Documentation
¶
Overview ¶
Package pki provides support for HSDP PKI service
Index ¶
- Constants
- Variables
- type APIEndpoint
- type CertificateAuthority
- type CertificateList
- type CertificateRequest
- type Client
- type Config
- type ErrorResponse
- type IssueData
- type IssueResponse
- type OnboardingResponse
- type OptionFunc
- type QueryOptions
- type Response
- type RevokeResponse
- type Role
- type ServiceOptions
- type ServiceParameters
- type ServicesService
- func (c *ServicesService) GetCertificateBySerial(logicalPath, serial string, options ...OptionFunc) (*IssueResponse, *Response, error)
- func (c *ServicesService) GetCertificates(logicalPath string, opt *QueryOptions, options ...OptionFunc) (*CertificateList, *Response, error)
- func (c *ServicesService) GetPolicyCA(options ...OptionFunc) (*x509.Certificate, *pem.Block, *Response, error)
- func (c *ServicesService) GetPolicyCRL(options ...OptionFunc) (*pkix.CertificateList, *pem.Block, *Response, error)
- func (c *ServicesService) GetRootCA(options ...OptionFunc) (*x509.Certificate, *pem.Block, *Response, error)
- func (c *ServicesService) GetRootCRL(options ...OptionFunc) (*pkix.CertificateList, *pem.Block, *Response, error)
- func (c *ServicesService) IssueCertificate(logicalPath, roleName string, request CertificateRequest, ...) (*IssueResponse, *Response, error)
- func (c *ServicesService) RevokeCertificateBySerial(logicalPath, serial string, options ...OptionFunc) (*RevokeResponse, *Response, error)
- func (c *ServicesService) Sign(logicalPath, roleName string, signRequest SignRequest, options ...OptionFunc) (*IssueResponse, *Response, error)
- type SignRequest
- type Tenant
- type TenantService
- func (t *TenantService) Offboard(tenant Tenant, options ...OptionFunc) (bool, *Response, error)
- func (t *TenantService) Onboard(tenant Tenant, options ...OptionFunc) (*OnboardingResponse, *Response, error)
- func (t *TenantService) Retrieve(logicalPath string, options ...OptionFunc) (*Tenant, *Response, error)
- func (t *TenantService) Update(update UpdateTenantRequest, options ...OptionFunc) (bool, *Response, error)
- type UpdateServiceParameters
- type UpdateTenantRequest
Constants ¶
View Source
const (
APIVersion = "1"
)
Variables ¶
View Source
var ( ErrBasePKICannotBeEmpty = errors.New("base PKI URL cannot be empty") ErrMissingPKIPermissions = errors.New("missing PKI permissions") ErrMissingIAMOrganization = errors.New("missing IAM organization") ErrEmptyResult = errors.New("empty result") ErrCouldNoReadResourceAfterCreate = errors.New("could not read resource after create") ErrCertificateExpected = errors.New("certificate expected") ErrCRLExpected = errors.New("certificate revocation list expected") ErrCFClientNotConfigured = errors.New("CF client not configured") ErrCFInvalidToken = errors.New("invalid CF token") ErrInvalidPrivateKey = errors.New("invalid private key") ErrNotImplementedYet = errors.New("not implemented yet") )
Errors
Functions ¶
This section is empty.
Types ¶
type APIEndpoint ¶ added in v0.34.4
type APIEndpoint string
func (APIEndpoint) LogicalPath ¶ added in v0.34.4
func (a APIEndpoint) LogicalPath() (string, error)
LogicalPath returns the logical path component from the APIEndpoint
type CertificateAuthority ¶
type CertificateAuthority struct {
TTL string `json:"ttl,omitempty"`
CommonName string `json:"common_name" validate:"required"`
KeyType string `json:"key_type,omitempty"` // rsa|ec
KeyBits int `json:"key_bits,omitempty"`
OU string `json:"ou,omitempty"`
Organization string `json:"organization,omitempty"`
Country string `json:"country,omitempty"`
Locality string `json:"locality,omitempty"`
Province string `json:"province,omitempty"`
}
type CertificateList ¶ added in v0.34.2
type CertificateList struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data struct {
Keys []string `json:"keys"`
} `json:"data"`
WrapInfo string `json:"wrap_info,omitempty"`
Warnings string `json:"warnings,omitempty"`
Auth string `json:"auth,omitempty"`
}
CertificateList list serial numbers of non-revoked certificates including the Issuing CA
type CertificateRequest ¶
type CertificateRequest struct {
CommonName string `json:"common_name" validate:"required,max=253"`
AltNames string `json:"alt_names,omitempty"`
IPSANS string `json:"ip_sans,omitempty"`
URISANS string `json:"uri_sans,omitempty"`
OtherSANS string `json:"other_sans,omitempty"`
TTL string `json:"ttl,omitempty"`
Format string `json:"format,omitempty"`
PrivateKeyFormat string `json:"private_key_format,omitempty"`
ExcludeCNFromSANS *bool `json:"exclude_cn_from_sans,omitempty"`
}
type Client ¶
type Client struct {
// HTTP client used to communicate with IAM API
*iam.Client
// User agent used when communicating with the HSDP IAM API.
UserAgent string
Tenants *TenantService
Services *ServicesService // Sounds like something from Java!
// contains filtered or unexported fields
}
A Client manages communication with HSDP PKI API
func NewClient ¶
func NewClient(consoleClient *console.Client, iamClient *iam.Client, config *Config) (*Client, error)
NewClient returns a new HSDP PKI API client. Configured console and IAM clients must be provided as the underlying API requires tokens from respective services
func (*Client) SetBasePKIURL ¶
SetBasePKIURL sets the base URL for API requests to a custom endpoint. urlStr should always be specified with a trailing slash.
type ErrorResponse ¶
type ErrorResponse struct {
Response *http.Response `json:"-"`
Code string `json:"responseCode"`
Message string `json:"responseMessage"`
Errors []string `json:"errors,omitempty"`
}
ErrorResponse represents an IAM errors response containing a code and a human readable message
func (*ErrorResponse) Error ¶ added in v0.30.0
func (e *ErrorResponse) Error() string
type IssueData ¶
type IssueData struct {
CaChain []string `json:"ca_chain,omitempty"`
Certificate string `json:"certificate,omitempty"`
Expiration int `json:"expiration,omitempty"`
IssuingCa string `json:"issuing_ca,omitempty"`
PrivateKey string `json:"private_key,omitempty"`
PrivateKeyType string `json:"private_key_type,omitempty"`
SerialNumber string `json:"serial_number,omitempty"`
}
func (*IssueData) GetCertificate ¶
func (d *IssueData) GetCertificate() (*x509.Certificate, error)
func (*IssueData) GetPrivateKey ¶
type IssueResponse ¶
type IssueResponse struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data IssueData `json:"data"`
WrapInfo *string `json:"wrap_info,omitempty"`
Warnings *string `json:"warnings,omitempty"`
Auth *string `json:"auth,omitempty"`
}
type OnboardingResponse ¶
type OnboardingResponse struct {
APIEndpoint APIEndpoint `json:"api_endpoint"`
}
type OptionFunc ¶
OptionFunc is the function signature function for options
type QueryOptions ¶ added in v0.34.2
type QueryOptions struct {
OrganizationID *string `url:"organizationId,omitempty"`
CommonName *string `url:"commonName,omitempty"`
CommonNameExact *string `url:"commonName:exact,omitempty"`
CommonNameContains *string `url:"commonName:contains,omitempty"`
CommonNameMissing *bool `url:"commonName:missing,omitempty"`
CommonNameExists *bool `url:"commonName:exists,omitempty"`
AltName *string `url:"altName,omitempty"`
AltNameExact *string `url:"altName:exact,omitempty"`
AltNameContains *string `url:"altName:contains,omitempty"`
AltNameMissing *bool `url:"altName:missing,omitempty"`
AltNameExists *bool `url:"altName:exists,omitempty"`
SerialNumber *string `url:"serialNumber,omitempty"`
IssuedAt *string `url:"issuedAt,omitempty"`
ExpiresAt *string `url:"expiresAt,omitempty"`
KeyType *string `url:"keyType,omitempty"`
KeyLength *string `url:"keyLength,omitempty"`
KeyUsage *string `url:"keyUsage,omitempty"`
ExtKeyUsage *string `url:"extKeyUsage,omitempty"`
SubjectKeyId *string `url:"subjectKeyId,omitempty"`
AuthorityKeyId *string `url:"authorityKeyId,omitempty"`
Status *string `url:"_status,omitempty"`
RevokedAt *string `url:"revokedAt,omitempty"`
Operation *string `url:"_operation,omitempty"`
Count *string `url:"_count,omitempty"`
Page *string `url:"_page,omitempty"`
Sort *string `url:"_sort,omitempty"`
}
type Response ¶
Response is a HSDP IAM API response. This wraps the standard http.Response returned from HSDP IAM and provides convenient access to things like errors
type RevokeResponse ¶ added in v0.34.4
type RevokeResponse struct {
RequestID string `json:"request_id"`
LeaseID string `json:"lease_id"`
Renewable bool `json:"renewable"`
LeaseDuration int `json:"lease_duration"`
Data struct {
RevocationTime int `json:"revocation_time"`
RevocationTimeRfc3339 time.Time `json:"revocation_time_rfc3339"`
} `json:"data"`
WrapInfo *string `json:"wrap_info,omitempty"`
Warnings *string `json:"warnings,omitempty"`
Auth *string `json:"auth,omitempty"`
}
RevokeResponse
type Role ¶
type Role struct {
Name string `json:"name" validate:"required"`
AllowAnyName bool `json:"allow_any_name"`
AllowIPSans bool `json:"allow_ip_sans"`
AllowSubdomains bool `json:"allow_subdomains"`
AllowedDomains []string `json:"allowed_domains,omitempty"`
AllowedOtherSans []string `json:"allowed_other_sans" validate:"required"`
AllowedSerialNumbers []string `json:"allowed_serial_numbers,omitempty"`
AllowedURISans []string `json:"allowed_uri_sans" validate:"required"`
ClientFlag bool `json:"client_flag"`
Country []string `json:"country"`
EnforceHostnames bool `json:"enforce_hostnames"`
KeyBits int `json:"key_bits,omitempty"`
KeyType string `json:"key_type,omitempty"`
Locality []string `json:"locality,omitempty"`
MaxTTL string `json:"max_ttl,omitempty"`
NotBeforeDuration string `json:"not_before_duration,omitempty"`
Organization []string `json:"organization,omitempty"`
OU []string `json:"ou,omitempty"`
PostalCode []string `json:"postal_code,omitempty"`
Province []string `json:"province,omitempty"`
ServerFlag bool `json:"server_flag"`
StreetAddress []string `json:"street_address,omitempty"`
TTL string `json:"ttl,omitempty"`
UseCSRCommonName bool `json:"use_csr_common_name"`
UseCSRSans bool `json:"use_csr_sans"`
}
type ServiceParameters ¶
type ServiceParameters struct {
LogicalPath string `json:"logical_path,omitempty"`
IAMOrgs []string `json:"iam_orgs" validate:"min=1,max=10,required"`
CA CertificateAuthority `json:"ca" validate:"required"`
Roles []Role `json:"roles" validate:"min=1,max=10,required"`
}
type ServicesService ¶
type ServicesService struct {
// contains filtered or unexported fields
}
func (*ServicesService) GetCertificateBySerial ¶
func (c *ServicesService) GetCertificateBySerial(logicalPath, serial string, options ...OptionFunc) (*IssueResponse, *Response, error)
GetCertificateBySerial
func (*ServicesService) GetCertificates ¶ added in v0.34.2
func (c *ServicesService) GetCertificates(logicalPath string, opt *QueryOptions, options ...OptionFunc) (*CertificateList, *Response, error)
GetCertificates
func (*ServicesService) GetPolicyCA ¶
func (c *ServicesService) GetPolicyCA(options ...OptionFunc) (*x509.Certificate, *pem.Block, *Response, error)
GetPolicyCA
func (*ServicesService) GetPolicyCRL ¶
func (c *ServicesService) GetPolicyCRL(options ...OptionFunc) (*pkix.CertificateList, *pem.Block, *Response, error)
GetPolicyCRL
func (*ServicesService) GetRootCA ¶
func (c *ServicesService) GetRootCA(options ...OptionFunc) (*x509.Certificate, *pem.Block, *Response, error)
GetRootCA
func (*ServicesService) GetRootCRL ¶
func (c *ServicesService) GetRootCRL(options ...OptionFunc) (*pkix.CertificateList, *pem.Block, *Response, error)
GetRootCRL
func (*ServicesService) IssueCertificate ¶
func (c *ServicesService) IssueCertificate(logicalPath, roleName string, request CertificateRequest, options ...OptionFunc) (*IssueResponse, *Response, error)
IssueCertificate
func (*ServicesService) RevokeCertificateBySerial ¶ added in v0.34.4
func (c *ServicesService) RevokeCertificateBySerial(logicalPath, serial string, options ...OptionFunc) (*RevokeResponse, *Response, error)
RevokeCertificateBySerial
func (*ServicesService) Sign ¶
func (c *ServicesService) Sign(logicalPath, roleName string, signRequest SignRequest, options ...OptionFunc) (*IssueResponse, *Response, error)
Sign
type SignRequest ¶
type SignRequest struct {
CSR string `json:"csr" validation:"required"`
CommonName string `json:"common_name" validation:"required"`
AltNames string `json:"alt_names"`
OtherSans string `json:"other_sans"`
IPSans string `json:"ip_sans"`
URISans string `json:"uri_sans"`
TTL string `json:"ttl,omitempty"`
Format string `json:"format" validation:"required" enum:"pem|der|pem_bundle"`
ExcludeCNFromSans bool `json:"exclude_cn_from_sans"`
}
SignRequest
type Tenant ¶
type Tenant struct {
OrganizationName string `json:"organization_name" validate:"required"`
SpaceName string `json:"space_name" validate:"required"`
ServiceName string `json:"service_name" validate:"required"`
PlanName string `json:"plan_name" validate:"required"`
ServiceParameters ServiceParameters `json:"service_parameters" validate:"required"`
}
type TenantService ¶
type TenantService struct {
// contains filtered or unexported fields
}
func (*TenantService) Offboard ¶
func (t *TenantService) Offboard(tenant Tenant, options ...OptionFunc) (bool, *Response, error)
func (*TenantService) Onboard ¶
func (t *TenantService) Onboard(tenant Tenant, options ...OptionFunc) (*OnboardingResponse, *Response, error)
func (*TenantService) Retrieve ¶
func (t *TenantService) Retrieve(logicalPath string, options ...OptionFunc) (*Tenant, *Response, error)
func (*TenantService) Update ¶
func (t *TenantService) Update(update UpdateTenantRequest, options ...OptionFunc) (bool, *Response, error)
type UpdateServiceParameters ¶ added in v0.40.0
type UpdateTenantRequest ¶ added in v0.40.0
type UpdateTenantRequest struct {
ServiceParameters UpdateServiceParameters `json:"service_parameters" validate:"required"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.