds a struct for interfacing with the keydb.
type Parameter ¶
Parameter is an interface through which route-specific Knox API Parameters can be specified
type PostParameter ¶
type PostParameter string
PostParameter is an implementation of the Parameter interface that extracts values embedded in the web form transmitted in the request body
func (PostParameter) Get ¶
func (p PostParameter) Get(r *http.Request) (string, bool)
Get returns the value of the appropriate parameter from the request body
func (PostParameter) Name ¶
func (p PostParameter) Name() string
Name represents the key corresponding to this parameter in the request form
type ProviderType ¶
type ProviderType int
const ( MTLSAuthProviderType ProviderType = iota JWTProviderType SpiffeAuthProviderType NoFoundProviderType )
type QueryParameter ¶
type QueryParameter string
QueryParameter is an implementation of the Parameter interface that extracts specific parameter values from the query string of the request URL as referenced in section 3.4 of RFC2396.
func (QueryParameter) Get ¶
func (p QueryParameter) Get(r *http.Request) (string, bool)
Get returns the value of the query string parameter
func (QueryParameter) Name ¶
func (p QueryParameter) Name() string
Name defines the URL-embedded key that this parameter maps to
type RawQueryParameter ¶
type RawQueryParameter string
RawQueryParameter is an implementation of the Parameter interface that extracts the complete query string from the request URL as referenced in section 3.4 of RFC2396.
func (RawQueryParameter) Get ¶
func (p RawQueryParameter) Get(r *http.Request) (string, bool)
Get returns the value of the entire query string
func (RawQueryParameter) Name ¶
func (p RawQueryParameter) Name() string
Name represents the key-name that will be set for the raw query string in the `parameters` map of the route handler function.
type Route ¶
type Route struct {
// Handler represents the handler function that is responsible for serving
// this route
Handler func(db KeyManager, principal knox.Principal, parameters map[string]string) (interface{}, *HTTPError)
// Id represents A unique string identifier that represents this specific
// route
Id string
// Path represents the relative HTTP path (or prefix) that must be specified
// in order to invoke this route
Path string
// Method represents the HTTP method that must be specified in order to
// invoke this route
Method string
// Parameters is an array that represents the route-specific parameters
// that will be passed to the handler function
Parameters []Parameter
}
Route is a struct that defines a path and method-specific HTTP route on the Knox server
type UrlParameter ¶
type UrlParameter string
UrlParameter is an implementation of the Parameter interface that extracts parameter values from the URL as referenced in section 3.3 of RFC2396.
func (UrlParameter) Get ¶
func (p UrlParameter) Get(r *http.Request) (string, bool)
Get returns the value of the URL parameter
func (UrlParameter) Name ¶
func (p UrlParameter) Name() string
Name defines the URL-embedded key that this parameter maps to
Source Files
Directories