Documentation ¶
Index ¶
- func JSON(w http.ResponseWriter, v interface{})
- func JSONStatus(w http.ResponseWriter, v interface{}, status int)
- func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)
- func LogEnabledResponse(rw http.ResponseWriter, v interface{})
- func LogError(rw http.ResponseWriter, err error)
- func ParseCursor(r *http.Request) (cursor string, limit int, err error)
- func ProtoJSON(w http.ResponseWriter, m proto.Message)
- func ProtoJSONStatus(w http.ResponseWriter, m proto.Message, status int)
- func ReadJSON(r io.Reader, v interface{}) error
- func ReadProtoJSON(r io.Reader, m proto.Message) error
- func WriteError(w http.ResponseWriter, err error)
- type Authority
- type Certificate
- type CertificateRequest
- type EnableLogger
- type FederationResponse
- type HealthResponse
- type ProvisionerKeyResponse
- type ProvisionersResponse
- type RekeyRequest
- type RevokeRequest
- type RevokeResponse
- type RootResponse
- type RootsResponse
- type Router
- type RouterHandler
- type SSHAuthority
- type SSHBastionRequest
- type SSHBastionResponse
- type SSHCertificate
- type SSHCheckPrincipalRequest
- type SSHCheckPrincipalResponse
- type SSHConfigRequest
- type SSHConfigResponse
- type SSHGetHostsResponse
- type SSHPublicKey
- type SSHRekeyRequest
- type SSHRekeyResponse
- type SSHRenewRequest
- type SSHRenewResponse
- type SSHRevokeRequest
- type SSHRevokeResponse
- type SSHRootsResponse
- type SSHSignRequest
- type SSHSignResponse
- type SignRequest
- type SignResponse
- type Template
- type TimeDuration
- type VersionResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func JSON ¶
func JSON(w http.ResponseWriter, v interface{})
JSON writes the passed value into the http.ResponseWriter.
func JSONStatus ¶ added in v0.13.0
func JSONStatus(w http.ResponseWriter, v interface{}, status int)
JSONStatus writes the given value into the http.ResponseWriter and the given status is written as the status code of the response.
func LogCertificate ¶ added in v0.15.0
func LogCertificate(w http.ResponseWriter, cert *x509.Certificate)
LogCertificate add certificate fields to the log message.
func LogEnabledResponse ¶ added in v0.13.0
func LogEnabledResponse(rw http.ResponseWriter, v interface{})
LogEnabledResponse log the response object if it implements the EnableLogger interface.
func LogError ¶
func LogError(rw http.ResponseWriter, err error)
LogError adds to the response writer the given error if it implements logging.ResponseLogger. If it does not implement it, then writes the error using the log package.
func ParseCursor ¶ added in v0.16.0
ParseCursor parses the cursor and limit from the request query params.
func ProtoJSON ¶ added in v0.16.0
func ProtoJSON(w http.ResponseWriter, m proto.Message)
ProtoJSON writes the passed value into the http.ResponseWriter.
func ProtoJSONStatus ¶ added in v0.16.0
func ProtoJSONStatus(w http.ResponseWriter, m proto.Message, status int)
ProtoJSONStatus writes the given value into the http.ResponseWriter and the given status is written as the status code of the response.
func ReadProtoJSON ¶ added in v0.16.0
ReadProtoJSON reads JSON from the request body and stores it in the value pointed by v.
func WriteError ¶
func WriteError(w http.ResponseWriter, err error)
WriteError writes to w a JSON representation of the given error.
Types ¶
type Authority ¶
type Authority interface { SSHAuthority // context specifies the Authorize[Sign|Revoke|etc.] method. Authorize(ctx context.Context, ott string) ([]provisioner.SignOption, error) AuthorizeSign(ott string) ([]provisioner.SignOption, error) GetTLSOptions() *config.TLSOptions Root(shasum string) (*x509.Certificate, error) Sign(cr *x509.CertificateRequest, opts provisioner.SignOptions, signOpts ...provisioner.SignOption) ([]*x509.Certificate, error) Renew(peer *x509.Certificate) ([]*x509.Certificate, error) Rekey(peer *x509.Certificate, pk crypto.PublicKey) ([]*x509.Certificate, error) LoadProvisionerByCertificate(*x509.Certificate) (provisioner.Interface, error) LoadProvisionerByName(string) (provisioner.Interface, error) GetProvisioners(cursor string, limit int) (provisioner.List, string, error) Revoke(context.Context, *authority.RevokeOptions) error GetEncryptedKey(kid string) (string, error) GetRoots() (federation []*x509.Certificate, err error) GetFederation() ([]*x509.Certificate, error) Version() authority.Version }
Authority is the interface implemented by a CA authority.
type Certificate ¶
type Certificate struct {
*x509.Certificate
}
Certificate wraps a *x509.Certificate and adds the json.Marshaler interface.
func NewCertificate ¶
func NewCertificate(cr *x509.Certificate) Certificate
NewCertificate is a helper method that returns a Certificate from a *x509.Certificate.
func (Certificate) MarshalJSON ¶
func (c Certificate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. The certificate is quoted string using the PEM encoding.
func (*Certificate) UnmarshalJSON ¶
func (c *Certificate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted string using the PEM encoding.
type CertificateRequest ¶
type CertificateRequest struct {
*x509.CertificateRequest
}
CertificateRequest wraps a *x509.CertificateRequest and adds the json.Unmarshaler interface.
func NewCertificateRequest ¶
func NewCertificateRequest(cr *x509.CertificateRequest) CertificateRequest
NewCertificateRequest is a helper method that returns a CertificateRequest from a *x509.CertificateRequest.
func (CertificateRequest) MarshalJSON ¶
func (c CertificateRequest) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. The certificate request is a quoted string using the PEM encoding.
func (*CertificateRequest) UnmarshalJSON ¶
func (c *CertificateRequest) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate request is expected to be a quoted string using the PEM encoding.
type EnableLogger ¶ added in v0.13.0
type EnableLogger interface {
ToLog() (interface{}, error)
}
EnableLogger is an interface that enables response logging for an object.
type FederationResponse ¶ added in v0.8.3
type FederationResponse struct {
Certificates []Certificate `json:"crts"`
}
FederationResponse is the response object of the federation request.
type HealthResponse ¶
type HealthResponse struct {
Status string `json:"status"`
}
HealthResponse is the response object that returns the health of the server.
type ProvisionerKeyResponse ¶
type ProvisionerKeyResponse struct {
Key string `json:"key"`
}
ProvisionerKeyResponse is the response object that returns the encrypted key of a provisioner.
type ProvisionersResponse ¶
type ProvisionersResponse struct { Provisioners provisioner.List `json:"provisioners"` NextCursor string `json:"nextCursor"` }
ProvisionersResponse is the response object that returns the list of provisioners.
type RekeyRequest ¶ added in v0.15.0
type RekeyRequest struct {
CsrPEM CertificateRequest `json:"csr"`
}
RekeyRequest is the request body for a certificate rekey request.
func (*RekeyRequest) Validate ¶ added in v0.15.0
func (s *RekeyRequest) Validate() error
Validate checks the fields of the RekeyRequest and returns nil if they are ok or an error if something is wrong.
type RevokeRequest ¶ added in v0.10.0
type RevokeRequest struct { Serial string `json:"serial"` OTT string `json:"ott"` ReasonCode int `json:"reasonCode"` Reason string `json:"reason"` Passive bool `json:"passive"` }
RevokeRequest is the request body for a revocation request.
func (*RevokeRequest) Validate ¶ added in v0.10.0
func (r *RevokeRequest) Validate() (err error)
Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.
type RevokeResponse ¶ added in v0.10.0
type RevokeResponse struct {
Status string `json:"status"`
}
RevokeResponse is the response object that returns the health of the server.
type RootResponse ¶
type RootResponse struct {
RootPEM Certificate `json:"ca"`
}
RootResponse is the response object that returns the PEM of a root certificate.
type RootsResponse ¶ added in v0.8.3
type RootsResponse struct {
Certificates []Certificate `json:"crts"`
}
RootsResponse is the response object of the roots request.
type Router ¶
type Router interface { // MethodFunc adds routes for `pattern` that matches // the `method` HTTP method. MethodFunc(method, pattern string, h http.HandlerFunc) }
Router defines a common router interface.
type RouterHandler ¶
type RouterHandler interface {
Route(r Router)
}
RouterHandler is the interface that a HTTP handler that manages multiple endpoints will implement.
func New ¶
func New(auth Authority) RouterHandler
New creates a new RouterHandler with the CA endpoints.
type SSHAuthority ¶ added in v0.12.0
type SSHAuthority interface { SignSSH(ctx context.Context, key ssh.PublicKey, opts provisioner.SignSSHOptions, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) RenewSSH(ctx context.Context, cert *ssh.Certificate) (*ssh.Certificate, error) RekeySSH(ctx context.Context, cert *ssh.Certificate, key ssh.PublicKey, signOpts ...provisioner.SignOption) (*ssh.Certificate, error) SignSSHAddUser(ctx context.Context, key ssh.PublicKey, cert *ssh.Certificate) (*ssh.Certificate, error) GetSSHRoots(ctx context.Context) (*config.SSHKeys, error) GetSSHFederation(ctx context.Context) (*config.SSHKeys, error) GetSSHConfig(ctx context.Context, typ string, data map[string]string) ([]templates.Output, error) CheckSSHHost(ctx context.Context, principal string, token string) (bool, error) GetSSHHosts(ctx context.Context, cert *x509.Certificate) ([]config.Host, error) GetSSHBastion(ctx context.Context, user string, hostname string) (*config.Bastion, error) }
SSHAuthority is the interface implemented by a SSH CA authority.
type SSHBastionRequest ¶ added in v0.14.0
SSHBastionRequest is the request body used to get the bastion for a given host.
func (*SSHBastionRequest) Validate ¶ added in v0.14.0
func (r *SSHBastionRequest) Validate() error
Validate checks the values of the SSHBastionRequest.
type SSHBastionResponse ¶ added in v0.14.0
type SSHBastionResponse struct { Hostname string `json:"hostname"` Bastion *config.Bastion `json:"bastion,omitempty"` }
SSHBastionResponse is the response body used to return the bastion for a given host.
type SSHCertificate ¶ added in v0.12.0
type SSHCertificate struct {
*ssh.Certificate `json:"omitempty"`
}
SSHCertificate represents the response SSH certificate.
func (SSHCertificate) MarshalJSON ¶ added in v0.12.0
func (c SSHCertificate) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the certificate.
func (*SSHCertificate) UnmarshalJSON ¶ added in v0.12.0
func (c *SSHCertificate) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The certificate is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.
type SSHCheckPrincipalRequest ¶ added in v0.14.0
type SSHCheckPrincipalRequest struct { Type string `json:"type"` Principal string `json:"principal"` Token string `json:"token,omitempty"` }
SSHCheckPrincipalRequest is the request body used to check if a principal certificate has been created. Right now it only supported for hosts certificates.
func (*SSHCheckPrincipalRequest) Validate ¶ added in v0.14.0
func (r *SSHCheckPrincipalRequest) Validate() error
Validate checks the check principal request.
type SSHCheckPrincipalResponse ¶ added in v0.14.0
type SSHCheckPrincipalResponse struct {
Exists bool `json:"exists"`
}
SSHCheckPrincipalResponse is the response body used to check if a principal exists.
type SSHConfigRequest ¶ added in v0.14.0
SSHConfigRequest is the request body used to get the SSH configuration templates.
func (*SSHConfigRequest) Validate ¶ added in v0.14.0
func (r *SSHConfigRequest) Validate() error
Validate checks the values of the SSHConfigurationRequest.
type SSHConfigResponse ¶ added in v0.14.0
type SSHConfigResponse struct { UserTemplates []Template `json:"userTemplates,omitempty"` HostTemplates []Template `json:"hostTemplates,omitempty"` }
SSHConfigResponse is the response that returns the rendered templates.
type SSHGetHostsResponse ¶ added in v0.14.0
SSHGetHostsResponse is the response object that returns the list of valid hosts for SSH.
type SSHPublicKey ¶ added in v0.14.0
SSHPublicKey represents a public key in a response object.
func (*SSHPublicKey) MarshalJSON ¶ added in v0.14.0
func (p *SSHPublicKey) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. Returns a quoted, base64 encoded, openssh wire format version of the public key.
func (*SSHPublicKey) UnmarshalJSON ¶ added in v0.14.0
func (p *SSHPublicKey) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. The public key is expected to be a quoted, base64 encoded, openssh wire formatted block of bytes.
type SSHRekeyRequest ¶ added in v0.14.0
type SSHRekeyRequest struct { OTT string `json:"ott"` PublicKey []byte `json:"publicKey"` //base64 encoded }
SSHRekeyRequest is the request body of an SSH certificate request.
func (*SSHRekeyRequest) Validate ¶ added in v0.14.0
func (s *SSHRekeyRequest) Validate() error
Validate validates the SSHSignRekey.
type SSHRekeyResponse ¶ added in v0.14.0
type SSHRekeyResponse struct { Certificate SSHCertificate `json:"crt"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHRekeyResponse is the response object that returns the SSH certificate.
type SSHRenewRequest ¶ added in v0.14.0
type SSHRenewRequest struct {
OTT string `json:"ott"`
}
SSHRenewRequest is the request body of an SSH certificate request.
func (*SSHRenewRequest) Validate ¶ added in v0.14.0
func (s *SSHRenewRequest) Validate() error
Validate validates the SSHSignRequest.
type SSHRenewResponse ¶ added in v0.14.0
type SSHRenewResponse struct { Certificate SSHCertificate `json:"crt"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHRenewResponse is the response object that returns the SSH certificate.
type SSHRevokeRequest ¶ added in v0.14.0
type SSHRevokeRequest struct { Serial string `json:"serial"` OTT string `json:"ott"` ReasonCode int `json:"reasonCode"` Reason string `json:"reason"` Passive bool `json:"passive"` }
SSHRevokeRequest is the request body for a revocation request.
func (*SSHRevokeRequest) Validate ¶ added in v0.14.0
func (r *SSHRevokeRequest) Validate() (err error)
Validate checks the fields of the RevokeRequest and returns nil if they are ok or an error if something is wrong.
type SSHRevokeResponse ¶ added in v0.14.0
type SSHRevokeResponse struct {
Status string `json:"status"`
}
SSHRevokeResponse is the response object that returns the health of the server.
type SSHRootsResponse ¶ added in v0.14.0
type SSHRootsResponse struct { UserKeys []SSHPublicKey `json:"userKey,omitempty"` HostKeys []SSHPublicKey `json:"hostKey,omitempty"` }
SSHRootsResponse represents the response object that returns the SSH user and host keys.
type SSHSignRequest ¶ added in v0.14.0
type SSHSignRequest struct { PublicKey []byte `json:"publicKey"` // base64 encoded OTT string `json:"ott"` CertType string `json:"certType,omitempty"` KeyID string `json:"keyID,omitempty"` Principals []string `json:"principals,omitempty"` ValidAfter TimeDuration `json:"validAfter,omitempty"` ValidBefore TimeDuration `json:"validBefore,omitempty"` AddUserPublicKey []byte `json:"addUserPublicKey,omitempty"` IdentityCSR CertificateRequest `json:"identityCSR,omitempty"` TemplateData json.RawMessage `json:"templateData,omitempty"` }
SSHSignRequest is the request body of an SSH certificate request.
func (*SSHSignRequest) Validate ¶ added in v0.14.0
func (s *SSHSignRequest) Validate() error
Validate validates the SSHSignRequest.
type SSHSignResponse ¶ added in v0.14.0
type SSHSignResponse struct { Certificate SSHCertificate `json:"crt"` AddUserCertificate *SSHCertificate `json:"addUserCrt,omitempty"` IdentityCertificate []Certificate `json:"identityCrt,omitempty"` }
SSHSignResponse is the response object that returns the SSH certificate.
type SignRequest ¶
type SignRequest struct { CsrPEM CertificateRequest `json:"csr"` OTT string `json:"ott"` NotAfter TimeDuration `json:"notAfter,omitempty"` NotBefore TimeDuration `json:"notBefore,omitempty"` TemplateData json.RawMessage `json:"templateData,omitempty"` }
SignRequest is the request body for a certificate signature request.
func (*SignRequest) Validate ¶
func (s *SignRequest) Validate() error
Validate checks the fields of the SignRequest and returns nil if they are ok or an error if something is wrong.
type SignResponse ¶
type SignResponse struct { ServerPEM Certificate `json:"crt"` CaPEM Certificate `json:"ca"` CertChainPEM []Certificate `json:"certChain"` TLSOptions *config.TLSOptions `json:"tlsOptions,omitempty"` TLS *tls.ConnectionState `json:"-"` }
SignResponse is the response object of the certificate signature request.
type TimeDuration ¶ added in v0.9.0
type TimeDuration = provisioner.TimeDuration
TimeDuration is an alias of provisioner.TimeDuration
func NewTimeDuration ¶ added in v0.9.0
func NewTimeDuration(t time.Time) TimeDuration
NewTimeDuration returns a TimeDuration with the defined time.
func ParseTimeDuration ¶ added in v0.9.0
func ParseTimeDuration(s string) (TimeDuration, error)
ParseTimeDuration returns a new TimeDuration parsing the RFC 3339 time or time.Duration string.
type VersionResponse ¶ added in v0.14.0
type VersionResponse struct { Version string `json:"version"` RequireClientAuthentication bool `json:"requireClientAuthentication,omitempty"` }
VersionResponse is the response object that returns the version of the server.