registry

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2016 License: BSD-3-Clause Imports: 17 Imported by: 0

Documentation

Overview

Package registry provides access to the Torus registry REST API.

Index

Constants

This section is empty.

Variables

View Source
var ErrMemberNotFound = errors.New("Keyring membership not found.")

ErrMemberNotFound is returned when a keyring member find call fails.

Functions

This section is empty.

Types

type ClaimTree

type ClaimTree struct {
	Org        *envelope.Unsigned          `json:"org"`
	PublicKeys []apitypes.PublicKeySegment `json:"public_keys"`
}

ClaimTree represents an organizations claim tree which contains public signing and encryption keys for every member.

type ClaimTreeClient

type ClaimTreeClient struct {
	// contains filtered or unexported fields
}

ClaimTreeClient represents the `/claimtree` registry endpoint, used for retrieving the public keys and their associated claims for an organization.

func (*ClaimTreeClient) List

func (c *ClaimTreeClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]ClaimTree, error)

List returns a list of all claimtrees for a given orgID. If no orgID is provided then it returns all claimtrees for every organization the user belongs too.

If an ownerID is provided then only public keys and claims related to that user or machine will be returned.

type ClaimedKeyPair

type ClaimedKeyPair struct {
	PublicKey  *envelope.Signed  `json:"public_key"`
	PrivateKey *envelope.Signed  `json:"private_key"`
	Claims     []envelope.Signed `json:"claims"`
}

ClaimedKeyPair contains a public/private keypair, and all the Claims made against it (system and user signatures).

type Client

type Client struct {
	KeyPairs        *KeyPairs
	Tokens          *Tokens
	Users           *Users
	Teams           *TeamsClient
	Memberships     *MembershipsClient
	Credentials     *Credentials
	Orgs            *Orgs
	OrgInvite       *OrgInviteClient
	Projects        *ProjectsClient
	Keyring         *KeyringClient
	KeyringMember   *KeyringMemberClientV1
	ClaimTree       *ClaimTreeClient
	CredentialGraph *CredentialGraphClient
	Machines        *MachinesClient
	Self            *SelfClient
	// contains filtered or unexported fields
}

Client exposes the registry REST API.

func NewClient

func NewClient(prefix string, apiVersion string, version string, sess session.Session, t *http.Transport) *Client

NewClient returns a new Client.

func (*Client) Do

func (c *Client) Do(ctx context.Context, r *http.Request, v interface{}) (*http.Response, error)

Do executes an http.Request, populating v with the JSON response on success.

If the request errors with a JSON formatted response body, it will be unmarshaled into the returned error.

func (*Client) NewRequest

func (c *Client) NewRequest(method, path string, query *url.Values,
	body interface{}) (*http.Request, error)

NewRequest constructs a new http.Request, with a body containing the json representation of body, if provided.

func (*Client) NewTokenRequest

func (c *Client) NewTokenRequest(token, method, path string, query *url.Values,
	body interface{}) (*http.Request, error)

NewTokenRequest constructs a new http.Request, with a body containing the json representation of body, if provided.

The request will be authorized with the provided token.

type CredentialGraph added in v0.10.0

type CredentialGraph interface {
	KeyringSection
	GetCredentials() []envelope.Signed
	KeyringVersion() int
}

CredentialGraph is the shared interface between different credential graph versions

type CredentialGraphClient added in v0.10.0

type CredentialGraphClient struct {
	// contains filtered or unexported fields
}

CredentialGraphClient represents the `/credentialgraph` registry endpoint, user for retrieving keyrings, keyring members, and credentials associated with claims.

func (*CredentialGraphClient) List added in v0.10.0

func (c *CredentialGraphClient) List(ctx context.Context, path string,
	pathExp *pathexp.PathExp, ownerID *identity.ID) ([]CredentialGraph, error)

List returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that match the given name, path, or path expression.

func (*CredentialGraphClient) Post added in v0.10.0

Post creates a new CredentialGraph on the registry.

The CredentialGraph includes the keyring, it's members, and credentials.

func (*CredentialGraphClient) Search added in v0.12.0

func (c *CredentialGraphClient) Search(ctx context.Context, pathExp string,
	ownerID *identity.ID) ([]CredentialGraph, error)

Search returns back all segments of the CredentialGraph (Keyring, Keyring Members, and Credentials) that are contained within the given loose path expression. It is loose in that it can have * for projects.

type CredentialGraphV1 added in v0.10.0

type CredentialGraphV1 struct {
	KeyringSectionV1
	Credentials []envelope.Signed `json:"credentials"`
}

CredentialGraphV1 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV1) GetCredentials added in v0.10.0

func (c *CredentialGraphV1) GetCredentials() []envelope.Signed

GetCredentials returns the Credentials objects in this CredentialGraph

func (*CredentialGraphV1) KeyringVersion added in v0.12.0

func (c *CredentialGraphV1) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type CredentialGraphV2 added in v0.10.0

type CredentialGraphV2 struct {
	KeyringSectionV2
	Credentials []envelope.Signed `json:"credentials"`
}

CredentialGraphV2 represents a Keyring, it's members, and associated Credentials.

func (*CredentialGraphV2) GetCredentials added in v0.10.0

func (c *CredentialGraphV2) GetCredentials() []envelope.Signed

GetCredentials returns the Credentials objects in this CredentialGraph

func (*CredentialGraphV2) KeyringVersion added in v0.12.0

func (c *CredentialGraphV2) KeyringVersion() int

KeyringVersion returns the version of the keyring itself (not its schema).

type Credentials

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials represents the `/credentials` registry endpoint, used for accessing encrypted credentials/secrets.

func (*Credentials) Create

func (c *Credentials) Create(ctx context.Context, credential *envelope.Signed) (*envelope.Signed, error)

Create creates the provided credential in the registry.

type KeyPairs

type KeyPairs struct {
	// contains filtered or unexported fields
}

KeyPairs represents the `/keypairs` registry endpoint, used for accessing users' signing and encryption keypairs.

func (*KeyPairs) List

func (k *KeyPairs) List(ctx context.Context, orgID *identity.ID) ([]ClaimedKeyPair, error)

List returns all KeyPairs for the logged in user in the given, or all orgs if orgID is nil.

func (*KeyPairs) Post

func (k *KeyPairs) Post(ctx context.Context, pubKey, privKey,
	claim *envelope.Signed) (*envelope.Signed, *envelope.Signed, []envelope.Signed, error)

Post creates a new keypair on the registry.

The keypair includes the user's public key, private key, and a self-signed claim on the public key.

keys may be either signing or encryption keys.

type KeyringClient

type KeyringClient struct {
	Members *KeyringMembersClient
	// contains filtered or unexported fields
}

KeyringClient represents the `/keyrings` registry end point for accessing keyrings the user or machine belong too.

func (*KeyringClient) List

func (k *KeyringClient) List(ctx context.Context, orgID *identity.ID,
	ownerID *identity.ID) ([]KeyringSection, error)

List retrieves an array of KeyringSections from the registry.

type KeyringMember added in v0.10.0

type KeyringMember struct {
	Member   *envelope.Signed `json:"member"`
	MEKShare *envelope.Signed `json:"mekshare"`
}

KeyringMember holds membership information for v2 keyrings. In v2, a user can have their master encryption key share removed.

type KeyringMemberClientV1 added in v0.10.0

type KeyringMemberClientV1 struct {
	// contains filtered or unexported fields
}

KeyringMemberClientV1 represents the `/keyring-members` registry endpoint for creating memberships related to a set of Keyrings.

func (*KeyringMemberClientV1) Post added in v0.10.0

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringMembersClient added in v0.10.0

type KeyringMembersClient struct {
	// contains filtered or unexported fields
}

KeyringMembersClient represents the `/keyring/:id/members` registry endpoint for creating memberships in a keyring.

func (*KeyringMembersClient) Post added in v0.10.0

Post sends a creation requests for a set of KeyringMember objects to the registry.

type KeyringSection

type KeyringSection interface {
	GetKeyring() *envelope.Signed
	FindMember(*identity.ID) (*primitive.KeyringMember, *primitive.MEKShare, error)
	HasRevocations() bool
}

KeyringSection is the shared interface between different KeyringSection versions.

type KeyringSectionV1 added in v0.10.0

type KeyringSectionV1 struct {
	Keyring *envelope.Signed  `json:"keyring"`
	Members []envelope.Signed `json:"members"`
}

KeyringSectionV1 represents a section of the CredentialGraph only pertaining to a keyring and it's membership.

func (*KeyringSectionV1) FindMember added in v0.10.0

FindMember returns the membership and mekshare for the given user id. The data is returned in V2 format.

func (*KeyringSectionV1) GetKeyring added in v0.10.0

func (k *KeyringSectionV1) GetKeyring() *envelope.Signed

GetKeyring returns the Keyring object in this KeyringSection

func (KeyringSectionV1) HasRevocations added in v0.12.0

func (KeyringSectionV1) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys. We don't track in V1 so it is always false.

type KeyringSectionV2 added in v0.10.0

type KeyringSectionV2 struct {
	Keyring *envelope.Signed  `json:"keyring"`
	Members []KeyringMember   `json:"members"`
	Claims  []envelope.Signed `json:"claims"`
}

KeyringSectionV2 represents a Keyring and its members.

func (*KeyringSectionV2) FindMember added in v0.10.0

FindMember returns the membership and mekshare for the given user id.

func (*KeyringSectionV2) GetKeyring added in v0.10.0

func (k *KeyringSectionV2) GetKeyring() *envelope.Signed

GetKeyring returns the Keyring object in this KeyringSection

func (*KeyringSectionV2) HasRevocations added in v0.12.0

func (k *KeyringSectionV2) HasRevocations() bool

HasRevocations indicates that a Keyring holds revoked user keys.

type MachineCreationSegment added in v0.15.0

type MachineCreationSegment struct {
	Machine     *envelope.Unsigned            `json:"machine"`
	Memberships []envelope.Unsigned           `json:"memberships"`
	Tokens      []MachineTokenCreationSegment `json:"tokens"`
}

MachineCreationSegment represents the request sent to create the registry to create a machine and it's first token

type MachineTokenCreationSegment added in v0.15.0

type MachineTokenCreationSegment struct {
	Token    *envelope.Unsigned `json:"token"`
	Keypairs []*ClaimedKeyPair  `json:"keypairs"`
}

MachineTokenCreationSegment represents the request send to the registry to create a Machine Token

type MachinesClient added in v0.15.0

type MachinesClient struct {
	// contains filtered or unexported fields
}

MachinesClient represents the `/machines` registry endpoint, used for creating, listing, authorizing, and destroying machines and their tokens.

func (*MachinesClient) Create added in v0.15.0

Create requests the registry to create a MachineSegment.

The MachineSegment includes the Machine, it's Memberships, and authorization tokens.

func (*MachinesClient) Get added in v0.15.0

func (m *MachinesClient) Get(ctx context.Context, machineID *identity.ID) (*apitypes.MachineSegment, error)

Get requests a single machine from the registry

type MembershipsClient

type MembershipsClient struct {
	// contains filtered or unexported fields
}

MembershipsClient represents the `/memberships` registry endpoint, used for accessing the relationship between users, organization, and teams.

func (*MembershipsClient) List

func (m *MembershipsClient) List(ctx context.Context, orgID *identity.ID,
	teamID *identity.ID, ownerID *identity.ID) ([]envelope.Unsigned, error)

List returns all memberships for a given organization, team, or user/machine

type OrgInviteClient

type OrgInviteClient struct {
	// contains filtered or unexported fields
}

OrgInviteClient represents the `/org-invites` registry endpoint, used for sending, accepting, and approving invitations to organizations in Torus.

func (*OrgInviteClient) Approve

func (o *OrgInviteClient) Approve(ctx context.Context, inviteID *identity.ID) (*envelope.Unsigned, error)

Approve sends an approval notification to the registry regarding a specific invitation.

func (*OrgInviteClient) Get

func (o *OrgInviteClient) Get(ctx context.Context, inviteID *identity.ID) (*envelope.Unsigned, error)

Get returns a specific Org Invite based on it's ID

type Orgs

type Orgs struct {
	// contains filtered or unexported fields
}

Orgs represents the `/orgs` registry endpoint, used for accessing organizations stored in Torus.

func (*Orgs) Get added in v0.12.0

func (o *Orgs) Get(ctx context.Context, orgID *identity.ID) (*envelope.Unsigned, error)

Get returns the organization with the given ID.

func (*Orgs) List

func (o *Orgs) List(ctx context.Context, name string) ([]envelope.Unsigned, error)

List returns all organizations that match the given name.

type ProjectsClient added in v0.12.0

type ProjectsClient struct {
	// contains filtered or unexported fields
}

ProjectsClient represents the `/projects` registry endpoint, for manipulating projects.

func (*ProjectsClient) List added in v0.12.0

func (p *ProjectsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Unsigned, error)

List returns a list of all Projects within the given org.

type SelfClient added in v0.15.0

type SelfClient struct {
	// contains filtered or unexported fields
}

SelfClient represents the registry `/self` endpoints.

func (*SelfClient) Get added in v0.15.0

func (s *SelfClient) Get(ctx context.Context, token string) (*apitypes.Self, error)

Get returns the current identities associated with this token

type Signup added in v0.11.0

type Signup struct {
	ID      string      `json:"id"`
	Version int         `json:"version"`
	Body    *SignupBody `json:"body"`
}

Signup contains fields for signup

type SignupBody added in v0.11.0

type SignupBody struct {
	Username string `json:"username"`
	Name     string `json:"name"`
	Email    string `json:"email"`
	// State is not a field because the server determines it, client cannot
	Password *primitive.UserPassword `json:"password"`
	Master   *primitive.MasterKey    `json:"master"`
}

SignupBody contains fields for Signup object body during signup

func (SignupBody) Mutable added in v0.11.0

func (SignupBody) Mutable()

Mutable indicates this object is Mutable type

func (SignupBody) Type added in v0.11.0

func (SignupBody) Type() byte

Type returns the User byte

func (SignupBody) Version added in v0.11.0

func (SignupBody) Version() int

Version returns the object version

type TeamsClient

type TeamsClient struct {
	// contains filtered or unexported fields
}

TeamsClient represents the `/teams` registry endpoint, used for accessing teams stored in Torus.

func (*TeamsClient) List

func (t *TeamsClient) List(ctx context.Context, orgID *identity.ID) ([]envelope.Unsigned, error)

List returns all teams for an organization

type Tokens

type Tokens struct {
	// contains filtered or unexported fields
}

Tokens represents the registry '/tokens' endpoints, used for session management.

Logging in is a two step process. We must first request a login token. This token is then HMAC'd and returned to the server, exchanging it for an auth token, which is used for all other operations.

func (*Tokens) Delete

func (t *Tokens) Delete(ctx context.Context, token string) error

Delete deletes the token with the provided value from the registry. This effectively logs a user out.

func (*Tokens) PostAuth

func (t *Tokens) PostAuth(ctx context.Context, token, hmac string) (string, error)

PostAuth requests an auth token from the registry for the provided login token value, and it's HMAC.

func (*Tokens) PostLogin

func (t *Tokens) PostLogin(ctx context.Context, creds apitypes.LoginCredential) (*base64.Value, string, error)

PostLogin requests a login token from the registry for the provided email address.

func (*Tokens) PostPDPKAuth added in v0.15.0

func (t *Tokens) PostPDPKAuth(ctx context.Context, token string, sig *base64.Value) (string, error)

PostPDPKAuth requests an auth token from the registry for the provided login token value, and it's signature.

type Users

type Users struct {
	// contains filtered or unexported fields
}

Users represents the registry `/users` endpoints.

func (*Users) Create

func (u *Users) Create(ctx context.Context, userObj Signup, signup apitypes.Signup) (*envelope.Unsigned, error)

Create attempts to register a new user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL