Documentation ¶
Overview ¶
Package zts contains a client library to talk to Athenz ZTS.
Index ¶
- func ZTSSchema() *rdl.Schema
- type AWSArnRoleName
- type AWSRoleName
- type AWSRolePath
- type AWSRolePathElement
- type AWSTemporaryCredentials
- type Access
- type ActionName
- type Assertion
- type AssertionEffect
- type AuthorityName
- type CompoundName
- type DomainMetric
- type DomainMetricType
- type DomainMetrics
- type DomainName
- type DomainSignedPolicyData
- type EntityList
- type EntityName
- type HostServices
- type Identity
- type InstanceIdentity
- type InstanceRefreshInformation
- type InstanceRefreshRequest
- type InstanceRegisterInformation
- type OSTKInstanceInformation
- type OSTKInstanceRefreshRequest
- type PathElement
- type Policy
- type PolicyData
- type PublicKeyEntry
- type ResourceAccess
- type ResourceName
- type RoleAccess
- type RoleCertificateRequest
- type RoleToken
- type SSHCertRequest
- type SSHCertRequestData
- type SSHCertRequestMeta
- type SSHCertificate
- type SSHCertificates
- type ServiceIdentity
- type ServiceIdentityList
- type ServiceName
- type SignedPolicyData
- type SignedToken
- type SimpleName
- type Status
- type TenantDomains
- type YBase64
- type YEncoded
- type ZTSClient
- func (client *ZTSClient) AddCredentials(header string, token string)
- func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, ...) error
- func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, ...) (*AWSTemporaryCredentials, error)
- func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)
- func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)
- func (client ZTSClient) GetHostServices(host string) (*HostServices, error)
- func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)
- func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, ...) (*ResourceAccess, error)
- func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, ...) (*ResourceAccess, error)
- func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)
- func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, ...) (*RoleToken, error)
- func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)
- func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)
- func (client ZTSClient) GetStatus() (*Status, error)
- func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, ...) (*TenantDomains, error)
- func (client ZTSClient) PostDomainMetrics(domainName DomainName, req *DomainMetrics) (*DomainMetrics, error)
- func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, ...) (*InstanceIdentity, error)
- func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)
- func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)
- func (client ZTSClient) PostOSTKInstanceInformation(info *OSTKInstanceInformation) (*Identity, error)
- func (client ZTSClient) PostOSTKInstanceRefreshRequest(domain CompoundName, service SimpleName, req *OSTKInstanceRefreshRequest) (*Identity, error)
- func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)
- func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AWSArnRoleName ¶ added in v1.7.33
type AWSArnRoleName string
AWSArnRoleName - AWS full role name with path
type AWSRoleName ¶ added in v1.7.33
type AWSRoleName string
AWSRoleName - AWS role name without the path
type AWSRolePathElement ¶ added in v1.7.33
type AWSRolePathElement string
AWSRolePathElement - AWS role path single element
type AWSTemporaryCredentials ¶
type AWSTemporaryCredentials struct { AccessKeyId string `json:"accessKeyId"` SecretAccessKey string `json:"secretAccessKey"` SessionToken string `json:"sessionToken"` Expiration rdl.Timestamp `json:"expiration"` }
AWSTemporaryCredentials -
func NewAWSTemporaryCredentials ¶
func NewAWSTemporaryCredentials(init ...*AWSTemporaryCredentials) *AWSTemporaryCredentials
NewAWSTemporaryCredentials - creates an initialized AWSTemporaryCredentials instance, returns a pointer to it
func (*AWSTemporaryCredentials) UnmarshalJSON ¶
func (self *AWSTemporaryCredentials) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AWSTemporaryCredentials
func (*AWSTemporaryCredentials) Validate ¶
func (self *AWSTemporaryCredentials) Validate() error
Validate - checks for missing required fields, etc
type Access ¶
type Access struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
Access - Access can be checked and returned as this resource.
func (*Access) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Access
type Assertion ¶
type Assertion struct { // // the subject of the assertion, a role // Role string `json:"role"` // // the object of the assertion. Must be in the local namespace. Can contain // wildcards // Resource string `json:"resource"` // // the predicate of the assertion. Can contain wildcards // Action string `json:"action"` // // the effect of the assertion in the policy language // Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"` // // assertion id - auto generated by server // Id *int64 `json:"id,omitempty" rdl:"optional"` }
Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.
func NewAssertion ¶
NewAssertion - creates an initialized Assertion instance, returns a pointer to it
func (*Assertion) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Assertion
type AssertionEffect ¶
type AssertionEffect int
AssertionEffect - Every assertion can have the effect of ALLOW or DENY.
const ( ALLOW AssertionEffect DENY )
AssertionEffect constants
func NewAssertionEffect ¶
func NewAssertionEffect(init ...interface{}) AssertionEffect
NewAssertionEffect - return a string representation of the enum
func (AssertionEffect) MarshalJSON ¶
func (e AssertionEffect) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a AssertionEffect
func (AssertionEffect) String ¶
func (e AssertionEffect) String() string
String - return a string representation of the enum
func (AssertionEffect) SymbolSet ¶
func (e AssertionEffect) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*AssertionEffect) UnmarshalJSON ¶
func (e *AssertionEffect) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect
type AuthorityName ¶
type AuthorityName string
AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.
type CompoundName ¶
type CompoundName string
CompoundName - A compound name. Most names in this API are compound names.
type DomainMetric ¶
type DomainMetric struct { MetricType DomainMetricType `json:"metricType"` MetricVal int32 `json:"metricVal"` }
DomainMetric -
func NewDomainMetric ¶
func NewDomainMetric(init ...*DomainMetric) *DomainMetric
NewDomainMetric - creates an initialized DomainMetric instance, returns a pointer to it
func (*DomainMetric) UnmarshalJSON ¶
func (self *DomainMetric) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetric
func (*DomainMetric) Validate ¶
func (self *DomainMetric) Validate() error
Validate - checks for missing required fields, etc
type DomainMetricType ¶
type DomainMetricType int
DomainMetricType - zpe metric attributes
const ( ACCESS_ALLOWED DomainMetricType ACCESS_ALLOWED_DENY ACCESS_ALLOWED_DENY_NO_MATCH ACCESS_ALLOWED_ALLOW ACCESS_ALLOWED_ERROR ACCESS_ALLOWED_TOKEN_INVALID ACCESS_Allowed_TOKEN_EXPIRED ACCESS_ALLOWED_DOMAIN_NOT_FOUND ACCESS_ALLOWED_DOMAIN_MISMATCH ACCESS_ALLOWED_DOMAIN_EXPIRED ACCESS_ALLOWED_DOMAIN_EMPTY ACCESS_ALLOWED_TOKEN_CACHE_FAILURE ACCESS_ALLOWED_TOKEN_CACHE_NOT_FOUND ACCESS_ALLOWED_TOKEN_CACHE_SUCCESS ACCESS_ALLOWED_TOKEN_VALIDATE LOAD_FILE_FAIL LOAD_FILE_GOOD LOAD_DOMAIN_GOOD )
DomainMetricType constants
func NewDomainMetricType ¶
func NewDomainMetricType(init ...interface{}) DomainMetricType
NewDomainMetricType - return a string representation of the enum
func (DomainMetricType) MarshalJSON ¶
func (e DomainMetricType) MarshalJSON() ([]byte, error)
MarshalJSON is defined for proper JSON encoding of a DomainMetricType
func (DomainMetricType) String ¶
func (e DomainMetricType) String() string
String - return a string representation of the enum
func (DomainMetricType) SymbolSet ¶
func (e DomainMetricType) SymbolSet() []string
SymbolSet - return an array of all valid string representations (symbols) of the enum
func (*DomainMetricType) UnmarshalJSON ¶
func (e *DomainMetricType) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetricType
type DomainMetrics ¶
type DomainMetrics struct { // // name of the domain the metrics pertain to // DomainName DomainName `json:"domainName"` // // list of the domains metrics // MetricList []*DomainMetric `json:"metricList"` }
DomainMetrics -
func NewDomainMetrics ¶
func NewDomainMetrics(init ...*DomainMetrics) *DomainMetrics
NewDomainMetrics - creates an initialized DomainMetrics instance, returns a pointer to it
func (*DomainMetrics) Init ¶
func (self *DomainMetrics) Init() *DomainMetrics
Init - sets up the instance according to its default field values, if any
func (*DomainMetrics) UnmarshalJSON ¶
func (self *DomainMetrics) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainMetrics
func (*DomainMetrics) Validate ¶
func (self *DomainMetrics) Validate() error
Validate - checks for missing required fields, etc
type DomainName ¶
type DomainName string
DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.
type DomainSignedPolicyData ¶
type DomainSignedPolicyData struct { // // policy data signed by ZMS // SignedPolicyData *SignedPolicyData `json:"signedPolicyData"` // // signature generated based on the domain policies object // Signature string `json:"signature"` // // the identifier of the key used to generate the signature // KeyId string `json:"keyId"` }
DomainSignedPolicyData - A signed bulk transfer of policies. The data is signed with server's private key.
func NewDomainSignedPolicyData ¶
func NewDomainSignedPolicyData(init ...*DomainSignedPolicyData) *DomainSignedPolicyData
NewDomainSignedPolicyData - creates an initialized DomainSignedPolicyData instance, returns a pointer to it
func (*DomainSignedPolicyData) Init ¶
func (self *DomainSignedPolicyData) Init() *DomainSignedPolicyData
Init - sets up the instance according to its default field values, if any
func (*DomainSignedPolicyData) UnmarshalJSON ¶
func (self *DomainSignedPolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a DomainSignedPolicyData
func (*DomainSignedPolicyData) Validate ¶
func (self *DomainSignedPolicyData) Validate() error
Validate - checks for missing required fields, etc
type EntityList ¶ added in v1.7.30
type EntityList string
EntityList - An Entity list is comma separated compound Names
type EntityName ¶
type EntityName string
EntityName - An entity name is a short form of a resource name, including only the domain and entity.
type HostServices ¶
type HostServices struct { // // name of the host // Host string `json:"host"` // // list of service names authorized to run on this host // Names []EntityName `json:"names"` }
HostServices - The representation for an enumeration of services authorized to run on a specific host.
func NewHostServices ¶
func NewHostServices(init ...*HostServices) *HostServices
NewHostServices - creates an initialized HostServices instance, returns a pointer to it
func (*HostServices) Init ¶
func (self *HostServices) Init() *HostServices
Init - sets up the instance according to its default field values, if any
func (*HostServices) UnmarshalJSON ¶
func (self *HostServices) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a HostServices
func (*HostServices) Validate ¶
func (self *HostServices) Validate() error
Validate - checks for missing required fields, etc
type Identity ¶
type Identity struct { // // name of the identity, fully qualified, i.e. my.domain.service1, or // aws.1232321321312.myusername // Name CompoundName `json:"name"` // // a certificate usable for both client and server in TLS connections // Certificate string `json:"certificate,omitempty" rdl:"optional"` // // the CA certificate chain to use with all IMS-generated certs // CaCertBundle string `json:"caCertBundle,omitempty" rdl:"optional"` // // the SSH certificate, signed by the CA (user or host) // SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"` // // the SSH CA's public key for the sshCertificate (user or host) // SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"` // // service token instead of TLS certificate // ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"` // // other config-like attributes determined at boot time // Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"` }
Identity - Identity - a signed assertion of service or human identity, the response could be either a client certificate or just a regular NToken (depending if the request contained a csr or not).
func NewIdentity ¶
NewIdentity - creates an initialized Identity instance, returns a pointer to it
func (*Identity) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Identity
type InstanceIdentity ¶ added in v1.7.3
type InstanceIdentity struct { // // the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1") // Provider ServiceName `json:"provider"` // // name of the identity, fully qualified, i.e. my.domain.service1 // Name ServiceName `json:"name"` // // unique instance id within provider's namespace // InstanceId PathElement `json:"instanceId"` // // an X.509 certificate usable for both client and server in TLS connections // X509Certificate string `json:"x509Certificate,omitempty" rdl:"optional"` // // the CA certificate chain to verify all generated X.509 certs // X509CertificateSigner string `json:"x509CertificateSigner,omitempty" rdl:"optional"` // // the SSH certificate, signed by the CA (user or host) // SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"` // // the SSH CA's public key for the sshCertificate (user or host) // SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"` // // service token instead of TLS certificate // ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"` // // other config-like attributes determined at boot time // Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"` }
InstanceIdentity -
func NewInstanceIdentity ¶ added in v1.7.3
func NewInstanceIdentity(init ...*InstanceIdentity) *InstanceIdentity
NewInstanceIdentity - creates an initialized InstanceIdentity instance, returns a pointer to it
func (*InstanceIdentity) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceIdentity
func (*InstanceIdentity) Validate ¶ added in v1.7.3
func (self *InstanceIdentity) Validate() error
Validate - checks for missing required fields, etc
type InstanceRefreshInformation ¶ added in v1.7.3
type InstanceRefreshInformation struct { // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData,omitempty" rdl:"optional"` // // the Certificate Signing Request for the expected X.509 certificate in the // response // Csr string `json:"csr,omitempty" rdl:"optional"` // // if present, return an SSH host certificate. Format is JSON. // Ssh string `json:"ssh,omitempty" rdl:"optional"` // // if true, return a service token signed by ZTS for this service // Token *bool `json:"token,omitempty" rdl:"optional"` // // expiry time in minutes for the certificate (server enforces max expiry) // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // optional hostname in case included in the csr SAN dnsName attribute // Hostname DomainName `json:"hostname,omitempty" rdl:"optional"` }
InstanceRefreshInformation -
func NewInstanceRefreshInformation ¶ added in v1.7.3
func NewInstanceRefreshInformation(init ...*InstanceRefreshInformation) *InstanceRefreshInformation
NewInstanceRefreshInformation - creates an initialized InstanceRefreshInformation instance, returns a pointer to it
func (*InstanceRefreshInformation) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceRefreshInformation) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshInformation
func (*InstanceRefreshInformation) Validate ¶ added in v1.7.3
func (self *InstanceRefreshInformation) Validate() error
Validate - checks for missing required fields, etc
type InstanceRefreshRequest ¶
type InstanceRefreshRequest struct { // // Cert CSR signed by the service's private key (public key registered in ZMS) // Csr string `json:"csr"` // // in minutes how long token should be valid for // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // public key identifier // KeyId string `json:"keyId,omitempty" rdl:"optional"` }
InstanceRefreshRequest - InstanceRefreshRequest - a certificate refresh request
func NewInstanceRefreshRequest ¶
func NewInstanceRefreshRequest(init ...*InstanceRefreshRequest) *InstanceRefreshRequest
NewInstanceRefreshRequest - creates an initialized InstanceRefreshRequest instance, returns a pointer to it
func (*InstanceRefreshRequest) UnmarshalJSON ¶
func (self *InstanceRefreshRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshRequest
func (*InstanceRefreshRequest) Validate ¶
func (self *InstanceRefreshRequest) Validate() error
Validate - checks for missing required fields, etc
type InstanceRegisterInformation ¶ added in v1.7.3
type InstanceRegisterInformation struct { // // the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1") // Provider ServiceName `json:"provider"` // // the domain of the instance // Domain DomainName `json:"domain"` // // the service this instance is supposed to run // Service SimpleName `json:"service"` // // identity attestation data including document with its signature containing // attributes like IP address, instance-id, account#, etc. // AttestationData string `json:"attestationData"` // // the Certificate Signing Request for the expected X.509 certificate in the // response // Csr string `json:"csr"` // // if present, return an SSH host certificate. Format is JSON. // Ssh string `json:"ssh,omitempty" rdl:"optional"` // // if true, return a service token signed by ZTS for this service // Token *bool `json:"token,omitempty" rdl:"optional"` // // expiry time in minutes for the certificate (server enforces max expiry) // ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"` // // optional hostname in case included in the csr SAN dnsName attribute // Hostname DomainName `json:"hostname,omitempty" rdl:"optional"` }
InstanceRegisterInformation -
func NewInstanceRegisterInformation ¶ added in v1.7.3
func NewInstanceRegisterInformation(init ...*InstanceRegisterInformation) *InstanceRegisterInformation
NewInstanceRegisterInformation - creates an initialized InstanceRegisterInformation instance, returns a pointer to it
func (*InstanceRegisterInformation) UnmarshalJSON ¶ added in v1.7.3
func (self *InstanceRegisterInformation) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterInformation
func (*InstanceRegisterInformation) Validate ¶ added in v1.7.3
func (self *InstanceRegisterInformation) Validate() error
Validate - checks for missing required fields, etc
type OSTKInstanceInformation ¶ added in v1.1.8
type OSTKInstanceInformation struct { // // signed document containing attributes like IP address, instance-id, // account#, etc. // Document string `json:"document"` // // the signature for the document // Signature string `json:"signature"` // // the keyid used to sign the document // KeyId string `json:"keyId"` // // the domain of the instance // Domain CompoundName `json:"domain"` // // the service this instance is supposed to run // Service SimpleName `json:"service"` // // return a certificate in the response // Csr string `json:"csr"` }
OSTKInstanceInformation - Instance object that includes requested service details plus host document that is signed by Openstack as part of the host bootstrap process
func NewOSTKInstanceInformation ¶ added in v1.1.8
func NewOSTKInstanceInformation(init ...*OSTKInstanceInformation) *OSTKInstanceInformation
NewOSTKInstanceInformation - creates an initialized OSTKInstanceInformation instance, returns a pointer to it
func (*OSTKInstanceInformation) UnmarshalJSON ¶ added in v1.1.8
func (self *OSTKInstanceInformation) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceInformation
func (*OSTKInstanceInformation) Validate ¶ added in v1.1.8
func (self *OSTKInstanceInformation) Validate() error
Validate - checks for missing required fields, etc
type OSTKInstanceRefreshRequest ¶ added in v1.1.8
type OSTKInstanceRefreshRequest struct { // // request an X.509 certificate // Csr string `json:"csr,omitempty" rdl:"optional"` }
OSTKInstanceRefreshRequest - OSTKCertificateRequest - a certificate signing request
func NewOSTKInstanceRefreshRequest ¶ added in v1.1.8
func NewOSTKInstanceRefreshRequest(init ...*OSTKInstanceRefreshRequest) *OSTKInstanceRefreshRequest
NewOSTKInstanceRefreshRequest - creates an initialized OSTKInstanceRefreshRequest instance, returns a pointer to it
func (*OSTKInstanceRefreshRequest) UnmarshalJSON ¶ added in v1.1.8
func (self *OSTKInstanceRefreshRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceRefreshRequest
func (*OSTKInstanceRefreshRequest) Validate ¶ added in v1.1.8
func (self *OSTKInstanceRefreshRequest) Validate() error
Validate - checks for missing required fields, etc
type Policy ¶
type Policy struct { // // name of the policy // Name ResourceName `json:"name"` // // last modification timestamp of this policy // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // list of defined assertions for this policy // Assertions []*Assertion `json:"assertions"` }
Policy - The representation for a Policy with set of assertions.
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a Policy
type PolicyData ¶
type PolicyData struct { // // name of the domain // Domain DomainName `json:"domain"` // // list of policies defined in this server // Policies []*Policy `json:"policies"` }
PolicyData -
func NewPolicyData ¶
func NewPolicyData(init ...*PolicyData) *PolicyData
NewPolicyData - creates an initialized PolicyData instance, returns a pointer to it
func (*PolicyData) Init ¶
func (self *PolicyData) Init() *PolicyData
Init - sets up the instance according to its default field values, if any
func (*PolicyData) UnmarshalJSON ¶
func (self *PolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PolicyData
func (*PolicyData) Validate ¶
func (self *PolicyData) Validate() error
Validate - checks for missing required fields, etc
type PublicKeyEntry ¶
type PublicKeyEntry struct { // // the public key for the service // Key string `json:"key"` // // the key identifier (version or zone name) // Id string `json:"id"` }
PublicKeyEntry - The representation of the public key in a service identity object.
func NewPublicKeyEntry ¶
func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry
NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it
func (*PublicKeyEntry) UnmarshalJSON ¶
func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry
func (*PublicKeyEntry) Validate ¶
func (self *PublicKeyEntry) Validate() error
Validate - checks for missing required fields, etc
type ResourceAccess ¶ added in v1.1.8
type ResourceAccess struct { // // true (allowed) or false (denied) // Granted bool `json:"granted"` }
ResourceAccess - ResourceAccess can be checked and returned as this resource. (same as ZMS.Access)
func NewResourceAccess ¶ added in v1.1.8
func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess
NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it
func (*ResourceAccess) UnmarshalJSON ¶ added in v1.1.8
func (self *ResourceAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess
func (*ResourceAccess) Validate ¶ added in v1.1.8
func (self *ResourceAccess) Validate() error
Validate - checks for missing required fields, etc
type ResourceName ¶
type ResourceName string
ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.
type RoleAccess ¶
type RoleAccess struct {
Roles []EntityName `json:"roles"`
}
RoleAccess -
func NewRoleAccess ¶
func NewRoleAccess(init ...*RoleAccess) *RoleAccess
NewRoleAccess - creates an initialized RoleAccess instance, returns a pointer to it
func (*RoleAccess) Init ¶
func (self *RoleAccess) Init() *RoleAccess
Init - sets up the instance according to its default field values, if any
func (*RoleAccess) UnmarshalJSON ¶
func (self *RoleAccess) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleAccess
func (*RoleAccess) Validate ¶
func (self *RoleAccess) Validate() error
Validate - checks for missing required fields, etc
type RoleCertificateRequest ¶
RoleCertificateRequest - RoleCertificateRequest - a certificate signing request
func NewRoleCertificateRequest ¶
func NewRoleCertificateRequest(init ...*RoleCertificateRequest) *RoleCertificateRequest
NewRoleCertificateRequest - creates an initialized RoleCertificateRequest instance, returns a pointer to it
func (*RoleCertificateRequest) UnmarshalJSON ¶
func (self *RoleCertificateRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a RoleCertificateRequest
func (*RoleCertificateRequest) Validate ¶
func (self *RoleCertificateRequest) Validate() error
Validate - checks for missing required fields, etc
type RoleToken ¶
RoleToken - A representation of a signed RoleToken
func NewRoleToken ¶
NewRoleToken - creates an initialized RoleToken instance, returns a pointer to it
func (*RoleToken) UnmarshalJSON ¶
UnmarshalJSON is defined for proper JSON decoding of a RoleToken
type SSHCertRequest ¶ added in v1.7.53
type SSHCertRequest struct { // // ssh certificate request data // CertRequestData *SSHCertRequestData `json:"certRequestData"` // // ssh certificate request meta // CertRequestMeta *SSHCertRequestMeta `json:"certRequestMeta"` // // free-form csr if not using data/meta fields. // Csr string `json:"csr,omitempty" rdl:"optional"` }
SSHCertRequest -
func NewSSHCertRequest ¶ added in v1.7.53
func NewSSHCertRequest(init ...*SSHCertRequest) *SSHCertRequest
NewSSHCertRequest - creates an initialized SSHCertRequest instance, returns a pointer to it
func (*SSHCertRequest) Init ¶ added in v1.7.53
func (self *SSHCertRequest) Init() *SSHCertRequest
Init - sets up the instance according to its default field values, if any
func (*SSHCertRequest) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequest) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequest
func (*SSHCertRequest) Validate ¶ added in v1.7.53
func (self *SSHCertRequest) Validate() error
Validate - checks for missing required fields, etc
type SSHCertRequestData ¶ added in v1.7.53
type SSHCertRequestData struct { // // principals in the ssh certificate (usually only one) // Principals []string `json:"principals"` // // source FQDNs or ip addresses // Sources []string `json:"sources,omitempty" rdl:"optional"` // // destination FQDNs or ip addresses // Destinations []string `json:"destinations,omitempty" rdl:"optional"` // // public key for ssh certificate // PublicKey string `json:"publicKey,omitempty" rdl:"optional"` // // yubikey/touch public key for ssh certificate // TouchPublicKey string `json:"touchPublicKey,omitempty" rdl:"optional"` }
SSHCertRequestData -
func NewSSHCertRequestData ¶ added in v1.7.53
func NewSSHCertRequestData(init ...*SSHCertRequestData) *SSHCertRequestData
NewSSHCertRequestData - creates an initialized SSHCertRequestData instance, returns a pointer to it
func (*SSHCertRequestData) Init ¶ added in v1.7.53
func (self *SSHCertRequestData) Init() *SSHCertRequestData
Init - sets up the instance according to its default field values, if any
func (*SSHCertRequestData) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequestData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestData
func (*SSHCertRequestData) Validate ¶ added in v1.7.53
func (self *SSHCertRequestData) Validate() error
Validate - checks for missing required fields, etc
type SSHCertRequestMeta ¶ added in v1.7.53
type SSHCertRequestMeta struct { // // requesting user // Requestor string `json:"requestor"` // // origin FQDN or ip // Origin string `json:"origin"` // // client info // ClientInfo string `json:"clientInfo,omitempty" rdl:"optional"` // // ssh client version // SshClientVersion string `json:"sshClientVersion,omitempty" rdl:"optional"` // // cert type - user or host // CertType string `json:"certType"` }
SSHCertRequestMeta -
func NewSSHCertRequestMeta ¶ added in v1.7.53
func NewSSHCertRequestMeta(init ...*SSHCertRequestMeta) *SSHCertRequestMeta
NewSSHCertRequestMeta - creates an initialized SSHCertRequestMeta instance, returns a pointer to it
func (*SSHCertRequestMeta) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertRequestMeta) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestMeta
func (*SSHCertRequestMeta) Validate ¶ added in v1.7.53
func (self *SSHCertRequestMeta) Validate() error
Validate - checks for missing required fields, etc
type SSHCertificate ¶ added in v1.7.53
type SSHCertificate struct { // // the SSH certificate, signed by the CA // Certificate string `json:"certificate"` // // certificate public key if generated by SSH RA // PublicKey string `json:"publicKey,omitempty" rdl:"optional"` // // certificate private key if generated by SSH Agent // PrivateKey string `json:"privateKey,omitempty" rdl:"optional"` }
SSHCertificate -
func NewSSHCertificate ¶ added in v1.7.53
func NewSSHCertificate(init ...*SSHCertificate) *SSHCertificate
NewSSHCertificate - creates an initialized SSHCertificate instance, returns a pointer to it
func (*SSHCertificate) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertificate) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertificate
func (*SSHCertificate) Validate ¶ added in v1.7.53
func (self *SSHCertificate) Validate() error
Validate - checks for missing required fields, etc
type SSHCertificates ¶ added in v1.7.53
type SSHCertificates struct { // // set of user ssh certificates // Certificates []*SSHCertificate `json:"certificates"` // // the SSH CA's public key for the sshCertificate (user or host) // CertificateSigner string `json:"certificateSigner,omitempty" rdl:"optional"` }
SSHCertificates -
func NewSSHCertificates ¶ added in v1.7.53
func NewSSHCertificates(init ...*SSHCertificates) *SSHCertificates
NewSSHCertificates - creates an initialized SSHCertificates instance, returns a pointer to it
func (*SSHCertificates) Init ¶ added in v1.7.53
func (self *SSHCertificates) Init() *SSHCertificates
Init - sets up the instance according to its default field values, if any
func (*SSHCertificates) UnmarshalJSON ¶ added in v1.7.53
func (self *SSHCertificates) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SSHCertificates
func (*SSHCertificates) Validate ¶ added in v1.7.53
func (self *SSHCertificates) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentity ¶
type ServiceIdentity struct { // // the full name of the service, i.e. "sports.storage" // Name ServiceName `json:"name"` // // array of public keys for key rotation // PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"` // // if present, then this service can provision tenants via this endpoint. // ProviderEndpoint string `json:"providerEndpoint,omitempty" rdl:"optional"` // // the timestamp when this entry was last modified // Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"` // // the path of the executable that runs the service // Executable string `json:"executable,omitempty" rdl:"optional"` // // list of host names that this service can run on // Hosts []string `json:"hosts,omitempty" rdl:"optional"` // // local (unix) user name this service can run as // User string `json:"user,omitempty" rdl:"optional"` // // local (unix) group name this service can run as // Group string `json:"group,omitempty" rdl:"optional"` }
ServiceIdentity - The representation of the service identity object.
func NewServiceIdentity ¶
func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity
NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it
func (*ServiceIdentity) UnmarshalJSON ¶
func (self *ServiceIdentity) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity
func (*ServiceIdentity) Validate ¶
func (self *ServiceIdentity) Validate() error
Validate - checks for missing required fields, etc
type ServiceIdentityList ¶
type ServiceIdentityList struct { // // list of service names // Names []EntityName `json:"names"` }
ServiceIdentityList - The representation for an enumeration of services in the namespace.
func NewServiceIdentityList ¶
func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList
NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it
func (*ServiceIdentityList) Init ¶
func (self *ServiceIdentityList) Init() *ServiceIdentityList
Init - sets up the instance according to its default field values, if any
func (*ServiceIdentityList) UnmarshalJSON ¶
func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList
func (*ServiceIdentityList) Validate ¶
func (self *ServiceIdentityList) Validate() error
Validate - checks for missing required fields, etc
type ServiceName ¶
type ServiceName string
ServiceName - A service name will generally be a unique subdomain.
type SignedPolicyData ¶
type SignedPolicyData struct { // // list of policies defined in a domain // PolicyData *PolicyData `json:"policyData"` // // zms signature generated based on the domain policies object // ZmsSignature string `json:"zmsSignature"` // // the identifier of the zms key used to generate the signature // ZmsKeyId string `json:"zmsKeyId"` // // when the domain itself was last modified // Modified rdl.Timestamp `json:"modified"` // // timestamp specifying the expiration time for using this set of policies // Expires rdl.Timestamp `json:"expires"` }
SignedPolicyData - A representation of policies object defined in a given server.
func NewSignedPolicyData ¶
func NewSignedPolicyData(init ...*SignedPolicyData) *SignedPolicyData
NewSignedPolicyData - creates an initialized SignedPolicyData instance, returns a pointer to it
func (*SignedPolicyData) Init ¶
func (self *SignedPolicyData) Init() *SignedPolicyData
Init - sets up the instance according to its default field values, if any
func (*SignedPolicyData) UnmarshalJSON ¶
func (self *SignedPolicyData) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyData
func (*SignedPolicyData) Validate ¶
func (self *SignedPolicyData) Validate() error
Validate - checks for missing required fields, etc
type SignedToken ¶
type SignedToken string
SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles
type SimpleName ¶
type SimpleName string
SimpleName - Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.
type Status ¶ added in v1.7.30
type Status struct { // // status message code // Code int32 `json:"code"` // // status message of the server // Message string `json:"message"` }
Status - The representation for a status object
func NewStatus ¶ added in v1.7.30
NewStatus - creates an initialized Status instance, returns a pointer to it
func (*Status) UnmarshalJSON ¶ added in v1.7.30
UnmarshalJSON is defined for proper JSON decoding of a Status
type TenantDomains ¶
type TenantDomains struct {
TenantDomainNames []DomainName `json:"tenantDomainNames"`
}
TenantDomains -
func NewTenantDomains ¶
func NewTenantDomains(init ...*TenantDomains) *TenantDomains
NewTenantDomains - creates an initialized TenantDomains instance, returns a pointer to it
func (*TenantDomains) Init ¶
func (self *TenantDomains) Init() *TenantDomains
Init - sets up the instance according to its default field values, if any
func (*TenantDomains) UnmarshalJSON ¶
func (self *TenantDomains) UnmarshalJSON(b []byte) error
UnmarshalJSON is defined for proper JSON decoding of a TenantDomains
func (*TenantDomains) Validate ¶
func (self *TenantDomains) Validate() error
Validate - checks for missing required fields, etc
type YEncoded ¶
type YEncoded string
YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.
type ZTSClient ¶
type ZTSClient struct { URL string Transport http.RoundTripper CredsHeader *string CredsToken *string Timeout time.Duration }
func NewClient ¶
func NewClient(url string, transport http.RoundTripper) ZTSClient
NewClient creates and returns a new HTTP client object for the ZTS service
func (*ZTSClient) AddCredentials ¶
AddCredentials adds the credentials to the client for subsequent requests.
func (ZTSClient) DeleteInstanceIdentity ¶ added in v1.7.3
func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) error
func (ZTSClient) GetAWSTemporaryCredentials ¶
func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, externalId string) (*AWSTemporaryCredentials, error)
func (ZTSClient) GetAccess ¶
func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)
func (ZTSClient) GetDomainSignedPolicyData ¶
func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)
func (ZTSClient) GetHostServices ¶
func (client ZTSClient) GetHostServices(host string) (*HostServices, error)
func (ZTSClient) GetPublicKeyEntry ¶
func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)
func (ZTSClient) GetResourceAccess ¶ added in v1.1.8
func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)
func (ZTSClient) GetResourceAccessExt ¶ added in v1.1.8
func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)
func (ZTSClient) GetRoleAccess ¶
func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)
func (ZTSClient) GetRoleToken ¶
func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, maxExpiryTime *int32, proxyForPrincipal EntityName) (*RoleToken, error)
func (ZTSClient) GetServiceIdentity ¶
func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)
func (ZTSClient) GetServiceIdentityList ¶
func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)
func (ZTSClient) GetTenantDomains ¶
func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, serviceName ServiceName) (*TenantDomains, error)
func (ZTSClient) PostDomainMetrics ¶
func (client ZTSClient) PostDomainMetrics(domainName DomainName, req *DomainMetrics) (*DomainMetrics, error)
func (ZTSClient) PostInstanceRefreshInformation ¶ added in v1.7.3
func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement, info *InstanceRefreshInformation) (*InstanceIdentity, error)
func (ZTSClient) PostInstanceRefreshRequest ¶
func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)
func (ZTSClient) PostInstanceRegisterInformation ¶ added in v1.7.3
func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)
func (ZTSClient) PostOSTKInstanceInformation ¶ added in v1.1.8
func (client ZTSClient) PostOSTKInstanceInformation(info *OSTKInstanceInformation) (*Identity, error)
func (ZTSClient) PostOSTKInstanceRefreshRequest ¶ added in v1.1.8
func (client ZTSClient) PostOSTKInstanceRefreshRequest(domain CompoundName, service SimpleName, req *OSTKInstanceRefreshRequest) (*Identity, error)
func (ZTSClient) PostRoleCertificateRequest ¶
func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)
func (ZTSClient) PostSSHCertRequest ¶ added in v1.7.53
func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
|
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token. |