logic

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 10, 2018 License: BSD-3-Clause Imports: 21 Imported by: 0

Documentation

Overview

Package logic exposes the core logic engine used for working with keyrings, keys, claims, teams, memberships, orgs, and other primitive objects core to the cryptography architecture

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Database added in v0.23.0

type Database interface {
	Set(envs ...envelope.Envelope) error
}

Database interface for logic engine

type Engine

type Engine struct {
	Worklog Worklog
	Machine Machine
	Session Session
	// contains filtered or unexported fields
}

Engine exposes methods for performing actions that will affect the keys, keyrings, keyring memberships, or credential objects.

All data passing in and out of the engine is unencrypted for the currently logged in user.

func NewEngine

func NewEngine(s session.Session, db Database, e *crypto.Engine,
	client *registry.Client, guard *secure.Guard) *Engine

NewEngine returns a new Engine

func (*Engine) AppendCredentials added in v0.25.0

func (e *Engine) AppendCredentials(ctx context.Context, notifier *observer.Notifier,
	creds []*PlaintextCredentialEnvelope) ([]*PlaintextCredentialEnvelope, error)

AppendCredentials attempts to append plain-text Credential objects to the Credential Graph.

func (*Engine) ApproveInvite

func (e *Engine) ApproveInvite(ctx context.Context, notifier *observer.Notifier,
	InviteID *identity.ID) (*envelope.OrgInvite, error)

ApproveInvite approves an invitation of a user into an organzation by encoding them into a Keyring.

func (*Engine) GenerateKeypairs added in v0.21.0

func (e *Engine) GenerateKeypairs(ctx context.Context, notifier *observer.Notifier,
	OrgID *identity.ID) error

GenerateKeypairs creates a signing and encrypting keypair for the current user for the given organization.

func (*Engine) RetrieveCredentials

func (e *Engine) RetrieveCredentials(ctx context.Context,
	notifier *observer.Notifier, cpath, cpathexp *string, teamIDs []identity.ID, skipDecryption bool) ([]PlaintextCredentialEnvelope, error)

RetrieveCredentials returns all credentials for the given CPath string

func (*Engine) RevokeKeypairs added in v0.21.0

func (e *Engine) RevokeKeypairs(ctx context.Context, notifier *observer.Notifier,
	orgID *identity.ID) error

RevokeKeypairs creates revocation claims for the signing and encrypting keypair for the current user for the given organization.

A revocation claim is a self-signed claim that effectively deletes the keypairs.

type Machine added in v0.15.0

type Machine struct {
	// contains filtered or unexported fields
}

Machine represents the business logic for managing machines

func (*Machine) CreateToken added in v0.15.0

func (m *Machine) CreateToken(ctx context.Context, notifier *observer.Notifier,
	machine *envelope.Machine, secret *base64.Value) (*registry.MachineTokenCreationSegment, error)

CreateToken generates a new machine token given a machine and a secret value.

func (*Machine) EncodeToken added in v0.15.0

func (m *Machine) EncodeToken(ctx context.Context, notifier *observer.Notifier,
	token *envelope.MachineToken) error

EncodeToken creates KeyringMemberships for the provided Machine Token. Used during the machine creation process

type MachineTokenSegment added in v0.15.0

type MachineTokenSegment struct {
	Token   *envelope.MachineToken   `json:"token"`
	Keypair *registry.ClaimedKeyPair `json:"keypair"`
}

MachineTokenSegment represents a Token and it's associated Keypair

type PlaintextCredential

type PlaintextCredential struct {
	Name      string           `json:"name"`
	OrgID     *identity.ID     `json:"org_id"`
	PathExp   *pathexp.PathExp `json:"pathexp"`
	ProjectID *identity.ID     `json:"project_id"`
	Value     string           `json:"value"`
	State     *string          `json:"state"`
}

PlaintextCredential is the body of an unencrypted Credential

type PlaintextCredentialEnvelope

type PlaintextCredentialEnvelope struct {
	ID      *identity.ID         `json:"id"`
	Version uint8                `json:"version"`
	Body    *PlaintextCredential `json:"body"`
}

PlaintextCredentialEnvelope is an unencrypted credential object

type RotationReason added in v0.23.0

type RotationReason struct {
	Credential envelope.CredentialInf
	Reasons    []primitive.KeyringMemberClaim
}

RotationReason contains a Credential, and the user ids that had access changes to require the rotation.

type Session added in v0.15.0

type Session struct {
	// contains filtered or unexported fields
}

Session represents the business logic for creating and managing tokens (and their underlying effects on the current session)

func (*Session) Login added in v0.15.0

func (s *Session) Login(ctx context.Context, creds apitypes.LoginCredential) error

Login attempts to create a valid auth token to authorize http requests made against the registry.

func (*Session) Logout added in v0.15.0

func (s *Session) Logout(ctx context.Context) error

Logout destroys the current session if it exists, otherwise, it returns an error that the request could not be completed.

func (*Session) UpdateProfile added in v0.25.0

func (s *Session) UpdateProfile(ctx context.Context, newEmail, newName, newPassword string) (envelope.UserInf, error)

UpdateProfile attempts to update the root password used by a user to log into Torus which also allows them to access their stored and encrypted secrets.

func (*Session) Verify added in v0.30.0

func (s *Session) Verify(ctx context.Context, code string) error

Verify attempts to verify the users account using the

type Worklog added in v0.12.0

type Worklog struct {
	// contains filtered or unexported fields
}

Worklog holds the logic for discovering and acting on worklog items. A Worklog item is some action the user should take, either for maintenance (this user should be in this keyring, this invite can be approved), or as a preventative measure (this credential value should be rotated).

Worklog items may be automatically resolved, or require the user do manually perform some action.

func (*Worklog) Get added in v0.12.0

func (w *Worklog) Get(ctx context.Context, orgID *identity.ID,
	ident *apitypes.WorklogID) (*apitypes.WorklogItem, error)

Get returns a single worklog item for the given org with the given ident.

func (*Worklog) List added in v0.12.0

func (w *Worklog) List(ctx context.Context, orgID *identity.ID,
	itemType apitypes.WorklogType) ([]apitypes.WorklogItem, error)

List returns the list of all outstanding worklog items for the given org

func (*Worklog) Resolve added in v0.12.0

func (w *Worklog) Resolve(ctx context.Context, n *observer.Notifier,
	orgID *identity.ID, ident *apitypes.WorklogID) error

Resolve attempts to resolve the worklog item in the given org with the given ident.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL