zts

package
v1.8.19 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 15, 2019 License: Apache-2.0 Imports: 12 Imported by: 0

README

zts-go-client

A Go client library to talk to Athenz ZTS.

The model.go and client.go files are generated from zts_core, and checked in so users of this library need not know that.

Release Notes:

Version 1.0 (2016-09-06)
 - Initial opensource release

## Usage

To get it into your workspace:

    go get github.com/yahoo/athenz/clients/go/zts

Then in your Go code:

    import (
        zts "github.com/yahoo/athenz/clients/go/zts"
    )
    func main() {
         var principal rdl.Principal /* NToken */
         ...
         client := zts.NewClient()
         client.AddCredentials(principal.GetHTTPHeaderName(), principal.GetCredentials())
         svc, err := client.GetServiceIdentity("athenz", "storage")
         ...
    }

## License

Copyright 2016 Yahoo Inc.

Licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)

Documentation

Overview

Package zts contains a client library to talk to Athenz ZTS.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ZTSSchema

func ZTSSchema() *rdl.Schema

Types

type AWSArnRoleName added in v1.7.33

type AWSArnRoleName string

AWSArnRoleName - AWS full role name with path

type AWSRoleName added in v1.7.33

type AWSRoleName string

AWSRoleName - AWS role name without the path

type AWSRolePath added in v1.7.34

type AWSRolePath string

AWSRolePath - AWS role path

type AWSRolePathElement added in v1.7.33

type AWSRolePathElement string

AWSRolePathElement - AWS role path single element

type AWSTemporaryCredentials

type AWSTemporaryCredentials struct {
	AccessKeyId     string        `json:"accessKeyId"`
	SecretAccessKey string        `json:"secretAccessKey"`
	SessionToken    string        `json:"sessionToken"`
	Expiration      rdl.Timestamp `json:"expiration"`
}

AWSTemporaryCredentials -

func NewAWSTemporaryCredentials

func NewAWSTemporaryCredentials(init ...*AWSTemporaryCredentials) *AWSTemporaryCredentials

NewAWSTemporaryCredentials - creates an initialized AWSTemporaryCredentials instance, returns a pointer to it

func (*AWSTemporaryCredentials) UnmarshalJSON

func (self *AWSTemporaryCredentials) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AWSTemporaryCredentials

func (*AWSTemporaryCredentials) Validate

func (self *AWSTemporaryCredentials) Validate() error

Validate - checks for missing required fields, etc

type Access

type Access struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

Access - Access can be checked and returned as this resource.

func NewAccess

func NewAccess(init ...*Access) *Access

NewAccess - creates an initialized Access instance, returns a pointer to it

func (*Access) UnmarshalJSON

func (self *Access) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Access

func (*Access) Validate

func (self *Access) Validate() error

Validate - checks for missing required fields, etc

type AccessTokenRequest added in v1.8.18

type AccessTokenRequest string

AccessTokenRequest -

type AccessTokenResponse added in v1.8.18

type AccessTokenResponse struct {

	//
	// access token
	//
	Access_token string `json:"access_token"`

	//
	// token type e.g. Bearer
	//
	Token_type string `json:"token_type"`

	//
	// expiration in seconds
	//
	Expires_in *int32 `json:"expires_in,omitempty" rdl:"optional"`

	//
	// scope of the access token e.g. openid
	//
	Scope string `json:"scope,omitempty" rdl:"optional"`

	//
	// refresh token
	//
	Refresh_token string `json:"refresh_token,omitempty" rdl:"optional"`

	//
	// id token
	//
	Id_token string `json:"id_token,omitempty" rdl:"optional"`
}

AccessTokenResponse -

func NewAccessTokenResponse added in v1.8.18

func NewAccessTokenResponse(init ...*AccessTokenResponse) *AccessTokenResponse

NewAccessTokenResponse - creates an initialized AccessTokenResponse instance, returns a pointer to it

func (*AccessTokenResponse) UnmarshalJSON added in v1.8.18

func (self *AccessTokenResponse) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AccessTokenResponse

func (*AccessTokenResponse) Validate added in v1.8.18

func (self *AccessTokenResponse) Validate() error

Validate - checks for missing required fields, etc

type ActionName

type ActionName string

ActionName - An action (operation) name.

type Assertion

type Assertion struct {

	//
	// the subject of the assertion, a role
	//
	Role string `json:"role"`

	//
	// the object of the assertion. Must be in the local namespace. Can contain
	// wildcards
	//
	Resource string `json:"resource"`

	//
	// the predicate of the assertion. Can contain wildcards
	//
	Action string `json:"action"`

	//
	// the effect of the assertion in the policy language
	//
	Effect *AssertionEffect `json:"effect,omitempty" rdl:"optional"`

	//
	// assertion id - auto generated by server
	//
	Id *int64 `json:"id,omitempty" rdl:"optional"`
}

Assertion - A representation for the encapsulation of an action to be performed on a resource by a principal.

func NewAssertion

func NewAssertion(init ...*Assertion) *Assertion

NewAssertion - creates an initialized Assertion instance, returns a pointer to it

func (*Assertion) UnmarshalJSON

func (self *Assertion) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Assertion

func (*Assertion) Validate

func (self *Assertion) Validate() error

Validate - checks for missing required fields, etc

type AssertionEffect

type AssertionEffect int

AssertionEffect - Every assertion can have the effect of ALLOW or DENY.

const (
	ALLOW AssertionEffect
	DENY
)

AssertionEffect constants

func NewAssertionEffect

func NewAssertionEffect(init ...interface{}) AssertionEffect

NewAssertionEffect - return a string representation of the enum

func (AssertionEffect) MarshalJSON

func (e AssertionEffect) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a AssertionEffect

func (AssertionEffect) String

func (e AssertionEffect) String() string

String - return a string representation of the enum

func (AssertionEffect) SymbolSet

func (e AssertionEffect) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*AssertionEffect) UnmarshalJSON

func (e *AssertionEffect) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a AssertionEffect

type AuthorityName

type AuthorityName string

AuthorityName - Used as the prefix in a signed assertion. This uniquely identifies a signing authority.

type CompoundName

type CompoundName string

CompoundName - A compound name. Most names in this API are compound names.

type DomainMetric

type DomainMetric struct {
	MetricType DomainMetricType `json:"metricType"`
	MetricVal  int32            `json:"metricVal"`
}

DomainMetric -

func NewDomainMetric

func NewDomainMetric(init ...*DomainMetric) *DomainMetric

NewDomainMetric - creates an initialized DomainMetric instance, returns a pointer to it

func (*DomainMetric) UnmarshalJSON

func (self *DomainMetric) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetric

func (*DomainMetric) Validate

func (self *DomainMetric) Validate() error

Validate - checks for missing required fields, etc

type DomainMetricType

type DomainMetricType int

DomainMetricType - zpe metric attributes

const (
	ACCESS_ALLOWED DomainMetricType
	ACCESS_ALLOWED_DENY
	ACCESS_ALLOWED_DENY_NO_MATCH
	ACCESS_ALLOWED_ALLOW
	ACCESS_ALLOWED_ERROR
	ACCESS_ALLOWED_TOKEN_INVALID
	ACCESS_Allowed_TOKEN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_NOT_FOUND
	ACCESS_ALLOWED_DOMAIN_MISMATCH
	ACCESS_ALLOWED_DOMAIN_EXPIRED
	ACCESS_ALLOWED_DOMAIN_EMPTY
	ACCESS_ALLOWED_TOKEN_CACHE_FAILURE
	ACCESS_ALLOWED_TOKEN_CACHE_NOT_FOUND
	ACCESS_ALLOWED_TOKEN_CACHE_SUCCESS
	ACCESS_ALLOWED_TOKEN_VALIDATE
	LOAD_FILE_FAIL
	LOAD_FILE_GOOD
	LOAD_DOMAIN_GOOD
)

DomainMetricType constants

func NewDomainMetricType

func NewDomainMetricType(init ...interface{}) DomainMetricType

NewDomainMetricType - return a string representation of the enum

func (DomainMetricType) MarshalJSON

func (e DomainMetricType) MarshalJSON() ([]byte, error)

MarshalJSON is defined for proper JSON encoding of a DomainMetricType

func (DomainMetricType) String

func (e DomainMetricType) String() string

String - return a string representation of the enum

func (DomainMetricType) SymbolSet

func (e DomainMetricType) SymbolSet() []string

SymbolSet - return an array of all valid string representations (symbols) of the enum

func (*DomainMetricType) UnmarshalJSON

func (e *DomainMetricType) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetricType

type DomainMetrics

type DomainMetrics struct {

	//
	// name of the domain the metrics pertain to
	//
	DomainName DomainName `json:"domainName"`

	//
	// list of the domains metrics
	//
	MetricList []*DomainMetric `json:"metricList"`
}

DomainMetrics -

func NewDomainMetrics

func NewDomainMetrics(init ...*DomainMetrics) *DomainMetrics

NewDomainMetrics - creates an initialized DomainMetrics instance, returns a pointer to it

func (*DomainMetrics) Init

func (self *DomainMetrics) Init() *DomainMetrics

Init - sets up the instance according to its default field values, if any

func (*DomainMetrics) UnmarshalJSON

func (self *DomainMetrics) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainMetrics

func (*DomainMetrics) Validate

func (self *DomainMetrics) Validate() error

Validate - checks for missing required fields, etc

type DomainName

type DomainName string

DomainName - A domain name is the general qualifier prefix, as its uniqueness is managed.

type DomainSignedPolicyData

type DomainSignedPolicyData struct {

	//
	// policy data signed by ZMS
	//
	SignedPolicyData *SignedPolicyData `json:"signedPolicyData"`

	//
	// signature generated based on the domain policies object
	//
	Signature string `json:"signature"`

	//
	// the identifier of the key used to generate the signature
	//
	KeyId string `json:"keyId"`
}

DomainSignedPolicyData - A signed bulk transfer of policies. The data is signed with server's private key.

func NewDomainSignedPolicyData

func NewDomainSignedPolicyData(init ...*DomainSignedPolicyData) *DomainSignedPolicyData

NewDomainSignedPolicyData - creates an initialized DomainSignedPolicyData instance, returns a pointer to it

func (*DomainSignedPolicyData) Init

Init - sets up the instance according to its default field values, if any

func (*DomainSignedPolicyData) UnmarshalJSON

func (self *DomainSignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a DomainSignedPolicyData

func (*DomainSignedPolicyData) Validate

func (self *DomainSignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type EntityList added in v1.7.30

type EntityList string

EntityList - An Entity list is comma separated compound Names

type EntityName

type EntityName string

EntityName - An entity name is a short form of a resource name, including only the domain and entity.

type HostServices

type HostServices struct {

	//
	// name of the host
	//
	Host string `json:"host"`

	//
	// list of service names authorized to run on this host
	//
	Names []EntityName `json:"names"`
}

HostServices - The representation for an enumeration of services authorized to run on a specific host.

func NewHostServices

func NewHostServices(init ...*HostServices) *HostServices

NewHostServices - creates an initialized HostServices instance, returns a pointer to it

func (*HostServices) Init

func (self *HostServices) Init() *HostServices

Init - sets up the instance according to its default field values, if any

func (*HostServices) UnmarshalJSON

func (self *HostServices) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a HostServices

func (*HostServices) Validate

func (self *HostServices) Validate() error

Validate - checks for missing required fields, etc

type Identity

type Identity struct {

	//
	// name of the identity, fully qualified, i.e. my.domain.service1, or
	// aws.1232321321312.myusername
	//
	Name CompoundName `json:"name"`

	//
	// a certificate usable for both client and server in TLS connections
	//
	Certificate string `json:"certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to use with all IMS-generated certs
	//
	CaCertBundle string `json:"caCertBundle,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

Identity - Identity - a signed assertion of service or human identity, the response could be either a client certificate or just a regular NToken (depending if the request contained a csr or not).

func NewIdentity

func NewIdentity(init ...*Identity) *Identity

NewIdentity - creates an initialized Identity instance, returns a pointer to it

func (*Identity) UnmarshalJSON

func (self *Identity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Identity

func (*Identity) Validate

func (self *Identity) Validate() error

Validate - checks for missing required fields, etc

type InstanceIdentity added in v1.7.3

type InstanceIdentity struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// name of the identity, fully qualified, i.e. my.domain.service1
	//
	Name ServiceName `json:"name"`

	//
	// unique instance id within provider's namespace
	//
	InstanceId PathElement `json:"instanceId"`

	//
	// an X.509 certificate usable for both client and server in TLS connections
	//
	X509Certificate string `json:"x509Certificate,omitempty" rdl:"optional"`

	//
	// the CA certificate chain to verify all generated X.509 certs
	//
	X509CertificateSigner string `json:"x509CertificateSigner,omitempty" rdl:"optional"`

	//
	// the SSH certificate, signed by the CA (user or host)
	//
	SshCertificate string `json:"sshCertificate,omitempty" rdl:"optional"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	SshCertificateSigner string `json:"sshCertificateSigner,omitempty" rdl:"optional"`

	//
	// service token instead of TLS certificate
	//
	ServiceToken SignedToken `json:"serviceToken,omitempty" rdl:"optional"`

	//
	// other config-like attributes determined at boot time
	//
	Attributes map[string]string `json:"attributes,omitempty" rdl:"optional"`
}

InstanceIdentity -

func NewInstanceIdentity added in v1.7.3

func NewInstanceIdentity(init ...*InstanceIdentity) *InstanceIdentity

NewInstanceIdentity - creates an initialized InstanceIdentity instance, returns a pointer to it

func (*InstanceIdentity) UnmarshalJSON added in v1.7.3

func (self *InstanceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceIdentity

func (*InstanceIdentity) Validate added in v1.7.3

func (self *InstanceIdentity) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshInformation added in v1.7.3

type InstanceRefreshInformation struct {

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData,omitempty" rdl:"optional"`

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`

	//
	// if present, return an SSH host certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`

	//
	// expiry time in minutes for the certificate (server enforces max expiry)
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// optional hostname in case included in the csr SAN dnsName attribute
	//
	Hostname DomainName `json:"hostname,omitempty" rdl:"optional"`
}

InstanceRefreshInformation -

func NewInstanceRefreshInformation added in v1.7.3

func NewInstanceRefreshInformation(init ...*InstanceRefreshInformation) *InstanceRefreshInformation

NewInstanceRefreshInformation - creates an initialized InstanceRefreshInformation instance, returns a pointer to it

func (*InstanceRefreshInformation) UnmarshalJSON added in v1.7.3

func (self *InstanceRefreshInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshInformation

func (*InstanceRefreshInformation) Validate added in v1.7.3

func (self *InstanceRefreshInformation) Validate() error

Validate - checks for missing required fields, etc

type InstanceRefreshRequest

type InstanceRefreshRequest struct {

	//
	// Cert CSR signed by the service's private key (public key registered in ZMS)
	//
	Csr string `json:"csr"`

	//
	// in minutes how long token should be valid for
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// public key identifier
	//
	KeyId string `json:"keyId,omitempty" rdl:"optional"`
}

InstanceRefreshRequest - InstanceRefreshRequest - a certificate refresh request

func NewInstanceRefreshRequest

func NewInstanceRefreshRequest(init ...*InstanceRefreshRequest) *InstanceRefreshRequest

NewInstanceRefreshRequest - creates an initialized InstanceRefreshRequest instance, returns a pointer to it

func (*InstanceRefreshRequest) UnmarshalJSON

func (self *InstanceRefreshRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRefreshRequest

func (*InstanceRefreshRequest) Validate

func (self *InstanceRefreshRequest) Validate() error

Validate - checks for missing required fields, etc

type InstanceRegisterInformation added in v1.7.3

type InstanceRegisterInformation struct {

	//
	// the provider service name (i.e. "aws.us-west-2", "sys.openstack.cluster1")
	//
	Provider ServiceName `json:"provider"`

	//
	// the domain of the instance
	//
	Domain DomainName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// identity attestation data including document with its signature containing
	// attributes like IP address, instance-id, account#, etc.
	//
	AttestationData string `json:"attestationData"`

	//
	// the Certificate Signing Request for the expected X.509 certificate in the
	// response
	//
	Csr string `json:"csr"`

	//
	// if present, return an SSH host certificate. Format is JSON.
	//
	Ssh string `json:"ssh,omitempty" rdl:"optional"`

	//
	// if true, return a service token signed by ZTS for this service
	//
	Token *bool `json:"token,omitempty" rdl:"optional"`

	//
	// expiry time in minutes for the certificate (server enforces max expiry)
	//
	ExpiryTime *int32 `json:"expiryTime,omitempty" rdl:"optional"`

	//
	// optional hostname in case included in the csr SAN dnsName attribute
	//
	Hostname DomainName `json:"hostname,omitempty" rdl:"optional"`
}

InstanceRegisterInformation -

func NewInstanceRegisterInformation added in v1.7.3

func NewInstanceRegisterInformation(init ...*InstanceRegisterInformation) *InstanceRegisterInformation

NewInstanceRegisterInformation - creates an initialized InstanceRegisterInformation instance, returns a pointer to it

func (*InstanceRegisterInformation) UnmarshalJSON added in v1.7.3

func (self *InstanceRegisterInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a InstanceRegisterInformation

func (*InstanceRegisterInformation) Validate added in v1.7.3

func (self *InstanceRegisterInformation) Validate() error

Validate - checks for missing required fields, etc

type JWK added in v1.8.18

type JWK struct {

	//
	// key type: EC or RSA
	//
	Kty string `json:"kty"`

	//
	// identifier
	//
	Kid string `json:"kid"`

	//
	// key algorithm
	//
	Alg string `json:"alg,omitempty" rdl:"optional"`

	//
	// usage: sig or enc
	//
	Use string `json:"use,omitempty" rdl:"optional"`

	//
	// ec curve name
	//
	Crv string `json:"crv,omitempty" rdl:"optional"`

	//
	// ec x value
	//
	X string `json:"x,omitempty" rdl:"optional"`

	//
	// ec y value
	//
	Y string `json:"y,omitempty" rdl:"optional"`

	//
	// rsa modulus value
	//
	N string `json:"n,omitempty" rdl:"optional"`

	//
	// rsa public exponent value
	//
	E string `json:"e,omitempty" rdl:"optional"`
}

JWK -

func NewJWK added in v1.8.18

func NewJWK(init ...*JWK) *JWK

NewJWK - creates an initialized JWK instance, returns a pointer to it

func (*JWK) UnmarshalJSON added in v1.8.18

func (self *JWK) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWK

func (*JWK) Validate added in v1.8.18

func (self *JWK) Validate() error

Validate - checks for missing required fields, etc

type JWKList added in v1.8.18

type JWKList struct {

	//
	// array of JWKs
	//
	Keys []*JWK `json:"keys"`
}

JWKList - JSON Web Key (JWK) List

func NewJWKList added in v1.8.18

func NewJWKList(init ...*JWKList) *JWKList

NewJWKList - creates an initialized JWKList instance, returns a pointer to it

func (*JWKList) Init added in v1.8.18

func (self *JWKList) Init() *JWKList

Init - sets up the instance according to its default field values, if any

func (*JWKList) UnmarshalJSON added in v1.8.18

func (self *JWKList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a JWKList

func (*JWKList) Validate added in v1.8.18

func (self *JWKList) Validate() error

Validate - checks for missing required fields, etc

type OSTKInstanceInformation added in v1.1.8

type OSTKInstanceInformation struct {

	//
	// signed document containing attributes like IP address, instance-id,
	// account#, etc.
	//
	Document string `json:"document"`

	//
	// the signature for the document
	//
	Signature string `json:"signature"`

	//
	// the keyid used to sign the document
	//
	KeyId string `json:"keyId"`

	//
	// the domain of the instance
	//
	Domain CompoundName `json:"domain"`

	//
	// the service this instance is supposed to run
	//
	Service SimpleName `json:"service"`

	//
	// return a certificate in the response
	//
	Csr string `json:"csr"`
}

OSTKInstanceInformation - Instance object that includes requested service details plus host document that is signed by Openstack as part of the host bootstrap process

func NewOSTKInstanceInformation added in v1.1.8

func NewOSTKInstanceInformation(init ...*OSTKInstanceInformation) *OSTKInstanceInformation

NewOSTKInstanceInformation - creates an initialized OSTKInstanceInformation instance, returns a pointer to it

func (*OSTKInstanceInformation) UnmarshalJSON added in v1.1.8

func (self *OSTKInstanceInformation) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceInformation

func (*OSTKInstanceInformation) Validate added in v1.1.8

func (self *OSTKInstanceInformation) Validate() error

Validate - checks for missing required fields, etc

type OSTKInstanceRefreshRequest added in v1.1.8

type OSTKInstanceRefreshRequest struct {

	//
	// request an X.509 certificate
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`
}

OSTKInstanceRefreshRequest - OSTKCertificateRequest - a certificate signing request

func NewOSTKInstanceRefreshRequest added in v1.1.8

func NewOSTKInstanceRefreshRequest(init ...*OSTKInstanceRefreshRequest) *OSTKInstanceRefreshRequest

NewOSTKInstanceRefreshRequest - creates an initialized OSTKInstanceRefreshRequest instance, returns a pointer to it

func (*OSTKInstanceRefreshRequest) UnmarshalJSON added in v1.1.8

func (self *OSTKInstanceRefreshRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a OSTKInstanceRefreshRequest

func (*OSTKInstanceRefreshRequest) Validate added in v1.1.8

func (self *OSTKInstanceRefreshRequest) Validate() error

Validate - checks for missing required fields, etc

type PathElement added in v1.7.3

type PathElement string

PathElement - A uri-safe path element

type Policy

type Policy struct {

	//
	// name of the policy
	//
	Name ResourceName `json:"name"`

	//
	// last modification timestamp of this policy
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// list of defined assertions for this policy
	//
	Assertions []*Assertion `json:"assertions"`
}

Policy - The representation for a Policy with set of assertions.

func NewPolicy

func NewPolicy(init ...*Policy) *Policy

NewPolicy - creates an initialized Policy instance, returns a pointer to it

func (*Policy) Init

func (self *Policy) Init() *Policy

Init - sets up the instance according to its default field values, if any

func (*Policy) UnmarshalJSON

func (self *Policy) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Policy

func (*Policy) Validate

func (self *Policy) Validate() error

Validate - checks for missing required fields, etc

type PolicyData

type PolicyData struct {

	//
	// name of the domain
	//
	Domain DomainName `json:"domain"`

	//
	// list of policies defined in this server
	//
	Policies []*Policy `json:"policies"`
}

PolicyData -

func NewPolicyData

func NewPolicyData(init ...*PolicyData) *PolicyData

NewPolicyData - creates an initialized PolicyData instance, returns a pointer to it

func (*PolicyData) Init

func (self *PolicyData) Init() *PolicyData

Init - sets up the instance according to its default field values, if any

func (*PolicyData) UnmarshalJSON

func (self *PolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PolicyData

func (*PolicyData) Validate

func (self *PolicyData) Validate() error

Validate - checks for missing required fields, etc

type PublicKeyEntry

type PublicKeyEntry struct {

	//
	// the public key for the service
	//
	Key string `json:"key"`

	//
	// the key identifier (version or zone name)
	//
	Id string `json:"id"`
}

PublicKeyEntry - The representation of the public key in a service identity object.

func NewPublicKeyEntry

func NewPublicKeyEntry(init ...*PublicKeyEntry) *PublicKeyEntry

NewPublicKeyEntry - creates an initialized PublicKeyEntry instance, returns a pointer to it

func (*PublicKeyEntry) UnmarshalJSON

func (self *PublicKeyEntry) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a PublicKeyEntry

func (*PublicKeyEntry) Validate

func (self *PublicKeyEntry) Validate() error

Validate - checks for missing required fields, etc

type ResourceAccess added in v1.1.8

type ResourceAccess struct {

	//
	// true (allowed) or false (denied)
	//
	Granted bool `json:"granted"`
}

ResourceAccess - ResourceAccess can be checked and returned as this resource. (same as ZMS.Access)

func NewResourceAccess added in v1.1.8

func NewResourceAccess(init ...*ResourceAccess) *ResourceAccess

NewResourceAccess - creates an initialized ResourceAccess instance, returns a pointer to it

func (*ResourceAccess) UnmarshalJSON added in v1.1.8

func (self *ResourceAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ResourceAccess

func (*ResourceAccess) Validate added in v1.1.8

func (self *ResourceAccess) Validate() error

Validate - checks for missing required fields, etc

type ResourceName

type ResourceName string

ResourceName - A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.

type RoleAccess

type RoleAccess struct {
	Roles []EntityName `json:"roles"`
}

RoleAccess -

func NewRoleAccess

func NewRoleAccess(init ...*RoleAccess) *RoleAccess

NewRoleAccess - creates an initialized RoleAccess instance, returns a pointer to it

func (*RoleAccess) Init

func (self *RoleAccess) Init() *RoleAccess

Init - sets up the instance according to its default field values, if any

func (*RoleAccess) UnmarshalJSON

func (self *RoleAccess) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleAccess

func (*RoleAccess) Validate

func (self *RoleAccess) Validate() error

Validate - checks for missing required fields, etc

type RoleCertificateRequest

type RoleCertificateRequest struct {
	Csr        string `json:"csr"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleCertificateRequest - RoleCertificateRequest - a certificate signing request

func NewRoleCertificateRequest

func NewRoleCertificateRequest(init ...*RoleCertificateRequest) *RoleCertificateRequest

NewRoleCertificateRequest - creates an initialized RoleCertificateRequest instance, returns a pointer to it

func (*RoleCertificateRequest) UnmarshalJSON

func (self *RoleCertificateRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleCertificateRequest

func (*RoleCertificateRequest) Validate

func (self *RoleCertificateRequest) Validate() error

Validate - checks for missing required fields, etc

type RoleToken

type RoleToken struct {
	Token      string `json:"token"`
	ExpiryTime int64  `json:"expiryTime"`
}

RoleToken - A representation of a signed RoleToken

func NewRoleToken

func NewRoleToken(init ...*RoleToken) *RoleToken

NewRoleToken - creates an initialized RoleToken instance, returns a pointer to it

func (*RoleToken) UnmarshalJSON

func (self *RoleToken) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a RoleToken

func (*RoleToken) Validate

func (self *RoleToken) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequest added in v1.7.53

type SSHCertRequest struct {

	//
	// ssh certificate request data
	//
	CertRequestData *SSHCertRequestData `json:"certRequestData"`

	//
	// ssh certificate request meta
	//
	CertRequestMeta *SSHCertRequestMeta `json:"certRequestMeta"`

	//
	// free-form csr if not using data/meta fields.
	//
	Csr string `json:"csr,omitempty" rdl:"optional"`
}

SSHCertRequest -

func NewSSHCertRequest added in v1.7.53

func NewSSHCertRequest(init ...*SSHCertRequest) *SSHCertRequest

NewSSHCertRequest - creates an initialized SSHCertRequest instance, returns a pointer to it

func (*SSHCertRequest) Init added in v1.7.53

func (self *SSHCertRequest) Init() *SSHCertRequest

Init - sets up the instance according to its default field values, if any

func (*SSHCertRequest) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequest) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequest

func (*SSHCertRequest) Validate added in v1.7.53

func (self *SSHCertRequest) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequestData added in v1.7.53

type SSHCertRequestData struct {

	//
	// principals in the ssh certificate (usually only one)
	//
	Principals []string `json:"principals"`

	//
	// source FQDNs or ip addresses
	//
	Sources []string `json:"sources,omitempty" rdl:"optional"`

	//
	// destination FQDNs or ip addresses
	//
	Destinations []string `json:"destinations,omitempty" rdl:"optional"`

	//
	// public key for ssh certificate
	//
	PublicKey string `json:"publicKey,omitempty" rdl:"optional"`

	//
	// yubikey/touch public key for ssh certificate
	//
	TouchPublicKey string `json:"touchPublicKey,omitempty" rdl:"optional"`
}

SSHCertRequestData -

func NewSSHCertRequestData added in v1.7.53

func NewSSHCertRequestData(init ...*SSHCertRequestData) *SSHCertRequestData

NewSSHCertRequestData - creates an initialized SSHCertRequestData instance, returns a pointer to it

func (*SSHCertRequestData) Init added in v1.7.53

func (self *SSHCertRequestData) Init() *SSHCertRequestData

Init - sets up the instance according to its default field values, if any

func (*SSHCertRequestData) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequestData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestData

func (*SSHCertRequestData) Validate added in v1.7.53

func (self *SSHCertRequestData) Validate() error

Validate - checks for missing required fields, etc

type SSHCertRequestMeta added in v1.7.53

type SSHCertRequestMeta struct {

	//
	// requesting user
	//
	Requestor string `json:"requestor"`

	//
	// origin FQDN or ip
	//
	Origin string `json:"origin"`

	//
	// client info
	//
	ClientInfo string `json:"clientInfo,omitempty" rdl:"optional"`

	//
	// ssh client version
	//
	SshClientVersion string `json:"sshClientVersion,omitempty" rdl:"optional"`

	//
	// cert type - user or host
	//
	CertType string `json:"certType"`
}

SSHCertRequestMeta -

func NewSSHCertRequestMeta added in v1.7.53

func NewSSHCertRequestMeta(init ...*SSHCertRequestMeta) *SSHCertRequestMeta

NewSSHCertRequestMeta - creates an initialized SSHCertRequestMeta instance, returns a pointer to it

func (*SSHCertRequestMeta) UnmarshalJSON added in v1.7.53

func (self *SSHCertRequestMeta) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertRequestMeta

func (*SSHCertRequestMeta) Validate added in v1.7.53

func (self *SSHCertRequestMeta) Validate() error

Validate - checks for missing required fields, etc

type SSHCertificate added in v1.7.53

type SSHCertificate struct {

	//
	// the SSH certificate, signed by the CA
	//
	Certificate string `json:"certificate"`

	//
	// certificate public key if generated by SSH RA
	//
	PublicKey string `json:"publicKey,omitempty" rdl:"optional"`

	//
	// certificate private key if generated by SSH Agent
	//
	PrivateKey string `json:"privateKey,omitempty" rdl:"optional"`
}

SSHCertificate -

func NewSSHCertificate added in v1.7.53

func NewSSHCertificate(init ...*SSHCertificate) *SSHCertificate

NewSSHCertificate - creates an initialized SSHCertificate instance, returns a pointer to it

func (*SSHCertificate) UnmarshalJSON added in v1.7.53

func (self *SSHCertificate) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertificate

func (*SSHCertificate) Validate added in v1.7.53

func (self *SSHCertificate) Validate() error

Validate - checks for missing required fields, etc

type SSHCertificates added in v1.7.53

type SSHCertificates struct {

	//
	// set of user ssh certificates
	//
	Certificates []*SSHCertificate `json:"certificates"`

	//
	// the SSH CA's public key for the sshCertificate (user or host)
	//
	CertificateSigner string `json:"certificateSigner,omitempty" rdl:"optional"`
}

SSHCertificates -

func NewSSHCertificates added in v1.7.53

func NewSSHCertificates(init ...*SSHCertificates) *SSHCertificates

NewSSHCertificates - creates an initialized SSHCertificates instance, returns a pointer to it

func (*SSHCertificates) Init added in v1.7.53

func (self *SSHCertificates) Init() *SSHCertificates

Init - sets up the instance according to its default field values, if any

func (*SSHCertificates) UnmarshalJSON added in v1.7.53

func (self *SSHCertificates) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SSHCertificates

func (*SSHCertificates) Validate added in v1.7.53

func (self *SSHCertificates) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentity

type ServiceIdentity struct {

	//
	// the full name of the service, i.e. "sports.storage"
	//
	Name ServiceName `json:"name"`

	//
	// array of public keys for key rotation
	//
	PublicKeys []*PublicKeyEntry `json:"publicKeys,omitempty" rdl:"optional"`

	//
	// if present, then this service can provision tenants via this endpoint.
	//
	ProviderEndpoint string `json:"providerEndpoint,omitempty" rdl:"optional"`

	//
	// the timestamp when this entry was last modified
	//
	Modified *rdl.Timestamp `json:"modified,omitempty" rdl:"optional"`

	//
	// the path of the executable that runs the service
	//
	Executable string `json:"executable,omitempty" rdl:"optional"`

	//
	// list of host names that this service can run on
	//
	Hosts []string `json:"hosts,omitempty" rdl:"optional"`

	//
	// local (unix) user name this service can run as
	//
	User string `json:"user,omitempty" rdl:"optional"`

	//
	// local (unix) group name this service can run as
	//
	Group string `json:"group,omitempty" rdl:"optional"`
}

ServiceIdentity - The representation of the service identity object.

func NewServiceIdentity

func NewServiceIdentity(init ...*ServiceIdentity) *ServiceIdentity

NewServiceIdentity - creates an initialized ServiceIdentity instance, returns a pointer to it

func (*ServiceIdentity) UnmarshalJSON

func (self *ServiceIdentity) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentity

func (*ServiceIdentity) Validate

func (self *ServiceIdentity) Validate() error

Validate - checks for missing required fields, etc

type ServiceIdentityList

type ServiceIdentityList struct {

	//
	// list of service names
	//
	Names []EntityName `json:"names"`
}

ServiceIdentityList - The representation for an enumeration of services in the namespace.

func NewServiceIdentityList

func NewServiceIdentityList(init ...*ServiceIdentityList) *ServiceIdentityList

NewServiceIdentityList - creates an initialized ServiceIdentityList instance, returns a pointer to it

func (*ServiceIdentityList) Init

Init - sets up the instance according to its default field values, if any

func (*ServiceIdentityList) UnmarshalJSON

func (self *ServiceIdentityList) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a ServiceIdentityList

func (*ServiceIdentityList) Validate

func (self *ServiceIdentityList) Validate() error

Validate - checks for missing required fields, etc

type ServiceName

type ServiceName string

ServiceName - A service name will generally be a unique subdomain.

type SignedPolicyData

type SignedPolicyData struct {

	//
	// list of policies defined in a domain
	//
	PolicyData *PolicyData `json:"policyData"`

	//
	// zms signature generated based on the domain policies object
	//
	ZmsSignature string `json:"zmsSignature"`

	//
	// the identifier of the zms key used to generate the signature
	//
	ZmsKeyId string `json:"zmsKeyId"`

	//
	// when the domain itself was last modified
	//
	Modified rdl.Timestamp `json:"modified"`

	//
	// timestamp specifying the expiration time for using this set of policies
	//
	Expires rdl.Timestamp `json:"expires"`
}

SignedPolicyData - A representation of policies object defined in a given server.

func NewSignedPolicyData

func NewSignedPolicyData(init ...*SignedPolicyData) *SignedPolicyData

NewSignedPolicyData - creates an initialized SignedPolicyData instance, returns a pointer to it

func (*SignedPolicyData) Init

func (self *SignedPolicyData) Init() *SignedPolicyData

Init - sets up the instance according to its default field values, if any

func (*SignedPolicyData) UnmarshalJSON

func (self *SignedPolicyData) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a SignedPolicyData

func (*SignedPolicyData) Validate

func (self *SignedPolicyData) Validate() error

Validate - checks for missing required fields, etc

type SignedToken

type SignedToken string

SignedToken - A signed assertion if identity. i.e. the user cookie value. This token will only make sense to the authority that generated it, so it is beneficial to have something in the value that is cheaply recognized to quickly reject if it belongs to another authority. In addition to the YEncoded set our token includes ; to separate components and , to separate roles

type SimpleName

type SimpleName string

SimpleName - Copyright 2016 Yahoo Inc. Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.

type Status added in v1.7.30

type Status struct {

	//
	// status message code
	//
	Code int32 `json:"code"`

	//
	// status message of the server
	//
	Message string `json:"message"`
}

Status - The representation for a status object

func NewStatus added in v1.7.30

func NewStatus(init ...*Status) *Status

NewStatus - creates an initialized Status instance, returns a pointer to it

func (*Status) UnmarshalJSON added in v1.7.30

func (self *Status) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a Status

func (*Status) Validate added in v1.7.30

func (self *Status) Validate() error

Validate - checks for missing required fields, etc

type TenantDomains

type TenantDomains struct {
	TenantDomainNames []DomainName `json:"tenantDomainNames"`
}

TenantDomains -

func NewTenantDomains

func NewTenantDomains(init ...*TenantDomains) *TenantDomains

NewTenantDomains - creates an initialized TenantDomains instance, returns a pointer to it

func (*TenantDomains) Init

func (self *TenantDomains) Init() *TenantDomains

Init - sets up the instance according to its default field values, if any

func (*TenantDomains) UnmarshalJSON

func (self *TenantDomains) UnmarshalJSON(b []byte) error

UnmarshalJSON is defined for proper JSON decoding of a TenantDomains

func (*TenantDomains) Validate

func (self *TenantDomains) Validate() error

Validate - checks for missing required fields, etc

type YBase64

type YBase64 string

YBase64 - The Y-specific URL-safe Base64 variant.

type YEncoded

type YEncoded string

YEncoded - YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.

type ZTSClient

type ZTSClient struct {
	URL         string
	Transport   http.RoundTripper
	CredsHeader *string
	CredsToken  *string
	Timeout     time.Duration
}

func NewClient

func NewClient(url string, transport http.RoundTripper) ZTSClient

NewClient creates and returns a new HTTP client object for the ZTS service

func (*ZTSClient) AddCredentials

func (client *ZTSClient) AddCredentials(header string, token string)

AddCredentials adds the credentials to the client for subsequent requests.

func (ZTSClient) DeleteInstanceIdentity added in v1.7.3

func (client ZTSClient) DeleteInstanceIdentity(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement) error

func (ZTSClient) GetAWSTemporaryCredentials

func (client ZTSClient) GetAWSTemporaryCredentials(domainName DomainName, role AWSArnRoleName, durationSeconds *int32, externalId string) (*AWSTemporaryCredentials, error)

func (ZTSClient) GetAccess

func (client ZTSClient) GetAccess(domainName DomainName, roleName EntityName, principal EntityName) (*Access, error)

func (ZTSClient) GetDomainSignedPolicyData

func (client ZTSClient) GetDomainSignedPolicyData(domainName DomainName, matchingTag string) (*DomainSignedPolicyData, string, error)

func (ZTSClient) GetHostServices

func (client ZTSClient) GetHostServices(host string) (*HostServices, error)

func (ZTSClient) GetJWKList added in v1.8.18

func (client ZTSClient) GetJWKList() (*JWKList, error)

func (ZTSClient) GetPublicKeyEntry

func (client ZTSClient) GetPublicKeyEntry(domainName DomainName, serviceName SimpleName, keyId string) (*PublicKeyEntry, error)

func (ZTSClient) GetResourceAccess added in v1.1.8

func (client ZTSClient) GetResourceAccess(action ActionName, resource ResourceName, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetResourceAccessExt added in v1.1.8

func (client ZTSClient) GetResourceAccessExt(action ActionName, resource string, domain DomainName, checkPrincipal EntityName) (*ResourceAccess, error)

func (ZTSClient) GetRoleAccess

func (client ZTSClient) GetRoleAccess(domainName DomainName, principal EntityName) (*RoleAccess, error)

func (ZTSClient) GetRoleToken

func (client ZTSClient) GetRoleToken(domainName DomainName, role EntityList, minExpiryTime *int32, maxExpiryTime *int32, proxyForPrincipal EntityName) (*RoleToken, error)

func (ZTSClient) GetServiceIdentity

func (client ZTSClient) GetServiceIdentity(domainName DomainName, serviceName ServiceName) (*ServiceIdentity, error)

func (ZTSClient) GetServiceIdentityList

func (client ZTSClient) GetServiceIdentityList(domainName DomainName) (*ServiceIdentityList, error)

func (ZTSClient) GetStatus added in v1.7.30

func (client ZTSClient) GetStatus() (*Status, error)

func (ZTSClient) GetTenantDomains

func (client ZTSClient) GetTenantDomains(providerDomainName DomainName, userName EntityName, roleName EntityName, serviceName ServiceName) (*TenantDomains, error)

func (ZTSClient) PostAccessTokenRequest added in v1.8.18

func (client ZTSClient) PostAccessTokenRequest(request AccessTokenRequest) (*AccessTokenResponse, error)

func (ZTSClient) PostDomainMetrics

func (client ZTSClient) PostDomainMetrics(domainName DomainName, req *DomainMetrics) (*DomainMetrics, error)

func (ZTSClient) PostInstanceRefreshInformation added in v1.7.3

func (client ZTSClient) PostInstanceRefreshInformation(provider ServiceName, domain DomainName, service SimpleName, instanceId PathElement, info *InstanceRefreshInformation) (*InstanceIdentity, error)

func (ZTSClient) PostInstanceRefreshRequest

func (client ZTSClient) PostInstanceRefreshRequest(domain CompoundName, service SimpleName, req *InstanceRefreshRequest) (*Identity, error)

func (ZTSClient) PostInstanceRegisterInformation added in v1.7.3

func (client ZTSClient) PostInstanceRegisterInformation(info *InstanceRegisterInformation) (*InstanceIdentity, string, error)

func (ZTSClient) PostOSTKInstanceInformation added in v1.1.8

func (client ZTSClient) PostOSTKInstanceInformation(info *OSTKInstanceInformation) (*Identity, error)

func (ZTSClient) PostOSTKInstanceRefreshRequest added in v1.1.8

func (client ZTSClient) PostOSTKInstanceRefreshRequest(domain CompoundName, service SimpleName, req *OSTKInstanceRefreshRequest) (*Identity, error)

func (ZTSClient) PostRoleCertificateRequest

func (client ZTSClient) PostRoleCertificateRequest(domainName DomainName, roleName EntityName, req *RoleCertificateRequest) (*RoleToken, error)

func (ZTSClient) PostSSHCertRequest added in v1.7.53

func (client ZTSClient) PostSSHCertRequest(certRequest *SSHCertRequest) (*SSHCertificates, error)

Directories

Path Synopsis
examples
get-role-token
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.
Get-role-token is a demo program to use the service cert present locally on the box to talk to ZTS and fetch a role token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL