zts

package
v1.7.35 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

README

zts-go-client

A Go client library to talk to Athenz ZTS.

The model.go and client.go files are generated from zts_core, and checked in so users of this library need not know that.

Release Notes:

Version 1.0 (2016-09-06)
 - Initial opensource release

## Usage

To get it into your workspace:

    go get github.com/yahoo/athenz/clients/go/zts

Then in your Go code:

    import (
        zts "github.com/yahoo/athenz/clients/go/zts"
    )
    func main() {
         var principal rdl.Principal /* NToken */
         ...
         client := zts.NewClient()
         client.AddCredentials(principal.GetHTTPHeaderName(), principal.GetCredentials())
         svc, err := client.GetServiceIdentity("athenz", "storage")
         ...
    }

## License

Copyright 2016 Yahoo Inc.

Licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

Documentation

Overview

Package zts contains a client library to talk to Athenz ZTS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ZTSSchema 

func ZTSSchema() *rdl.Schema

Types

type AWSArnRoleName added in v1.7.33 

type AWSArnRoleName string

AWSArnRoleName - AWS full role name with path

type AWSRoleName added in v1.7.33 

type AWSRoleName string

AWSRoleName - AWS role name without the path

type AWSRolePath added in v1.7.34 

type AWSRolePath string

AWSRolePath - AWS role path

type AWSRolePathElement added in v1.7.33 

type AWSRolePathElement string

AWSRolePathElement - AWS role path single element

type AWSTemporaryCredentials 

type AWSTemporaryCredentials struct {
	AccessKeyId     string        `json:"accessKeyId"`
	SecretAccessKey string        `json:"secretAccessKey"`
	SessionToken    string        `json:"sessionToken"`
	Expiration      rdl.Timestamp `json:"expiration"`
}

AWSTemporaryCredentials -

func NewAWSTemporaryCredentials 

func NewAWSTemporaryCredentials(init ...*AWSTemporaryCredentials) *AWSTemporaryCredentials

NewAWSTemporaryCredentials - creates an initialized AWSTemporaryCredentials instance, returns a pointer to it

func (*AWSTemporaryCredentials) UnmarshalJSON 

func (self *AWSTemporaryCredentials) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AWSTemporaryCredentials

func (*AWSTemporaryCredentials) Validate 

func (self *AWSTemporaryCredentials) Validate() error

Validate - checks for missing required fields, etc

type Access 

type Access struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

Access - Access can be checked and returned as this resource.

func NewAccess 

func NewAccess(init ...*Access) *Access

NewAccess - creates an initialized Access instance, returns a pointer to it

func (*Access) UnmarshalJSON 

func (self *Access) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Access

func (*Access) Validate 

func (self *Access) Validate() error

Validate - checks for missing required fields, etc

type ActionName 

type ActionName string

ActionName - An action (operation) name.

type Assertion 

type Assertion struct {

	//
	// the subject of the assertion, a role
	//
	Role string `json:"role"`

	//
	// the object of the assertion. Must be in the local namespace. Can contain
	// wildcards
	//
	Resource string `json:"resource"`

	//
	// the predicate of the assertion. Can contain wildcards
	//
	Action string `json:"action"`

	//
	// the effect of the assertion in the policy language
	//
	Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"`

	//
	// assertion id - auto generated by server
	//
	Id *int64 `json:"id,omitempty" rdl:"optional"`
}

Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.

func NewAssertion 

func NewAssertion(init ...*Assertion) *Assertion

NewAssertion - creates an initialized Assertion instance, returns a pointer to it

func (*Assertion) UnmarshalJSON 

func (self *Assertion) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Assertion

func (*Assertion) Validate 

func (self *Assertion) Validate() error

Validate - checks for missing required fields, etc

type AssertionEffect 

type AssertionEffect int

AssertionEffect - Every assertion can have the effect of ALLOW or DENY. 

const (
	ALLOW AssertionEffect
	DENY
)

AssertionEffect constants

func NewAssertionEffect 

func NewAssertionEffect(init ...interface{}) AssertionEffect

NewAssertionEffect - return a string representation of the enum

func (AssertionEffect) MarshalJSON 

func (e AssertionEffect) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionEffect

func (AssertionEffect) String 

func (e AssertionEffect) String() string

String - return a string representation of the enum

func (AssertionEffect) SymbolSet 

func (e AssertionEffect) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionEffect) UnmarshalJSON 

func (e *AssertionEffect) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect

type AuthorityName 

type AuthorityName string

AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.

type CompoundName 

type CompoundName string

CompoundName - A compound name. Most names in this API are compound names.

type DomainMetric 

type DomainMetric struct {
	MetricType DomainMetricType `json:"metricType"`
	MetricVal  int32            `json:"metricVal"`
}

DomainMetric -

func NewDomainMetric 

func NewDomainMetric(init ...*DomainMetric) *DomainMetric

NewDomainMetric - creates an initialized DomainMetric instance, returns a pointer to it

func (*DomainMetric) UnmarshalJSON 

func (self *DomainMetric) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetric

func (*DomainMetric) Validate 

func (self *DomainMetric) Validate() error

Validate - checks for missing required fields, etc

type DomainMetricType 

type DomainMetricType int

DomainMetricType - zpe metric attributes 

const (
	ACCESS_ALLOWED DomainMetricType
	ACCESS_ALLOWED_DENY
	ACCESS_ALLOWED_DENY_NO_MATCH
	ACCESS_ALLOWED_ALLOW
	ACCESS_ALLOWED_ERROR
	ACCESS_ALLOWED_TOKEN_INVALID
	ACCESS_Allowed_TOKEN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_NOT_FOUND
	ACCESS_ALLOWED_DOMAIN_MISMATCH
	ACCESS_ALLOWED_DOMAIN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_EMPTY
	ACCESS_ALLOWED_TOKEN_CACHE_FAILURE
	ACCESS_ALLOWED_TOKEN_CACHE_NOT_FOUND
	ACCESS_ALLOWED_TOKEN_CACHE_SUCCESS
	ACCESS_ALLOWED_TOKEN_VALIDATE
	LOAD_FILE_FAIL
	LOAD_FILE_GOOD
	LOAD_DOMAIN_GOOD
)

DomainMetricType constants

func NewDomainMetricType 

func NewDomainMetricType(init ...interface{}) DomainMetricType

NewDomainMetricType - return a string representation of the enum

func (DomainMetricType) MarshalJSON 

func (e DomainMetricType) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a DomainMetricType

func (DomainMetricType) String 

func (e DomainMetricType) String() string

String - return a string representation of the enum

func (DomainMetricType) SymbolSet 

func (e DomainMetricType) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*DomainMetricType) UnmarshalJSON 

func (e *DomainMetricType) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetricType

type DomainMetrics 

type DomainMetrics struct {

	//
	// name of the domain the metrics pertain to
	//
	DomainName DomainName `json:"domainName"`

	//
	// list of the domains metrics
	//
	MetricList []*DomainMetric `json:"metricList"`
}

DomainMetrics -

func NewDomainMetrics 

func NewDomainMetrics(init ...*DomainMetrics) *DomainMetrics

NewDomainMetrics - creates an initialized DomainMetrics instance, returns a pointer to it

func (*DomainMetrics) Init 

func (self *DomainMetrics) Init() *DomainMetrics

Init - sets up the instance according to its default field values, if any

func (*DomainMetrics) UnmarshalJSON 

func (self *DomainMetrics) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetrics

func (*DomainMetrics) Validate 

func (self *DomainMetrics) Validate() error

Validate - checks for missing required fields, etc

type DomainName 

type DomainName string

DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.

type DomainSignedPolicyData 

type DomainSignedPolicyData struct {

	//
	// policy data signed by ZMS
	//
	SignedPolicyData *SignedPolicyData `json:"signedPolicyData"`

	//
	// signature generated based on the domain policies object
	//
	Signature string `json:"signature"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId"`
}

DomainSignedPolicyData - A signed bulk transfer of policies. The data is signed with server's private key.

func NewDomainSignedPolicyData 

func NewDomainSignedPolicyData(init ...*DomainSignedPolicyData) *DomainSignedPolicyData

NewDomainSignedPolicyData - creates an initialized DomainSignedPolicyData instance, returns a pointer to it

func (*DomainSignedPolicyData) Init 

func (self *DomainSignedPolicyData) Init() *DomainSignedPolicyData

Init - sets up the instance according to its default field values, if any

func (*DomainSignedPolicyData) UnmarshalJSON 

func (self *DomainSignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainSignedPolicyData

func (*DomainSignedPolicyData) Validate 

func (self *DomainSignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type EntityList added in v1.7.30 

type EntityList string

EntityList - An Entity list is comma separated compound Names

type EntityName 

type EntityName string

EntityName - An entity name is a short form of a resource name, including only the domain and entity.

type HostServices 

type HostServices struct {

	//
	// name of the host
	//
	Host string `json:"host"`

	//
	// list of service names authorized to run on this host
	//
	Names []EntityName `json:"names"`
}

HostServices - The representation for an enumeration of services authorized to run on a specific host.

func NewHostServices 

func NewHostServices(init ...*HostServices) *HostServices

NewHostServices - creates an initialized HostServices instance, returns a pointer to it

func (*HostServices) Init 

func (self *HostServices) Init() *HostServices

Init - sets up the instance according to its default field values, if any

func (*HostServices) UnmarshalJSON 

func (self *HostServices) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a HostServices

func (*HostServices) Validate 

func (self *HostServices) Validate() error

Validate - checks for missing required fields, etc

type Identity 

type Identity struct {

	//
	// name of the identity, fully qualified, i.e. my.domain.service1, or
	// aws.1232321321312.myusername
	//
	Name CompoundName `json:"name"`

	//
	// a certificate usable for both client and server in TLS connections
	//
	Certificate string `json:"certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to use with all IMS-generated certs
	//
	CaCertBundle string `json:"caCertBundle,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

Identity - Identity - a signed assertion of service or human identity, the response could be either a client certificate or just a regular NToken (depending if the request contained a csr or not).

func NewIdentity 

func NewIdentity(init ...*Identity) *Identity

NewIdentity - creates an initialized Identity instance, returns a pointer to it

func (*Identity) UnmarshalJSON 

func (self *Identity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Identity

func (*Identity) Validate 

func (self *Identity) Validate() error

Validate - checks for missing required fields, etc

type InstanceIdentity added in v1.7.3 

type InstanceIdentity struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// name of the identity, fully qualified, i.e. my.domain.service1
	//
	Name ServiceName `json:"name"`

	//
	// unique instance id within provider's namespace
	//
	InstanceId PathElement `json:"instanceId"`

	//
	// an X.509 certificate usable for both client and server in TLS connections
	//
	X509Certificate string `json:"x509Certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to verify all generated X.509 certs
	//
	X509CertificateSigner string `json:"x509CertificateSigner,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

InstanceIdentity -

func NewInstanceIdentity added in v1.7.3 

func NewInstanceIdentity(init ...*InstanceIdentity) *InstanceIdentity

NewInstanceIdentity - creates an initialized InstanceIdentity instance, returns a pointer to it

func (*InstanceIdentity) UnmarshalJSON added in v1.7.3 

func (self *InstanceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceIdentity

func (*InstanceIdentity) Validate added in v1.7.3 

func (self *InstanceIdentity) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshInformation added in v1.7.3 

type InstanceRefreshInformation struct {

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`

	//
	// if present, return an SSH host certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`
}

InstanceRefreshInformation -

func NewInstanceRefreshInformation added in v1.7.3 

func NewInstanceRefreshInformation(init ...*InstanceRefreshInformation) *InstanceRefreshInformation

NewInstanceRefreshInformation - creates an initialized InstanceRefreshInformation instance, returns a pointer to it

func (*InstanceRefreshInformation) UnmarshalJSON added in v1.7.3 

func (self *InstanceRefreshInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshInformation

func (*InstanceRefreshInformation) Validate added in v1.7.3 

func (self *InstanceRefreshInformation) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshRequest 

type InstanceRefreshRequest struct {

	//
	// Cert CSR signed by the service's private key (public key registered in ZMS)
	//
	Csr string `json:"csr"`

	//
	// in seconds how long token should be valid for
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// public key identifier
	//
	KeyId string `json:"keyId,omitempty" rdl:"optional"`
}

InstanceRefreshRequest - InstanceRefreshRequest - a certificate refresh request

func NewInstanceRefreshRequest 

func NewInstanceRefreshRequest(init ...*InstanceRefreshRequest) *InstanceRefreshRequest

NewInstanceRefreshRequest - creates an initialized InstanceRefreshRequest instance, returns a pointer to it

func (*InstanceRefreshRequest) UnmarshalJSON 

func (self *InstanceRefreshRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshRequest

func (*InstanceRefreshRequest) Validate 

func (self *InstanceRefreshRequest) Validate() error

Validate - checks for missing required fields, etc

type InstanceRegisterInformation added in v1.7.3 

type InstanceRegisterInformation struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// the domain of the instance
	//
	Domain DomainName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData"`

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr"`

	//
	// if present, return an SSH host certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`
}

InstanceRegisterInformation -

func NewInstanceRegisterInformation added in v1.7.3 

func NewInstanceRegisterInformation(init ...*InstanceRegisterInformation) *InstanceRegisterInformation

NewInstanceRegisterInformation - creates an initialized InstanceRegisterInformation instance, returns a pointer to it

func (*InstanceRegisterInformation) UnmarshalJSON added in v1.7.3 

func (self *InstanceRegisterInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterInformation

func (*InstanceRegisterInformation) Validate added in v1.7.3 

func (self *InstanceRegisterInformation) Validate() error

Validate - checks for missing required fields, etc

type OSTKInstanceInformation added in v1.1.8 

type OSTKInstanceInformation struct {

	//
	// signed document containing attributes like IP address, instance-id,
	// account#, etc.
	//
	Document string `json:"document"`

	//
	// the signature for the document
	//
	Signature string `json:"signature"`

	//
	// the keyid used to sign the document
	//
	KeyId string `json:"keyId"`

	//
	// the domain of the instance
	//
	Domain CompoundName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// return a certificate in the response
	//
	Csr string `json:"csr"`
}

OSTKInstanceInformation - Instance object that includes requested service details plus host document that is signed by Openstack as part of the host bootstrap process

func NewOSTKInstanceInformation added in v1.1.8 

func NewOSTKInstanceInformation(init ...*OSTKInstanceInformation) *OSTKInstanceInformation

NewOSTKInstanceInformation - creates an initialized OSTKInstanceInformation instance, returns a pointer to it

func (*OSTKInstanceInformation) UnmarshalJSON added in v1.1.8 

func (self *OSTKInstanceInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceInformation

func (*OSTKInstanceInformation) Validate added in v1.1.8 

func (self *OSTKInstanceInformation) Validate() error

Validate - checks for missing required fields, etc

type OSTKInstanceRefreshRequest added in v1.1.8 

type OSTKInstanceRefreshRequest struct {

	//
	// request an X.509 certificate
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`
}

OSTKInstanceRefreshRequest - OSTKCertificateRequest - a certificate signing request

func NewOSTKInstanceRefreshRequest added in v1.1.8 

func NewOSTKInstanceRefreshRequest(init ...*OSTKInstanceRefreshRequest) *OSTKInstanceRefreshRequest

NewOSTKInstanceRefreshRequest - creates an initialized OSTKInstanceRefreshRequest instance, returns a pointer to it

func (*OSTKInstanceRefreshRequest) UnmarshalJSON added in v1.1.8 

func (self *OSTKInstanceRefreshRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceRefreshRequest

func (*OSTKInstanceRefreshRequest) Validate added in v1.1.8 

func (self *OSTKInstanceRefreshRequest) Validate() error

Validate - checks for missing required fields, etc

type PathElement added in v1.7.3 

type PathElement string

PathElement - A uri-safe path element

type Policy 

type Policy struct {

	//
	// name of the policy
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of this policy
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// list of defined assertions for this policy
	//
	Assertions []*Assertion `json:"assertions"`
}

Policy - The representation for a Policy with set of assertions.

func NewPolicy 

func NewPolicy(init ...*Policy) *Policy

NewPolicy - creates an initialized Policy instance, returns a pointer to it

func (*Policy) Init 

func (self *Policy) Init() *Policy

Init - sets up the instance according to its default field values, if any

func (*Policy) UnmarshalJSON 

func (self *Policy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policy

func (*Policy) Validate 

func (self *Policy) Validate() error

Validate - checks for missing required fields, etc

type PolicyData 

type PolicyData struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// list of policies defined in this server
	//
	Policies []*Policy `json:"policies"`
}

PolicyData -

func NewPolicyData 

func NewPolicyData(init ...*PolicyData) *PolicyData

NewPolicyData - creates an initialized PolicyData instance, returns a pointer to it

func (*PolicyData) Init 

func (self *PolicyData) Init() *PolicyData

Init - sets up the instance according to its default field values, if any

func (*PolicyData) UnmarshalJSON 

func (self *PolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyData

func (*PolicyData) Validate 

func (self *PolicyData) Validate() error

Validate - checks for missing required fields, etc

type PublicKeyEntry 

type PublicKeyEntry struct {

	//
	// the public key for the service
	//
	Key string `json:"key"`

	//
	// the key identifier (version or zone name)
	//
	Id string `json:"id"`
}

PublicKeyEntry - The representation of the public key in a service identity object.

func NewPublicKeyEntry 

func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry

NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it

func (*PublicKeyEntry) UnmarshalJSON 

func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry

func (*PublicKeyEntry) Validate 

func (self *PublicKeyEntry) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccess added in v1.1.8 

type ResourceAccess struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

ResourceAccess - ResourceAccess can be checked and returned as this resource. (same as ZMS.Access)

func NewResourceAccess added in v1.1.8 

func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess

NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it

func (*ResourceAccess) UnmarshalJSON added in v1.1.8 

func (self *ResourceAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess

func (*ResourceAccess) Validate added in v1.1.8 

func (self *ResourceAccess) Validate() error

Validate - checks for missing required fields, etc

type ResourceName 

type ResourceName string

ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.

type RoleAccess 

type RoleAccess struct {
	Roles []EntityName `json:"roles"`
}

RoleAccess -

func NewRoleAccess 

func NewRoleAccess(init ...*RoleAccess) *RoleAccess

NewRoleAccess - creates an initialized RoleAccess instance, returns a pointer to it

func (*RoleAccess) Init 

func (self *RoleAccess) Init() *RoleAccess

Init - sets up the instance according to its default field values, if any

func (*RoleAccess) UnmarshalJSON 

func (self *RoleAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleAccess

func (*RoleAccess) Validate 

func (self *RoleAccess) Validate() error

Validate - checks for missing required fields, etc

type RoleCertificateRequest 

type RoleCertificateRequest struct {
	Csr        string `json:"csr"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleCertificateRequest - RoleCertificateRequest - a certificate signing request

func NewRoleCertificateRequest 

func NewRoleCertificateRequest(init ...*RoleCertificateRequest) *RoleCertificateRequest

NewRoleCertificateRequest - creates an initialized RoleCertificateRequest instance, returns a pointer to it

func (*RoleCertificateRequest) UnmarshalJSON 

func (self *RoleCertificateRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleCertificateRequest

func (*RoleCertificateRequest) Validate 

func (self *RoleCertificateRequest) Validate() error

Validate - checks for missing required fields, etc

type RoleToken 

type RoleToken struct {
	Token      string `json:"token"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleToken - A representation of a signed RoleToken

func NewRoleToken 

func NewRoleToken(init ...*RoleToken) *RoleToken

NewRoleToken - creates an initialized RoleToken instance, returns a pointer to it

func (*RoleToken) UnmarshalJSON 

func (self *RoleToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleToken

func (*RoleToken) Validate 

func (self *RoleToken) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentity 

type ServiceIdentity struct {

	//
	// the full name of the service, i.e. "sports.storage"
	//
	Name ServiceName `json:"name"`

	//
	// array of public keys for key rotation
	//
	PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"`

	//
	// if present, then this service can provision tenants via this endpoint.
	//
	ProviderEndpoint string `json:"providerEndpoint,omitempty" rdl:"optional"`

	//
	// the timestamp when this entry was last modified
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// the path of the executable that runs the service
	//
	Executable string `json:"executable,omitempty" rdl:"optional"`

	//
	// list of host names that this service can run on
	//
	Hosts []string `json:"hosts,omitempty" rdl:"optional"`

	//
	// local (unix) user name this service can run as
	//
	User string `json:"user,omitempty" rdl:"optional"`

	//
	// local (unix) group name this service can run as
	//
	Group string `json:"group,omitempty" rdl:"optional"`
}

ServiceIdentity - The representation of the service identity object.

func NewServiceIdentity 

func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity

NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it

func (*ServiceIdentity) UnmarshalJSON 

func (self *ServiceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity

func (*ServiceIdentity) Validate 

func (self *ServiceIdentity) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentityList 

type ServiceIdentityList struct {

	//
	// list of service names
	//
	Names []EntityName `json:"names"`
}

ServiceIdentityList - The representation for an enumeration of services in the namespace.

func NewServiceIdentityList 

func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList

NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it

func (*ServiceIdentityList) Init 

func (self *ServiceIdentityList) Init() *ServiceIdentityList

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentityList) UnmarshalJSON 

func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList

func (*ServiceIdentityList) Validate 

func (self *ServiceIdentityList) Validate() error

Validate - checks for missing required fields, etc

type ServiceName 

type ServiceName string

ServiceName - A service name will generally be a unique subdomain.

type SignedPolicyData 

type SignedPolicyData struct {

	//
	// list of policies defined in a domain
	//
	PolicyData *PolicyData `json:"policyData"`

	//
	// zms signature generated based on the domain policies object
	//
	ZmsSignature string `json:"zmsSignature"`

	//
	// the identifier of the zms key used to generate the signature
	//
	ZmsKeyId string `json:"zmsKeyId"`

	//
	// when the domain itself was last modified
	//
	Modified rdl.Timestamp `json:"modified"`

	//
	// timestamp specifying the expiration time for using this set of policies
	//
	Expires rdl.Timestamp `json:"expires"`
}

SignedPolicyData - A representation of policies object defined in a given server.

func NewSignedPolicyData 

func NewSignedPolicyData(init ...*SignedPolicyData) *SignedPolicyData

NewSignedPolicyData - creates an initialized SignedPolicyData instance, returns a pointer to it

func (*SignedPolicyData) Init 

func (self *SignedPolicyData) Init() *SignedPolicyData

Init - sets up the instance according to its default field values, if any

func (*SignedPolicyData) UnmarshalJSON 

func (self *SignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyData

func (*SignedPolicyData) Validate 

func (self *SignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type SignedToken 

type SignedToken string

SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles

type SimpleName 

type SimpleName string

SimpleName - Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.

type Status added in v1.7.30 

type Status struct {

	//
	// status message code
	//
	Code int32 `json:"code"`

	//
	// status message of the server
	//
	Message string `json:"message"`
}

Status - The representation for a status object

func NewStatus added in v1.7.30 

func NewStatus(init ...*Status) *Status

NewStatus - creates an initialized Status instance, returns a pointer to it

func (*Status) UnmarshalJSON added in v1.7.30 

func (self *Status) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Status

func (*Status) Validate added in v1.7.30 

func (self *Status) Validate() error

Validate - checks for missing required fields, etc

type TenantDomains 

type TenantDomains struct {
	TenantDomainNames []DomainName `json:"tenantDomainNames"`
}

TenantDomains -

func NewTenantDomains 

func NewTenantDomains(init ...*TenantDomains) *TenantDomains

NewTenantDomains - creates an initialized TenantDomains instance, returns a pointer to it

func (*TenantDomains) Init 

func (self *TenantDomains) Init() *TenantDomains

Init - sets up the instance according to its default field values, if any

func (*TenantDomains) UnmarshalJSON 

func (self *TenantDomains) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantDomains

func (*TenantDomains) Validate 

func (self *TenantDomains) Validate() error

Validate - checks for missing required fields, etc

type YBase64 

type YBase64 string

YBase64 - The Y-specific URL-safe Base64 variant.

type YEncoded 

type YEncoded string

YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.

type ZTSClient 

type ZTSClient struct {
	URL         string
	Transport   http.RoundTripper
	CredsHeader *string
	CredsToken  *string
	Timeout     time.Duration
}

func NewClient 

func NewClient(url string, transport http.RoundTripper) ZTSClient

NewClient creates and returns a new HTTP client object for the ZTS service

func (*ZTSClient) AddCredentials 

func (client *ZTSClient) AddCredentials(header string, token string)

AddCredentials adds the credentials to the client for subsequent requests.

func (ZTSClient) DeleteInstanceIdentity added in v1.7.3 

func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) error

func (ZTSClient) GetAWSTemporaryCredentials 

func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName) (*AWSTemporaryCredentials, error)

func (ZTSClient) GetAccess 

func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)

func (ZTSClient) GetDomainSignedPolicyData 

func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)

func (ZTSClient) GetHostServices 

func (client ZTSClient) GetHostServices(host string) (*HostServices, error)

func (ZTSClient) GetPublicKeyEntry 

func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)

func (ZTSClient) GetResourceAccess added in v1.1.8 

func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetResourceAccessExt added in v1.1.8 

func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetRoleAccess 

func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)

func (ZTSClient) GetRoleToken 

func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, maxExpiryTime *int32, proxyForPrincipal EntityName) (*RoleToken, error)

func (ZTSClient) GetServiceIdentity 

func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)

func (ZTSClient) GetServiceIdentityList 

func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)

func (ZTSClient) GetStatus added in v1.7.30 

func (client ZTSClient) GetStatus() (*Status, error)

func (ZTSClient) GetTenantDomains 

func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, serviceName ServiceName) (*TenantDomains, error)

func (ZTSClient) PostDomainMetrics 

func (client ZTSClient) PostDomainMetrics(domainName DomainName, req *DomainMetrics) (*DomainMetrics, error)

func (ZTSClient) PostInstanceRefreshInformation added in v1.7.3 

func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement, info *InstanceRefreshInformation) (*InstanceIdentity, error)

func (ZTSClient) PostInstanceRefreshRequest 

func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)

func (ZTSClient) PostInstanceRegisterInformation added in v1.7.3 

func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)

func (ZTSClient) PostOSTKInstanceInformation added in v1.1.8 

func (client ZTSClient) PostOSTKInstanceInformation(info *OSTKInstanceInformation) (*Identity, error)

func (ZTSClient) PostOSTKInstanceRefreshRequest added in v1.1.8 

func (client ZTSClient) PostOSTKInstanceRefreshRequest(domain CompoundName, service SimpleName, req *OSTKInstanceRefreshRequest) (*Identity, error)

func (ZTSClient) PostRoleCertificateRequest 

func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)

Source Files

View all Source files

Directories

Path Synopsis
examples
get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
 Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.